Computer steganography yesterday, today, tomorrow.
Vyacheslav Sergeevich Ukov, PhD in Engineering
Andrey Petrovich Romantsov
COMPUTER STEGANOGRAPHY YESTERDAY, TODAY, TOMORROW.
Information security technologies of the 21st century.
The task of reliable protection of information from unauthorized access is one of the oldest and still unsolved problems. Methods and techniques for hiding secret messages have been known since ancient times, and this area of human activity is called steganography.This word comes from the Greek words steganos (secret, mystery) and graphy (record) and, thus, literally means “secret writing”, although steganography methods probably appeared earlier than writing itself (initially, conventional signs and designations were used).
Later, more effective methods of coding and cryptography were used to protect information at the time of their creation.
As is known, the purpose of cryptography is to block unauthorized access to information by encrypting the content of secret messages. Steganography has a different task, and its goal is to hide the very fact of the existence of a secret message. At the same time, both methods can be combined and used to increase the effectiveness of information protection (for example, to transmit cryptographic keys).
Like any tools, steganographic methods require attention and careful handling, as they can be used both for defense and for attack. This article examines the possibilities of steganography in relation to the problem of information security based on an analysis of open information sources.
1. Steganography Yesterday
The first traces of steganographic methods are lost in ancient times. For example, it is well known that in ancient Greece, texts were written on wax-covered tablets. To prevent the message from reaching the enemy, the following trick was used. The wax was scraped off the tablets, the message was written directly on the surface of the wood, and then the tablet was covered with wax again. The tablets looked unchanged and therefore did not arouse suspicion.
Various methods of hidden writing between the lines of ordinary unprotected writing are well known: from the use of milk to the use of complex chemical reactions with subsequent processing during reading.
Other methods of steganography include the use of microphotographs, minor differences in the writing of handwritten characters, small punctures in certain printed characters, and many other methods for hiding the true meaning of a secret message in open correspondence.
2. Computer steganography today
Computer technologies have given new impetus to the development and improvement of steganography, a new direction in the field of information security has appeared — computer steganography (CS).
Modern progress in the field of global computer networks and multimedia tools has led to the development of new methods designed to ensure the security of data transmission over telecommunication channels and their use for undeclared purposes. These methods, taking into account the natural inaccuracies of digitalization devices and the redundancy of an analog video or audio signal, allow messages to be hidden in computer files (containers). Moreover, unlike cryptography, these methods hide the very fact of information transmission.
2.1. Basic principles of computer steganography and its areas of application
K. Shannon gave us the general theory of cryptography, which is the basis of steganography as a science. In modern computer steganography, there are two main types of files: a message—a file that is intended to be hidden, and a container—a file that can be used to hide a message in it. There are two types of containers. The original container (or “Empty” container) is a container that does not contain hidden information. The result container (or “Filled” container) is a container that contains hidden information. The key is a secret element that determines the order in which the message is entered into the container.
The main provisions of modern computer steganography are as follows:
1. Concealment methods must ensure the authenticity and integrity of the file.
2. It is assumed that the adversary is fully aware of all possible steganographic methods.
3. The security of the methods is based on the preservation of the main properties of the openly transmitted file by steganographic transformation when a secret message and some information unknown to the adversary — the key — are entered into it.
4. Even if the fact of concealing the message becomes known to the adversary through an accomplice, extracting the secret message itself is a complex computational task.
In connection with the growing role of global computer networks, the importance of steganography is becoming increasingly important. Analysis of information sources of the Internet computer network allows us to conclude that steganographic systems are currently actively used to solve the following main problems:
1. Protecting confidential information from unauthorized access;
2. Overcoming monitoring and network resource management systems;
3. Camouflaging software;
4. Protection of copyright for certain types of intellectual property.
Let's look at each of the listed tasks in more detail.
Protection of confidential information from unauthorized access
This area of using the CS is the most effective in solving the problem of protecting confidential information. For example, just one second of digital audio with a sampling frequency of 44100 Hz and a sampling level of 8 bits in stereo mode allows you to hide about 10 KB of information by replacing the least significant low-order bits with the hidden message. At the same time, the change in the sample values is less than 1%. Such a change is practically not detected when listening to the file by most people.
Overcoming network resource monitoring and management systems
Steganographic methods aimed at counteracting industrial espionage network resource monitoring and management systems make it possible to counter attempts to control the information space when information passes through local and global computer network management servers.
Software camouflage
Another important task of steganography is software camouflage. In cases where the use of software by unregistered users is undesirable, it can be camouflaged as standard universal software products (for example, text editors) or hidden in multimedia files (for example, in the soundtrack of computer games).
Copyright protection
Another area of application of steganography is the protection of copyright from piracy. A special mark is applied to computer graphic images, which remains invisible to the eye, but is recognized by special software. Such software is already used in computer versions of some magazines. This direction of steganography is intended not only for processing images, but also for files with audio and video information and is designed to ensure the protection of intellectual property.
2.2. Review of known steganographic methods.
Currently, computer steganography methods are developing in two main directions:
1. Methods based on the use of special properties of computer formats;
2. Methods based on the redundancy of audio and visual information.
Comparative characteristics of existing steganographic methods are given in Table 1.
Table 1. Comparative characteristics of steganographic methods
| Steganographic methods | Brief characteristics of methods | Disadvantages | Advantages |
| 1. Methods of using special properties of computer data formats | |||
| 1.1. Methods of using fields of computer data formats reserved for extension | Extension fields are present in many multimedia formats, they are filled with zero information and are not taken into account by the program | Low level of secrecy, transfer of small limited amounts of information | Ease of use |
| 1.2. Methods of special formatting of text files: | |||
| 1.2.1. Methods of using known shift of words, sentences, paragraphs | The methods are based on changing the position of lines and arrangement of words in a sentence, which is achieved by inserting additional spaces between words | 1. Weak performance of the method, transfer of small amounts of information
2. Low degree of secrecy |
Ease of use. There is published software for implementing this method |
| 1.2.2. Methods for selecting specific letter positions (zero cipher) | Acrostic is a special case of this method (for example, the initial letters of each line form a message) | ||
| 1.2.3. Methods for using special properties of format fields that are not displayed on the screen | The methods are based on the use of special «invisible», hidden fields for organizing footnotes and references (for example, using black font on a black background) | ||
| 1.3. Methods of hiding in unused places on floppy disks | Information is written in usually unused places on the floppy disk (for example, in the zero track) | 1. Weak performance of the method, transfer of small amounts of information
2. Low degree of concealment |
Ease of use.
There is published software for implementing this method. |
| 1.4. Methods for using mimic functions (mimic-function) | The method is based on text generation and is a generalization of an acrostic. For a secret message, a meaningful text is generated that hides the message itself. | 1. Weak performance of the method, transmission of small amounts of information.
2. Low level of stealth |
The resulting text is not suspicious for network monitoring systems |
| 1.5. Methods for removing the file identifying header | The hidden message is encrypted and the identifying header is removed from the result, leaving only the encrypted data. The recipient knows in advance about the message transmission and has the missing header |
The problem of concealment is solved only partially. It is necessary to transmit part of the information to the recipient in advance |
Ease of implementation. Many tools (White Noise Storm, S-Tools) provide implementation of this method with the PGP encryption algorithm |
| 2. Methods of using redundancy of audio and visual information | |||
| 2.1. Methods of using redundancy in digital photography, digital audio and digital video | The lower digits of digital samples contain very little useful information. Filling them with additional information has virtually no effect on the quality of perception, which makes it possible to hide confidential information | The statistical characteristics of digital streams are distorted by introducing additional information. To reduce compromising features, it is necessary to correct statistical characteristics |
Possibility of covert transmission of large amounts of information. Possibility of protecting copyright, hidden image of a trademark, registration numbers, etc. |
As can be seen from Table 1, the first direction is based on the use of special properties of computer data presentation formats, and not on the redundancy of the data themselves. Special properties of formats are selected taking into account the protection of the hidden message from direct listening, viewing or reading. Based on the analysis of the materials in Table 1, it can be concluded that the main direction of computer steganography is the use of redundancy of audio and visual information. Digital photographs, digital music, digital video are represented by matrices of numbers that encode intensity at discrete moments in space and/or time. Digital photography is a matrix of numbers representing the intensity of light at a certain moment in time. Digital sound is a matrix of numbers representing the intensity of a sound signal at successive moments in time. All these numbers are not exact, since the devices for digitizing analog signals are not exact, there is quantization noise. The least significant digits of digital readings contain very little useful information about the current parameters of sound and visual image. Filling them out does not significantly affect the quality of perception, which makes it possible to hide additional information.
Graphic color files with the RGB mixing scheme encode each point of the image with three bytes. Each such point consists of additive components: red, green, blue. Changing each of the three least significant bits leads to a change of less than 1% of the intensity of this point. This allows you to hide about 100 KB of information in a standard graphic image of 800 KB, which is not noticeable when viewing the image.
Another example. Just one second of digitized audio with a sampling frequency of 44100 Hz and a sample level of 8 bits in stereo mode allows you to hide about 10 KB of information by replacing the least significant low-order bits with the hidden message. In this case, the change in sample values is less than 1%. Such a change is practically not detected when listening to the file by most people.
2.3. A Brief Overview of Steganographic Programs
Windows Operating Environment
Steganos for Win95 is an easy-to-use, yet powerful program for encrypting files and hiding them inside BMP, DIB, VOC, WAV, ASCII, HTML files. For ease of use, the program is designed as a wizard. This 32-bit application contains its own Shredder — a program that destroys files from the hard drive. With new features and additional capabilities, Steganos for Win95 is a serious competitor in the information security market for hiding files.
Contraband is a software that allows you to hide any files in 24-bit graphic files of the BMP format.
DOS operating environment
Jsteg is a program designed to hide information in the popular JPG format.
FFEncode is an interesting program that hides data in a text file. The program is launched with the appropriate parameters from the command line.
StegoDos is a software package that allows you to select an image, hide a message in it, display and save the image in another graphic format.
Wnstorm is a software package that allows you to encrypt a message and hide it inside a PCX graphic file.
OS/2 operating environment
Hide4PGP v1.1 is a program that allows you to hide information in BMP, WAV and VOC files, and any number of the least significant bits can be used for hiding.
Techto is a steganographic program that converts data into English text. The text container files after conversion do not contain any meaning, but are close enough to normal text to pass a primitive check.
Wnstorm is similar to the program for DOS. For Macintosh PC
Stego — allows you to embed data in PICT files without changing the appearance and size of the PICT file.
Paranoid — this program allows you to encrypt data using the IDEA and DES algorithms, and then hide the file in a sound file.
Information sources of the used Internet materials are given in Table 2.
Table 2. Information sources of materials on steganography on the Internet
| Software (including program source codes): | |
| 1. | demcom/english/steganos |
| 2. | cypher.net |
| 3. | rugeley.demon.co. uk |
| 4. | ftp.funet.fi/pub/crypt/steganography |
| 5. | stego |
| 6. | netlink.co.uk |
| 7. | ftp.crl |
| History of steganography development, description of basic principles, conference materials, bibliography: | |
| 1. | cl.cam.ac.uk (University of Cambridge Computer Laboratory) |
| 2. | patriot.net |
| 3. | lanl.gov |
| 4. | iquest.net |
| 5. | cs.hut.fi |
3. Computer steganography tomorrow
Analysis of the trends in the development of the cybersecurity system shows that in the coming years, interest in the development of cybersecurity methods will increase more and more. The prerequisites for this have already been formed today. In particular, it is well known that the relevance of the information security problem is constantly growing and stimulates the search for new methods of information protection (IP). On the other hand, the rapid development of information technologies provides the opportunity to implement these new IP methods. And/of course/a strong catalyst for this process is the avalanche-like development of the public computer network Internet, including such unresolved controversial Internet problems as copyright protection, protection of personal privacy rights, organization of e-commerce, illegal activities of hackers, terrorists, etc.
A very characteristic trend at present in the field of IP is the introduction of cryptological methods. However, on this path there are still many unresolved problems associated with the destructive impact on cryptographic means of such components of information weapons as computer viruses, logical bombs, autonomous replicating programs, etc. Combining computer steganography and cryptography methods would be a good way out of the current situation. In this case, it would be possible to eliminate the weaknesses of known methods of information protection and develop more effective new non-traditional methods of ensuring information security.