Researchers have developed a method of cleaning 3D model files of hidden messages.
Wait, there are messages inside STL files?
Actually, this is quite possible and is very likely taking place in some rare circumstances. The idea is to use steganography, the science of embedding hidden digital messages.
According to Wikipedia:
“Steganography is the practice of representing information within another message or physical object, in such a manner that the presence of the information is not evident to human inspection. In computing/electronic contexts, a computer file, message, image, or video is concealed within another file, message, image, or video.”
It’s quite possible to tweak an image, for example, to include a hidden message. The image would appear visually identical, so the message could travel along with the image wherever it goes.
Could steganography be used in 3D models? It turns out this is absolutely possible, as 3D models are simply another digital representation. A better question is why would someone want to implant a message in a 3D model.
There are several reasons, some good, and some evil. The researchers explain:
“Such channels can allow additional data to be embedded within the STL files without changing the printed model. These factors create a threat of misusing the design files as a covert communication channel to either exfiltrate stolen sensitive digital data from organizations or infiltrate malicious software into a secure environment.”
However, there are also good reasons for using steganography in 3D models: it might be possible to embed ownership information directly in the 3D model, which could assist in intellectual property disputes as the model is passed along.
The researchers were more concerned with the negative reasons, and developed a system that could detect and sanitize 3D models by removing the steganography information. This is likely driven by the explosive increase in additive manufacturing services, which by definition require 3D models flying between the service and customers — and sometimes subcontractors.
The removal strategy was designed to ensure the 3D model itself is undamaged and that it would be entirely possible to seamlessly manufacture the 3D model afterwards with the same quality as it was with the embedded information. The 3D geometry is fully maintained throughout the process and afterwards.
How would you actually store a hidden message in an STL file? The researchers identified several “stego channels” into which information could be loaded.
One channel is the order of the triangles. They need not be ordered as per surface adjacency; the geometry is the same regardless of triangle order. By manipulating the order of the triangles, information can be embedded. Similarly, the order of the triangles’ vertices can be used. ASCII STL format provides another “stego channel” for use, as well as the triangle’s “normal” direction.
For each channel the researchers devised specific approaches for removing information. For example, the facet order stego channel was sanitized by simply randomizing the order of the triangles. Similar approaches can sanitize the other channels.
This approach, which they call “CTR”, for “Content Threat Removal”, would eliminate any hidden messages in an incoming 3D model file.
However, there’s still the question of legitimate uses for steganography in 3D models, such as ownership or watermark information. For this they explain:
“While such schemes have not yet been adopted, it might become necessary to ensure co-existence between a sanitizer and different schemes using stego channels for legitimate purposes.
A possible solution would be to require that legitimate water- marks use a predetermined stego channel and follow a format that could be parsed and supported by the sanitizer. For example, a watermark can consist of fields indicating the type of the watermark, the length of the watermark, the certificate ID of the design owner, and the signature of the watermark. Should the sanitizer be able to verify such a watermark, it could save it before sanitization and be re-applied afterward.”
This is a fascinating subject that hasn’t gotten much thought, likely due to the invisibility of the messages. Are messages being transmitted through STL files? The odds are small, but certainly it’s being done somewhere, for some reason.
Via ArXiv
