BPCS Steganography

Qtech-Hide&View has been further developed by Kawaguchi and the KIT Steganography Research Group (KIT-STEGOUP) to produce a "Steganography Folder Access Control System". In essence this adds the ability to control access to individual components of the payload. Thus, a researcher might be granted access to the audio file mentioned above, but not to the high-resolution image file. Another difference is that the embedding application (STEG-FDACCS) and extracting application (STEG-FDVIEW) are separate.

When embedding the payload using STEG-FDACCS, a global access key (optional) can be used to limit access to the entire payload; in fact this is disabled in v02, as it is in Qtech-Hide&View. This would add another layer of security, which is probably not necessary for scenarios envisaged by the ADIEUX Project.

The more sensitive components of the payload (high-resolution JPEG2000 image, etc.) can thus be individually locked. A researcher could download the portmanteau file, confirm its contents, and apply for the folder access key file required to extract one or more components of the payload. These key files only have to be created in response to such a request. If permission is granted, the requisite key file is generated (it can contain up to 10 individual folder access keys) and sent to the researcher. The key supplier can additionally set a date-based validity (as with credit cards) for these key files.

The researcher uses the supplied folder access key file in conjunction with the extraction program (STEG-FDVIEW) to gain access to the payload content. The folder access key file is encrypted: it can only be opened and edited by the supplier (using a separate owner key). Key files can thus be stored and reused, simplifying management.

Since the portmanteau file is publicly available, should the folder access key file be intercepted by a third party, the sensitive payload content could be acquired without permission. To prevent this, another security layer is added in the form of a short activation key, which should be transmitted separately. The researcher thus requires (1) the portmanteau file, (2) the extraction program, (3) knowledge of the complexity threshold value, (4) the folder access key file, and (5) the activation key.

It is clear that this Steganography Folder Access Control System is reassuringly robust and correspondingly complex. This is because it was developed for scenarios in which the user would probably have to make only a single extraction (of one or more files) from a single portmanteau file. In the sort of scenario envisaged for the ADIEUX Project, however, a researcher would typically want to extract high-resolution images from several portmanteau files - for example, every page of a Gutenberg Bible featuring an illuminated initial.

For this reason, Qtech-Hide&View may be deemed sufficiently robust, provided that the access key function is enabled. If granted permission, the researcher would then require (1) the portmanteau file, (2) the extraction program, (3) knowledge of the complexity threshold value, and (4) the access key. It is imagined that the CT value and access key would be the same for all portmanteau files in a collection; in this case the burden on the researcher would not be unreasonable. However, in this case none of the payload would be accessible without permission. The TOC would have to be either a visible part of the cover (like the watermark) or included in its metadata, but the former would be too labor-intensive. Naturally, there would be no point in including the PDF application form in the payload.

Continued