Simmons describes an excellent, common example of steganography in what is called the "Prisoners' Problem." Alice and Bob are the two fictional characters in this example, and they have been arrested and placed in different cells. Their goal is to develop an escape plan and bust out of jail; the snag is that the only way to communicate is through the warden, Wendy. Being a capable warden, Wendy will not allow Alice and Bob to communicate in code (encryption), and if she should notice anything suspicious, one or both of them will immediately be put in solitary confinement. So Alice and Bob must communicate in a manner that does not arouse suspicion; they must communicate invisibly using steganography.
The example goes on to explain that a smart way of doing this is to hide the information in an innocuous-looking message or picture. Bob could draw a picture of a blue cow in a green pasture, and ask Wendy to pass it along to Alice. Wendy would, of course, look at it before passing the picture and, thinking it is just a piece of abstract art, would pass it along, not knowing that the colors in the picture conveyed the message.
While this can work on paper, there are some problems that could stop the escape. Wendy may alter the picture, either accidentally or purposely, and therefore alter the message. If Wendy purposely altered the picture, thereby destroying the message, it would be considered an active attack. Going further with this idea, we will assume that Wendy creates a forged message of her own and passes it to one of the prisoners while pretending to be the other. This is considered a malicious attack.
The Prisoners' Problem model can be applied to a lot of situations where steganography can be used for communication. Alice and Bob are the two parties who want to communicate and Wendy is the eavesdropper, and while this model can be an effective means of communication, the potential of passive, active, or malicious attacks must always be considered.
Figure 2.1 shows the components that make up the basic framework of what it takes to communicate using steganography. Take a look at each piece individually: cover object, stego-key, and stego-object. The cover object is what is actually going to be seen out in the open, the picture, sound, or movie that will be used to carry the message right under everyone's noses. The stego-key is the code that the person sending the secret message is going to use to embed the message into the cover object; this same stego-key will be used by the recipient to extract the secret message. Stego-keys can come in many forms; they can be a password or an agreed-upon place to look for the hidden message. The stego-object is the combination of the cover object, the stego-key, and the secret message. These three combine to create the condition where a cover object is carrying a secret message.
Now that we have looked at the basics of steganography and how it is used to communicate, we will go into some real-world techniques that have been used in the past to illustrate some of the inventive forms that steganography can take and the effectiveness it can have. These methods and techniques that I will be describing are nondigital and are meant to act as a primer for the next section on history. Again, as I stated in the introduction, this book is meant to educate you not only on what steganography is, but also on how it fits into the world. These techniques are not listed in any particular order, and are meant to lay the foundation for the next section.