Home / Cyber / Scientists develop FontCode, that hides information by imperceptibly changing the shapes of fonts in text.

Scientists develop FontCode, that hides information by imperceptibly changing the shapes of fonts in text.

Wikipedia defines Steganography is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning “covered, concealed, or protected,” and graphein (γράφειν) meaning “writing”. For example, the hidden message may be in invisible ink between the visible lines of a private letter.

 

Whereas cryptography is the practice of protecting the contents of a message alone, steganography is concerned with concealing the fact that a secret message is being sent as well as concealing the contents of the message.

 

The advantage of steganography over cryptography alone is that the intended secret message does not attract attention to itself as an object of scrutiny. Plainly visible encrypted messages, no matter how unbreakable they are, arouse interest and may in themselves be incriminating in countries in which encryption is illegal.

 

In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. For example, a sender might start with an innocuous image file and adjust the color of every hundredth pixel to correspond to a letter in the alphabet. The change is so subtle that someone who is not specifically looking for it is unlikely to notice the change. Or example, concealing messages within the lowest bits of noisy images or sound files.

 

Generally though, there are many techniques known to be able to hide messages in data using steganographic techniques. None are, by definition, obvious when users employ standard applications, but some can be detected by specialist tools. Others, however, are resistant to detection – or rather it is not possible to reliably distinguish data containing a hidden message from data containing just noise – even when the most sophisticated analysis is performed.

 

Computer scientists at Columbia Engineering have invented FontCode, a new way to embed hidden information in ordinary text by imperceptibly changing, or perturbing, the shapes of fonts in text. FontCode creates font perturbations, using them to encode a message that can later be decoded to recover the message.

 

Method could prevent document tampering, protect copyrights, as well as embed QR codes and other metadata without altering the look or layout of a document.

Steganographic methods and algorithms

A variety of steganographic methods and algorithms have been scientifically developed and tested. In LSB steganography, the payload is encoded into and communicated in one or several least significant bits of the carrier. The smaller the number of bits used to carry the payload, the lower the impact on the original carrier signal.

 

Discrete cosine transform or DCT-based steganography is a sub-type of LSB steganography that is often applied on JPEG-format carriers (i.e., when JPEG images are used to carry the payload). In this method, the communicated data is secretly encoded into the DCT coefficients.

 

Payload embedding is a method whereby the payload is encoded into the carrier and, upon delivery, is decoded using an algorithm known to both parties. Several payloads can be independently encoded into the same carrier provided that their embedding methods are orthogonal.

 

Wideband methods fall into the following types: Pseudorandom sequence method, in which a secret carrier signal is modulated by a pseudorandom signal. Frequency hopping method, in which the frequency of the carrier signal changes according to a specific pseudorandom law.

 

Text steganography is most challenging due to the presence of very less redundant information in text documents as compared to the images and audio. HTML Tags and associated members are case insensitive e.g., <html>, <HTML> or <hTmL> will have the same impact on the document‟s outlook. Bits are hidden in TAGS by changing the case of the alphabets based on the bit as either 0 or 1.

 

Security can further be enhanced by hiding text in CSS coding of pages as Cascading Style sheets are used extensively for formatting and controlling the appearance of web pages. Furthermore, CSS coding cannot be seen at the client side thus adding to the security.

Researchers Hide Information in Plain Text

Someone using FontCode would supply a secret message and a carrier text document. FontCode converts the secret message to a bit string (ASCII or Unicode) and then into a sequence of integers. Each integer is assigned to a five-letter block in the regular text where the numbered locations of each letter sum to the integer.

 

The method works with most fonts and, unlike other text and document methods that hide embedded information, works with most document types, even maintaining the hidden information when the document is printed on paper or converted to another file type. The paper will be presented at SIGGRAPH in Vancouver, British Columbia, August 12-16.

 

“While there are obvious applications for espionage, we think FontCode has even more practical uses for companies wanting to prevent document tampering or protect copyrights, and for retailers and artists wanting to embed QR codes and other metadata without altering the look or layout of a document,” says Changxi Zheng, associate professor of computer science and the paper’s senior author.

 

Zheng created FontCode with his students Chang Xiao (PhD student) and Cheng Zhang MS’17 (now a PhD student at UC Irvine) as a text steganographic method that can embed text, metadata, a URL, or a digital signature into a text document or image, whether it’s digitally stored or printed on paper.

 

It works with common font families, such as Times Roman, Helvetica, and Calibri, and is compatible with most word processing programs, including Word and FrameMaker, as well as image-editing and drawing programs, such as Photoshop and Illustrator. Since each letter can be perturbed, the amount of information conveyed secretly is limited only by the length of the regular text. Information is encoded using minute font perturbations—changing the stroke width, adjusting the height of ascenders and descenders, or tightening or loosening the curves in serifs and the bowls of letters like o, p, and b.

 

“Changing any letter, punctuation mark, or symbol into a slightly different form allows you to change the meaning of the document,” says Xiao, the paper’s lead author. “This hidden information, though not visible to humans, is machine-readable just as barcodes and QR codes are instantly readable by computers. However, unlike barcodes and QR codes, FontCode doesn’t mar the visual aesthetics of the printed material, and its presence can remain secret.”

 

Data hidden using FontCode can be extremely difficult to detect. Even if an attacker detects font changes between two texts—highly unlikely given the subtlety of the perturbations—it simply isn’t practical to scan every file going and coming within a company.

 

Furthermore, FontCode not only embeds but can also encrypt messages. While the perturbations are stored in a numbered location in a codebook, their locations are not fixed. People wanting to communicate through encrypted documents would agree on a private key that specifies the particular locations, or order, of perturbations in the codebook.

 

“Encryption is just a backup level of protection in case an attacker can detect the use of font changes to convey secret information,” says Zheng. “It’s very difficult to see the changes, so they are really hard to detect—this makes FontCode a very powerful technique to get data past existing defenses.”

 

FontCode is not the first technology to hide a message in text—programs exist to hide messages in PDF and Word files or to resize whitespace to denote a 0 or 1—but, the researchers say, it is the first to be document-independent and to retain the secret information even when a document or an image with text (PNG, JPG) is printed or converted to another file type. This means a FrameMaker or Word file can be converted to PDF, or a JPG can be converted to PNG, all without losing the secret information.

 

To use FontCode, a user would supply a secret message and a carrier text document. FontCode converts the secret message to a bit string (ASCII or Unicode) and then into a sequence of integers. Each integer is assigned to a five-letter block in the regular text where the numbered codebook locations of each letter sum to the integer.

 

Recovering hidden messages is the reverse process. From a digital file or from a photograph taken with a smartphone, FontCode matches each perturbed letter to the original perturbation in the codebook to reconstruct the original message.

 

Matching is done using convolutional neural networks (CNNs). Recognizing vector-drawn fonts (such as those stored as PDFs or created with programs like Illustrator) is straightforward since shape and path definitions are computer-readable. However, it’s a different story for PNG, IMG, and other rasterized (or pixel) fonts, where lighting changes, differing camera perspectives, or noise or blurriness may mask a part of the letter and prevent an easy recognition.

 

While CNNs are trained to take into account such distortions, recognition errors will still occur, and a key challenge for the researchers was ensuring a message could always be recovered in the face of such errors. Redundancy is one obvious way to recover lost information, but it doesn’t work well with text since redundant letters and symbols are easy to spot.

 

Instead, the researchers turned to the 1700-year-old Chinese Remainder Theorem, which identifies an unknown number from its remainder after it has been divided by several different divisors. The theorem has been used to reconstruct missing information in other domains; in FontCode, researchers use it to recover the original message even when not all letters are correctly recognized.

 

“Imagine having three unknown variables,” says Zheng. “With three linear equations, you should be able to solve for all three. If you increase the number of equations from three to five, you can solve the three unknowns as long as you know any three out of the five equations.”

 

Using the Chinese Remainder theory, the researchers demonstrated they could recover messages even when 25% of the letter perturbations were not recognized. Theoretically the error rate could go higher than 25%.

 

The authors, who have filed a patent with Columbia Technology Ventures, plan to extend FontCode to other languages and character sets, including Chinese.

 

“We are excited about the broad array of applications for FontCode,” says Zheng, “from document management software, to invisible QR codes, to protection of legal documents. FontCode could be a game changer.”

 

 

 

References and Resources also include:

http://engineering.columbia.edu/news/changxi-zheng-fontcode

https://securelist.com/steganography-in-contemporary-cyberattacks/79276/

About Rajesh Uppal

Check Also

Global Cybersecurity Outlook 2024: Bridging the Cyber Resilience Divide

In today’s digital age, cybersecurity has become a paramount concern for organizations of all sizes. …

error: Content is protected !!