• Secrets of steganography. Digital steganography: Programs and other implementation methods

    I think everyone has heard of steganography at least once. Steganography (τεγανός - hidden + γράφω - I write, literally “hidden writing”) is interdisciplinary the science and art of transmitting hidden data, inside others, not hidden data. The hidden data is usually called stego message, and the data that contains stego message called container.

    There were many different articles on Habrahabr about specific algorithms information steganography, for example DarkJPEG, “TCP steganography”, and of course, beloved by all students during course design, “LSB algorithm” (for example LSB steganography, Steganography in GIF, Cotfuscation of executable.net code)

    There are countless steganographic methods. At the time of this writing, at least 95 steganography patents have already been published in the United States, and at least 29 patents have been published in Russia. Most of all I liked the patent Kursh K. And Lav R. Varchney "Food steganography"(“Food steganography”, PDF)

    A picture from a “food” patent to attract attention:

    However, after reading a decent number of articles and works devoted to steganography, I wanted to systematize my ideas and knowledge in this area. This article is purely theoretical and I would like to discuss the following questions:

    1. Purposes of Steganography- in fact there are three of them, not one.
    2. Practical application of steganography- I counted 15.
    3. The place of steganography in the 21st century- I believe that from a technical point of view modern world already prepared, but "socially" Steganography is still “lagging.”

    I tried to summarize my research on this issue. (This means there is a lot of text)
    I hope for reasonable criticism and advice from the habro community.

    Purposes of Steganography

    Target is an abstract task regarding which a scientific theory and methodology for achieving this goal are developed. No need to be confused target And application. Target extremely abstract, unlike applications.

    As I said before, there are three goals in steganography.

    Digital fingerprints (Digital Fingerprint)

    This type of steganography implies the presence various steganographic message tags for each copy container. For example, COs may be applicable to protect an exclusive right. If, using some algorithm, the adversary is able to extract the CO from the container, then it is impossible to identify the enemy, but until the adversary learns to forge the CO, he will not be able to distribute the protected container without detection.

    Thus, when extracting a CO, a third party (i.e., an adversary) can pursue two goals:

    1. removing the central heating unit from the container ( "weak target");
    2. replacement of one central heating center with another central heating center ( "strong goal").

    An example of a CO is sales e-books(for example in *.PDF format). When paying for a book and sending it to the recipient, you can *.pdf insert information about e-mail; IP; data entered by the user, etc. Of course, these are not fingerprints or DNA analysis, but, you see, this is better than nothing. Perhaps in Russia, due to a different culture and a different, historically established, attitude towards exclusive rights, this use of steganography is irrelevant; but, for example, in Japan, where downloading torrent files can lead to imprisonment, the use of steganographic centers is more likely.

    Steganographic watermarks (SVZ) (Stego Watermarking)

    Unlike the CO, the SVZ implies the presence identical tags for each copy container. In particular, SVZ can be used to confirm copyright. For example, when recording on a video camera, you can intersperse information about the recording time, video camera model, and/or the name of the video camera operator into each frame.
    If the footage falls into the hands of a competing company, you can try to use the SVZ to confirm the authorship of the recording. If the key is kept secret from the camera owner, then using the SVZ you can confirm the authenticity of photos and/or video images. By the way, our colleague in the shop, Dmitry Vitalievich Sklyarov, successfully broke steganography on some Canon camera models. The problem was really a hardware one, Dmitry Vitalievich did not touch the quilt itself, nevertheless, he steganographically “proved” the authenticity of Stalin with the iPhone.

    Photo of Stalin with an iPhone, taken by D.V. Sklyarov (with correct SVZ)


    Hidden Data Transfer (SDT)

    This is the “classical” goal of steganography, known since the time of Aeneas Tacticus (Αινείας ο Τακτικός, see his work containing simple steganographic techniques:). The task is to transmit data so that the enemy does not realize that the message has appeared.

    In modern Russian-language works devoted to steganography, the term is often used DWW (Digital Watermarks). This term means either SVZ or central heating center. (And sometimes SVZ and DH at the same time, and even in one article!) Nevertheless, when implementing DH and SVZ, the problems and tasks that arise are fundamentally different! Indeed, SVZ on all copies electronic document is the same, but the CO on all copies of documents is different. For this reason, for example, conspiracy attack fundamentally impossible in SVZ! At least for this reason, it is necessary to distinguish between SVZ and CO. I strongly advise anyone who is going to work in the field of steganography not to use the term digital signature in their speech.

    This seemingly obvious idea still causes confusion among many. A similar point of view on the need to distinguish between SVZ and CO was expressed by such well-known “steganographers” in narrow circles as Cachin, Petitcolas, Katzenbeisser.

    For each of these three goals, you should develop your own criteria for the strength of a steganographic system and formal information-theoretical models for achieving them, because The meaning of using steganography is different. The fundamental difference between SVZ and CO is written above. But maybe it makes sense to combine SPD with the central heating center or with SVZ? No! The point is that the meaning of the SOP is the hidden data transfer itself, and the CO and SVZ are intended to protect the container itself. Moreover, the very fact of the existence of a CO or SVZ may not be secret, unlike most tasks for SPD. In particular, for this reason, talking about the possibility of constructing a perfect stegosystem (according to Cachen) for the implementation of central or central control for most practical problems does not make any practical sense.

    4. Protection of the exclusive right (PR)

    A possible application is the Holographic Versatile Disc (HVD). (However, there is a point of view that this technology was initially “stillborn”) The HVBs currently being developed can contain up to 200 GB of data per cartridge. These technologies are supposed to be used by television and radio broadcasting companies to store video and audio information. The presence of a central center inside the correction codes of these disks can be used as the main or additional means to protect licensing rights.

    Another example, as I wrote earlier, is online sales information resources. This could be books, films, music, etc. Each copy must contain a CO for personal identification (at least indirectly) or a special mark to verify whether it is a licensed copy or not.

    The company amazon.com tried to realize this goal in 2007-2011. Quote from artty from the article “Protecting” mp3 files on amazon.com:

    In Russian: the downloaded file will contain a unique purchase identifier, date/time of purchase and other information (...).

    It was not possible to download these compositions directly (Amazon swears and says that it can only sell them in the United States). I had to ask my American friends and after a while I had the same song in my hands, but downloaded independently by two different people from different Amazon accounts. The files looked exactly the same, the size was the same down to the byte.

    But because Amazon wrote that it includes a download identifier in each mp3 and some other data. I decided to check the two existing files bit by bit and immediately found differences.

    5. Copyright protection (CPR)

    IN in this case Each copy of the content is protected with one sign. For example, this could be a photograph. If a photo is published without the photographer’s permission, saying that he is not the author of this work, the photographer can try to prove his authorship using steganography. In this case, each photo should contain information about the serial number of the camera and/or any other data that allows you to “link” the photo to one single camera; and through the camera, the photographer can try to indirectly prove that he is the author of the photo.

    6. Protection of document authenticity (POA)

    The technology may be the same as for copyright protection. Only in this case, steganography is used not to confirm authorship, but to confirm the authenticity of the document. A document that does not contain a CVZ is considered “not real”, i.e. fake. Dmitry Sklyarov, already mentioned above, was solving the opposite problem. He found a vulnerability in a Cannon camera and was able to fake the authenticity of a photo of Stalin with an iPhone.

    7. Individual fingerprint in EDMS (CO)

    IN electronic document management system(EDMS) you can use an individual fingerprint inside *.odt, *.docx and other documents when the user works with them. To do this, special applications and/or drivers must be written that are installed and run on the system. If this task is completed, then using individual fingerprint it will be possible to identify who worked with the document and who did not. Of course, in this case it is stupid to make steganography the only criterion, but as an additional factor in identifying participants working with a document, it can be useful.

    8. Watermark in DLP systems (SVZ)

    Steganography can be used for preventing information leaks(Data Leak Prevention, DLP). Unlike individual fingerprint in EDMS, in this application of steganography, when creating a document containing a confidential nature, a certain mark is inserted. In this case, the label does not change, regardless of the number of copies and/or revisions of the document.

    In order to remove the tag you need a key. The stegokey, of course, is kept secret. The DLP system, before approving or refusing to release a document externally, checks the presence or absence of a watermark. If the sign is present, then the system does not allow sending the document outside the system.

    9. Hidden transmission of control signal (SPT)

    Let's assume that the recipient is some system (for example, a satellite); and the sender is the operator. In this case, steganography can be used to deliver any control signal to the system. If the system can be in different states and we want the enemy not to even realize that the system has moved to another state, we can use steganography. Using only cryptography, without steganography, can give the enemy information that something has changed and provoke him into unwanted actions.

    I think no one will argue that in the military sphere this task is incredibly relevant. This task may also be relevant for criminal organizations. Accordingly, law enforcement agencies should be armed with a certain theory on this issue and promote the development of programs, algorithms and systems to counter this use of steganography.

    10. Steganographic botnet networks (SBN)

    To be pedantic, this application can be considered a special case hidden transmission of a control signal. However, I decided to highlight this application separately. My colleague from TSU sent me a very interesting article by some Shishir Nagaraja, Amir Houmansadr, Pratch Piyawongwisal, Vijit Singh, Pragya Agarwal And Nikita Borisov"and “Stegobot: a covert social network botnet”. I’m not an expert on botnet networks. I can’t say whether this is a crapshoot or an interesting feature. I’ll just hear the opinion of the habra community!

    11. Confirmation of the reliability of the transmitted information (CO).

    The stego message in this case contains data confirming the correctness of the transmitted container data. As an example it could be checksum or hash function (digest). The task of verifying validity is relevant if the adversary has a need to falsify container data; for this reason this application should not be confused with document authenticity protection! For example, if we are talking about a photograph, then the protection of authenticity is proof that this photograph is real, not faked in Photoshop. We seem to be protecting ourselves from the sender himself (in this case, the photographer). If authenticity is confirmed, it is necessary to organize protection from third parties (man in the middle), who have the ability to falsify data between the sender and recipient.

    This problem has many classical solutions, including cryptographic ones. Using steganography is another way to solve this problem.

    12. Funkspiel (“Radio Game”) (SPD)

    From Wikipedia:

    Definition of Funkspiel

    Radio game (tracing copy from German Funkspiel - “radio game” or “radio play”) - in the practice of intelligence of the 20th century, the use of radio communications to misinform enemy intelligence agencies. For a radio game, a radio operator or double agent captured by counterintelligence and converted is often used. The radio game allows you to simulate the activities of a destroyed or never-existed intelligence network (and thus reduce the enemy’s activity in sending new intelligence officers), transmit disinformation to the enemy, obtain information about the intentions of his intelligence agencies, and achieve other intelligence and counterintelligence goals.

    The possibility of failure and subsequent radio play was taken into account when planning reconnaissance operations. We agreed in advance various signs in a radiogram, by the presence or absence of which one could understand that the radio operator is working under the control of the enemy.

    Stego message in this case contains data indicating whether the information is worth accepting container seriously. It can also be some kind of hash function or simply a pre-set sequence of bits. It can also be a hash function of the start time of the transfer (In this case, to eliminate the problem of time desynchronization between the sender and recipient, the time should be taken with an accuracy of minutes or even hours, and not with an accuracy of seconds or milliseconds).

    If the stego message fails validation, the container should be ignored by the recipient, regardless of its contents. In this case, steganography can be used to misinform the enemy. For example, the container could be a cryptographic message. In this case, the sender, wanting to mislead the enemy, encrypts the data with some compromised cryptographic key known to the enemy, and the stego message is used to prevent the recipient from accepting a false container.

    Let's assume that the enemy has the ability to destroy the CO. In this case funkspiel can be used against the interests of the sender. The recipient, without finding the label, will not ignore the received container. Perhaps in some practical decisions it is reasonable funkspiel use with confirmation of authenticity. In this case, any information that does not contain a reliability mark is ignored; and accordingly, for a radio game you should simply not include the tag in the message.

    13. Inalienability of information (INI)

    There are a number of documents for which integrity is important. This can be done by backing up data. But what to do if there is a need to have documents in such a form that it is impossible to separate one information from other information? An example is medical photographs. For reliability, many authors suggest including information about the patient’s name, surname and other data inside the images. See for example the book "Information Hiding Techniques for Steganography and Digital Watermarking" by Stefan Katzenbeisser and Fabien A. P. Petitcolas:

    An excerpt about the use of steganography in medicine. from the book ""Information Hiding Techniques for Steganography and Digital Watermarking""

    The healthcare industry and especially medical imaging systems may benefit from information hiding techniques. They use standards such as DICOM (digital imaging and communications in medicine) which separates image data from the caption, such as the name of the patient, the date, and the physician. Sometimes the link between image and patient is lost, thus, embedding the name of the patient in the image could be a useful safety measure. It is still an open question whether such marking would have any effect on the accuracy of the diagnosis but recent studies by Cosman et al. revealing that lossy compression has little effect, let us believe that this might be feasible. Another emerging technique related to the healthcare industry is hiding messages in DNA sequences. This could be used to protect intellectual property in medicine, molecular biology or genetics.

    Similar arguments can be made about modern astronomy. Here is a quote from Russian astronomer Vladimir Georgievich Surdin ( link to video):

    I envy those who are now entering science. Over the past 20 years, we [astronomers] have generally been marking time. But now the situation has changed. Several telescopes of completely unique properties have been built in the world. They see almost the entire sky and receive enormous amounts of information every night. Suffice it to say that over the previous 200 years, astronomers have discovered several thousand objects. (...) This is 200 years! Today, every night we discover three hundred new objects in the solar system! This is more than a person could write down in a catalog with a pen. [per day]

    Just think, every night there are 300 new objects. It is clear that these are various small space asteroids, and not the discovery of new planets, but still... Indeed, would it be reasonable to embed information about the time of shooting, location of shooting and other data directly into the image? Then, when exchanging images between astronomers, scientists could always understand where, when and under what circumstances a particular image was taken. You can even insert information without a key, believing that there is no enemy. Those. use steganography only for the sake of “non-alienation” of the images themselves from additional information, hoping for the honesty of users; perhaps this would be much more convenient than accompanying each photo with information.

    From the world of computer games we can cite WoW. If you take a screenshot of the game, a SVZ is automatically implemented containing the user name, the time the screenshot was taken (accurate to the minute and IP) and the server address.

    14. Steganographic distraction (?)

    As the name of the task suggests - distract the enemy's attention. This task can be posed if there is any other reason for using steganography. For steganographic distraction It is necessary that the generation of stegocontainers be significantly “cheaper” (in terms of machine and time resources) than detection of steganography by the enemy.

    Roughly speaking, steganographic distraction somewhat reminiscent of DoS and DDoS attacks. You divert the enemy's attention away from the containers that actually contain something valuable.

    15. Steganographic Tracking (STD)

    This application is somewhat similar to step 7 individual fingerprint in EDMS, only the goal is different - to catch the criminal who is “leaking” the information. An example can be given from the real world marked banknotes(“marked money”). They are used law enforcement agencies, so that a criminal who has received money for any illegal activity cannot later claim that he had this money before the transaction.

    Why not adopt the experience of “real colleagues” into our virtual world? Thus steganographic tracking Reminds me of something like a honeypot.

    Forecast about the future of steganography in the first quarter of the 21st century

    Having read fifty different articles on quilting and several books, I will venture to express my opinion on steganography. This opinion is just my opinion and I do not impose it on anyone. Ready for constructive criticism and dialogue.

    Thesis. I believe that the world is technically ready for steganography, but culturally, the modern information society has not yet matured. I think that in the near future (2015-2025) something will happen that may in the future be called " steganographic revolution“… This may be a little arrogant statement, but I will try to substantiate my point of view with four points.

    First. At the moment there is no unified theory of steganography. A top secret stegosystem (according to Cashen) is of course better than nothing, but in my opinion this is a black and white photograph of the tail of a spherical virtual horse in a vacuum... Mittelholzer tried to slightly improve the results of Christian Cashen, but so far this is a very broad theory.

    The lack of a unified theory is an important obstacle. It has been mathematically proven that the Vernam cipher (= “one-time pad”) cannot be cracked, for this reason the connection between V.V. Putin and Barack Obama are carried out precisely with the help of this algorithm. There is a certain theory that creates and studies abstract (mathematical) cryptographic objects (Bent functions, LFSR, Facestyle cycles, SP sets, etc.). There is a zoo of terms and models in steganography, but most of them are unfounded, incompletely studied, or far-fetched.

    Nevertheless, there are already certain shifts in this direction. Modest attempts are already being made to use steganography, if not as the main or even the only solution, then as an auxiliary tool. A huge shift in theory has occurred over the past fifteen years (2000-2015), but I think this could be a separate post, it’s hard to say in a nutshell.

    Second. Steganography - science interdisciplinary! This is the first thing any aspiring steganographer should understand. If cryptography can abstract away from hardware and solve problems exclusively in the world of discrete mathematics, then a steganographer must study the environment. Although, of course, there are a number of problems in the construction of cryptosystems, for example, side-channel attacks; but this is not the fault of the quality of the cipher. I think that steganography will evolve in line with the development of the study of the environment in which hidden messages are transmitted. Thus, it is reasonable to expect the emergence of “chemical steganography”, “steganography in images”, “steganography in error-correcting codes”, “food steganography”, etc.

    Starting around 2008, everyone realized this. Not only mathematicians-cryptographers, but also linguists, philologists, and chemists became interested in steganography. I think this is a positive change that speaks volumes.

    Third. The modern virtual world is oversaturated with texts, pictures of cats, videos, and so on and so forth... On one YouTube site every minute Over 100 hours of video uploaded! Just think every minute! How many minutes have you been reading this lengthy opus?.. Now multiply this number by 100! That's how many hours of different videos appeared on YouTube alone during this time!!! Can you imagine it? But this is a huge “ground” for hiding data! That is, “technically” the world has been ready for steganography a long time ago. And to be honest, I am deeply confident that steganography and counteraction to steganography will become the same in the near future actual problem like the BigData Colossus problem...

    This information ceased to be secret, if my memory serves me correctly, only in the 2000s. Another historical example is the RSA algorithm, which was invented at the end of WWII by British cryptographers. But, for obvious reasons, the military classified the world's first algorithm asymmetric encryption and the palm went to Diffie, Helman, and then Rivest, Shamir and Adleman.

    Why am I saying this? The point is that in information security everything is invented minimum twice: once “closed”, and the second time “open”; and in some cases even more than twice. This is fine. I think steganography is also waiting (it’s no longer possible).

    In modern Western literature, for some reason, many scientists who in 1998-2008 offered very interesting ideas. (eg Peter Weiner, Michelle Elia). A roughly similar situation existed before the invention of atomic weapons... Who knows, perfect stegosystems may have already been invented and they are being successfully used by the GRU and/or the NSA? And we, finishing reading this post and looking at wrist watch we calculate how many more hours of purring cats have been uploaded by millions of users on YouTube and whether among them there are cats with correspondence from terrorists; commands for a botnet network or RT-2PM2 drawings encrypted with the Vernam cipher.

    Introduction

    The problem of protecting information from unauthorized access has been solved at all times throughout human history. Already in the ancient world, two main directions for solving this problem emerged, which exist to this day: cryptography and steganography. The purpose of cryptography is to hide the contents of messages by encrypting them. In contrast, steganography hides the very existence of a secret message.

    The word "steganography" has Greek roots and literally means "secret writing." Historically, this direction appeared first, but was then supplanted by cryptography. Secret writing is carried out by the most in various ways. The common feature of these methods is that the hidden message or classified information (additional information) is built into some harmless object that does not attract attention, called hereinafter container or main message. We will call the result of such an embedding quilted message, and the embedding process itself is quilt conversion container. The steg message is then transparently transported to the recipient.

    With cryptography, the presence of an encrypted message in itself attracts the attention of opponents, but with steganography, the presence of a hidden connection remains invisible.

    People have used a variety of steganographic techniques to protect their secrets. Famous examples include the use of wax-coated tablets, boiled eggs, matchboxes, and even a slave's head (the message was read after the messenger's hair was shaved off). In the last century, so-called sympathetic ink, invisible under normal conditions, was widely used. The hidden message was placed in certain letters of innocent phrases and conveyed by introducing minor stylistic, spelling or punctuation errors into the text. With the invention of photography came the technology of microphotographs, which was successfully used by Germany during the world wars. Marking cards with sharpies is also an example of steganography.

    During World War II, the US government attached great importance to the fight against secret methods of transmitting information. Certain restrictions on postal shipments were introduced. Thus, letters and telegrams containing crossword puzzles, moves of chess games, orders for the presentation of flowers indicating the time and their type were not accepted; The hands of the sent clocks were moved. A large detachment of censors was brought in, who even paraphrased telegrams without changing their meaning.

    Hiding information using the listed methods is only possible due to the fact that the enemy does not know the method of hiding. Meanwhile, back in 1883, Kerghoff wrote that the information security system must ensure its functions even if the enemy is fully informed about its structure and functioning algorithms. The entire secrecy of the system for protecting transmitted information must be contained in the key, that is, in a previously (as a rule) fragment of information divided between recipients. Despite the fact that this principle has been known for more than 100 years, there are still developments that neglect it. Of course, they cannot be used for serious purposes.

    Steganography is a science that studies ways and means of hiding confidential information, the main task of which is to hide the very fact of the existence of secret data during its transmission, storage or processing. Hiding the existence of information means not only the impossibility of detecting the presence of another (hidden) message in an intercepted message, but also generally making it impossible for any suspicions to arise in this regard.

    The development of computer technology in the last decade has given a new impetus to the development computer steganography. Many new areas of application have emerged. Messages are now embedded in digital data, usually of an analog nature. These are speech, audio recordings, images, videos. There are also proposals for embedding information into text files and into executable program files.

    There are two main directions in computer steganography: related to digital signal processing and not related. In the latter case, messages can be embedded in file headers or data packet headers. This direction has limited application due to the relative ease of opening and/or destruction hidden information. Most of the current research in the field of steganography is somehow related to digital signal processing. This allows us to talk about digital steganography, which is discussed below.

    There are two reasons for the popularity of research in the field of steganography at the present time: restrictions on the use of cryptocurrencies in a number of countries around the world and the emergence of the problem of protecting property rights to information presented in digital form. The first reason entailed a large amount of research in the spirit of classical steganography (that is, hiding the fact of transmitting information), the second - even more numerous works in the field of so-called watermarks. A digital watermark (DWM) is a special mark that is imperceptibly embedded in an image or other signal in order to control its use in one way or another.

    Digital steganography. Subject, terminology, areas of application

    Digital steganography as a science was born literally in recent years. As a relatively young science, it does not yet have a generally accepted classification or even terminology. However, we can propose the following classification of areas that steganography includes:

    1) embedding information for the purpose of its hidden transmission;

    2) embedding digital watermarks (watermarking);

    3) embedding identification numbers (fingerprinting) - fingerprints;

    4) embedding headings (captioning).

    CEH can be used mainly for protection against copying and unauthorized use. In connection with the rapid development of multimedia technologies, the issue of protecting copyrights and intellectual property presented in digital form has become acute. Examples may include photographs, audio and video recordings, etc. The benefits of presenting and transmitting messages digitally can be offset by the ease with which they can be stolen or modified. Therefore, various information protection measures of an organizational and technical nature are being developed. One of the most effective technical means protection of multimedia information and consists of embedding invisible marks - digital marks - into the protected object. Developments in this area are carried out by the largest companies around the world. Since CVD methods began to be developed quite recently (the first article on this topic was, apparently, a work in 1989), there are many unclear problems that require resolution. These methods got their name from the well-known method of protecting securities, including money, from counterfeiting. Unlike ordinary watermarks, digital watermarks can be not only visible, but also (usually) invisible. Invisible digital watermarks are analyzed by a special decoder, which makes a decision about their correctness. CEZs may contain some authentic code, information about the owner, or some control information. The most suitable objects for protection using digital video protection are still images, audio and video data files.

    Technology embedding identification numbers manufacturers has much in common with CVZ technology. The difference is that in the first case, each protected copy has its own unique embedded number (hence the name - literally “fingerprints”). This identification number allows the manufacturer to track the further fate of his brainchild: whether any of the buyers have engaged in illegal replication. If so, fingerprints will quickly point to the culprit.

    Embedding Headers(invisible) can be used, for example, to sign medical photographs, apply a legend to a map, etc. The goal is to store heterogeneously presented information into a single whole. This is perhaps the only application of steganography where a potential attacker is not explicitly present.

    There are two main requirements for steganographic transformation:

    1) invisibility - reliability of perception

    2) resistance to various types of distortion.

    Lecture

    Associate Professor, Department of ICT, Grodno State University

    Ph.D. tech. Livak Elena Nikolaevna

    Steganographic information protection

    In lecture
    • Purpose of steganographic protection
      • a method of embedding hidden information into the least significant bits of digitally represented data
      • broadband signals and elements of noise theory
      • methods used for cryptography in text files
      • methods for embedding hidden information and for files in HTML format, methods used for embedding hidden information in executable files
    • Technologies for protecting copyrights for multimedia products

    Purpose of steganographic protection

    Unlike cryptographic protection information intended to hide the content of information, steganographic protection is intended to conceal the fact of the presence (transfer) of information.

    Methods and means by which the fact of the presence of information can be hidden is studied steganography(from Greek - secret writing).

    Methods and techniques for introducing hidden information into electronic objects relate to computer steganography.

    Basic steganographic concepts

    The main steganographic concepts are message And container .

    Message m ∈ M , called secret information, the presence of which must be hidden, where M- set of all messages, usually M = Z2n For n ∈ Z.

    Container b ∈ B called unclassified information that is used to hide messages, where B- the set of all containers, usually B=Z 2 q, while q>>n.

    Empty container (original container ) - this is a container b, which does not contain a message, filled container (result container ) b m- this is a container b containing a message m.

    Steganographic transformation commonly called dependencies

    F: M×B×K → B,   F -1: B×K → M,

    which match the triple (message, empty container, key) with the result container, and the pair (filled container, key) with the original message, i.e.

    F(m,b,k) = b m,k , F -1 (b m,k) = m, where m ∈ M, b, b m ∈ B, k∈K

    Steganographic system called ( F, F-1, M, B, K) a set of messages, containers and transformations connecting them [Motuz].

    Computer steganography methods

    Note that, despite the fact that secret writing methods have been known since ancient times, computer steganography is relatively new area science. Currently, computer steganography is in its development stage.

    The theoretical basis and methods of steganography are just being formed, there is no generally accepted classification of methods, there are no criteria for assessing the reliability of methods and mechanisms of steganographic systems, the first attempts are being made to conduct comparative characteristics of methods, for example, in [Barsukov, 54].

    But today experts admit that “... on the basis of computer steganography, which is one of the information security technologies of the 21st century, it is possible to develop new, more effective non-traditional methods of ensuring information security” [Barsukov, 54, p. 71].

    Analysis of computer steganography methods used in practice allows us to highlight the following: main classes .

    1. Methods based on the availability of free areas in the presentation/storage of data.

    2. Methods based on redundancy of data presentation/storage.

    3.Methods based on the use of specially developed data presentation/storage formats.

    We emphasize that methods for introducing hidden information into objects depend, first of all, on the purpose and type of object, as well as on the format in which the data is presented. That is, for any format for representing computer data, own steganographic methods can be proposed.

    Let us dwell on steganographic methods that are often used in practice.

    Widely known a method of embedding hidden information into the least significant bits of digitally represented data . The method is based on the fact that modification of the lowest, least significant bits of data presented in digital form, from the point of view of the human senses, does not lead to a change in functionality or even the quality of the image or sound. Note that the information hidden in the last bits of digital content is not noise-resistant, that is, it is lost when distorted or compressed with data loss.

    In practice they are also used broadband signals and elements of noise theory . Information is hidden by phase modulation of the information signal (carrier) with a pseudo-random sequence of numbers. Another algorithm is also used: the available frequency range is divided into several channels, and transmission is carried out between these channels.

    Sufficiently developed methods used for cryptography in text files.

    · Hidden fonts. This method is based on introducing subtle distortions that carry meaning into the outlines of letters.

    · Color effects. For example, for symbols of a hidden message, use white on a white background.

    · "Zero Cipher" This method is based on selecting specific character positions (sometimes known word/sentence/paragraph offsets are used).

    · Summary of the acrostic poem. The method is that, according to a certain law, a meaningful text is generated that hides a certain message.

    · Invisible codes. The characters of the hidden message are encoded by a certain number of additional spaces between words or the number of empty lines.

    Developed methods for introducing hidden information for files in the format HTML:

    · a certain number of spaces are added to the end of each line, encoding the hidden information;

    · the hidden message is posted in special file, from which the header is removed, and such a header is stored by the recipient (the hidden message is usually additionally encrypted);

    · add additional pages on which the hidden information is placed;

    · write hidden information into meta tags (these commands are intended to convey information about html -document to search servers and are not visible when the page is displayed on the screen);

    · write hidden information into tags with identifiers unknown to browser programs;

    · color effects are applied.

    Let us pay special attention to methods used to inject hidden information into executable files .

    Most of the methods used are based on the presence of free areas in executable files: completely or partially free sectors (blocks) of the file; file header structures in formats EXE, NE - executable and PE - executable contain reserved fields; there are voids between segments of executable code and others. Note that these are precisely the methods of computer steganography that are traditionally used by computer virus authors to embed virus bodies into executable files. Please note that to remove information hidden in this way, the offender simply needs to “zero” all available free areas.

    Among the methods and technologies that use steganographic information protection, the most developed are technologies for protecting copyrights for multimedia products.

    Technologies and copyright protection systems offered on the software market use digital steganography methods . Copyright protection systems provide identifying information to objects that represent digital content: graphic files, audio and video files.

    The most famous technology in the field of protecting the rights of the author to graphic information is the technology Digital Water Marc (digital watermark) of the company Digimarc Corporation (www.digimarc.com ). Special software product PictureMarc (a key part of the technology) allows you to embed a digital identifier (tag) of the creator into the image. To obtain your own ID, the user must register with the company’s service center Digimarc (MarcCentre ). When embedded in an image, a digital mark is encoded by the brightness of the pixels, which determines the durability of the mark under various transformations graphic file(editing, reducing/enlarging the image, converting to another format, compression). Moreover, a digital mark embedded in this way is not lost even after printing and subsequent scanning. However, a digital mark cannot be changed or removed from the marked image. The digital tag is read using the program ReadMarc . Special software product MarcSpider browses images available through Internet , and reports illegal use.

    The software market currently offers many systems and technologies that operate on a principle similar to digital watermarking. All of them convert the media producer identification code into an invisible digital tag and embed it in the security object. Typically such systems are called digital watermarking systems. Technologies available on the market PixelTag (produced by MIT Media Lab); EIKONAMARK (manufactured by Alpha Tec Ltd.); TigerMark (NEC Company) ) and many others.

    Some technologies use the term "fingerprint" instead of the term "watermark". Technology presented on the market FBI (Fingerprinting Binary Images) produced by Signum Technologies (www. generation. net/~ pitas/sign. html ). Service programs that use this technology,also enable the embedding, detection and reading of a,fingerprint from digital data.

    The capabilities of a comprehensive electronic copyright management system also deserve attention. Cryptolope (IBM company) ), based on technology Java.

    A special multimedia protection protocol is also used in practice. MMP (Multimedia Protection Protocol) ), designed to protect against piracy when selling digitized data through Internet or other channels.

    However, it should be noted that there are also programs that remove digital marks from files containing images. The two most famous of them are: UnZign and StirMark , which were announced as a means of testing the durability of marks embedded in digital watermarking systems. The use of these programs shows that today “watermarks of all manufacturers are destroyed without noticeable deterioration in image quality” [Nikolenko, 56].

    Currently, steganographic products are becoming widespread, making it possible to mask entire files in other files - container files. Container files are usually graphic or sound files; sometimes text files (in the format TXT and HTML ). This class of programs includes well-known programs S-Tools, Steganos, Contraband, Hide 4 PGP and others.

    Steganographic (undocumented) insertions are widely known Easter Eggs (www.eeggs.com ) in computer programs. Software developers implement independent modules into their programs that are called by a specific (often quite complex) key combination or sequence of actions. Such programs, called secrets, after activation, demonstrate various kinds of jokes and entertaining animation. Often a secret program displays a list of developers of a software product, and sometimes even their photographs. Therefore, in some publications the technology Easter Eggs classified as technologies sch copyright issues for computer programs.

    [ Steganography and Digital Watermarking Tool Table//www. jjtc. com/Steganography/toolmatrix. htm] tools based on steganographic methods and digital watermark technologies, only one tool has been announced - S-Mail produced by Security Software Development (SSD) Ltd ., which embeds hidden information into EXE and DLL files.

    Resume

    An analysis of trends in the development of technologies used to ensure information security in general and, in particular, to protect copyright in the field of software, shows that the use of computer steganography, along with methods traditionally used to protect software products, increases the power of protection mechanisms.

    Analysis of steganographic methods of information protection, technologies and steganographic means of protecting intellectual property presented on the software market, as well as problems associated with the use of these methods, allows us to draw the following conclusions.

    1. Currently, the market for intellectual property protection software is just emerging.
    2. Despite the low durability of digital tags, Digital steganographic technologies and systems are successfully used in practice to protect the copyrights of creators of multimedia products when distributing their products on computer networks and on digital media: CDs, digital music tracks and videos.
    3. Currently, among software manufacturers, only multimedia developers and publishers have the means to protect the rights of authors at one level or another.
    4. Not all existing computer steganography methods can be used to protect copyright in computer programs.
    5. The most developed computer steganography methods and algorithms related to digital steganography cannot be used to embed hidden information identifying the author into executable program files.
    6. Steganographic methods for protecting copyrights in computer programs are not sufficiently developed today.

    What else is steganography?

    Over the past few years, intelligence activity has increased significantly. Their rights regarding methods of obtaining information have also increased; now they have the right to read your personal correspondence.
    It’s good if you only communicate with aunts or buddies from the chat. What will happen when, while analyzing your correspondence, they come across the password for
    some foreign server or will they read how you brag to a friend about your latest defacement? These letters can become evidence of a crime and serve
    an excellent reason to initiate a criminal case... Well, how
    perspective? Not very... Therefore it should
    carefully hide the contents of such correspondence. This is exactly what steganography does, and if it is used with elements of cryptography, only the addressee who knows the scheme for extracting protected information can read the letter.
    text.

    The name steganography comes from two Greek words
    - steganos (secret) and graphy (record), so it can be called secret writing. The main task of steganography: hiding the very fact of the existence of a secret message. This science arose in Egypt. It was used to transmit a variety of government information. For these purposes, they shaved the slave's head and gave the poor guy a tattoo. When hair
    grew back, the messenger was sent on his way :)

    But nowadays no one uses this method anymore (or
    still use it?), modern steganographers use invisible ink, which can be
    visible only after a certain chemical treatment, microfilms, conventional arrangement of characters in a letter, secret communication channels and much more.

    Computer technologies for hiding information also do not stand still and are actively developing. Text or even a file can be hidden in a harmless letter, image, melody, or in general in all transmitted data. To understand this process, let’s figure out how to hide information
    information so that they don’t even see it
    availability.

    Text document.txt

    Using steganography to transmit information through text data is quite difficult.
    This can be implemented in two ways (although the idea is the same for both cases):

    1. Use letter case.
    2. Use spaces.

    For the first option, the process is as follows: let us need to hide the letter “A” in the text “stenography”. To do this, we take the binary representation of the character code “A” - “01000001”. Let a lowercase symbol be used to denote a bit containing a one, and an uppercase symbol for a zero. Therefore, after applying the mask “01000001” to the text “stenography”, the result will be “sTenogrAphy”. We did not use the ending “phy” because 8 bytes are used to hide one character (a bit for each character), and the length of the line is 11 characters, so it turned out that the last 3 characters are “extra”. Using this technology, you can hide a message of N/8 characters in text of length N. Since this solution cannot be called the most successful, the technology of data transmission through gaps is often used. The fact is that the space is indicated by a character with code 32, but in the text it can also be replaced with a character with code 255 or TAB at worst. Just like in the previous example, we transmit the bits of the encrypted message using plain text. But this time 1 is a space and 0 is a space with code 255.

    As you can see, hiding information in text documents is not foolproof because it can be easily noticed. Therefore, other, more advanced technologies are used...

    GIF, JPG and PNG

    You can hide text in an image more securely. Everything happens on the principle of replacing the color in the image with one close to it. The program replaces some pixels, the position of which it calculates itself. This approach is very good, because determining the technology for hiding text is more difficult than in the previous example. This approach not only works with text information, but also with images. This means that you can place nastya.gif in the image without any problems
    pentagon_shema.gif, of course, if their size allows it.

    The simplest example of using images in steganography is the third task from ““. It can be solved quite simply and
    You can get the hidden message without much effort. First you need to copy it to the clipboard, then set the fill color for the right key to the background color of the image
    (blue). The next step is to clean up the drawing and fill it with black. To complete this operation simply
    paste an image from the clipboard, only the blind will not see the inscription “WELL DONE!”

    Technology of using images as
    container provides much broader capabilities than text documents.
    As I said, when using
    graphic formats, it becomes possible to hide not only text messages,
    but also other images and files. The only condition is that the volume of the hidden picture should not exceed the size of the storage image. For these purposes, each program uses its own technology, but they all boil down to replacing certain pixels in the image.

    A good example of using steganography would be an Internet browser.
    Camera/Shy, from
    famous hacker team Cult of Dead
    Cow. In appearance, it resembles a regular Internet browser, but when you enter a web resource, all GIF images are automatically scanned for hidden messages.

    MP3 and everything you hear

    But perhaps the most beautiful solution is the use of audio formats
    (I recommend MP3Stego for work). This is due
    something that most people wouldn't even think of
    that music may contain hidden information. To place a message/file in MP3 format, redundant information is used, the presence of which
    determined by the format itself. When using
    other audio files you need to make changes to
    sound wave, which may have a very small effect on the sound.

    Other solutions

    Microsoft Word documents can be used for steganography; RTF format can also be used as a message container. There are a number of utilities that are capable of transferring files via empty packets using
    the same shorthand solutions. With this technology, one bit of the copied file is transmitted in one packet, which is stored in the header of the transmitted packet. This technology does not provide high speed data transmission, but has a number
    advantages when transferring files through firewalls.

    Steganography is a fairly powerful tool for maintaining data confidentiality. Its use has long been recognized as effective in protecting copyrights, as well as any other information that can be
    considered intellectual property. But especially
    effective use of steganography with elements of cryptography. This approach creates
    two-level protection, hacking which is very difficult if
    is generally possible...

    Digital steganography Vadim Gennadievich Gribunin

    1.1. Digital steganography. Subject, terminology, areas of application

    Digital steganography as a science was born literally in recent years. In our opinion, it includes the following areas:

    1) embedding information for the purpose of its hidden transmission;

    2) embedding digital watermarks (watermarking);

    3) embedding identification numbers (fingerprinting);

    4) embedding headings (captioning).

    Digital watermarks can be used mainly for protection against copying and unauthorized use. In connection with the rapid development of multimedia technologies, the issue of protecting copyrights and intellectual property presented in digital form has become acute. Examples include photographs, audio and video recordings, etc. The benefits of presenting and transmitting messages digitally may be offset by the ease with which they can be stolen or modified. Therefore, various information protection measures of an organizational and technical nature are being developed. One of the most effective technical means of protecting multimedia information is to embed invisible marks - digital markings - into the protected object. Developments in this area are carried out by the largest companies around the world. Since CVD methods began to be developed quite recently (the first article on this topic was, apparently, the work), there are many unclear problems that require resolution.

    This method gets its name from the well-known method of protecting securities, including money, from counterfeiting. The term “digital watermarking” was first used in the work of . Unlike conventional watermarks, digital watermarks can be not only visible, but also (as a rule) invisible. Invisible digital watermarks are analyzed by a special decoder, which makes a decision about their correctness. CEZs may contain some authentic code, information about the owner, or some control information. The most suitable objects for protection using digital video protection are still images, audio and video data files.

    The technology for embedding manufacturer identification numbers has much in common with digital watermark technology. The difference is that in the first case, each protected copy has its own unique embedded number (hence the name - literally “fingerprints”). This identification number allows the manufacturer to track the further fate of his brainchild: whether any of the buyers have engaged in illegal replication. If so, fingerprints will quickly point to the culprit.

    Caption embedding (invisible) can be used, for example, to caption medical images, add a legend to a map, etc. The goal is to store heterogeneous information in a single whole. This is perhaps the only application of steganography where a potential attacker is not explicitly present.

    Since digital steganography is a young science, its terminology is not fully established. The basic concepts of steganography were agreed upon at the first international conference on data hiding. However, even the concept of “steganography” itself is interpreted differently. Thus, some researchers understand steganography as only the hidden transmission of information. Others refer to steganography such applications as, for example, meteor radio communications, radio communications with pseudo-random radio frequency tuning, and broadband radio communications. In our opinion, an informal definition of what digital steganography is could look like this: “the science of quietly and reliably hiding some bit sequences in others that are of an analog nature.” All four of the above areas of data hiding fall under this definition, but radio communications applications do not. In addition, the definition contains two main requirements for steganographic transformation: invisibility and reliability, or resistance to various types of distortions. Mention of the analog nature of digital data highlights the fact that information is embedded in digitized continuous signals. Thus, within the framework of digital steganography, the issues of embedding data in the headers of IP packets and files of various formats, in text messages are not considered.

    No matter how different the directions of steganography are, the requirements they impose largely coincide, as will be shown below. The most significant difference between the formulation of the problem of hidden data transmission and the formulation of the problem of embedding a digital digital message is that in the first case the intruder must detect a hidden message, while in the second case everyone knows about its existence. Moreover, the offender may legally have a digital video detection device (for example, as part of a DVD player).

    The word “inconspicuous” in our definition of digital steganography implies the mandatory inclusion of a person in the steganographic data transmission system. A person here can be considered as an additional data receiver, placing rather difficult to formalize requirements on the transmission system.

    The task of embedding and extracting messages from other information is performed by the stegosystem. The stegosystem consists of the following main elements, shown in Fig. 1.1:

    Rice. 1.1. Block diagram of a typical CVZ stegosystem

    Precoder is a device designed to convert a hidden message into a form convenient for embedding into a signal container. (A container is an information sequence in which a message is hidden);

    Stegocoder is a device designed to embed a hidden message in other data, taking into account their model;

    Built-in message highlighting device;

    Stegodetector is a device designed to determine the presence of a stego message;

    A decoder is a device that reconstructs a hidden message. This node may be missing, as will be explained below.

    As shown in Fig. 1.1, in the stegosystem two types of information are combined so that they can be distinguished by two fundamentally different detectors. One of the detectors is the CVS isolation system, and the other is a person.

    Before embedding a digital watermark into a container, the digital watermark must be converted to some suitable type. For example, if an image serves as a container, then the sequence of digital images is often represented as a two-dimensional array of bits. In order to increase the resistance of digital video recording to distortion, they often perform noise-resistant coding or use broadband signals. The initial processing of the hidden message is performed by the one shown in Fig. 1.1 precoder. The most important preliminary processing of the digital waveform (as well as the container) is the calculation of its generalized Fourier transform. This makes it possible to embed digital waveforms in the spectral region, which significantly increases its resistance to distortion. Preprocessing is often done using a key K to increase the privacy of embedding. Next, the digital watermark is “embedded” in the container, for example, by modifying the least significant bits of the coefficients. This process is possible due to the characteristics of the human perception system. It is well known that images have great psychovisual redundancy. The human eye is like a low-pass filter that allows fine details to pass through. Distortions are especially noticeable in the high-frequency region of images. These features of human vision are used, for example, in the development of image and video compression algorithms.

    The process of introducing CVS should also take into account the properties of the human perception system. Steganography uses the psycho-visual redundancy in signals, but in a different way than data compression. Let's give a simple example. Consider a grayscale image with 256 shades of gray, that is, with a specific encoding rate of 8 bits/pixel. It is well known that the human eye is unable to detect changes in the least significant bit. Back in 1989, a patent was received for a method of hidden information embedding in an image by modifying the least significant bit. In this case, the stego detector analyzes only the value of this bit for each pixel, and the human eye, on the contrary, perceives only the highest 7 bits. This method is easy to implement and effective, but does not satisfy some important requirements for digital watermarks, as will be shown below.

    In most stegosystems, a key is used to embed and allocate digital watermarks. The key may be intended for a narrow circle of people or be publicly available. For example, the key must be contained in all DVD players so that they can read the DVDs contained on the discs. Sometimes, by analogy with cryptography, stegosystems are divided into two classes: with a public key and with a secret key. In our opinion, the analogy is incorrect, since the concept of a public key in this case is fundamentally different. The correct expression would be "public key", with the embedding key being the same as the extracting key. As far as we know, there is no stegosystem in which when isolating a digital watermark, different information is required than when investing it. Although the hypothesis about the impossibility of the existence of such a system has not been proven. In a system with a public key, it is quite difficult to resist possible attacks from intruders. In fact, in this case, the intruder knows exactly the key and location of the digital watermark, as well as its meaning.

    The stegodetector detects a digital image in a (possibly modified) digital digital image. This change may be due to the influence of errors in the communication channel, signal processing operations, or deliberate attacks by intruders. In many stegosystem models, the container signal is considered as additive noise. Then the problem of detecting and isolating a stego message is classical for communication theory. However, this approach does not take into account two factors: the non-random nature of the container signal and the requirements for maintaining its quality. These points are not found in the known theory of detecting and isolating signals against the background of additive noise. Taking them into account will allow us to build more effective stegosystems.

    There are stegodetectors designed to detect the presence of a digital waveform and devices designed to isolate this digital waveform (stegodecoders). In the first case, detectors with hard (yes/no) or soft solutions are possible. To make a decision about the presence/absence of a digital signal, it is convenient to use measures such as the Hamming distance, or the mutual correlation between the existing signal and the original (if the latter is present, of course). What if we don’t have the original signal? Then the more subtle ones come into play statistical methods, based on the construction of models of the studied class of signals. Subsequent chapters will cover this issue in more detail.

    Depending on what information is required by the detector to detect CVS, CVS stegosystems are divided into three classes: open, semi-closed and closed systems. This classification is shown in Table 1.1.

    What does the detector require? Detector output
    Original signal Original Central Exhibition Hall Not really CEH
    Closed Type I + + + -
    Type II + - - +
    Semi-closed - + + -
    Open - - - +

    Table 1.1. Classification of digital waterproofing systems

    The greatest application can be found in open stegosystems of digital signal transmission, which are similar to systems of covert data transmission. Closed stegosystems of type I have the greatest resistance to external influences.

    Let's take a closer look at the concept of a container. Before the stegocoder there is an empty container, after it there is a filled container, or stego. The stego must be visually indistinguishable from an empty container. There are two main types of containers: streaming and fixed.

    A stream container is a continuously following sequence of bits. The message is inserted into it in real time, so the encoder does not know in advance whether the container is large enough to transmit the entire message. In one container large size Multiple messages can be embedded. The intervals between embedded bits are determined by a pseudo-random sequence generator with a uniform distribution of intervals between samples. The main difficulty lies in implementing synchronization, determining the beginning and end of the sequence. If the container data contains synchronization bits, packet headers, etc., then the hidden information may come immediately after them. The difficulty of ensuring synchronization turns into an advantage from the point of view of ensuring transmission secrecy. In addition, the streaming container has great practical value: imagine, for example, a stego attachment to a regular phone. Under the guise of an ordinary, insignificant telephone conversation, it would be possible to transmit another conversation, data, etc., and without knowing the secret key, it would be impossible not only to find out the content of the hidden transmission, but also the very fact of its existence. It is no coincidence that there are practically no works devoted to the development of stegosystems with a streaming container.

    For a fixed container, the dimensions and characteristics are known in advance. This allows data to be nested in a somewhat optimal way. In the book we will mainly consider fixed containers (hereinafter referred to as containers).

    The container can be chosen, random or imposed. The container chosen depends on the message being embedded, and in the extreme case is a function of it. This type of container is more typical for steganography. A tethered container may appear in a scenario where the person providing the container suspects possible hidden correspondence and wishes to prevent it. In practice, most often we encounter a random container.

    Embedding a message into a container can be done using a key, one or more. The key is a pseudo-random sequence (PSR) of bits generated by a generator that meets certain requirements (cryptographically secure generator). For example, a linear recurrent register can be used as the basis of the generator. Then the initial filling of this register can be communicated to the recipients to ensure communication. The numbers generated by the PSP generator can determine the positions of modified samples in the case of a fixed container or the intervals between them in the case of a streaming container. It should be noted that the method of randomly selecting the interval between embedded bits is not particularly good. There are two reasons for this. First, the hidden data must be distributed throughout the image. Therefore, a uniform distribution of interval lengths (from smallest to largest) can only be achieved approximately, since we must be sure that the entire message is embedded, that is, “fitted” into the container. Secondly, the lengths of the intervals between noise samples are distributed not uniformly, but according to an exponential law. A PSP generator with exponentially distributed intervals is difficult to implement.

    The hidden information is embedded in accordance with the key into those samples whose distortion does not lead to significant distortion of the container. These bits form a stegopath. Depending on the application, a significant distortion can be understood as a distortion that leads to both the unacceptability of a filled container for a human recipient and the possibility of revealing the presence of a hidden message after steganalysis.

    CVS can be of three types: robust, fragile and semi-fragile (semifragile). Robustness refers to the resistance of the CVZ to various types of influences on the stego. Most studies are devoted to robust CVDs.

    Fragile CVZs are destroyed with minor modifications to the filled container. They are used to authenticate signals. Difference from electronic media digital signature The problem is that fragile digital paintings still allow some modification of the content. This is important for protecting multimedia information, since a legitimate user might, for example, want to compress an image. Another difference is that fragile digital watermarks must not only reflect whether the container has been modified, but also the type and location of that modification.

    Semi-fragile CVZ are resistant to some impacts and unstable to others. Generally speaking, all CVZs can be classified as this type. However, semi-fragile CVS are specially designed to be unstable with respect to certain types of operations. For example, they may allow you to compress an image but not allow you to cut or paste parts of it.

    In Fig. 1.2 presents the classification of digital steganography systems.

    The stegosystem forms a stegochannel through which the filled container is transmitted. This channel is considered susceptible to interference from violators. Following Simmons, steganography usually considers this problem formulation (the “prisoner problem”).

    Two prisoners, Alice and Bob, want to exchange messages confidentially, despite the fact that the communication channel between them is controlled by guard Willie. In order for secret messaging to be possible, it is assumed that Alice and Bob have some secret key known to both. Willy's actions may consist not only in an attempt to detect a hidden communication channel, but also in the destruction of transmitted messages, as well as their modification and the creation of new, false messages. Accordingly, we can distinguish three types of violators that the stegosystem must resist: passive, active and malicious violators. More details possible actions violators and protection from them are discussed in the second chapter. For now, we will only note that a passive intruder can only be in stegosystems of covert data transmission. CVS systems are characterized by active and malicious violators.

    Simmons' article, as he himself later wrote, was prompted by a desire to draw the attention of the scientific community to the then-closed problem of nuclear weapons control. According to the SALT Treaty, the USSR and the USA were supposed to place certain sensors on each other's strategic missiles. These sensors were supposed to transmit information about whether a nuclear warhead was connected to them. The problem Simmons dealt with was preventing these sensors from transmitting any other information, such as the location of missiles. Determining the presence of hidden information is the main task of steganalysis.

    Rice. 1.2. Classification of digital steganography systems

    In order for a stegosystem to be reliable, a number of requirements must be met during its design.

    The security of the system must be entirely determined by the secrecy of the key. This means that an attacker can fully know all the algorithms of the stegosystem and statistical characteristics sets of messages and containers, and this will not give him any additional information about the presence or absence of a message in a given container.

    An attacker's knowledge of the presence of a message in a container should not help him discover messages in other containers.

    A filled container must be visually indistinguishable from an unfilled one. To satisfy this requirement, it would seem that a hidden message must be introduced into visually insignificant areas of the signal. However, these same areas also use compression algorithms. Therefore, if the image is further compressed, the hidden message may be destroyed. Therefore, bits must be embedded in visually significant areas, and relative inconspicuousness can be achieved through the use of special techniques such as spread spectrum modulation.

    The digital audio signal stegosystem should have a low probability of false detection of a hidden message in a signal that does not contain it. In some applications, this detection can have serious consequences. For example, a false detection of a digital video on a DVD disc may cause the player to refuse to play it.

    The required throughput must be provided (this requirement is relevant mainly for stegosystems of covert information transmission). In the third chapter we will introduce the concept of hidden bandwidth and consider ways to achieve it.

    The stegosystem must have acceptable computational complexity of implementation. In this case, a digital digital signal system asymmetric in implementation complexity is possible, that is, a complex stegocoder and a simple stegodecoder.

    The following requirements are imposed on the Central Exhibition Hall.

    The digital watermark must be easily (computationally) retrievable by a legitimate user.

    The CVZ must be resistant or unstable to intentional and accidental impacts (depending on the application). If the digital watermark is used to confirm authenticity, then unacceptable modification of the container should lead to the destruction of the digital watermark (fragile digital watermark). If the digital digital signal contains an identification code, a company logo, etc., then it should be preserved even with maximum distortion of the container, which, of course, does not lead to significant distortion of the original signal. For example, the color scheme or brightness of an image can be edited, the sound of low tones can be enhanced for an audio recording, etc. In addition, the digital image must be robust with respect to affine transformations of the image, that is, its rotation and scaling. In this case, it is necessary to distinguish between the stability of the digital video signal itself and the ability of the decoder to correctly detect it. For example, when rotating an image, the digital image will not be destroyed, but the decoder may be unable to select it. There are applications when the digital water supply must be stable with respect to some transformations and unstable with respect to others. For example, it may be possible to copy an image (copier, scanner), but prohibit making any changes to it.

    It should be possible to add additional digital watermarks to the stego. For example, a DVD disc contains a copy-once label. After such copying is completed, it is necessary to add a label prohibiting further copying. It would be possible, of course, to delete the first digital watermark and write a second one in its place. However, this contradicts the assumption that the CVZ is difficult to remove. The best solution is to add another CEZ, after which the first one will not be taken into account. However, the presence of several digital watermarks on one message can facilitate an attack by an intruder, unless special measures are taken, as will be described in Chapter 2.

    Currently, CVD technology is in the very initial stages of its development. As practice shows, it should take 10–20 years for a new cryptographic method began to be widely used in society. Probably, a similar situation will be observed with steganography. One of the problems associated with digital watermarks is the variety of requirements for them, depending on the application. Let's take a closer look at the main areas of application of CVD.

    Let's first consider the problem of piracy, or unlimited unauthorized copying. Alice sells her multimedia message to Peter. Although the information may have been encrypted during transmission, there is nothing to prevent Peter from copying it after decryption. Therefore, in this case, an additional level of copy protection is required, which cannot be provided by traditional methods. As will be shown below, it is possible to introduce a digital digital signature that allows reproduction and prohibits copying of information.

    An important problem is determining the authenticity of the information received, that is, its authentication. Typically, digital signatures are used to authenticate data. However, these tools are not entirely suitable for providing authentication of multimedia information. The fact is that a message equipped with an electronic digital signature must be stored and transmitted absolutely accurately, “bit for bit.” Multimedia information can be slightly distorted both during storage (due to compression) and during transmission (the influence of single or burst errors in the communication channel). At the same time, its quality remains acceptable for the user, but the digital signature will not work. The recipient will not be able to distinguish a true, albeit somewhat distorted, message from a false one. In addition, multimedia data can be converted from one format to another. In this case, traditional integrity protection measures will also not work. We can say that digital digital protection is capable of protecting the content of an audio and video message, and not its digital representation in the form of a sequence of bits. In addition, an important disadvantage of a digital signature is that it can be easily removed from a message certified by it, and then a new signature can be attached to it. Removing the signature will allow the violator to renounce authorship, or mislead the rightful recipient regarding the authorship of the message. The CVZ system is designed in such a way as to exclude the possibility of such violations.

    As can be seen from Fig. 1.3, the use of digital watermarks is not limited to information security applications. The main areas of use of digital digital signature technology can be combined into four groups: protection against copying (use), hidden annotation of documents, proof of information authenticity and hidden communication.

    Rice. 1.3. Potential Applications of Steganography

    The popularity of multimedia technologies has caused a lot of research related to the development of digital video recording algorithms for use in MP3, MPEG-4, JPEG2000 standards, and DVD copy protection.

    From the book Interface: New Directions in Design computer systems by Ruskin Jeff

    3.1. Terminology and conventions The world is divided into people who think they are right. Deirdre McGrath Content (or content) is information that is located in a computer or other device designed to process information and that is

    From the book Information Technology THE PROCESS OF CREATING SOFTWARE USER DOCUMENTATION author Author unknown

    E.2 Terminology In terms of terminology used in documents, the following rules must be followed: a) use general and non-technical terms in accordance with their definitions established in general dictionaries; b) create glossaries (dictionaries),

    From the book Metrology, standardization and certification: lecture notes author Demidova N V

    1. Subject and tasks of metrology Over the course of world history, people had to measure various things, weigh products, and count time. For this purpose it was necessary to create an entire system various measurements necessary to calculate volume, weight, length, time

    From the book Metrology, standardization and certification author Demidova N V

    1. Subject and tasks of metrology Metrology means the science of measurements, existing means and methods that help to observe the principle of their unity, as well as ways to achieve the required accuracy. The origin of the term “metrology” itself goes back to two

    From the book Commercial Metering Operators in Electricity Markets. Technology and organization of activities author Osika Lev Konstantinovich

    Chapter 3 SUBJECT OF COMPETITIVE ACTIVITY COMMERCIAL accounting and accounting policy in the wholesale and retail electricity markets The defining subject of the CMO business is commercial accounting, therefore it is necessary to dwell in more detail on all aspects of accounting,

    From the book Quality Management author Shevchuk Denis Alexandrovich

    1.1. Subject and objectives of the course One of the main problems facing Russian enterprises today is their successful adaptation to the conditions of a market economy. The solution to this problem is necessary condition for their survival and further development.Modern

    From the book Creating an Android Robot with Your Own Hands by Lovin John

    Limitations of the scope of application If you want to achieve a professional level of performing automated actions or “revitalizing” objects, then, so to speak, to maintain the brand, the positioning accuracy when performing movements at each moment of time must

    From the book The Phenomenon of Science [Cybernetic Approach to Evolution] author Turchin Valentin Fedorovich

    6.11. Physical object and logical object Experience teaches us that the world in which we live is characterized by a certain stability and repeatability (in the same way, of course, as continuous fluidity and changeability). Let's say you see a tree. You walk away from him and

    From the book TRIZ Textbook author Gasanov A I

    1. TRIZ subject Gasanov A.I.

    From the book Digital Steganography author Gribunin Vadim Gennadievich

    1.4.1. Public Key Steganography Public key steganography builds on advances in cryptography over the last 25 years. The term "public key" means that a different key is used to decrypt a message than to encrypt it. In this case, one of the keys is made

    From the book Locksmith's Guide to Locks by Phillips Bill

    From the book Materials Science. Crib author Buslaeva Elena Mikhailovna

    1. Subject of materials science; modern classification of materials, main stages in the development of materials science Materials science studies the composition, structure, properties and behavior of materials depending on environmental influences. The impact is thermal,

    From the book Very General Metrology author Ashkinazi Leonid Alexandrovich

    43. Marking, structure, properties and applications of non-ferrous metals and their alloys Non-ferrous metals include copper, aluminum, magnesium, titanium, lead, zinc and tin, which have valuable properties and are used in industry, despite the relatively high

    From the author's book

    48. Types of composite materials. Structure, properties, areas of application Composite materials consist of two components, combined in various ways into a monolith while maintaining their individual characteristics. Characteristics of the material: composition, shape and

    From the author's book

    50. Forming and sintering of powders, areas of application Sintering is the adhesion strength of particles as a result of heat treatment of pressed workpieces. The prepared powders are mixed in ball and drum mills. Metal powder blanks

    From the author's book

    Sociological and psychological terminology From the point of view of this book, physics, technology, sociology and psychology have the same status - these are areas of application of metrology. But in physics and technology, the terminology is mostly well-established and clearly understood

    Read more: