Practical steganography

Applying the principles of steganography to solve real problems

Actually, the term “steganography” has long been a non-issue, and in the general case it is clear that we are talking about ways to transfer hidden data within other, not hidden. However, when arguments about the applicability of these methods begin, various options are usually suggested for hiding information from certain villains who want to identify and use it (this information). In this article, we propose to look at steganography a little wider, although, undoubtedly, the task “to hide and not allow to use” is the most obvious.

Something about watermarks

There is such a good and fairly well-known use of steganography - a watermark in the image. Used, as a rule, for the protection of copyright, which is very important for designers, photographers, illustrators and other artists. Similar mechanisms are often already built into graphic editors, in the same Photoshop this is done with the help of plug-ins. And the idea is that when exporting, the image is almost imperceptibly modified, and further contains the author's identifier, which allows you to “catch” the facts of unlicensed use of digital images, while almost without losing quality as a visual. True, the key word here is “almost”, because the picture is modified a bit, which means it differs from the original one. A watermark can be noticeable as grains on homogeneous surfaces and often increases the file size, and can also be removed, for example, by blurring over Gauss (true, the image will lose a bit in sharpness). And therefore some photographers refuse from such programs in favor of the usual copyright on photos.
But if we consider a watermark not as a protection, but to save additional data on an image, then there are more options for using this technology. Such a picture can replace the classic bar codes, and therefore can be used for labeling goods in stores. This opens up space for the packaging designer’s activities - after all, it will be possible not to leave space under some abstract EAN-13 (now we don’t take the issue of regulatory requirements), but to indicate the necessary information directly in the package design. One of the companies provides steganography technology on the image under the slogan “The barcode of everything”.

Here, however, there are technical limitations: the watermark will be correctly read only from a full-color image, but on the scan of a text document, guaranteed information is no longer recognized.

Audio files, by the way, can also be protected using a “watermark”, no matter how strange it may seem in relation to sound. And more videos.

Updated Files

The second thing that is often remembered when discussing steganography is hidden data when sending messages, but it is still a very specialized task for spies. In principle, no one bothers to transmit additional information in household messages — for example, some technical data on the state of the equipment — but this is simply irrelevant, since there are special channels and communication sessions for such tasks.
But for cybercriminals here is the expanse, because you can spread malicious code in messages. And, by the way, steganographic methods of transmitting information are used to bypass network locks, which are becoming increasingly widespread. However, this topic is beyond the scope of this article, so we will not dwell on it.

Another option for the practical application of steganography is to record additional information in the contents of files. There are quite a few options for use here, basically all of them lie in the flat copyright protection, but not only. There are other ideas.

One of them is a hidden entry in the file of additional data about the last action with an electronic document: opening, copying, editing. This information may be the identifier of the user who last edited the text, the name of the machine on which it was produced, and so on. Within the security contour, this data may seem redundant, but in the event of a file leaking outside the protected area and its subsequent detection, such information will make it possible to investigate the distribution paths of the electronic document, make it easier to find those responsible, and ultimately help reduce the likelihood of such incidents.

It should be noted that the required information can be hidden in the file in various ways: in the metadata, in the properties of the file, and if we are talking about an image - using the same “watermark”. In the latter case, the document will be protected when printing (of course, provided sufficient quality of the printed document).

How to find and neutralize?

And here we are touching on another problem potentially solved with the help of steganography: determining the source of distribution of printed documents. Actually, it is easier to move a printed document out of the protected contour, since a copied or mailed file can be tracked in real time. And this is really a problem that sometimes takes enormous proportions. Getting the wrong copy of the document can sometimes lead to changes in the law. And they mean not cardboard folders with the stamp “top secret” - there are separate services, regulations and technical means to protect this class of information, no, we are talking about quite seemingly innocent texts. For example, take the draft internal order on the appointment of a top manager to a new position in the company. The leakage of this information can provoke serious changes in the value of the shares of the enterprise in which the personnel change is planned, even though it has not yet entered into force.

One of the representatives of our client (and this is a large federal company) in a private conversation somehow told about a similar incident: a copy of a printed and signed order to change the internal regulations appeared in the network. This caused problems, but the story was not the point. The security service conducted an investigation, and at the most it was able to determine the region of the leak of the document. Neither DLP, nor webcams, nothing helped. But a new problem was added: the company's employees realized that they could print and issue documents with impunity.

More options

What options can steganography offer here? Well, for example, when sending to print, in addition to text, a barcode with additional data. But, firstly, this is not quite steganography: the barcode is not hidden, and, secondly, and this follows from the first, it is very easy to get rid of it.

You can apply “watermark” algorithms to the generated print page, but we remember that their use is limited by full color and image saturation, which the average document cannot boast of. What to do?

One of the options offered by manufacturers of office equipment. For a long time, in general, it is no longer a secret that most modern laser printers put inconspicuous microdots on each page, mostly yellow. Using these points on the printed document, information about the serial number of the printer is coded, as well as the date and time of printing. This option is quite used in forensic science, in the media there are examples when such information allowed to investigate the leakage of secret data and identify the perpetrators: (http://digg.com/2017/did-intercept-burn-reality-winner).

By the way, this technology is used in the protection of banknotes and securities. You can look at any bill in your own wallet right now - you will find both microdot and micronaddress.

However, all the same, not all printers support this technology, especially since color printers are not always used in the document flow. Yes, and decode these data, as a rule, the security service of the average company can not, simply because of ignorance of the algorithms. But in general - the technology exists and is used.

Affine transformations

There are software vendors on the market that offer the option of processing a document using affine transformations.

Affine transformation is a geometric transformation of a plane or space that can be obtained by combining movements, reflections and homotheties in the directions of the coordinate axes.

Simply put, affine transformation allows you to change a document, microscopically shifting words and strings relative to each other, correcting the line and word breaks. Each copy of the document transmitted to the user is modified in a similar way, eventually becoming unique. And in the case of a copy leak, you can always make an assumption about the source of this leak.

This solution allows you to investigate not only when printing a document, but also when taking a screenshot of the screen, as well as when photographing the screen with the subsequent display of the image on the Internet. However, in order for this algorithm to work, the user must be issued a finished protected document already in the form of an image. That is, it cannot be edited, which means that in the situation described above with the leakage of the draft order (at the stage of creation) such an approach is useless.

Uniqueness on the fly

Continuing to develop the idea of ​​unique document, we come to the variant of steganographic coding of the document when editing it, viewing it, and also when copying and sending it to print. There are no ready-made industrial solutions here, although there are services on the network that offer to hide the necessary message in a free text (for example, www.spammimic.com - masks the specified message in the generated meaningless “spam”; however, the creators of the site warn against using it by spies). There is currently no means of uniqueizing a document at the stage of its modification, as has already been said.

And the matter is not even in the technical implementation, but in the development of the principles of such coding - the text itself has a rather poor set of characteristics for uniqueization. In the network you can find scientific papers on this topic, but, as a rule, things don’t go beyond line-spacing games and spaces at the end of lines.

However, research work on this topic is actively conducted, including by our company.