The word for today is: steganography

Holmes handed Watson a note and said, “This is the message which struck Justice of the Peace Trevor dead with horror when he read it.”

The supply of game for London is going steadily up. Head-keeper Hudson, we believe, has been now told to receive all orders for fly-paper and for preservation of your hen-pheasant’s life.

http://sherlock.jamesbickers.com/the-memoirs-of-sherlock-holmes/the-adventure-of-the-gloria-scott/

Justice of the Peace Trevor was struck dead because the note contained a secret message. This is the essence of steganography. “Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realizes there is a hidden message.” http://en.wikipedia.org/wiki/Steganography

In our modern world, we usually use the term “digital watermarking” for steganography when we refer to electronic files that contain hidden secrets. Digital watermarking techniques are being used to verify the illicit distribution of copyrighted photos, with the intent that the copyright holder may receive royalties for the unauthorized distribution. The recording industry has been using digital watermarking in the form of Digital Rights Management (DRM) in order to prevent digital theft of copyrighted movies and recordings.

The big news from the digital music industry is that during the past year, the four largest digital music labels have all dropped DRM from MP3’s that are being distributed on line. Sony BMG was the last hold-out and recently announced that DRM would no longer be used for MP3’s.

http://www.techtree.com/India/News/Sony_BMG_Drops_DRM_Protection/551-85784-643.html

http://www.zdnetasia.com/news/internet/0,39044908,62036088,00.htm

The fact is that album sales have declined. As one article states, “In short, downloads are up, physical sales are down, and downloads are not picking up the slack of lost sales.” http://www.pollstar.com/news/viewnews.pl?NewsID=9114 In other words, if the future of music sales is in downloads, then the recording houses have very little choice except to remove DRM from downloaded music. The DRM software is distasteful enough to consumers so that they will go elsewhere for music.

Professionals in the testing industry have been talking about “digital watermarking” for some time as a means of protecting tests. However, the term “digital watermarking” is a misnomer because true digital watermarking involves bit twiddling within the electronic content. You can’t twiddle the bits of text files and expect the modification to remain hidden.

Steganography can be used to protect tests by hiding information in the test so that when a stolen copy of the test is acquired (e.g., purchase from a braindump site) the exact copy of the test that was stolen may be verified. In other words, this becomes a means of detecting where and when a test is stolen. This information is used to identify the weak link in the chain of custody, so that the person responsible for the security of the exam when the test was stolen may be identified. The information cannot identify the thief, but it can identify the individuals who were entrusted with the custody of the test at the time of theft.

At Caveon we have engaged in a few projects of this nature on a limited basis. At the request of one of our clients we injected small editorial changes into the text content of selected items and then compared the various versions of the test with stolen content purchased from the Internet. We determined to the client’s satisfaction that the test theft did not occur inside their test development organization. Instead, it occurred after the test was published.

The above work was labor intensive and could only be performed on a small scale. Our research indicates that the point of risk for test theft is at the test delivery sites, which number in the thousands. An effective steganographic system will require encoding hidden information into the test content in order to detect the points of theft in the test delivery channel. A steganographic system capable of providing this kind of detection must be automated and it must be implemented on a wide-scale. This means that potentially thousands of test versions must be generated and the decoding system must be able to reliably determine which test version was stolen.

We have been conducting research and developing algorithms for such a steganographic system. Whatever method is used for hiding information, it cannot affect the performance of the test. It must be truly unobtrusive. This is a big challenge, because modifications to the item text can potentially change the difficulty of the test questions.

If you are interested in this topic you might look at these websites:

http://www.jjtc.com/Steganography/

http://www.watermarkingworld.org/

Dennis Maynes

Chief Scientist, Caveon Test Security

Leave a Reply