STEGANOGRAPHIC CAMOUFLAGE IN THE INTERNET JUNGLE.

STEGANOGRAPHIC CAMOUFLAGE IN THE INTERNET JUNGLE.

UKOV Vyacheslav Sergeevich,
 Candidate of Technical Sciences

STEGANOGRAPHIC CAMOUFLAGE IN THE INTERNET JUNGLE

The article considers the main directions of development of modern steganographic technologies. The article is a continuation of the cycle of popular scientific works on steganographic protection of information [1]

The rapid development of public telecommunication systems and especially the global information highway Internet has recently caused the active development of both cryptographic and steganographic methods of information protection. The greatest effect is achieved by mutual integration of these protection methods, since in this case cryptographic protection provides guaranteed blocking of unauthorized access to information, and stegoprotection ensures the secrecy of the very fact of information transfer. The demand for stegoproducts is determined by many factors based on the «invisibility» of its use. The great interest in steganography can be confirmed by the fact that currently more than 50 steganographic programs are offered on the Internet, in demand by more than a million users.

Considering the great interest in this topic, recently an increasing number of scientific, educational and popular science publications have appeared in print [2, 3].

Based on the analysis of open materials, we will consider in more detail the trends and main directions of development of steganographic technologies. Main directions of development of steganographic protection

The entire set of steganographic methods currently used on the Internet can be divided into two main groups. The methods of the first group involve minor modification of images (Image Domain), while the second use image transformation (Transform Domain). Image Domain methods (sometimes called Bit Wise Methods) typically use bitwise modification, such as changing the least significant bit (LSB). These methods are considered simple, they are easier to decode, but they allow for loss of information during certain transformations of the carrier file, such as compression. The most well-known method of implementation is embedding data into the bit planes of the image. The embedding algorithm is based on the properties of visual perception and is performed in such a way that the embedded bits remain invisible when visually examining the digital image. Usually, to meet this condition, the data is embedded into the bit plane with the least significance (LSB). 20.

The volume Q of embedded data can be calculated using the formula: Q = PxWxH/B symbols, where P is the number of bit planes used for embedding, W and H are the width and height of the image in pixels, and B is the number of bits per symbol.

The main advantage of the method is the simplicity of implementation. The main disadvantage of this method is due to the limited number of bit planes and, as a consequence, the determinism of the embedding. The latter circumstance can be compensated by mixing the values ​​of the bit planes depending on the brightness values ​​of the container image or depending on another criterion related to the properties of the container image.

Of the three most popular image compression algorithms — Windows Bitmap (BMP), Graphic Interchange Format (GIF) and Joint Photographic Experts Group (JPEG) — BMP and GIF are used more often, as they are characterized by lower losses. Photo 1 shows an example of implementing a hidden transmission of a 1 KB text message in a GIF stegocontainer. The most common tools implementing the Image Domain group methods are Hide and Seek, Mandelsteg, Steganos, StegoDos, S-TOOLS, White Noise Storm, etc. The Transform Domain group methods use trigonometric transformations (DCT — discrete cosine transformation) or overlays like ripples, invisible to the eye (wavelet transformation). These methods are more stable, the embedded information is not lost during any transformations, so they are most often used to create digital watermarks. Usually, JPEG files are used for this.

The most popular tools include Jpeg-Jsteg, JPHide, Outguess, PictureMarc and SysCop. The steganographic method, based on the use of the internal structure of graphic formats, deserves special mention. The structure of a graphic format is a certain hierarchy of functional and information segments (fields) of a digital image. Secret data is embedded in these fields. The volume of embedded data is not related to the size of the container image. The main advantage of this method is that almost any structured data can be used as a container, including audio files (for example, MP3), PDF, ZIP, etc. It is possible to use formats that allow compression. The advantage of this method is its high utilization rate, reaching 1000 percent or more. Its main disadvantage is that the embedded data and video data of the container image exist independently of each other, which can affect the level of security.

Today, more and more people are interested in steganography. If just a few years ago utilities implementing the technology in question were quite rare and were written mainly by amateurs, today you can easily find such programs that were created by serious companies. Moreover, steganographic functions are often implemented in large software packages designed to protect e-mail. A striking example of the use of computer steganography is the once-famous computer virus Win95.CIH. This virus is embedded in the EXE file, which can contain not only code, but also numerous additional data. These are icons, various service data and additional information, for example, about exported and imported functions. Each type of data contained in the file is a separate object.

To store all objects, a PE (Portable Executable) file is divided into a number of fixed-size sections. Each object begins with a new section. If an object does not occupy the entire volume of a section, that part of the section is not used. Therefore, a PE file always has enough free space to record steganographic information. Due to the specific nature of the issue, it is difficult to find a large amount of information on the practical application of steganography in the open press. On the other hand, a fairly well-known program is S-Tools (a program for the Windows platform, which has freeware status, is available in the Softodrom catalog). This program allows you to hide any files both in GIF and BMP images and in WAV audio files.

At the same time, S-Tools is steganography and cryptography «in one bottle», because the file to be hidden is also encrypted using one of the cryptographic algorithms with a symmetric key: DES, triple DES or IDEA. Another steganographic program is Steganos for Windows. Like the previous program, it is very easy to use and is designed to encrypt files and hide them inside BMP, DIB, VOC, WAV, ASCII and HTML files. It has almost the same capabilities as S-Tools, but uses a different cryptographic algorithm (HWY1) and, in addition, is able to hide data not only in BMP and WAV files, but also in regular text and HTML files, and in a very original way — a certain number of spaces are added at the end of each line. In addition, the Contraband program, which allows hiding any files in 24-bit graphic files of the BMP format, has received limited distribution. It should be noted that all the mentioned programs are very easy to use and accessible to a user without special training. Against the background of a large number of freely distributed steganographic products, for example, a German company is currently successfully operating, doing the same thing on a commercial basis. The Steganos Security Suite package has already sold more than 100 thousand copies. The Steganos company offers its commercial product as a tool for individual data protection.

One of the most successful is the Steganos Security Suite 4 package. This program is a powerful set of utilities for ensuring the confidentiality of information. It includes tools for protecting disks and access to the computer as a whole, encrypting email messages, ensuring the security of Internet surfing, a professional shredder for guaranteed unrecoverable file deletion and, of course, a high-quality steganographic system. The Steganos File Manager utility is designed to implement stegoprotection. With its help, it is possible to select a container file from those already existing on the user's disk or independently create a file of the appropriate format using a scanner or microphone. The program can not only reliably hide a message in the selected container, but also create a self-extracting archive. The Steganos Security Suite 4 software package uses cryptographic algorithms with a key length of 128 bits AES (Advanced Encryption Standard) and Blowfish for encryption. The main features of the Steganos Security Suite 4 software package are listed in Table. 1 and do not require additional explanations.

a) Empty stegocontainer	b) Stegocontainer
Rice. 1.

The Steganos Security Suite complex works with any version of Windows, from 98 to XP. Installing Steganos Security Suite is not difficult. In principle, this process is no different from installing any other program. After installing Steganos Security Suite, another icon in the form of a lock appears in the system tray of your desktop. When you click on it, Steganos Security Suite Center is called — a special shell for quick access to the utilities included in the suite. You can also launch each program separately from the system tray. The cost of the program set is about 60 dollars. Recently, another steganographic method of protecting documents has appeared. Let us remind you that steganography is one of the types of information encryption by secretly placing one message inside another, larger one. The new method of steganography, developed by Professor Rosen together with Professor Bahram Javidi of the University of Connecticut, was called “concealo-gram” or “concealogram” (from conceal – “to hide” and “hologram”), since the secret part of the document is embedded in a regular image using methods related to holography.

The new technology combines a halftone image and a two-dimensional barcode containing a secret part of the information. The barcode is embedded in the original image by a small and imperceptible to the eye shift of the positions of the dots forming the halftone image. Extraction of the barcode carrying the hidden information is carried out using a special device. The proposed technology has a number of advantages over known methods. Increased reliability, according to Rosen, is ensured by the fact that even a damaged or partially lost image is enough to restore the hidden information. This is achieved thanks to the «holographic» recording principle, in which any fragment of the hologram carries information about the entire image, but with a loss of quality. Another advantage of the new development is that both purely optical and computational methods of image processing can be used to extract the hidden message. It is assumed that the barcodes will find application in passports and identity cards to record additional information, for example, about the biometric parameters of the document owner (it is impossible to forge such a barcode without knowing the secret password).

Table 1. Main features of the Steganos Security Suite 4 software package

When using digital holography technology, not the secret data itself, but their hologram is embedded in the image container. This method creates a conditional relationship between the container video data and the embedded secret data and has the best protection against hacking. The use of the holographic approach allows embedding hidden data in ordinary photographs on a paper or plastic base. To detect and restore secret data, it is necessary to know the parameters of hologram creation. The main disadvantage of this method is related to the limited volume of embedded data. It is most advisable to use the holographic approach to hide small images, the restoration of which allows for some loss (like JPEG) of quality: signature samples, fingerprint samples, etc. Photo 2a shows a container with an embedded fingerprint sample, and photo 2b shows the result of restoration. The restored samples have a mirror image, which is due to the appearance of a real and virtual image when restoring the hologram.

a) Stegocontainer	b) Secret
Foto 2.

Steganography as a science is currently on the rise, associated with the rapid development of the Internet. The purpose of steganography is to conceal the fact of information transfer. It cannot replace cryptography, but together with it it allows for the most secure transmission of messages. Modern steganographic systems also include cryptographic tools, representing a powerful tool for concealing and protecting information. In the case of using an encryption system with an open key, even if the message is intercepted by the enemy, the decryption time with modern technical means will many times exceed the period of relevance of the transmitted information. In addition, this approach allows the free use of an unprotected communication channel for transmitting an open key. The main feature of computer cryptography is the concealment of a message file inside a container file. The container is usually a widely used graphic file format such as BMP, GIF, JPEG or sound WAV, although others are possible — it all depends on the specific implementation. In particular, it has been proposed to use stereographic images as a container [7 — 9]. A stereogram is a graphic image that, when viewed in a special way, reveals various stereo effects. Conventionally, these effects can be divided into three types:

1) the image shows a three-dimensional surface obtained by transforming the background;

2) the image is a three-dimensional object that is some distance from the background;

3) combining the two previous views into one; a three-dimensional image contains both three-dimensional background surfaces and three-dimensional objects that are some distance away from the background.

Now consider an image that will be sequentially viewed from left to right (Fig. 1). The viewing interval should be equal to the distance between two projections for both eyes at the farthest point of the virtual object. The content of the repeating lines can be either random or contain some information. If the scanning time of such an image using both eyes is brought to the calculated one, then it is possible to notice some surface behind the image surface (the simplest stereogram). To include information about some volumetric (3D) object in the image, it is necessary to add a small offset for each point during the review of the image lines.

Let the period of the line repetition be designated as D, then the horizontal coordinate X[n] for any point can be calculated as X[n] = X[n — 1] + D — Zfactor

where X[n-1] is the abscissa of the previous repetition cycle,

Zfactor = f (Z) — some function describing the surface of the 3D object to be placed in the source image (container). More information and software implementation can be found in [7 — 9].

If, before creating a stereogram, the data for transmission is additionally encrypted, as is done in steganography, and then the received data is embedded in the stereogram container, then such a stereogram can be read only with the help of two installed video cameras. In this case, the following advantages of a stereogram can be obtained:

• it cannot be detected by known spectrum analyzers;
• the stereogram is resistant to image format transformations (JPEG to GIF, GIF to BMP), its palette and to geometric transformations, even non-proportional ones;
• remote reading of information is possible using a certain visual method, for example, from a monitor screen, TV, hard copy from a printer or magazine, a billboard on the street, etc.;
• it is impossible to accidentally read information (peeping), for example, from a monitor screen, if the observer is at a different distance or at an oblique angle to the screen;
• it is impossible to intentionally read information (spying), for example, from a monitor screen with one video camera or sensor.

At the CodeCon hacker conference in San Francisco, one of the participants, Rakan El-Khalil, presented his development in the field of steganography, designed to record secret messages in executable files. Until now, steganographic programs were able to hide messages, as a rule, only in files with images and music. Trying to hide a message in an executable file is a more difficult task, because changing even one bit in a program file can make it unusable.

The author discovered the principle of his development, which turned out to be unexpectedly simple. The encryption module replaces the addition operation in the program code with the identical subtraction operation and vice versa. For example, the operation of adding a certain number to the number 10 can be replaced with the operation of subtracting the number -10. Such substitutions do not affect the size of the program and its logic. Taking the addition operation as 0, and the subtraction operation as 1, it is possible to write and read binary messages in the program body.

As the author himself admits, this approach is by no means the most effective. For example, by counting the subtractions of negative numbers, it is quite easy to determine whether an executable file contains a secret message or not. In addition, this algorithm is ineffective in terms of economy: for example, by hiding a message in an image file, one byte can be written using an average of 17 bytes of a JPEG file, while the method proposed by El-Khalil requires approximately 150 bytes to write one byte. Despite these shortcomings, even such a trivial method shows that messages can be hidden anywhere. According to experts [5], there are currently steganographic algorithms with presumably high secrecy of disguise. If, before masking, we apply procedures for preparing information for concealment, such as the well-known cryptographic «mixing», «entanglement», «gamming», and during masking we use a good random address generator for placing the information to be concealed, then we can assume that the security of information from a complexity-theoretical standpoint will increase by tens of orders of magnitude and will be inaccessible to quantum g-bit computers, which in the future will find application for hacking security systems. At present, there is the following estimate of the secrecy of stegomasking: 1 bit of information can be reliably hidden in 1000 samples. This is due to the specifics of cosine or wavelet transforms of the frame-domain of the discrete transform used in lossy information compression, and «broadband technologies» for placing hidden information, taking into account the limitations resulting from psychoacoustic and psychovisual models of perception [4]. This assessment is not a critical parameter, since the cost of storing, processing and transmitting a unit of information in multimedia technologies is constantly decreasing and asymptotically tends to zero.

Main directions of steganalysis development

Considering the fact that steganography as a science largely follows in the footsteps of cryptography, it is quite natural to want to compare steganalysis with cryptanalysis. The goal of cryptanalysis is to solve a much simpler problem: not to detect hidden information, but simply to decode known messages. A cryptanalyst works in conditions of relatively greater certainty than a steganalyst. He has text messages, theoretical ideas about encoding methods, partially decoded texts, etc. Stegoanalysis resembles cryptanalysis only if there is a reference image and another image that is known in advance to contain an attachment. However, the situation is often complicated by the fact that it is a priori unknown whether there are bookmarks or not, in addition, the volumes of potential carriers can be very significant. With a well-chosen container image and steganographic tools, a picture is formed that the human eye cannot “suspect” of anything (photo 1). However, with the necessary technical tools, it is always possible to detect the remaining «fingerprints» that indicate the presence of a hidden message. This step («detection of presence») is the first stage in a counterattack on steganography. Active work is currently underway in this direction. For example, as follows from open sources, intensive research conducted in such major centers as George Mason University, the University of Michigan, Syracuse University, the Isaac Newton Institute of Cambridge, the Dresden Institute of Technology, and other companies and firms has made it possible to create an extensive library of steganographic features based on the processing of a large number of files, such as BMP, PGM, RAS, TIFF, GIF, PNG, JPEG, WAV, etc. Since 1996, five international seminars have been held: «International Information Hiding Workshop», the STEG-2002 seminar, etc. After the hidden image has been detected, there are several options for continuation. In addition to the understandable desire to decipher and obtain hidden information for yourself, you also need to secure the carrier or, in other words, save the image on some site and destroy the hidden message in it. This is a completely separate, new area of ​​application of professional efforts.

It should be noted that stegotechnologies have a dual purpose. Steganographic methods can be used both to protect confidential information and for destructive purposes. Therefore, for the sake of completeness, freely distributed commercial programs for analyzing steganographic files are of interest. Among them, we can note the Stego Suite software package — modern software for research, detection, analysis and decryption of digital steganography. The package is the result of long-term intensive developments by WetStone and is now available for commercial use. The Stego Suite package contains:

• Stego Watch — automated steganographic scanning software;
• 9 steganographic detection algorithms covering all common types of digital image and audio files;
• Stego Analyst — a visual analysis package for comprehensive analysis of digital images and audio files;
• Stego Break — an automatic steganographic protection breaking tool.

Thus, even a brief analysis of the trends in the development of steganography allows us to conclude that interest in steganographic methods is growing and will grow at an increasingly rapid pace. On the one hand, the relevance of the problem of information security is constantly growing and stimulating the search for new methods of information protection, including the development of network communications has made the problem of transmitting confidential information even more urgent. On the other hand, analysis methods are also actively developing. The picture of the development of steganography exactly repeats the picture of the development of cryptography: protection and analysis are developing at approximately the same pace, but from the point of view of state interests, analysis should still be slightly ahead.

Literature

1. «Special Equipment», 1998, № 5; 1999, № 6; 2000, № 6; 2002, № 3; 2004, № 2
2. Gribunin V.G., Okov I.N., Turintsev I.V. Digital steganography. Moscow: SOLON-Press, 2002.
3. Vorobyov V.I., Gribunin V.G. Theory and practice of wavelet transform. St. Petersburg:, 1999.
4. Moscow University and the development of cryptography in Russia. Conference materials. Moscow: Lomonosov Moscow State University, 2002.
5. Golubev E.A. On the secrecy and durability of steganographic disguise in multimedia technologies. Abstracts of reports at the XXX international conference IT+SE2003. Moscow: CNIT MSU.
6. Moscow University and the development of cryptography in Russia. Conference materials. Moscow: Lomonosov Moscow State University, 2002.
7. A. Belyaev. Steganography: hiding information http://mimicrianarod.ru/HTML/Stego/Html/sources.html
8. How SIRDS (Stereo images) work http://sirds.lipetsk.ru/sirdstechnology.php
9. Theoretical Aspects of Single Image Stereography http//ixtlan.ru/theory.php#