In Towards Construction Based Data Hiding: From Secrets to Fingerprint Images , published in IEEE Transactions on Image Processing (Sci-Hub Mirror), two Fudan University computer scientists propose a fascinating method for hiding encrypted messages in fake fingerprints that are both visually and computationally difficult to distinguish from real ones, which could theoretically allow the use of fingerprint databases to convey secret messages.
The researchers' method encodes the encrypted message using the ridge endings and bifurcations of the fingerprint, in a way that current statistical methods for spotting hidden messages does not reliably detect (the fingerprints also look like real fingerprints, even to skilled observers).
Stegonography -- the science of hiding the existence of messages inside other files or works -- is a really fun technical field, full of skullduggery. But it's subject to a critical flaw, which is that analysis of a large number of source files without hidden messages yields up a statistical profile that can be compared to files that have stegonographically encoded messages hidden in them, and these comparisons usually spot the doctored files very quickly.
For example, people have long proposed hiding an image by flipping the least-significant bit in each pixel of an image -- in a 16-bit image, changing this bit only alters the color of the corresponding image by 1/65536 of its original value, which is effectively imperceptible. But bitmap compression algorithms tend to smooth out this kind of minor variation (specifically because it is imperceptible, and so the compression algorithm can safely throw away the associated information without perceptibly degrading the image). So undoctored images have a very smooth and uniform least-significant-bit distribution, while images with hidden messages have an extremely statistically obvious weirdness in those final bit.
Critically, the fingerprint method described in this paper is resistant to the existing systems for finding steganographically hidden data inside of images, which is very exciting.
But as the paper's authors note, those systems were designed to detect generic information-hiding attempts, and not attempts that use their method to hide information. It may be (and I think it's likely) that a different system, designed with this information hiding technique in mind, could detect hidden data as reliably as other stego-finding tools.
The fingerprint method is also exciting in other respects: it can hold a surprising amount of data and that data can be read even after a significant degradation of the source image.
After the secret is laid out in a series of 2D points around the spirals, the continuous lines of the fingerprint are synthetically created. All the data is then merged to create a hologram of the fingerprint, which maintains the polarity and location of data points, safely harboring the secret. Only those who know the key, which is used to reconstruct the polynomial from the fingerprint, will be able to decipher the secret message.
“Putting the concept aside, the most surprising thing we found is the robustness of the constructed fingerprint images, which are able to resist a range of attacks. We could still achieve relative high data extraction accuracy even if the constructed fingerprint image is binarized, thinned, or severely compressed,” says Li.
The technique developed by Li and his colleague Xinpeng Zhang, which currently can only be used in digital images of fingerprints, offers a major advantage over conventional ways to encode messages in images. Normally, encoding a message in an image involves altering the pixels, which inevitably causes distortions visually or statistically—alerting enemies to the message in the first place. Embedding a secret message in the polarity of an image sidesteps this altogether, allowing the message to go unnoticed.
Towards Construction Based Data Hiding: From Secrets to Fingerprint Images [Sheng Li and Xinpeng Zhang/IEEE Transactions on Image Processing] (Sci-Hub Mirror)
How to Encode a Secret Message in a Fingerprint [Michelle Hampson/IEEE Spectrum]
(Thanks, Nat!)