How steganography improves security

By Dan H. | General Licensing Tips

Sep 29

What is Steganography?

Steganography is the science of concealing information in plain sight. The word steganography is the combination of the Greek words steganos, which means “covered, concealed, or protected,” and graphein which means “writing.” A simple example of steganography is a secret message written with invisible ink on paper. Throughout history, citrus fruit was used as invisible ink since when it dried the written message was undetectable. Applying heat to the paper would cause the citrus ink to reappear and the message became readable again.

Computers and Steganography

With modern computers, steganography has become much more complex, making it difficult to detect and decipher the hidden message unless you know it’s there and you also know the method that was used to hide it.

A common technique of steganography using computers is to hide data or text (the payload) in the data of an image (the carrier) without noticeable changes when viewing the image. By slightly adjusting each pixel of the image in accordance with a bit of the payload data, the payload is placed within the image data and, to the eye, the image appears unaltered.

In addition to images used as the carrier, other possible carriers could be the lowest bits of audio data, video data, and hidden characters in text files.

Why use Steganography to hide license files?

Most licensing systems use license files, which contain all of the license data or parameters needed by an application. This includes data such as the type of license being issued, expiration dates, what application features or modules may be used, what system is authorized to use the license, additional data about the customer for whom the license is registered, and any custom data required.

The primary reason to use steganography with a licensing system is to hide the license files “in plain sight” to help prevent tampering with the license data. Encrypted information attracts attention from hackers. Hackers may also be more inclined to search for the application’s license information in the Windows registry or other hidden folders rather than in an image file, such as the application’s splash screen. Hiding the license in a location that does not attract attention provides yet another layer of protection.

How does Protection PLUS use Steganography?

Starting with Protection PLUS 5 SDK version 5.16.2.0, API functions are available to store both primary license files and what we call “alias license files.” Alias license files are simply hidden, synchronized copies of the primary license file. Using alias files make it more difficult for users to do things like back-dating their system and restoring old copies of license files. The aliases files are especially important to use when issuing time-limited licenses (such as evaluation/trial or periodic/lease licenses), and when allowing transfer and deactivation of licenses. If a license is deleted or altered, an alias file may restore the license to its previous state.

How do I use Steganography with Protection PLUS?

The Protection PLUS 5 SDK makes it extremely easy to implement steganography with the license file and alias files. Changing the license file name to point to a supported image file will automatically use steganography to encode the license into the image data. There is nothing more you need to do – it really is that simple!

[Image from Elsamuko – https://www.flickr.com/photos/28653536@N07/2845585028]

About the Author

Dan is a software engineer at SoftwareKey with extensive experience in licensing technology and additional experience in video and audio development.