0

Considering a social website where members upload images which at times can be very similar - is there a way that images can be 'branded' steganographically with (salted+encrypted) text that identifies the owner's username and the date they uploaded it(for example)?

The idea is not to hide or transmit secret messages but simply to attach the information to the image files in some subtle way so that if the image gets uploaded by another member at some point in the future (whether they sourced it by downloading it from another users profile or had come across it on google images for example) it could be identified as belonging to another member.

What would be a good way to go about implementing this considering it would need to be followed on every image uploaded to the server?

  1. Identify if the image contains any steganographic text previously inserted by the website (if so, decipher it)
  2. If the image is 'empty' then embed the required information
M'vy
  • 13,033
  • 3
  • 47
  • 69
Bendy
  • 135
  • 2
  • 8
  • What format are these files? JPEG? If so, would using EXIF metadata be sufficient for your needs? – WhiteWinterWolf Jul 21 '15 at 15:41
  • I thought about EXIF metadata but I want to protect against someone stripping out the metadata and claiming the picture to be theirs if possible – Bendy Jul 21 '15 at 15:56

2 Answers2

4

Steganography is about concealing information in a medium (e.g. pictures) in a way that people who look at the medium are unaware of the presence of that information.

What you want is something else called watermarking: how to embed some information which is hard to remove. A good watermark does not alter (too much) the medium in the eyes of onlookers, but resists minor modifications such as colour filters or image cropping. On the other hand, these onlookers may be totally aware of the presence of the watermark (even if they don't actually see it).

Steganography and watermarking are quite distinct things. Usually, good steganography is fragile (minor alterations will remove it) because it hides into what can pass as simple "noise"; in a sense, robust steganography can be said to be bad because robust information is information that is much more likely to show up during statistical analysis. On the other hand, watermarks MUST be robust.

In all generality, watermarking is a lot harder to do than steganography. If "attackers" (here, people that want to grab pictures and remove ownership information) are technically inclined and have access to some system that can tell them whether the mark is present in a given picture, then they will be able to reliably remove watermarks without much altering the pictures. This means that whatever mechanism you use, you will have to keep it quiet and do not let your users ever suspect that it exists. Of course, discussing it over a public Internet-based forum like this one is kinda counterproductive...

(If your users are just normal humans, not bored geeks with too much time on their hands, then simply adding the ownership information in the EXIF metadata could already be sufficient for your needs.)

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • Did you mean to say that watermarking is harder than steganography? – etherealflux Jul 21 '15 at 19:34
  • "watermarking is a lot harder to do than steganography". Yes, I think that I meant to say that, and also that I actually did. – Tom Leek Jul 21 '15 at 21:10
  • Ahh, I get it now. I was thinking of watermarking as in a visibly obvious signature, logo, etc. – etherealflux Jul 21 '15 at 21:20
  • Well, watermarking does not _have_ to be obvious; in fact, we prefer it when it does not deteriorate the picture's main functionality, i.e. "being looked at". But, contrary to steganography, it is not a problem if the watermark is known to be there (in fact it is often the point: to deter copyists by making it known that there is a watermark). – Tom Leek Jul 21 '15 at 21:47
0

First of all, what you are asking for is not steganography, it's watermarking. Steganography is the art of hiding information within normal data. There you do not disclose that you are sending hidden information and you want to be immune to statistical analysis. The goal of steganography is to hide in the mass of data, without someone being able to pinpoint that this particular document hides something. The steganographic schemes are usually fragile and any modification would break the mark. The schemes are also usually considered to be known by the attacker, or easily breakable by him. The only thing you want to achieve it not being detected, so that nobody tries to read your message.

Second, there are many, many, many watermarking schemes in the literature, to much to make a review here (which would also be off-topic). So I will go through the properties of watermarking scheme you need.

  • You are looking for a robust watermarking. On this point, I have to disagree with the Bear (aka @TomLeek), all watermarking schemes are not all robust, even if most are. Most watermarking techniques are used to protect copy-rights where robustness is a need. The literature show many variants with semi-fragile watermarking scheme and even fragile watermarking schemes. In these regards, they tend to be like a steganography technique, but usually their goals differ from the real steganography (authentification for example) as the attacker usually already know information has been hidden.

  • You also probably want imperceptibility of the mark, since you don't want to make the images ugly to look at. But here you will have to make a trade-off as usually robustness impacts the image to a point where the mark will leave artefacts.

  • You will also require a certain amount of capacity for your message. The more information you want or need to include (robustness can call for redundancy of information in the image), the more you will need capacity (or space) to embeds the message. This usually also comes as a trade-off and since you cannot control the size of the images, it's even more difficult. But as a general rule, the more you use space (or embed information), the more you distort the image.

On the security side, you will need to find a scheme that is robust to attack types that are relevant to your use-case. These attacks can be voluntary, i.e. someone trying to remove the mark or overwrite the mark with another, or involuntary e.g. a user cropping or resizing an image. Many watermarking schemes try to do these things, not necessarily all of these. Of course, protection will also come at the cost of distortion or capacity

M'vy
  • 13,033
  • 3
  • 47
  • 69