RU2322693C2 - Method for concealing computer information by repeatedly including a message in private steganographic containers - Google Patents

Abstract

FIELD: protection of information.

SUBSTANCE: in accordance to the method, computer information to be concealed is repeatedly included in private container-files, which are combined, in their turn, to form a single conditional message-file, which also may be included in private container-files of next levels, etc, selective cryptographic protection of data of message or its parts is performed, while storage of information about methods of access to various data is realized using a structure, wherein for each message its individual number is present as well as message byte number, bit number in message byte, name of the file - steganographic container with inclusion of its full location address in operation system, byte address in steganographic container, number of bit in byte of steganographic container, number of iteration.

EFFECT: increased resistance of data being protected to steganographic analysis.

Description

The invention relates to the protection of information by combining cryptographic and steganographic methods. The method allows to increase the resistance of protected data to steganographic analysis using the multiple procedure of embedding hidden computer information (messages) in private (i.e. unused by other messages) container files, which are combined in turn into a single conditional message file, which can also be attached to private next level container files, etc. At any of the levels, to increase the reliability of the fact of information hiding, selective encryption (cryptographic data protection) of the message (or its parts) is possible.

The author proposes the use of the new concept of “stego-repository”, which is a repository for steganographic methods. Information on access methods for various data (including hidden in stegocontainers) is stored using a structure in which for each message there is an individual number (8 bytes in size), message byte number (8 bytes in size), bit number in message byte (1 byte), file name of the steganographic container with its full address in the operating system (256 bytes), byte address in the stegocontainer (8 bytes), bit number in the stegocontainer byte (1 byte), iteration number (8 bytes ) If necessary, the number of bytes of any of the elements of the structure can be reduced or increased, as well as the sequence of elements with the addition of new or excluding unnecessary parts.

A method of hiding computer information by repeatedly embedding messages in private steganographic containers is as follows.

For each message (hidden computer information), container files (from among the free ones) are selected according to which the message can be distributed. Containers are combined into a new message, which is also distributed across free (i.e., empty) containers. Each time a message is distributed across empty containers, its message stability is enhanced. The procedure is repeated many times until the message stability parameter reaches the value set by the user. The parameter values and methods for calculating the stability of storages obtained by hiding information in files of various formats using various steganographic programs used in information systems (for example, "Steganos Security Suite", "Stegozaurus") are stored in a separate database. At each level, it is possible to selectively encrypt messages or selected data blocks for multi-format file containers.

It is assumed that the files that can be used as steganographic containers are present in sufficient numbers to provide the necessary data protection. Among steganographic files-containers can be graphic files (for example, drawings, diagrams, posters, sketches, photographs, drawings and other illustrations), as well as files of other formats. The condition of regular replenishment in the industrial information system of a large number of steganographic containers (exceeding closed data in volume) is not so difficult to ensure due to the arrival of new files of different formats (for example, texts, presentations, graphic files). Using the method of hiding computer information by repeatedly enclosing a message in private steganographic containers, data on special products (for example, defense products, dual-use products), defense enterprises, closed documents and other information can be protected.

Consider an example of the implementation of the method of hiding computer information by repeatedly embedding messages in private steganographic containers.

Let there be a message of 50 bytes in size, which must be hidden in the steganographic file-containers of the proposed method. Consider the Least Significant Bit (NZB) method, as one of the most well-known steganographic methods suitable for implementing the method, using the bmp format of steganographic container files as an example.

Let each color in the bmp file be encoded with 1 byte. Since changing the least significant bit in a byte does not visually affect image quality, 1 byte of hidden information can be distributed over 8 bytes of container files (based on the calculation: 8 bytes in 1 byte). Accordingly, 50 bytes of hidden information can be distributed over 400 bytes in private container files. It is possible to use not only one, but two and even three least significant bits of a byte, which will reduce the size of private container files.

There are several possible solutions to the problem.

Option 1. Select 50 private (individual, that is, unused by other messages) container files (a container that is suitable for storing steganographic information that is hidden is recognized as a file that has at least 1 bit suitable for hiding data). Using only one of the least significant (least significant) bits in a byte in the stegocontainer as the physical space (size) involved, 400 bytes can be distributed across 400 private container files. Thus, only one byte is involved in each stegocontainer, and if the container capacity is relatively large (for example, 100 bytes), then the probability of detecting one hidden byte out of a hundred is 0.01 (i.e. 1%). And taking into account the fact that the physical total size of the container files is much larger than their capacity (the physical size differs from the capacity, as the gross mass is from the net mass, that is, the physical size includes the capacity of the container file - a place suitable for hidden data storage, and auxiliary file structures) for example, for a bmp file, the physical size can be 8 times its capacity, searching for hidden information will be quite problematic even with the help of modern computer systems.

Option 2. Unlike the first option, it is assumed not the minimum (one byte), but the portioned use of the capacity of steganographic file containers, for example, 1 bit in 80 bytes, which corresponds to hiding 10 bytes of a message from 50 bytes (from the calculation that 8 bytes of stegocontainer hides 1 byte of message). Concealment in each stegocontainer of 80 bytes (20%) of the message implies the use of 5 container files for a message with a capacity of 50 bytes.

In this case, since continuous recording of 80 bytes is, from the point of view of steganographic analysis, easily detectable, it is proposed to separate two consecutive message bits by a variable number of bits. The created database of steganographic records for each message will have the following structure: message byte number, bit number in the message byte, file name - the steganographic container, address of the byte in the stegocontainer, bit number (in this case, the bit number is the smallest - the least significant in accordance with the selected NZB method). If the capacity of some stegocontainers is insufficient to reliably hide message bits (for example, the capacity of a private container is 160 bytes, the used space is 80 bytes, the probability of detecting a continuous sequence - 10 bytes of a message is 50%), then it is possible to replace them with more capacious ones, and also conditional (virtual) combination of steganographic files-containers of one message into a single file, which is also assigned the status of a message that must be hidden in other private stegocontainers.

Option 3. Unlike the first two options, the full use of the capacity of steganographic file containers is proposed. In this case, the probability of detecting a continuous sequence of bits in the stegocontainer is increased, which is offset by the multiple attachment of private steganographic containers to each other. For example, 5 stegocontainers of 80 bytes in capacity using the NZB method (1 bit in each byte) provide concealment of 400 bits or 50 bytes of the message (8 bits = 1 byte). To reduce the likelihood of detecting a hidden message in the stegocontainers, it is recommended that the multiple procedure for combining the stegocontainers into messages be hidden in other private stegocontainers. To implement the option, it is proposed for each message in the structure shown in option 2 to additionally indicate the number of the procedure (iteration) for combining stegocontainers, converting to a message and hiding in other private stegocontainers.

Note that it is possible to selectively encrypt any message blocks for steganographic file containers of various formats (bmp, doc, xls, mdb, ppt, pdf and others). The ability to selectively encrypt data blocks for steganographic methods allows you to combine cryptographic and steganographic methods in the conditions of multi-format file containers.

The proposed method of data protection in information systems is carried out, in particular, by combining computer cryptographic and steganographic programs, including designed to ensure security when accessing classified information about defense products, weapons and military equipment. Cryptographic programs include, including "FileAssurity Open PGP", "BestCrypt", "PGP Personal". Among the well-known steganographic programs, one can distinguish "Steganos Security Suite", "Stegozaurus". The combination of programs is based on information about their applicability to files of various formats, presented, in particular, by developers.

Claims (1)

A method of hiding computer information by repeatedly embedding a message in private steganographic containers, which consists in repeatedly enclosing a hidden computer message in unused other messages, container files that are combined into a single conditional file message, which is also embedded in private container files of the following level, while at any of the mentioned levels carry out selective cryptographic protection of the message data or its parts to ensure the combination of crypts stographic and steganographic methods, while storing information about access methods for different data or data hidden in the stegocontainers is carried out using the structure included in the steganographic methods repository, in which each message is assigned its individual number of eight bytes in size, byte number of the message in size eight bytes, the number of bits in a byte of a message of one byte size, the name of the file is a steganographic container with its full address in the operating system p two hundred fifty-six bytes in size, the byte address in the stegocontainer is eight bytes in size, the number of bits in the stegocontainer byte in size is one byte, the iteration number is eight bytes in size, while the number of bytes of any of the elements of the structure is reduced or increased, and the order of the elements with the addition of new or excluding unnecessary parts of messages.