Practical Steganography

    Application of steganography principles for solving real problems


    Actually, the term “steganography” has not raised questions for a long time, and in the general case it is clear that we are talking about methods for transmitting hidden data inside others that are not hidden. However, when discussions begin about the applicability of these methods, various options are usually offered for hiding information from certain villains who want to identify and use it (this information). This article proposes to look at steganography a little wider, although, undoubtedly, the task of "hide and stop using" is the most obvious.

    Something about Watermarks




    There is such a good and fairly well-known use case for steganography - a watermark in the image. It is used, as a rule, for copyright protection, which is very important for designers, photographers, illustrators and other artists. Similar mechanisms are often already built into graphic editors; in the same Photoshop, this is done using plugins. And the idea is that when exporting the image is almost imperceptibly modified, and further contains the author’s identifier, which allows you to “catch” the facts of unlicensed use of digital images, almost without losing visual quality. True, the key word here is “almost”, because the picture is still slightly modified, which means it differs from the original one. A watermark can be seen as a grain on uniform surfaces and often increases file size, It can also be deleted, for example, by blurring in Gaussian (although the image will also lose a bit of sharpness). And so some photographers refuse such programs in favor of the usual copyright in photographs.
    But if we consider the watermark not as protection, but to save additional data on the image, then there are more options for using this technology. Such a picture can replace the classic barcodes, which means that it can be used for marking goods in stores. This opens up scope for the activities of the packaging designer - after all, it will be possible not to leave a place for some abstract EAN-13 (now we do not take the issue of regulatory requirements), but to indicate the necessary information directly in the packaging design. One of the companies provides steganography technologies in the image under the slogan “The barcode of everything”.

    Here, however, there are technical limitations: a watermark will be correctly read only from a full-color image, but on the scan of a text document, the information is no longer guaranteed to be recognized.

    Audio files, by the way, can also be protected with the help of a “watermark”, no matter how strange it may seem in relation to the sound. And more videos.

    Supplemented files




    The second thing that is often remembered when discussing steganography is hidden data when sending messages, but it is still a very specialized task - for spies. In principle, no one bothers to transmit additional information in everyday messages - for example, some technical data on the state of equipment - but this is simply irrelevant, since there are special channels and communication sessions for such tasks.
    But for attackers here is expanse, because you can spread malicious code in messages. And, by the way, steganographic methods of information transfer are used to bypass network locks, which are becoming more widespread. However, this topic is beyond the scope of this article, so we will not dwell on it.

    Another option for the practical application of steganography is the recording of additional information in the contents of files. There are quite a lot of use cases here, basically all of them are in the plane protection of copyright, but not only. There are other ideas.

    One of them is a hidden record in the file of additional data about the last action with an electronic document: opening, copying, editing. This information can be the identifier of the user who last edited the text, the name of the machine on which it was produced, and so on. Within the security loop, this data may seem redundant, but if the file leaks out of the protected area and is subsequently discovered, such information will make it possible to investigate the distribution of the electronic document, facilitate the search for those responsible and, ultimately, help reduce the likelihood of such incidents.

    It is worth noting that the required information can be hidden in the file in various ways: in the metadata, in the file properties, and if it is an image - using the same “watermark”. In the latter case, the document will be protected during printing (of course, provided that the quality of the printed document is of sufficient quality).

    How to find and neutralize?


    And here we touch upon another problem that can be solved with the help of steganography: determining the source of distribution of printed documents. Actually, it is easier to take out a printed document outside the protected circuit, since the file c copied or sent by mail can be tracked in real time. And this is really a problem that sometimes takes on a colossal scale. Falling into the wrong hands of a copy of a document can sometimes lead to changes in legislation. What is meant here are not cardboard folders labeled “top secret” - there are separate services, regulations and technical means for protecting this class of information — no, we are talking about quite innocuous, at first glance, texts. For example, take a draft internal order on the appointment of a top manager to a new position in the company.

    One of the representatives of our client (and this is a large federal company) in a private conversation somehow told of a similar incident: a copy of the printed and signed order on changing the internal regulations appeared on the network. This entailed problems, but the essence of the story was not that. The security service conducted an investigation, and the most that could - to determine the region of the document leak. Neither DLP nor webcams helped, nothing. But a new problem was added: the company employees realized that they could print and render documents with impunity.

    More options


    What options can steganography offer here? Well, for example, when sending to print, in addition to the text, it also displays a barcode with additional data. But, firstly, this is not quite steganography: the barcode is not hidden, and, secondly, - and this follows from the first - getting rid of it is very simple.

    You can apply “watermark” algorithms to the generated print page, but we remember that their use is limited to full-color and image saturation, which the average document cannot boast of. What to do?

    One of the options offered by manufacturers of office equipment. For a long time, in general, it is no longer a secret that most modern laser printers put subtle microdots on each page, mostly yellow. Using these dots on the printed document, information about the serial number of the printer, as well as the date and time of printing, is encoded. This option is quite used in forensics, the media cites examples when such information allowed to investigate the leak of classified data and identify the perpetrators: (http://digg.com/2017/did-intercept-burn-reality-winner).

    By the way, a similar technology is also used to protect banknotes and securities. You can look at any bill right now in your own wallet - you will find both microdots and microlabels.

    However, still not all printers support this technology, especially since color printers are not always used in document management. And as a rule, the security service of an average company cannot decode this data, simply because of its lack of knowledge of the algorithms. But in general - the technology exists and is used.



    Affine transformations


    There are software manufacturers on the market that offer the option of processing a document using affine transformations.

    An affine transformation is a geometric transformation of a plane or space that can be obtained by combining movements, reflections, and homotheties in the directions of the coordinate axes.

    Simply put, affine transformation allows you to change the document, microscopically shifting words and lines relative to each other, and adjusts line spacing and word spacing. Each copy of the document transmitted to the user is modified in a similar way, eventually becoming unique. And in the event of a copy leak, you can always make an assumption about the source of this leak.

    This solution allows you to investigate not only when printing a document, but also when taking a screenshot of the screen, as well as when photographing the screen and then uploading the picture to the Internet. However, for this algorithm to work, the user must be given a ready-made protected document already in the form of an image. That is, you cannot edit it, which means that in the situation described above with the leak of the draft order (even at the stage of creation), such an approach is useless.

    Unique on the fly


    Continuing to develop the idea of ​​unique document, we come to the option of steganographic coding of the document when editing, viewing, as well as when copying and sending to print. There are no ready-made industrial solutions here, although there are services on the network that offer to hide the necessary message in arbitrary text (for example, www.spammimic.com - masks the given message in the generated meaningless "spam"; however, the creators of the site warn against using it by spies). The means of document uniqueization at the stage of its modification, as already mentioned, is currently lacking.

    And the point is not even technical implementation, but the development of the principles of such coding - the text as such has a rather meager set of characteristics for uniqueness. On the network you can find scientific papers on this topic, but, as a rule, things do not go beyond games with line-spacing and spaces at the end of lines.

    However, research on this topic is being actively conducted, including by our company.

    Also popular now: