20.08.2024
10 min
2009
Steganography is a technique for hiding data inside regular files, such as images or documents. This approach helps designers, photographers, and developers protect copyrights and allows for the secure transmission of confidential messages. Hidden watermarks, metadata, or format changes are often used. To increase security, steganography is combined with encryption, making the data both invisible and inaccessible to third parties.
The term “steganography” has long been understood: it refers to methods of covert data transmission inside obvious media. Usually, people think about ways to hide information from potential attackers who want to detect and use it. This article suggests looking at steganography more broadly: although the task of “hiding and preventing use” remains the most obvious, the possibilities of this technology are much broader and go beyond just defense against attacks.
One of the most common and well-known ways of using steganography is to watermark an image. It is usually used to protect copyright, which is especially important for designers, photographers, illustrators and other artists. Such mechanisms are often already integrated in modern graphic editors: for example, watermarks are added to Photoshop through special plugins.
The essence is that during export, the image is almost imperceptibly modified, acquiring a hidden author identifier. This allows you to detect cases of unlicensed use of digital images, while the visual quality is almost not affected. However, the key word is “almost”. The image still differs slightly from the original: graininess may appear on homogeneous surfaces, the file size increases, and the watermark itself can sometimes be removed, for example, by Gaussian blur (although this will lead to a loss of sharpness). That is why some photographers prefer to simply copyright over the photo.
However, if we consider a watermark not only as a method of protection, but also as a way of storing additional data, the range of applications expands significantly. Hidden data can replace classic barcodes, and therefore be used to label goods in stores. This opens up new opportunities for packaging designers: there is no need to leave space for the standard EAN-13, because the necessary information can be embedded directly into the design elements. One company even promotes such a technology under the slogan “The barcode of everything”.
The technology also has certain limitations. For example, a watermark can only be correctly read from a full-color image – in the case of a scanned text document, the hidden information is almost guaranteed to be lost.
However, the application is not limited to graphics. Audio files can also contain watermarks, even if at first glance this seems strange for audio data. Similar solutions are used in videos, where hidden data is integrated into the visual or audio stream, keeping the main content readable.
Another frequently mentioned topic in conversations about steganography is hidden data in messages. This is a rather specialized application, which is most often associated with espionage. Theoretically, useful technical data can also be transmitted in everyday messages – for example, equipment status parameters – but for such tasks, there are usually specialized channels and communication sessions, so the practical value of this approach in everyday life is limited.
At the same time, steganography opens up wide opportunities for attackers: hidden messages can spread malicious code or serve as a way to bypass network blocks, which is becoming increasingly relevant. Since this topic has separate aspects and complex technical details, it is beyond the scope of this article and will not be considered in detail here.
Another practical direction is writing additional information to the content of files. Most of such applications are related to copyright protection, but there are other ideas. For example, information about the latest actions with a document can be hidden in a file: opening, copying, editing. Such data can serve as the identifier of the last editor, indicate the name of the machine or other technical attributes. Within the framework of a secure infrastructure, this information may seem redundant, but when a file leaks outside the security zone, it helps to track the distribution paths, identify those responsible and reduce the risks of recurrence of incidents.
The necessary information can be hidden in different ways: in metadata and file properties or, for images, using a watermark. In the case of sufficient print quality, the hidden record in the image can be preserved even after the printed reproduction of the document.
Here we are talking about another problem that steganography can partially solve: tracking the source of the leak of printed documents. It is the paper copy that is easiest to bring outside the secure circuit – a file that has been copied or sent by email is usually easier to track in real time. The consequences of such leaks are sometimes very serious: a document falling into the wrong hands can have far-reaching consequences, up to changes in legislation.
We are not talking about documents marked “top secret” and special procedures for their protection — there are separate services, regulations, and technical means for this class of information. We are talking about seemingly harmless texts, such as a draft internal order on the appointment of a top manager. The leak of such information before it even comes into force can cause sharp fluctuations in the value of the company’s shares and other negative consequences.
One real-life case from the practice of a large federal company illustrates the problem: a copy of a printed and signed order to change internal regulations appeared on the network. The security service’s investigation was only able to determine the region of the leak — while DLP systems and webcam recordings did not provide a comprehensive answer. At the same time, another problem arose: employees realized that they could take out printed documents with impunity, which further complicated the situation.
How can steganographic approaches help here? One simple option is to add a barcode with additional data to the page during printing. However, this approach has two obvious drawbacks: first, it is no longer pure steganography, since the barcode is open and visible; second, it is easy to remove or mask.
You can also apply watermark algorithms to the generated page, but there are technical limitations: the watermark is read correctly mainly from full-color and saturated images, which a typical text document usually does not have. Therefore, this path requires either significant reworking of the visual part of the document, or switching to color printing – which is not always acceptable.
An alternative is offered by manufacturers of office equipment. Many modern laser printers apply almost imperceptible microdots (usually yellow) to each page. These dots encode the printer’s serial number and the date and time of printing. The technology is used in forensics: there are known cases when such information helped to investigate the leakage of documents (see an example in the media about Reality Winner). Similar techniques are also used to protect banknotes and securities – microdots and microinscriptions can be found on banknotes.
There are also disadvantages to this approach: not all printers support the application of microdots, color printing is not always used in corporate document management, and decrypting encoded data requires special knowledge and tools that are often not available in the security service of a medium-sized company. Nevertheless, the technology itself exists and is successfully used in practice.
There are software vendors on the market that offer document processing using affine transformations.
Affine transformation is a geometric operation on a plane or in space, formed by a combination of shifts, reflections, and homotheties along the coordinate axes.
Simply put, this approach allows microscopically changing the arrangement of words and lines, adjusting line and word spacing. Each copy of the document transmitted to the user is modified differently and as a result becomes unique. In the event of a leak of such a copy, this allows us to make reasonable assumptions about the source of distribution.
This method allows us to investigate incidents not only after printing, but also in cases of taking a screenshot or photographing the screen and publishing the image on the Internet. At the same time, for the algorithm to work correctly, the document must be issued in the form of an image – that is, editing becomes impossible. Therefore, in those scenarios where the leak occurs at the stage of document creation (for example, a draft order during editing), this approach loses its practical value.
The idea of document uniqueness can be further developed – encoding steganographic information during editing, viewing, copying or printing. There are currently no ready-made industrial solutions for this: the only services on the Internet that mask messages in arbitrary text (for example, www.spammimic.com generates meaningless spam with a hidden message, while the developers themselves warn about its inappropriate use by criminals). In general, there are no technologies for uniqueizing a document at the time of its modification.
The problem is not only in technical implementation, but also in building coding principles: the text itself has a limited number of characteristics suitable for creating reliable uniqueness. In the scientific literature, you can find studies on this topic, but most often they do not go beyond the manipulation of line spacing and gaps at the ends of lines.
Steganography is not just a tool for hiding information: it is a wide range of techniques that can serve as both a means of copyright protection and a mechanism for identifying sources of leakage and marking content. Watermarks are effective for multimedia, but have limitations when applied to monochrome or text documents. Audio and video watermarks provide additional capabilities, but require specific algorithms and reading tools.
For printed documents, the approaches tested in practice are different: open markers (barcodes) are easy to remove; hardware solutions for printers (microdots) work well, but are not available everywhere and require knowledge to decipher; affine transformations and on-the-fly uniqueness can make each copy unique, but have limitations in editing scenarios and require the document to be output as an image.
