SecreTwit: Social Steganography

SecreTwit Logo

Here is another project I would like to share. As before, this is a project for faculty course Security in computer networks.

I read several good articles about steganography and got an idea to use tweets on Twitter to hide secret messages. Also, this was a great opportunity to do a little UI design in Swing after long time :)

What is steganography ?

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

There are many steganography techniques and you can find more about them in Wikipedia article.

How SecreTwit works ?

SecreTwit uses several steganography techniques to hide secret message inside a tweet. For the ordinary eye tweet will look just like any other. Only SecreTwit users can see hidden message.

Whitespace steganography

SecreTwit conceals message in tweet by appending whitespaces to the end of the tweet. Each bit of a character is represented with a whitespace – 0 is a tab and 1 is an empty space. Web browsers replace multiple whitespaces with a single space so this will be invisible in the browser. Depending on the length of original message, over 100 bits can be used to hide secret message.

URL steganography

Relying on the fact that people usually won’t look very hard, SecreTwit uses fake bit.ly and twitpic.com URLs to hide parts of the message. Those two services are often used on Twitter so they won’t look strange. Part of the message is Base64 encoded and used to make up URL, so this makes 6 bytes per URL available for hiding messages.

Image steganography

Traditional image steganography technique is used to embed tag within user’s profile image. Tag is later used to determine whether the tweet has a secret message embedded with SecreTwit. Steganography method used here is the most common and simplest form of digital steganography called Least Significant Bit (LSB) method. Binary representation of the message that’s to be hidden is written into the LSB of the bytes of the image. The overall change to the image is so minor that it can’t be seen by the human eye.

Implementation

You can find the source code of these three techniques at SecreTwit project page.

How it worksSecreTwit UI

Now the more interesting part :) The UI of SecreTwit is inspired by Metro design language and MetroTwit Twitter client. I liked the elegant and clean look, so my goal was to replicate the parts I liked using Swing and Java.

The trickiest part was the animation of the timeline with tweets. Each time new tweet appears it’s added to the top of the timeline, with slide from left and fade in effect. In order to achieve this I made a custom implementation of BasicListUI, which uses TimingFramework to animate list cells.

dataListener = new ListDataListener() {
  @Override
  public void intervalAdded(ListDataEvent e) {
    if (!animator.isRunning()) {
    minAnimIndex = e.getIndex0();
    maxAnimIndex = e.getIndex1();
    cellAlpha = 1.0f;
    animator.start();
  }
}

 

@Override
protected void paintCell(Graphics g, int row, Rectangle rowBounds, ListCellRenderer cellRenderer, ListModel dataModel, ListSelectionModel selModel, int leadIndex) {
 // The effect is applied for all cells if it's the first time they
 // appear, and always for newly inserted first cell
 if (animator.isRunning() && row >= minAnimIndex && row <= maxAnimIndex) {
 // Calculate cell position, set offset and paint it
 Rectangle newRowBounds = new Rectangle(rowBounds);
 newRowBounds.x = (int) (-newRowBounds.width * cellAlpha);

 super.paintCell(g, row, newRowBounds, cellRenderer, dataModel, selModel, leadIndex);

 // Paint overlay for fade in effect
 Graphics2D g2 = (Graphics2D) g.create();
 g2.setComposite(AlphaComposite.getInstance(AlphaComposite.SRC_OVER, cellAlpha));
 g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING, RenderingHints.VALUE_ANTIALIAS_ON);
 g2.setColor(Color.white);
 g2.fillRect(rowBounds.x, rowBounds.y, rowBounds.width, rowBounds.height);
 g2.dispose();
 }
 else
 super.paintCell(g, row, rowBounds, cellRenderer, dataModel, selModel, leadIndex);
}

Timeline

There is one more interesting custom component – MessagePane, which is a JTextArea with remaining chars counter in background, and a progress bar which shows when you submit a tweet.

MessagePane

Conclusion

Full source code of SecreTwit is available at SecreTwit project page, and also an executable version which you can try right away.

Please note that this is not intended to replace your everyday Twitter client – it’s just a demo of what can be done with Swing and Java and showcase of some interesting steganography techniques.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s