Steganography: bottomless containers and reusable keys
After my first posting on Habré about steganography , I had a lot of thoughts and as a result a lot of interesting ideas. Some ideas were prompted to me by commentators of the previous article, to some I came myself.
I saw the problems of steganography on the example of the previous algorithm, namely:
Distortion of the container for large sizes of the message . If the container is too small (or through some of its other characteristics), then its original appearance is distorted. In the case of a picture, a lot of noise appears, the image is distorted.
')
Large size container. To hide more or less large stego messages without significant distortion of the container, you need to choose a larger container. This can carry various problems. For example, if you need to send an extra-large message, then the size of the container must be many times (hundreds, perhaps thousands) times the size of the hidden message. And this, in turn, may pose a threat of resistance to steganess, since the probable adversary will first of all check large images. Although it can be beaten to your advantage by sending a lot of large files. Thus, the enemy will be loaded with empty work and analysis.
This has always been the main problem of steganography. And I seriously thought about her decision. I will share with the readers my results.
Key. To begin with, I decided to create steganographic programs with a key. The first thought related to the key and steganography was that the key would change the coordinates of the next pixel unevenly (if it was an image), where the next piece of information would be contained. But then I thought about something else ... And if the coordinates that fit the next part of the information will form the key. That is, it is not the person who enters the key, but the algorithm gives the key? I immediately sat down for the implementation.
I will make a small remark that in the course of the article I will describe the algorithm theoretically with reference to my implementation on the Internet. One of the reasons: to cover the part of the audience that is not programmers. But at the end of the article I will give the source code of my programs.
Also please note that I take two examples of a container: an image, a text.
At first I thought about giving coordinates on two axes x and y. But having sets of three colors in RGB you also need a third z axis, where the value will be from 0 to 2. “Extra coordinate is an extra key value” - I thought and did as shown in the illustration.
So I expanded the x axis three times, dividing the RGB value across the width. Finally, I thought that the value of y can be transferred to x by placing it all in width.
Thus, we have only one x axis and, accordingly, only one coordinate.
But it does not matter. It is possible and 2, and 3 coordinates. It seemed to me that with one coordinate the key size would be smaller.
As in the previous, published on Habré, the program, I would like one of the color values to match the value of the character in the ASCII table. I believe that this way the container can put more information, later it turned out to be more convenient for other reasons. But at the same time, the use of ASCII serve only for clarity. In more complex algorithms, a different approach is needed.
The whole point of the algorithm will rest on the fact that it will search for a coordinate, the value of which will correspond to the value of the symbol. That is, the key is a sequence of coordinates.
In the case of hiding the text in the text, then similarly the entire text container can be represented as one line, each element of which will have its own coordinate along the x axis.
You can look at the steganographic program and see it in action ( hide the text in the picture , hide the text in the text ).
Enter the URL image and message. As a result, we get the key. You can leave the same image URL, enter the key and get a quit message at the output. Thus the container did not change at all! It means that it is impossible to detect influences from the side of the algorithms, since they were not there!
When I started testing the program, I was confused by two points.
First, I was worried about the large size of the key. They are more of a stego message. But having compressed the key with any archiver, I was no longer confused by the key size. The key is textual and therefore even if the key is ~ 60kb, then after compression it is about 500 bytes (zip archiving).
Secondly, since the user does not come up with the key, and the algorithm gives it, it turns out that with each new information transfer, a new key needs to be transferred, which is a bad tone in steganography. But then I later saw more pluses than minuses.
The first. Despite the fact that the algorithm gives the keys - they can be used an infinite number of times, limited only by the fear of exposing them. To do this, it is enough to take another container so that each time in the given coordinates there is another message. This can be done in any convenient way for the user: to sort out an image from free access or to create such an image yourself. If the container is text, then you can likewise take texts from public access or write it yourself. Just think, every innocent blog can be a parallel source of secret information. Every illustration, every article (even a simple SEO-text) can contain a secret message on a key!
The second. For the same message in a given image, there may be a set number of keys. My exemplary program chooses the first available coordinate, but the algorithm can be changed so that the coordinate is selected from a set available at random. Thus, it is possible to generate many keys on the same message.
It can be used for various purposes. I will give a few examples.
Example one: identify the source of information leakage. It can also be divided into several options, but I will consider one. Suppose with the first message and the container everyone was given different keys, but one message. With the second container on the same keys, everyone who has the key will receive a variation of the same message, but with certain changes. Information leakage will indicate to the owner of the key “information merging” (well, or the key was corny stolen). Further, for this key, misinformation will be sent in order to place the attacker in the information quarantine.
An example of the second. It follows from the first. Maybe we need to sometimes send a variety of information. What causes this (different levels of access, different tasks, etc.) is not important, but it can be useful. The key, after all, corresponds to different coordinates and, according to different coordinates, there can be both the same and completely different information.
In addition, the message can be transmitted not only by one container or even by one type of container. If the stego messages are transmitted, for example, through a blog, then part of the message may be in the picture, part in the text, etc. (video, audio ...).
Thus, this steganographic method has surprising advantages:
Containers are unlimited . An infinite number of messages can fit into one image (for example, a photo) or a large text (for example, an abstract). Of course it is necessary that the image was multi-colored so that there was all the variety of options. In Malevich’s Black Square ’, it will be difficult to convey the stego messages. Although ... for other steganographic methods it was previously difficult.
For example, in such a small image as this
put the message "Hello, Habrahabr!". I think it can fit more. However, in order to enhance steganostvo resistance should take the container much more.
Container defies warping . Agree that this is a great advantage. How to find out before us a container or just an image / text / audio / video ... if the container does not undergo any changes?
Now there is no need to destroy the original, because it is the original that is used as a container!
The presence of many keys improves resistance to stego . How do you know if the word “Yes” or “No” is transmitted in the container, if both the first and second can be found there?
I cite two training web applications according to the algorithm I described. The first as the container uses images, and the second text.
Download 1 (we hide the text in the picture)
Download 2 (hide text to text)
PS In the comments they told me that behind a similar principle there is a Book_Cipher
I saw the problems of steganography on the example of the previous algorithm, namely:
Distortion of the container for large sizes of the message . If the container is too small (or through some of its other characteristics), then its original appearance is distorted. In the case of a picture, a lot of noise appears, the image is distorted.
')
Large size container. To hide more or less large stego messages without significant distortion of the container, you need to choose a larger container. This can carry various problems. For example, if you need to send an extra-large message, then the size of the container must be many times (hundreds, perhaps thousands) times the size of the hidden message. And this, in turn, may pose a threat of resistance to steganess, since the probable adversary will first of all check large images. Although it can be beaten to your advantage by sending a lot of large files. Thus, the enemy will be loaded with empty work and analysis.
This has always been the main problem of steganography. And I seriously thought about her decision. I will share with the readers my results.
Key. To begin with, I decided to create steganographic programs with a key. The first thought related to the key and steganography was that the key would change the coordinates of the next pixel unevenly (if it was an image), where the next piece of information would be contained. But then I thought about something else ... And if the coordinates that fit the next part of the information will form the key. That is, it is not the person who enters the key, but the algorithm gives the key? I immediately sat down for the implementation.
I will make a small remark that in the course of the article I will describe the algorithm theoretically with reference to my implementation on the Internet. One of the reasons: to cover the part of the audience that is not programmers. But at the end of the article I will give the source code of my programs.
Also please note that I take two examples of a container: an image, a text.
At first I thought about giving coordinates on two axes x and y. But having sets of three colors in RGB you also need a third z axis, where the value will be from 0 to 2. “Extra coordinate is an extra key value” - I thought and did as shown in the illustration.
So I expanded the x axis three times, dividing the RGB value across the width. Finally, I thought that the value of y can be transferred to x by placing it all in width.
Thus, we have only one x axis and, accordingly, only one coordinate.
But it does not matter. It is possible and 2, and 3 coordinates. It seemed to me that with one coordinate the key size would be smaller.
As in the previous, published on Habré, the program, I would like one of the color values to match the value of the character in the ASCII table. I believe that this way the container can put more information, later it turned out to be more convenient for other reasons. But at the same time, the use of ASCII serve only for clarity. In more complex algorithms, a different approach is needed.
The whole point of the algorithm will rest on the fact that it will search for a coordinate, the value of which will correspond to the value of the symbol. That is, the key is a sequence of coordinates.
In the case of hiding the text in the text, then similarly the entire text container can be represented as one line, each element of which will have its own coordinate along the x axis.
You can look at the steganographic program and see it in action ( hide the text in the picture , hide the text in the text ).
Enter the URL image and message. As a result, we get the key. You can leave the same image URL, enter the key and get a quit message at the output. Thus the container did not change at all! It means that it is impossible to detect influences from the side of the algorithms, since they were not there!
When I started testing the program, I was confused by two points.
First, I was worried about the large size of the key. They are more of a stego message. But having compressed the key with any archiver, I was no longer confused by the key size. The key is textual and therefore even if the key is ~ 60kb, then after compression it is about 500 bytes (zip archiving).
Secondly, since the user does not come up with the key, and the algorithm gives it, it turns out that with each new information transfer, a new key needs to be transferred, which is a bad tone in steganography. But then I later saw more pluses than minuses.
The first. Despite the fact that the algorithm gives the keys - they can be used an infinite number of times, limited only by the fear of exposing them. To do this, it is enough to take another container so that each time in the given coordinates there is another message. This can be done in any convenient way for the user: to sort out an image from free access or to create such an image yourself. If the container is text, then you can likewise take texts from public access or write it yourself. Just think, every innocent blog can be a parallel source of secret information. Every illustration, every article (even a simple SEO-text) can contain a secret message on a key!
The second. For the same message in a given image, there may be a set number of keys. My exemplary program chooses the first available coordinate, but the algorithm can be changed so that the coordinate is selected from a set available at random. Thus, it is possible to generate many keys on the same message.
It can be used for various purposes. I will give a few examples.
Example one: identify the source of information leakage. It can also be divided into several options, but I will consider one. Suppose with the first message and the container everyone was given different keys, but one message. With the second container on the same keys, everyone who has the key will receive a variation of the same message, but with certain changes. Information leakage will indicate to the owner of the key “information merging” (well, or the key was corny stolen). Further, for this key, misinformation will be sent in order to place the attacker in the information quarantine.
An example of the second. It follows from the first. Maybe we need to sometimes send a variety of information. What causes this (different levels of access, different tasks, etc.) is not important, but it can be useful. The key, after all, corresponds to different coordinates and, according to different coordinates, there can be both the same and completely different information.
In addition, the message can be transmitted not only by one container or even by one type of container. If the stego messages are transmitted, for example, through a blog, then part of the message may be in the picture, part in the text, etc. (video, audio ...).
Thus, this steganographic method has surprising advantages:
Containers are unlimited . An infinite number of messages can fit into one image (for example, a photo) or a large text (for example, an abstract). Of course it is necessary that the image was multi-colored so that there was all the variety of options. In Malevich’s Black Square ’, it will be difficult to convey the stego messages. Although ... for other steganographic methods it was previously difficult.
For example, in such a small image as this
put the message "Hello, Habrahabr!". I think it can fit more. However, in order to enhance steganostvo resistance should take the container much more.Container defies warping . Agree that this is a great advantage. How to find out before us a container or just an image / text / audio / video ... if the container does not undergo any changes?
Now there is no need to destroy the original, because it is the original that is used as a container!
The presence of many keys improves resistance to stego . How do you know if the word “Yes” or “No” is transmitted in the container, if both the first and second can be found there?
I cite two training web applications according to the algorithm I described. The first as the container uses images, and the second text.
Download 1 (we hide the text in the picture)
Download 2 (hide text to text)
PS In the comments they told me that behind a similar principle there is a Book_Cipher
Source: https://habr.com/ru/post/168281/
All Articles