I think everyone has ever heard of steganography. Steganography (τεγανός - hidden + γράφω - I write, literally "cryptography" ) is an interdisciplinary science and the art of transmitting hidden data, inside other, not hidden data. The data to be hidden is usually called the stego message , and the data inside which the stego message is located is called the container .

On habrahabr there were many various articles about specific algorithms of information steganography , for example DarkJPEG , "TCP steganography", and of course, the LSB algorithm, beloved by all students during term design, (for example, LSB steganography , GIF steganography , Cotfuscation of executable .net code ), there are

countless steganographic methods. At the time of this writing, at least 95 steganography patents have already been published in the United States , and at least 29 patents in Russia . Most of all I liked the Kursh K. and Lav R. Varchney patent “Food steganography” ( “Food steganography” , PDF )

Image from the “food” patent to attract attention:


Nevertheless, having read a decent number of articles and works devoted to steganography, I wanted to systematize my ideas and knowledge in this area. This article is purely theoretical and I would like to discuss the following issues:

1. The goals of steganography are actually three, not one.
2. The practical application of steganography - I counted 15.
3. The place of steganography in the 21st century - I believe that from a technical point of view, the modern world has already been prepared, but "socially" steganography is still "late."

I tried to summarize my research on this issue. (This means that there is a lot of text)
I hope for reasonable criticism and advice from the habro-community.

Steganography Objectives

A goal is an abstract task with respect to which a scientific theory and methodology is developed to achieve this goal. No need to confuse purpose and application . The goal is extremely abstract, in contrast to the application .

As I said, there are three goals in steganography.

Digital Fingerprints

This type of steganography implies the presence of different steganographic message tags for each copy of the container. For example, DH may be applicable to protect exclusive rights . If, using some algorithm, the adversary can extract the CO from the container, then it is impossible to identify the adversary, but until the adversary learns how to counterfeit the CO, he cannot distribute the protected container without detection.

Thus, when extracting the CO, a third party (i.e. the adversary) can pursue two goals:

1. extracting the DH from the container ( “weak target” );
2. substitution of one center for another center ( "strong goal" ).

An example of a central heating facility is the sale of electronic books (for example, in * .PDF format). When paying for a book and sending it to the recipient, you can intersperse information about e-mail in * .pdf ; IP user input, etc. Of course, this is not fingerprints or DNA analysis, but you must admit that this is better than nothing. Perhaps in Russia, due to a different culture and a different, historically established attitude to exclusive law, this application of steganography is irrelevant; but, for example, in Japan, where they can be sent to download torrent files, the use of steganographic CO is more likely.

Steganographic Watermarks (SVZ) (Stego Watermarking)

Unlike CO, SVZ implies the presence of the same labels for each copy of the container. In particular, the SVZ can be used to confirm copyright. For example, when recording on a camcorder, you can intersperse information on the recording time, model of the camcorder and / or the name of the operator of the camcorder in each frame.
If the footage falls into the hands of a competing company, you can try to use the SVZ to confirm the authorship of the recording. If the key is kept secret from the owner of the camera, then using the SVZ you can confirm the authenticity of photos and / or video images. By the way, our colleague in the workshop, Dmitry Vitalievich Sklyarov , successfully broke the steganography on some Canon camera models. The problem really was a hardware one, Dmitry Vitalievich didn’t touch the quilt itself, nevertheless, he steganographically “proved” the authenticity of Stalin with the iPhone.

Covert Data Transfer (SPD)

This is the “classic” goal of steganography, known since the days of Aeneas Tactic ( Αινείας ο Τακτικός , see his work containing simple steganographic techniques: “On the transfer of siege” ). The task is to transmit data so that the adversary does not guess about the fact of the appearance of the message.

In modern Russian-language works on steganography, the term CEH (Digital Watermarks) is often used . By this term is meant either SVZ or TSO. (And sometimes SVZ and TsO at the same time, and even in one article!) Nevertheless, with the implementation of TS and SVZ, the problems and tasks arising are fundamentally different! Indeed, the SVZ on all copies of an electronic document is the same, and the CO on all copies of documents is different. For this reason, for example,collusion attack is fundamentally impossible in the SVZ! At least for this reason, it is necessary to distinguish between SVZ and CO. I strongly advise everyone who is going to work in the field of steganography to not use the term CEH in their speech.

This seemingly obvious thought is still puzzling to many. A similar point of view about the need to distinguish between SHZ and CO was expressed by such well-known in narrow circles “steganographs” as Cachin, Petitcolas, and Katzenbeisser.

For each of these three goals, you should develop your own criteria for the stability of the steganographic system and formal information-theoretical models to achieve them, because The meaning of steganography is different. About the fundamental difference between SVZ and CO is written above. But maybe it makes sense to combine SPD with the central heating facility or with the SVZ? Not! The fact is that the meaning of SPD is the hidden data transfer itself , and the CO and SVZ are designed to protect the container itself . Moreover, the very fact of the availability of a central assessment center or a secondary health check may not be secret, unlike most tasks for SPD. In particular, for this reason, there is no practical sense in talking about the possibility of building a perfect stegosystem (according to Cachen) for the implementation of a central heating system or a HEZ for most practical tasks.

The international journal Springer: Information Hidding generally suggests by steganography to call only SPD, since central heating and SVZ do not require hiding the very fact of data transfer. For example, you know that a banknote of 100 rubles is protected. Some mechanisms are known to you, some are known only to specialists, and some contain state secrets. But the fact that there are some secret mechanisms is known to everyone; it is not known just how and which technologies additionally protect the paper bill ... The

naming of steganography as the only goal of SPD in Springer magazine seems reasonable, but the Russian-language term is " Information Concealment“I haven’t taken root in domestic articles and dissertations yet. Therefore, in this work, under the term Springer'a Information Hiding we mean all steganography, and under the term Springer'a steganography we mean only one goal of steganography - SPD.

The practical application of steganography

Having discussed the goals, we will move on to practical applications. I found 15 tasks for which steganography may be relevant. If you disagree with something or I missed something, I will be glad to hear from you! Feel free to write!

1. Stealth Information Transmission (SPD)

The most obvious thing is that the first comes to mind. Unlike cryptographic methods (which are secrets but not secretive), steganography can be used as a method of discreet information transfer. This constitutes a “classic practical application” of steganography, therefore this goal is in the first place.

2. Hidden storage of information (SPD)

This goal of steganography is in many ways similar to the previous one. Only in this case, steganography is not used for transmission, but for storing any information, the detection of the very fact of which (even if in encrypted form) is undesirable for the user. Obviously, this task is feasible on data carriers, but not in communication channels. Moreover, redundancy on many media can be incredibly large. For example, the total amount of data (including RLL codes) that can be written to a CD is 1828 MB of data. This is a huge redundancy that can be used to hide data!

If Gene Ryzhov from the movie } {0TT @ B) Hif I thought about it and would not be too lazy to solder and panic a little, then he would hardly have stored CD's with “compromising” software in a cactus pot. I think the hacker Gennady simply would have interspersed the data in the ECC of optical disks, and the disks with photos of the cats themselves would have been stored openly! Agree, this is much better than a cactus pot! :)

3. Undeclared information storage (SPD)

Many information resources allow you to store only a certain type of data. For example, the YouTube portal allows you to store only video information in the formats MOV, MPEG4, AVI, WMV, MPEG-PS, FLV, 3GPP, WebM . However, you can use steganography to store data in other formats. I do not argue that in the context of the existence of various resources like Yandex Disk, this goal may seem strange. Most likely, there is no practical significance; just just4fun and fun coursework for the student.

However, hid.im allows users to hide .torrent files inside PNG images. Here's how Michael Nutt, the creator of the project, commented:

This is an attempt to make torrents more resilient. The difference is that there is no longer any need for an indexing site to store your torrent file. Many forums allow you to upload images, but no other file types
(@Mithgol Hid.im converts torrents to PNG images )

There is also the StegTorrent project , which, unlike the hid online service, requires installation.

In February 2015, Hacker published the article " Tens of thousands of MongoDB databases are accessible via the Internet ." In principle, these “jambs”, among other things, can be used for undeclared data storage. (Another analogue of a cactus pot?)

4. Protection of exclusive rights (CO)

Possible applications include the holographic versatile disc ( Holographic Versatile Disc, HVD ). (True, there is a point of view that this technology is initially “stillborn”) The HVBs currently being developed can contain up to 200 GB of data per cartridge. These technologies are supposed to be used by television and radio broadcasting companies to store video and audio information. The presence of CO in the corrective codes of these disks can be used as the main or additional means for protecting license rights.

As another example, as I wrote earlier, one can cite the online sale of information resources. It can be books, films, music, etc. Each copy must contain a CO for identification (at least indirectly) or a special label for verification whether it is licensed or non-licensed.

This goal has tried to implement in 2007-2011 the company amazon.com . To quote artty from the article “Protecting” mp3 files on amazon.com :

If in Russian: the downloaded file will contain a unique identifier for the purchase, date / time of purchase, and other information (...).

Download data on the forehead of the composition did not work (Amazon swears and says that he can only sell them in the United States). I had to ask my American friends and after a while I had the same song on my hands, but downloaded independently by two different people from different accounts in Amazon. In appearance, the files were exactly the same, the size coincided to a byte.

But since Amazon wrote that it included a download identifier in each mp3 and decided to check some two existing files bit by bit and immediately found the differences.

5. Copyright Protection (SVZ)

In this case, one copy protects each copy of the content. For example, it could be a photograph. If the photo is published without the permission of the photographer, saying that he is allegedly not the author of this work, the photographer can try to prove his authorship with the help of steganography. In this case, information about the serial number of the camera and / or any other data should be interspersed in each photo, allowing you to “link” the photo to one single camera; and through the camera, the photographer can try to indirectly prove that he is the author of the picture.

6. Protection of document authenticity (SVZ)

The technology may be the same as for copyright protection . Only in this case, steganography is used not to confirm authorship, but to confirm the authenticity of a document. A document that does not contain an SVZ is considered “not real”, i.e. fake. Dmitry Sklyarov already mentioned above was just solving the opposite problem. He found the vulnerability of the Cannon camera and was able to fake the authenticity of the photograph of Stalin with the iPhone.

7. Individual fingerprint in EDMS (CO)

In the electronic document management system ( EDMS ), you can use an individual fingerprint inside * .odt, * .docx and other documents when working with them by the user. For this, special applications and / or drivers must be written that are installed and work in the system. If this task is completed, then with the help of an individual fingerprint it will be possible to identify who worked with the document and who did not. Of course, in this case it is foolish to make steganography the only criterion, but as an additional factor in identifying the participants in the work with the document, it can be useful.

8. Watermark in DLP systems (SVZ)

Steganography may be applicable to prevent data leaks ( Data Leak Prevention , DLP). Unlike the individual fingerprint in the EDMS , in this application of steganography, when creating a document containing a confidential nature, a certain label intersperses. In this case, the label does not change, regardless of the number of copies and / or revisions of the document.

In order to retrieve the label, a stegokey is necessary. The stegokluch, of course, is kept secret. The DLP system, before approving or refusing to issue a document outside, checks for the presence or absence of a watermark. If the mark is present, the system does not allow sending the document outside the system.

9. Stealth transmission of the control signal (SPD)

Suppose the receiver is a system (such as a satellite); and the sender is the operator. In this case, steganography may be applicable to deliver any control signal to the system. If the system can be in different states and we want the enemy not even to guess that the system has switched to another state, we can use steganography. Using only cryptography, without steganography, can give the adversary information that something has changed and provoke him to unwanted actions.

I think no one will argue that in the military sphere this task is incredibly relevant. This task may be relevant for criminal organizations. Accordingly, law enforcement agencies should be armed with a certain theory on this issue and contribute to the development of programs, algorithms and systems to counter this application of steganography.

10. Steganographic botnet networks (SPD)

If you are a pedant, then this application can be considered a special case of the hidden transmission of the control signal . However, I decided to designate this application separately. My colleague from TSU sent me a very interesting article by some Shishir Nagaraja , Amir Houmansadr , Pratch Piyawongwisal , Vijit Singh , Pragya Agarwal and Nikita Borisov 'and “Stegobot: a covert social network botnet” . I am not a botnet specialist. I can’t say whether this is crap or an interesting feature. I will just hear the opinion of the habrasociety!

11. Confirmation of the reliability of the transmitted information (CO).

The stego message in this case contains data confirming the correctness of the transmitted data of the container. As an example, this can be a checksum or a hash function (digest). The task of validation is relevant if the adversary needs to fake container data; for this reason, this application should not be confused with protecting the authenticity of documents ! For example, when it comes to photography, the protection of authenticity is proof that this photo is real, not faked in Photoshop. It’s as if we are protecting ourselves from the sender (in this case, the photographer). In the case of validation, it is necessary to organize protection from a third party (man in the middle), which has the ability to fake data between the sender and the recipient.

This problem has many classic solutions, including cryptographic ones. Using steganography is another way to solve this problem.

12. Funkspiel ("Radio Game") (SPD)

From wikipedia :


The stego message in this case contains data that reports whether it is worth taking the container information seriously. It can also be some kind of hash function or just a predefined bit sequence. It can also be a hash function of the time the transmission started (in this case, to eliminate the problem of time synchronization between the sender and the recipient, the time should be taken with an accuracy of minutes or even hours, and not accurate to seconds or milliseconds).

If the stego message has not passed verification, then the container should be ignored by the recipient, regardless of its contents. In this case, steganography can be used to misinform the enemy. For example, a container may be a cryptographic message. In this case, the sender, wanting to mislead the enemy, encrypts the data with a certain cryptographic key known to the enemy, and the stego message is used to prevent the receiver from accepting the false container.

Suppose the adversary has the ability to destroy the CO. In this case, funkspiel can be used against the interests of the sender. The recipient, without detecting the label, will not ignore the received container. Perhaps in some practical solutions it’s reasonablefunkspiel used in conjunction with validation . In this case, any information that does not contain a confidence label is ignored; and accordingly, for a radio game, you just don’t have to include a label in the message.

13. Inalienability of information (SVZ)

There are a number of documents for which integrity is important. It can be done by backing up data. But what if there is a need to have documents in such a way that it is impossible to separate one information from other information? An example is medical imaging. For reliability, many authors propose to insert information about the patient’s name, surname and other patient data inside the images. See for example the book by Stefan Katzenbeisser and Fabien AP Petitcolas, Information Hiding Techniques for Steganography and Digital Watermarking :



Similar reasoning can be made about modern astronomy. Here is a quote from the domestic astronomer Vladimir Georgievich Surdin ( link to the video ):

I envy those who are now in science. For the past 20 years, we [astronomers] have generally stagnated. But now the situation has changed. Several telescopes of a completely unique property have been built in the world. They see almost the whole sky and receive huge amounts of information every night. It’s enough to say that over the past 200 years, astronomers have discovered several thousand objects. (...) It's over 200 years! Today, every night we discover three hundred new objects of the solar system! This is more than a person could write to the catalog with a pen. [per day]

Just think, every night 300 new objects. It is clear that these are various small space asteroids, and not the discovery of new planets, but still ... Indeed, would it be wise to intersperse information about the shooting time, shooting location and other data directly in the image? Then, when exchanging images between astronomers, scientists could always understand where, when, and under what circumstances a particular image was taken. You can even intersperse information without a key, assuming that there is no adversary. Those. use steganography only for the sake of “non-alienation” of the images themselves from additional information, hoping for the honesty of users; perhaps it would be much more convenient than accompanying each image with information.

From the world of computer games, you can bring WoW . If you take a screenshot of the game,then the SVZ containing the user name, time taken to take a screenshot (accurate to the minute and IP) server address is automatically implemented .

14. Steganographic distraction (?)

As the name implies, the task of steganographic distraction is to divert the attention of the enemy. This task can be set if there is any other reason for using steganography. For steganographic distraction, it is necessary that the generation of stegocontainers be substantially “cheaper” (in terms of machine and time resources) than the detection of steganography by an adversary.

Roughly speaking, steganographic distraction is somewhat reminiscent of DoS and DDoS attacks. You distract the enemy’s attention from containers that really contain something of value.

15. Steganographic Tracking (SPD)

This application is somewhat similar to paragraph 7 of the individual fingerprint in the EDMS , only the goal is different - to catch an attacker who "leaks" the information. From the real world we can give an example of marked banknotes (“ tagged money”). They are used by law enforcement agencies so that the offender who received money for any illegal activity could not later claim that he had this money before the transaction.

Why not take the experience of “real colleagues” into our virtual world? Thus, steganographic tracking resembles something like a honeypot .

Forecast of the future steganography in the first quarter of the XXI century

After reading fifty different articles on the stegane and several books, I venture to express my opinion about steganography. This opinion is just my opinion and I do not impose it on anyone. Ready for constructive criticism and dialogue.

Thesis. I believe that the world is technically ready for steganography, but in the "cultural" plan, the modern information society has not yet ripened. I think that in the near future (2015-2025) what will possibly be called the " steganographic revolution " will happen in the future ... Maybe this is a bit arrogant statement, but I will try to substantiate my point of view with four points.

The first one . There is currently no unified theory of steganography. Top Secret Stegosystem (Cachen)certainly better than nothing, but in my opinion this is a black and white photo of the tail of a spherical virtual horse in a vacuum ... Mittelholzer tried to slightly improve the results of Christian Cachen, but so far this is a very long theory.

The lack of a unified theory is an important brake. It is mathematically proved that the Vernam cipher (= "one-time notepad") cannot be cracked, for this reason the connection between V.V. Putin and Barack Obama are implemented precisely using this algorithm. There is a certain theory that creates and studies abstract (mathematical) cryptographic objects (Bent-functions, LFSR, Feisteyl cycles, SP-sets, etc.). In steganography, there is a zoo of terms and models, but most of them are unfounded, incompletely studied or far-fetched.

Nevertheless, certain shifts in this direction already exist. Modest attempts are already being made to use steganography, if not as the main or even the only solution, then as an auxiliary tool. A huge shift in theory has occurred over the past fifteen years (2000-2015), but I think about this you can write a separate post, in a nutshell it is difficult to say.

The second one . Steganography is an interdisciplinary science! This is the first thing any beginner "steganographer" should understand. If cryptography can abstract from equipment and solve exclusively problems in the world of discrete mathematics, then a steganography specialist must study the environment. Although, of course, there are a number of problems in building cryptosystems, for example, an attack through side channels; but this is not the fault of the quality of the cipher. I think that steganography will develop in accordance with the development of the study of the environment in which hidden messages are transmitted. Thus, it is reasonable to expect the appearance of “chemical steganography,” “steganography in images,” “steganography in error correction codes,” “food steganography,” etc.

Since about 2008, everyone has already realized this. Not only mathematicians-cryptographers became interested in steganography, but also linguists, philologists, chemists. I think this is a positive shift that says a lot.

The third . The modern virtual world is oversaturated with texts, pictures of cats, videos and other and other ... More than 100 hours of video are downloaded every minute on one YouTube site ! You just think every minute! So how many minutes do you read this lengthy opus? .. Now multiply this number by 100! So many hours of different videos on YouTube alone appeared during this time !!! Can you imagine that? But this is a huge "ground" for hiding data! That is, “technically” the world has long been ready for steganography. And, frankly, I am deeply convinced that steganography and counteraction to steganography in the near future will become the same urgent problem as the BigData or Internet of Things problem .

Fourth . Long ago, when I was a first year student Bauman, one of my friends gave me for my birthday, " Encrypted Book " by Simon Singh. What was my surprise when I found out that the first computer was not the American ENIAC , but the Polish " Bomb ", developed by Heinrich Zygalski , Jerzy Rozhitsky and Marian Reevsky in 1938. In the summer of 1939, in the Kabat Forest (near Warsaw), the Poles presented the British with their designs and evacuated cryptanalysts and engineers. In Britain, Alan Turing led the Poles, and the Colossus machine was created on the basis of the Bomb ...

This information has ceased to be secret, if my memory serves me, only in the 2000s. Another historical example is the RSA algorithm, which was invented at the end of WWII by British cryptographers. But, for obvious reasons, the military classified the world's first asymmetric encryption algorithm and the palm went to Diffie, Helman, and then Rivest, Shamir and Adleman.

Why am I doing this? The fact is that in information security everything is invented at least twice: once “closed”, and the second time “open”; and in some cases even more than twice. This is normal. I think also waiting for steganography (ate did not comprehend).

In modern Western literature, for some reason, many scientists have "disappeared" (that is, ceased to be published), who in 1998-2008 offered very interesting ideas. (e.g. Peter Weiner, Michel Elia). A similar situation was before the invention of atomic weapons ... Who knows, perfect stegosystems can already be invented and they are successfully used by the GRU and / or NSA? And we, reading this post and looking at the wristwatch, we calculate how many more hours of purring seals millions of users have downloaded on YouTube and whether there are seals among them with the correspondence of terrorists; commands for a botnet network or RT-2PM2 drawings encrypted with Vernam cipher.