Once again about “steganography” – the most modern of the ancient sciences..
UKOV Vyacheslav Sergeevich, Candidate of Technical Sciences
Shuvalov Aleksey Viktorovich
ONCE AGAIN ABOUT “STEGANOGRAPHY THE MOST MODERN OF THE ANCIENT SCIENCES
Some modern possibilities of using computer steganography to solve information security problems are considered. The article is a continuation of the cycle of works on steganographic information protection [1].
It is known that scientific and technical progress develops, as a rule, in a spiral and everything new is a well-forgotten old…”. Modern life has added a modern addition to this proverb: “… plus new technology”. One of the most ancient sciences, steganography, has become a brilliant confirmation of this. Indeed, as can be seen from Fig. 1, computer technology has breathed new life into the ancient science of “steganography” and today it has not only changed its name to “computer steganography”, but together with cryptography has become the basis for ensuring the security of information transfer.
Fig. 1. Historical aspect and development trends of steganography
The main tasks solved by open steganography, implementation technologies and areas of its application are given in Table 1.
Table 1. The main tasks solved by open steganography
As can be seen from Table 1, the main technologies that provide the solution to the tasks set are the technologies of hidden communication and digital watermark. Let us consider them in more detail. Table 2 presents modern software tools for steganographic data concealment.
Table 2. Software tools for steganographic data concealment
Conducting a detailed analysis of steganographic programs, it is also impossible not to note that at present, in addition to those presented above, the following programs can still be used:
- DiSi-Steganоgraph (DOS application, hides data in PCX graphic files);
- StegoDOS (DOS, graphic formats);
- Gif-It-Up (Win95, hides data in Gif files);
- EZStego (Java application, LSB method for GIF and PICT formats);
- Contraband (Win95, BMP format);
- FFEncode (DOS, ASCII format);
- Isteg (DOS, JPEG);
- Steganography Tools 4 (encrypts information using DEA, MPJ2, DES, TripleDES, NSEA algorithms and then hides it in graphic and sound files, as well as in disk sectors);
- Winstorm (DOS, OS/2, PCX), etc.
As an example of using steganographic programs, let's take a closer look at the JPEG Hide-and-Seek program [3]. This software product is designed to hide data in JPEG graphic files, which is currently one of the most popular formats for storing graphic information (in particular, digital photographs).
The JPHS program consists of three parts:
- jhide.exe is a console DOS application designed to hide data in images;
- jseek.exe is a console DOS application designed to extract hidden data;
- jphswin.exe is a Windows application that combines the functions of jhide.exe and jseek.exe.
In this section, we will consider only the third of them. The appearance of the main program window is shown in Fig. 2.
Fig. 2 Main window of the JPHSWin program
The program menu contains the following items:
- Exit – exit the program;
- Open jpeg – load a stegocontainer (JPEG image);
- Hide – hide a message in a container;
- Seek – extract a message from a container;
- Save jpeg – write the container to disk;
- Save jpeg as – write the container to disk under a different name;
- Pass phrase – setting the code phrase used when encoding the message;
- Options – program settings;
- Help – brief help on using the program;
- About – information about the program developer.
In addition to the program itself, we will need a suitable stegocontainer. As is known, the container should be several times larger in size than the message being hidden. In addition, when hiding a large amount of information, it is desirable that the container have a complex structure — this will complicate the visual (in our case) detection of distortions introduced by the hidden message.
As a message, we will use a file with information about the JPHS program (readme.txt) of 972 bytes in size. Due to its small size, we will need a not too large and complex image, for example, the one shown in Fig. 4a.
The process of hiding the message itself can be divided into four main operations:
1. To load an image, use the “Open jpeg” item in the program’s main menu. After loading the image, information about the container is displayed in the upper part of the program window (Fig. 3): Filesize (container size), Width (image width), Height (image height), Approximate max capacity (estimated maximum size of the hidden message), and recommended limit (recommended maximum size of the hidden message).
Fig. 3. Image information
2. After loading the image, you must enter the passphrase used to encode the message. To do this, use the “Pass phrase” menu item. However, if you do not do this, then when you try to hide the message, the program itself will prompt you to enter it.
a)
б)
Fig. 4. Empty stegocontainer (a) and stegocontainer with hidden message (b)
3. After entering the code phrase, you must select the message to be hidden, for which there is a menu item “Hide”.
4. After hiding the message, all that remains is to save the filled container (“Save jpeg or “Save jpeg as” if you want to save the original container) and send it to the recipient. The appearance of the filled container is shown in Fig. 4b.
As can be seen from Fig. 4visually, the message container is no different from the original one. However, one should not forget about the existence of statistical methods for analyzing potential stegocontainers. In particular, about the stegdetect program, which in some cases allows for such analysis to be performed automatically. The disadvantages of the program include a fairly low percentage of container usage (the maximum size of the hidden message is approximately 15% of the original container size). To extract the message, it is necessary to perform operations 1 — 3, with the difference that to extract the message from the container, instead of the “Hide” item in the main program menu, the “Seek” item is used.
In recent years, due to the intensive development of multimedia technologies, the issue of protecting copyright and intellectual property presented in digital form has become very acute. This problem has become especially urgent with the development of public computer networks, in particular, the Internet. Taking this into account, the tasks of copy protection and authentication are currently being solved, in addition to organizational and legal measures, using digital watermarking technologies (DWT), the main features of which are given in Table 3(the principles of operation and practical implementation of the digital watermark are considered in more detail in [1]).
Table 3. Main features of digital watermarking technologies
| Digital watermarking technology | Digital watermarking features | Note |
| Robust
(DWT) |
Have high resistance to external influences | Analysis of the literature shows that the greatest number of works are devoted to DWT |
| Fragile
(ХЦВЗ) |
They are destroyed by minor modification of the filled container. They are used for signal authentication. Unlike the EDS, ХЦВЗ still allow some modification of the content | They reflect not only the fact of modification of the container, but also the type and location of this change |
| Semi-fragile
(ПЦВЗ) |
Resistant to some impacts and not resistant to others | For example, PCWZs can allow image compression, but prohibit cutting out or inserting a fragment into it |
It should be noted that the greatest achievements in steganography in the past decade have been achieved in the field of digital watermarking. These achievements are due to society's reaction to the most pressing problem of copyright protection in the context of publicly accessible computer networks.
Table 4 presents the results of the analysis of modern algorithms for embedding digital watermarks into images.
Table 4. Algorithms for embedding digital watermarks into images
Thus, at present, one of the most ancient sciences, steganography, is becoming the basis for creating promising information security systems, the operational and technical characteristics of which are determined by new information technologies. Today, steganography (from the Greek «secret writing») allows not only to successfully solve the main problem — to secretly transmit information, but also to solve a number of other pressing problems, including noise-resistant authentication, protection against unauthorized copying, monitoring information in communication networks, searching for information in multimedia databases, etc.
Literature
1. “Special Equipment”//№№ 5/1998, 6/1999, 6/2000, 3/2002.
2. Gribunin V.G. et al. Digital steganography. Moscow: SOLON-Press, 2002.
3. http://securitylab.ru/tools/22202.html