Download - final doc
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Chapter 1
Introduction
1.1 Introduction:
Steganography is the art and science of writing hidden messages in such a way that no
one, apart from the sender and intended recipient, suspects the existence of the message, a form
of security through obscurity. The word steganography is of Greek origin and means "concealed
writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his
Steganographia, a treatise on cryptography and steganography disguised as a book on magic.
Generally, messages will appear to be something else: images, articles, shopping lists, or some
other covertext and, classically, the hidden message may be in invisible ink between the visible
lines of a private letter.
The advantage of steganography, over cryptography alone, is that messages do not attract
attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will
arouse suspicion, and may in themselves be incriminating in countries where encryption is
illegal.[1] Therefore, whereas cryptography protects the contents of a message, steganography can
be said to protect both messages and communicating parties.
Steganography includes the concealment of information within computer files. In digital
steganography, electronic communications may include steganographic coding inside of a
transport layer, such as a document file, image file, program or protocol. Media files are ideal for
steganographic transmission because of their large size. As a simple example, a sender might
start with an innocuous image file and adjust the color of every 100th pixel to correspond to a
letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to
notice it.
College Name Page 1
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
1.2 Ancient steganography
The first recorded uses of steganography can be traced back to 440 BC when Herodotus
mentions two examples of steganography in The Histories of Herodotus.[2] Demaratus sent a
warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a
wax tablet before applying its beeswax surface. Wax tablets were in common use then as
reusable writing surfaces, sometimes used for shorthand. Another ancient example is that of
Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his
hair had grown the message was hidden. The purpose was to instigate a revolt against the
Persians.
1.3 Steganographic techniques
There are three steganographic techniques are available. They are:
Physical Steganography. Digital steganography.
Printed steganography.
1.3.1 Physical steganography
Steganography has been widely used including recent historical times and the present day. Possible permutations are endless and known examples include:
College Name Page 2
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Steganart example. Within this picture, the letters position of a hidden message are
represented by increasing numbers (1 to 20), and a letter value is given by its intersection
position in the grid. For instance, the first letter of the hidden message is at the intersection of 1
and 4. So, after a few tries, the first letter of the message seems to be the 14th letter of the
alphabet; the last one (number 20) is the 5th letter of the alphabet.
Hidden messages within wax tablets: in ancient Greece, people wrote messages on the
wood, then covered it with wax upon which an innocent covering message was written.
Hidden messages on messenger's body: also in ancient Greece. Herodotus tells the story
of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and
exposed by shaving his head again. The message allegedly carried a warning to Greece
about Persian invasion plans. This method has obvious drawbacks such as delayed
transmission while waiting for the slave's hair to grow, and its one-off use since
additional messages requires additional slaves. In WWII, the French Resistance sent
some messages written on the backs of couriers using invisible ink.
Hidden messages on paper written in secret inks, under other messages or on the blank
parts of other messages.
Messages written in morse code on knitting yarn and then knitted into a piece of clothing
worn by a courier.
Messages written on the back of postage stamps.
During and after World War II, espionage agents used photographically produced
microdots to send information back and forth. Microdots were typically minute, about or
less than the size of the period produced by a typewriter. WWII microdots needed to be
embedded in the paper and covered with an adhesive (such as collodion). This was
reflective and thus detectable by viewing against glancing light. Alternative techniques
included inserting microdots into slits cut into the edge of post cards.
College Name Page 3
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
During World War II, a spy for the Japanese in New York City, Velvalee Dickinson, sent
information to accommodation addresses in neutral South America. She was a dealer in
dolls, and her letters discussed how many of this or that doll to ship. The stegotext was
the doll orders, the concealed 'plaintext' was itself encoded and gave information about
ship movements, etc. Her case became somewhat famous and she became known as the
Doll Woman.
Cold War counter-propaganda. During 1968, crew members of the USS Pueblo (AGER-
2) intelligence ship held as prisoners by North Korea, communicated in sign language
during staged photo opportunities, informing the United States they were not defectors
but rather were being held captured by the North Koreans. In other photos presented to
the US, crew members gave "the finger" to the unsuspecting North Koreans, in an
attempt to discredit photos that showed them smiling and comfortable.[3]
1.3.2 Digital steganography
Modern steganography entered the world in 1985 with the advent of the personal
computer applied to classical steganography problems. [4] Development following that was slow,
but has since taken off, going by the number of 'stego' programs available: Over 725 digital
steganography applications have been identified by the Steganography Analysis and Research
Center. [5] Digital steganography techniques include:
College Name Page 4
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Image of a tree. By removing all but the last 2 bits of each color component, an almost
completely black image results. Making the resulting image 85 times brighter results in the
image below.
Image of a cat extracted from above image.
Concealing messages within the lowest bits of noisy images or sound files.
Concealing data within encrypted data. The data to be concealed is first encrypted before
being used to overwrite part of a much larger block of encrypted data.
Chaffing and winnowing .
Mimic functions convert one file to have the statistical profile of another. This can thwart
statistical methods that help brute-force attacks identify the right solution in a ciphertext-
only attack.
Concealed messages in tampered executable files, exploiting redundancy in the i386
instruction set.
College Name Page 5
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Pictures embedded in video material (optionally played at slower or faster speed).
Injecting imperceptible delays to packets sent over the network from the keyboard.
Delays in keypresses in some applications (telnet or remote desktop software) can mean a
delay in packets, and the delays in the packets can be used to encode data.
Content-Aware Steganography hides information in the semantics a human user assigns
to a datagram. These systems offer security against a non-human adversary/warden.
Blog -Steganography. Messages are fractionalized and the (encrypted) pieces are added as
comments of orphaned web-logs (or pin boards on social network platforms). In this case
the selection of blogs is the symmetric key that sender and recipient are using; the carrier
of the hidden message is the whole blogosphere.
1.3.3 Printed steganography
Digital steganography output may be in the form of printed documents. A message, the
plaintext, may be first encrypted by traditional means, producing a cipher text. Then, an
innocuous cover text is modified in some way to as to contain the cipher text, resulting in the
stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext
can be manipulated to carry the hidden message. Only a recipient who knows the technique used
can recover the message and then decrypt it. Francis Bacon developed Bacon's cipher as such a
technique.
1.4 Organisation of thesis:
Chapter 2 will define steganography, provide a brief history, and explain various methods
of steganography. Chapter 3 will review several software applications that provide
steganographic services and mention the approaches taken. Chapter 4 will conclude with a brief
discussion of the implications of steganographic technology. Chapter 5 will list the resources
used in researching this topic and additional readings for those interested in more in-depth
understanding of steganography.
College Name Page 6
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Chapter 2
Literature Survey
This section gives the brief introduction of Cryptography, steganography, and also
provides a brief history, and explains various methods of steganography.
2.1 Cryptography:
Does increased security provide comfort to paranoid people? Or does security provide
some very basic protections that we are naive to believe that we don't need? During this time
when the Internet provides essential communication between tens of millions of people and is
being increasingly used as a tool for commerce, security becomes a tremendously important
issue to deal with.
There are many aspects to security and many applications, ranging from secure
commerce and payments to private communications and protecting passwords. One essential
aspect for secure communications is that of cryptography, which is the focus of this chapter. But
it is important to note that while cryptography is necessary for secure communications, it is not
by itself sufficient. The reader is advised, then, that the topics covered in this chapter only
describe the first of many steps necessary for better security in any number of situations.
College Name Page 7
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
This paper has two major purposes. The first is to define some of the terms and concepts
behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic
schemes in use today. The second is to provide some real examples of cryptography in use today.
I would like to say at the outset that this paper is very focused on terms, concepts, and
schemes in current use and is not a treatise of the whole field. No mention is made here about
pre-computerized crypto schemes, the difference between a substitution and transposition cipher,
cryptanalysis, or other history. Interested readers should check out some of the books in the
bibliography below for this detailed — and interesting! — background information.
2.1.1 THE PURPOSE OF CRYPTOGRAPHY
Cryptography is the science of writing in secret code and is an ancient art; the first
documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian
scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography
appeared spontaneously sometime after writing was invented, with applications ranging from
diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of
cryptography came soon after the widespread development of computer communications. In data
and telecommunications, cryptography is necessary when communicating over any untrusted
medium, which includes just about any network, particularly the Internet.
Within the context of any application-to-application communication, there are some
specific security requirements, including:
Authentication: The process of proving one's identity. (The primary forms of
host-to-host authentication on the Internet today are name-based or address-based,
both of which are notoriously weak.)
Privacy/confidentiality: Ensuring that no one can read the message except the
intended receiver.
College Name Page 8
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Integrity: Assuring the receiver that the received message has not been altered in
any way from the original.
Non-repudiation: A mechanism to prove that the sender really sent this message.
Cryptography, then, not only protects data from theft or alteration, but can also be used
for user authentication. There are, in general, three types of cryptographic schemes typically used
to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric)
cryptography, and hash functions, each of which is described below. In all cases, the initial
unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn
(usually) be decrypted into usable plaintext.
In many of the descriptions below, two communicating parties will be referred to as Alice
and Bob; this is the common nomenclature in the crypto field and literature to make it easier to
identify the communicating parties. If there is a third or fourth party to the communication, they
will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and
Trent is a trusted third party.
2.1.2 TYPES OF CRYPTOGRAPHIC ALGORITHMS
There are several ways of classifying cryptographic algorithms. For purposes of this
paper, they will be categorized based on the number of keys that are employed for encryption
and decryption, and further defined by their application and use. The three types of algorithms
that will be discussed are (Figure 1):
Secret Key Cryptography (SKC): Uses a single key for both encryption and
decryption
Public Key Cryptography (PKC): Uses one key for encryption and another for
decryption
Hash Functions: Uses a mathematical transformation to irreversibly "encrypt"
information
College Name Page 9
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
2.1.2.1 Secret Key Cryptography
With secret key cryptography, a single key is used for both encryption and decryption. As
shown in Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and
sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the
message and recover the plaintext. Because a single key is used for both functions, secret key
cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the
sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of
course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers
or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and
implement some form of feedback mechanism so that the key is constantly changing. A block
cipher is so-called because the scheme encrypts one block of data at a time using the same key
on each block. In general, the same plaintext block will always encrypt to the same ciphertext
when using the same key in a block cipher whereas the same plaintext will encrypt to different
ciphertext in a stream cipher.
Stream ciphers come in several flavors but two are worth mentioning here. Self-
synchronizing stream ciphers calculate each bit in the keystream as a function of the previous n
bits in the keystream. It is termed "self-synchronizing" because the decryption process can stay
synchronized with the encryption process merely by knowing how far into the n-bit keystream it
is. One problem is error propagation; a garbled bit in transmission will result in n garbled bits at
the receiving side. Synchronous stream ciphers generate the keystream in a fashion independent
of the message stream but by using the same keystream generation function at sender and
receiver. While stream ciphers do not propagate transmission errors, they are, by their nature,
periodic so that the keystream will eventually repeat.
Block ciphers can operate in one of several modes; the following four are the most important:
College Name Page 10
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Electronic Codebook (ECB) mode is the simplest, most obvious application: the
secret key is used to encrypt the plaintext block to form a ciphertext block. Two
identical plaintext blocks, then, will always generate the same ciphertext block.
Although this is the most common mode of block ciphers, it is susceptible to a
variety of brute-force attacks.
Cipher Block Chaining (CBC) mode adds a feedback mechanism to the
encryption scheme. In CBC, the plaintext is exclusively-ORed (XORed) with the
previous ciphertext block prior to encryption. In this mode, two identical blocks
of plaintext never encrypt to the same ciphertext.
Cipher Feedback (CFB) mode is a block cipher implementation as a self-
synchronizing stream cipher. CFB mode allows data to be encrypted in units
smaller than the block size, which might be useful in some applications such as
encrypting interactive terminal input. If we were using 1-byte CFB mode, for
example, each incoming character is placed into a shift register the same size as
the block, encrypted, and the block transmitted. At the receiving side, the
ciphertext is decrypted and the extra bits in the block (i.e., everything above and
beyond the one byte) are discarded.
Output Feedback (OFB) mode is a block cipher implementation conceptually
similar to a synchronous stream cipher. OFB prevents the same plaintext block
from generating the same ciphertext block by using an internal feedback
mechanism that is independent of both the plaintext and ciphertext bitstreams.
A nice overview of these different modes can be found at progressive-coding.com.
Secret key cryptography algorithms that are in use today include:
Data Encryption Standard (DES): The most common SKC scheme used today, DES was designed by IBM in the 1970s and adopted by the National Bureau of Standards (NBS) [now the National Institute for Standards and Technology (NIST)] in 1977 for commercial and unclassified government applications. DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES has a
College Name Page 11
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
complex set of rules and transformations that were designed specifically to yield fast hardware implementations and slow software implementations, although this latter point is becoming less significant today since the speed of computer processors is several orders of magnitude faster today than twenty years ago. IBM also proposed a 112-bit key for DES, which was rejected at the time by the government; the use of 112-bit keys was considered in the 1990s, however, conversion was never seriously considered.
DES is defined in American National Standard X3.92 and three Federal Information Processing Standards (FIPS):
o FIPS 46-3: DES o FIPS 74: Guidelines for Implementing and Using the NBS Data
Encryption Standard
o FIPS 81: DES Modes of Operation
Information about vulnerabilities of DES can be obtained from the Electronic Frontier Foundation.
Two important variants that strengthen DES are:
o Triple-DES (3DES): A variant of DES that employs up to three 56-bit keys and makes three encryption/decryption passes over the block; 3DES is also described in FIPS 46-3 and is the recommended replacement to DES.
o DESX : A variant devised by Ron Rivest. By combining 64 additional key bits to the plaintext prior to encryption, effectively increases the keylength to 120 bits.
More detail about DES, 3DES, and DESX can be found below in Section 5.4.
Advanced Encryption Standard (AES): In 1997, NIST initiated a very public, 4-
1/2 year process to develop a new secure cryptosystem for U.S. government
applications. The result, the Advanced Encryption Standard, became the official
successor to DES in December 2001. AES uses an SKC scheme called Rijndael, a
block cipher designed by Belgian cryptographers Joan Daemen and Vincent
Rijmen. The algorithm can use a variable block length and key length; the latest
specification allowed any combination of keys lengths of 128, 192, or 256 bits
and blocks of length 128, 192, or 256 bits. NIST initially selected Rijndael in
College Name Page 12
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
October 2000 and formal adoption as the AES standard came in December 2001.
FIPS PUB 197 describes a 128-bit block cipher employing a 128-, 192-, or 256-
bit key. The AES process and Rijndael algorithm are described in more detail
below in Section 5.9.
CAST-128/256: CAST-128, described in Request for Comments (RFC) 2144, is a
DES-like substitution-permutation crypto algorithm, employing a 128-bit key
operating on a 64-bit block. CAST-256 (RFC 2612) is an extension of CAST-128,
using a 128-bit block size and a variable length (128, 160, 192, 224, or 256 bit)
key. CAST is named for its developers, Carlisle Adams and Stafford Tavares and
is available internationally. CAST-256 was one of the Round 1 algorithms in the
AES process.
International Data Encryption Algorithm (IDEA) : Secret-key cryptosystem
written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-
bit SKC block cipher using a 128-bit key. Also available internationally.
Rivest Ciphers (aka Ron's Code): Named for Ron Rivest, a series of SKC
algorithms.
o RC1: Designed on paper but never implemented.
o RC2: A 64-bit block cipher using variable-sized keys designed to replace
DES. It's code has not been made public although many companies have
licensed RC2 for use in their products. Described in RFC 2268.
o RC3: Found to be breakable during development.
o RC4 : A stream cipher using variable-sized keys; it is widely used in
commercial cryptography products, although it can only be exported using
keys that are 40 bits or less in length.
o RC5: A block-cipher supporting a variety of block sizes, key sizes, and
number of encryption passes over the data. Described in RFC 2040.
College Name Page 13
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
o RC6 : An improvement over RC5, RC6 was one of the AES Round 2
algorithms.
Blowfish : A symmetric 64-bit block cipher invented by Bruce Schneier; optimized
for 32-bit processors with large data caches, it is significantly faster than DES on
a Pentium/PowerPC-class machine. Key lengths can vary from 32 to 448 bits in
length. Blowfish, available freely and intended as a substitute for DES or IDEA,
is in use in over 80 products.
Twofish : A 128-bit block cipher using 128-, 192-, or 256-bit keys. Designed to be
highly secure and highly flexible, well-suited for large microprocessors, 8-bit
smart card microprocessors, and dedicated hardware. Designed by a team led by
Bruce Schneier and was one of the Round 2 algorithms in the AES process.
Camellia : A secret-key, block-cipher crypto algorithm developed jointly by
Nippon Telegraph and Telephone (NTT) Corp. and Mitsubishi Electric
Corporation (MEC) in 2000. Camellia has some characteristics in common with
AES: a 128-bit block size, support for 128-, 192-, and 256-bit key lengths, and
suitability for both software and hardware implementations on common 32-bit
processors as well as 8-bit processors (e.g., smart cards, cryptographic hardware,
and embedded systems). Also described in RFC 3713. Camellia's application in
IPsec is described in RFC 4312 and application in OpenPGP in RFC 5581.
MISTY1: Developed at Mitsubishi Electric Corp., a block cipher using a 128-bit
key and 64-bit blocks, and a variable number of rounds. Designed for hardware
and software implementations, and is resistant to differential and linear
cryptanalysis. Described in RFC 2994.
Secure and Fast Encryption Routine (SAFER) : Secret-key crypto scheme
designed for implementation in software. Versions have been defined for 40-, 64-,
and 128-bit keys.
College Name Page 14
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
KASUMI : A block cipher using a 128-bit key that is part of the Third-Generation
Partnership Project (3gpp), formerly known as the Universal Mobile
Telecommunications System (UMTS). KASUMI is the intended confidentiality
and integrity algorithm for both message content and signaling data for emerging
mobile communications systems.
SEED : A block cipher using 128-bit blocks and 128-bit keys. Developed by the
Korea Information Security Agency (KISA) and adopted as a national standard
encryption algorithm in South Korea. Also described in RFC 4269.
Skipjack : SKC scheme proposed for Capstone. Although the details of the
algorithm were never made public, Skipjack was a block cipher using an 80-bit
key and 32 iteration cycles per 64-bit block.
2.1.2.2. Public-Key Cryptography
Public-key cryptography has been said to be the most significant new development in
cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford
University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper
described a two-key crypto system in which two parties could engage in a secure communication
over a non-secure communications channel without having to share a secret key.
PKC depends upon the existence of so-called one-way functions, or mathematical
functions that are easy to computer whereas their inverse function is relatively difficult to
compute. Let me give you two simple examples:
1. Multiplication vs. factorization: Suppose I tell you that I have two numbers, 9 and
16, and that I want to calculate the product; it should take almost no time to
calculate the product, 144. Suppose instead that I tell you that I have a number,
College Name Page 15
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
144, and I need you tell me which pair of integers I multiplied together to obtain
that number. You will eventually come up with the solution but whereas
calculating the product took milliseconds, factoring will take longer because you
first need to find the 8 pair of integer factors and then determine which one is the
correct pair.
2. Exponentiation vs. logarithms: Suppose I tell you that I want to take the number 3
to the 6th power; again, it is easy to calculate 36=729. But if I tell you that I have
the number 729 and want you to tell me the two integers that I used, x and y so
that logx 729 = y, it will take you longer to find all possible solutions and select
the pair that I used.
While the examples above are trivial, they do represent two of the functional pairs that
are used with PKC; namely, the ease of multiplication and exponentiation versus the relative
difficulty of factoring and calculating logarithms, respectively. The mathematical "trick" in PKC
is to find a trap door in the one-way function so that the inverse calculation becomes easy given
knowledge of some item of information.
Generic PKC employs two keys that are mathematically related although knowledge of
one key does not allow someone to easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext. The important point here is that it
does not matter which key is applied first, but that both keys are required for the process to
work (Figure 1B). Because a pair of keys are required, this approach is also called asymmetric
cryptography.
In PKC, one of the keys is designated the public key and may be advertised as widely as
the owner wants. The other key is designated the private key and is never revealed to another
party. It is straight forward to send messages under this scheme. Suppose Alice wants to send
Bob a message. Alice encrypts some information using Bob's public key; Bob decrypts the
ciphertext using his private key. This method could be also used to prove who sent a message;
Alice, for example, could encrypt some plaintext with her private key; when Bob decrypts using
College Name Page 16
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Alice's public key, he knows that Alice sent the message and Alice cannot deny having sent the
message (non-repudiation).
Public-key cryptography algorithms that are in use today for key exchange or digital signatures
include:
RSA: The first, and still most common, PKC implementation, named for the three
MIT mathematicians who developed it — Ronald Rivest, Adi Shamir, and
Leonard Adleman. RSA today is used in hundreds of software products and can
be used for key exchange, digital signatures, or encryption of small blocks of data.
RSA uses a variable size encryption block and a variable size key. The key-pair is
derived from a very large number, n, that is the product of two prime numbers
chosen according to special rules; these primes may be 100 or more digits in
length each, yielding an n with roughly twice as many digits as the prime factors.
The public key information includes n and a derivative of one of the factors of n;
an attacker cannot determine the prime factors of n (and, therefore, the private
key) from this information alone and that is what makes the RSA algorithm so
secure. (Some descriptions of PKC erroneously state that RSA's safety is due to
the difficulty in factoring large prime numbers. In fact, large prime numbers, like
small prime numbers, only have two factors!) The ability for computers to factor
large numbers, and therefore attack schemes such as RSA, is rapidly improving
and systems today can find the prime factors of numbers with more than 200
digits. Nevertheless, if a large number is created from two prime factors that are
roughly the same size, there is no known factorization algorithm that will solve
the problem in a reasonable amount of time; a 2005 test to factor a 200-digit
number took 1.5 years and over 50 years of compute time (see the Wikipedia
article on integer factorization.) Regardless, one presumed protection of RSA is
that users can easily increase the key size to always stay ahead of the computer
processing curve. As an aside, the patent for RSA expired in September 2000
College Name Page 17
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
which does not appear to have affected RSA's popularity one way or the other. A
detailed example of RSA is presented below in Section 5.3.
Diffie-Hellman : After the RSA algorithm was published, Diffie and Hellman
came up with their own algorithm. D-H is used for secret-key key exchange only,
and not for authentication or digital signatures. More detail about Diffie-Hellman
can be found below in Section 5.2.
Digital Signature Algorithm (DSA) : The algorithm specified in NIST's Digital
Signature Standard (DSS), provides digital signature capability for the
authentication of messages.
ElGamal : Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman
and used for key exchange.
Elliptic Curve Cryptography (ECC): A PKC algorithm based upon elliptic curves.
ECC can offer levels of security with small keys comparable to RSA and other
PKC methods. It was designed for devices with limited compute power and/or
memory, such as smartcards and PDAs. More detail about ECC can be found
below in Section 5.8. Other references include "The Importance of ECC" Web
page and the "Online Elliptic Curve Cryptography Tutorial", both from Certicom.
Public-Key Cryptography Standards (PKCS) : A set of interoperable standards
and guidelines for public-key cryptography, designed by RSA Data Security Inc.
o PKCS #1 : RSA Cryptography Standard (Also RFC 3447)
o PKCS #2: Incorporated into PKCS #1.
o PKCS #3 : Diffie-Hellman Key-Agreement Standard
o PKCS #4: Incorporated into PKCS #1.
College Name Page 18
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
o PKCS #5 : Password-Based Cryptography Standard (PKCS #5 V2.0 is also
RFC 2898)
o PKCS #6 : Extended-Certificate Syntax Standard (being phased out in
favor of X.509v3)
o PKCS #7 : Cryptographic Message Syntax Standard (Also RFC 2315)
o PKCS #8 : Private-Key Information Syntax Standard (Also RFC 5208)
o PKCS #9 : Selected Attribute Types (Also RFC 2985)
o PKCS #10 : Certification Request Syntax Standard (Also RFC 2986)
o PKCS #11 : Cryptographic Token Interface Standard
o PKCS #12 : Personal Information Exchange Syntax Standard
o PKCS #13 : Elliptic Curve Cryptography Standard
o PKCS #14: Pseudorandom Number Generation Standard is no longer
available
o PKCS #15 : Cryptographic Token Information Format Standard
Cramer-Shoup : A public-key cryptosystem proposed by R. Cramer and V. Shoup
of IBM in 1998.
Key Exchange Algorithm (KEA) : A variation on Diffie-Hellman; proposed as the
key exchange method for Capstone.
LUC : A public-key cryptosystem designed by P.J. Smith and based on Lucas
sequences. Can be used for encryption and signatures, using integer factoring.
A digression: Who invented PKC? I tried to be careful in the first paragraph of this
section to state that Diffie and Hellman "first described publicly" a PKC scheme. Although I
College Name Page 19
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
have categorized PKC as a two-key system, that has been merely for convenience; the real
criteria for a PKC scheme is that it allows two parties to exchange a secret even though the
communication with the shared secret might be overheard. There seems to be no question that
Diffie and Hellman were first to publish; their method is described in the classic paper, "New
Directions in Cryptography," published in the November 1976 issue of IEEE Transactions on
Information Theory. As shown below, Diffie-Hellman uses the idea that finding logarithms is
relatively harder than exponentiation. And, indeed, it is the precursor to modern PKC which does
employ two keys. Rivest, Shamir, and Adleman described an implementation that extended this
idea in their paper "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,"
published in the February 1978 issue of the Communications of the ACM (CACM). Their
method, of course, is based upon the relative ease of finding the product of two large prime
numbers compared to finding the prime factors of a large number.
Some sources, though, credit Ralph Merkle with first describing a system that allows two
parties to share a secret although it was not a two-key system, per se. A Merkle Puzzle works
where Alice creates a large number of encrypted keys, sends them all to Bob so that Bob chooses
one at random and then lets Alice know which he has selected. An eavesdropper will see all of
the keys but can't learn which key Bob has selected (because he has encrypted the response with
the chosen key). In this case, Eve's effort to break in is the square of the effort of Bob to choose a
key. While this difference may be small it is often sufficient. Merkle apparently took a computer
science course at UC Berkeley in 1974 and described his method, but had difficulty making
people understand it; frustrated, he dropped the course. Meanwhile, he submitted the paper
"Secure Communication Over Insecure Channels" which was published in the CACM in April
1978; Rivest et al.'s paper even makes reference to it. Merkle's method certainly wasn't published
first, but did he have the idea first?
An interesting question, maybe, but who really knows? For some time, it was a quiet
secret that a team at the UK's Government Communications Headquarters (GCHQ) had first
developed PKC in the early 1970s. Because of the nature of the work, GCHQ kept the original
memos classified. In 1997, however, the GCHQ changed their posture when they realized that
College Name Page 20
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
there was nothing to gain by continued silence. Documents show that a GCHQ mathematician
named James Ellis started research into the key distribution problem in 1969 and that by 1975,
Ellis, Clifford Cocks, and Malcolm Williamson had worked out all of the fundamental details of
PKC, yet couldn't talk about their work. (They were, of course, barred from challenging the RSA
patent!) After more than 20 years, Ellis, Cocks, and Williamson have begun to get their due
credit.
2.1.2.4. Hash Functions
Hash functions, also called message digests and one-way encryption, are algorithms that,
in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based
upon the plaintext that makes it impossible for either the contents or length of the plaintext to be
recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents,
often used to ensure that the file has not been altered by an intruder or virus. Hash functions are
also commonly employed by many operating systems to encrypt passwords. Hash functions,
then, provide a measure of the integrity of a file.
Hash algorithms that are in common use today include:
Message Digest (MD) algorithms: A series of byte-oriented algorithms that
produce a 128-bit hash value from an arbitrary-length message.
o MD2 (RFC 1319): Designed for systems with limited memory, such as
smart cards.
o MD4 (RFC 1320): Developed by Rivest, similar to MD2 but designed
specifically for fast processing in software.
o MD5 (RFC 1321): Also developed by Rivest after potential weaknesses
were reported in MD4; this scheme is similar to MD4 but is slower
because more manipulation is made to the original data. MD5 has been
implemented in a large number of products although several weaknesses
College Name Page 21
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
in the algorithm were demonstrated by German cryptographer Hans
Dobbertin in 1996.
Secure Hash Algorithm (SHA): Algorithm for NIST's Secure Hash Standard
(SHS). SHA-1 produces a 160-bit hash value and was originally published as
FIPS 180-1 and RFC 3174. FIPS 180-2 describes five algorithms in the SHS:
SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce
hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -
256, -384, and -512 are also described in RFC 4634.
RIPEMD : A series of message digests that initially came from the RIPE (RACE
Integrity Primitives Evaluation) project. RIPEMD-160 was designed by Hans
Dobbertin, Antoon Bosselaers, and Bart Preneel, and optimized for 32-bit
processors to replace the then-current 128-bit hash functions. Other versions
include RIPEMD-256, RIPEMD-320, and RIPEMD-128.
HAVAL (HAsh of VAriable Length) : Designed by Y. Zheng, J. Pieprzyk and J.
Seberry, a hash algorithm with many levels of security. HAVAL can create hash
values that are 128, 160, 192, 224, or 256 bits in length.
Whirlpool : A relatively new hash function, designed by V. Rijmen and P.S.L.M.
Barreto. Whirlpool operates on messages less than 2256 bits in length, and
produces a message digest of 512 bits. The design of this has function is very
different than that of MD5 and SHA-1, making it immune to the same attacks as
on those hashes (see below).
Tiger : Designed by Ross Anderson and Eli Biham, Tiger is designed to be secure,
run efficiently on 64-bit processors, and easily replace MD4, MD5, SHA and
SHA-1 in other applications. Tiger/192 produces a 192-bit output and is
compatible with 64-bit architectures; Tiger/128 and Tiger/160 produce the first
128 and 160 bits, respectively, to provide compatibility with the other hash
functions mentioned above.
College Name Page 22
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Hash functions are sometimes misunderstood and some sources claim that no two files
can have the same hash value. This is, in fact, not correct. Consider a hash function that provides
a 128-bit hash value. There are, obviously, 2128 possible hash values. But there are a lot more
than 2128 possible files. Therefore, there have to be multiple files — in fact, there have to be an
infinite number of files! — that can have the same 128-bit hash value.
The difficulty is finding two files with the same hash! What is, indeed, very hard to do is
to try to create a file that has a given hash value so as to force a hash value collision — which is
the reason that hash functions are used extensively for information security and computer
forensics applications. Alas, researchers in 2004 found that practical collision attacks could be
launched on MD5, SHA-1, and other hash algorithms. Readers interested in this problem should
read the following:
Burr, W. (2006, Match/April). Cryptographic hash standards: Where do we go
from here? IEEE Security & Privacy, 4(2), 88-91.
Gutman, P., Naccache, D., & Palmer, C.C. (2005, May/June). When hashes
collide. IEEE Security & Privacy, 3(3), 68-71.
Klima, V. (March 2005) "Finding MD5 Collisions - a Toy For a Notebook."
Thompson, E. (2005, February). MD5 collisions and the impact on computer
forensics. Digital Investigation, 2(1), 36-40.
Wang, X., Feng, D., Lai, X., & Yu, H. (August 2004). "Collisions for Hash
Functions MD4, MD5, HAVAL-128 and RIPEMD."
Wang, X., Yin, Y.L., & Yu, H. (February 2005). "Collision Search Attacks on
SHA1."
Readers are also referred to the Eindhoven University of Technology HashClash Project
Web site. An excellent overview of the situation with hash collisions (circa 2005) can be found
College Name Page 23
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
in RFC 4270 (by P. Hoffman and B. Schneier, November 2005). And for additional information
on hash functions, see David Hopwood's MessageDigest Algorithms page.
At this time, there is no obvious successor to MD5 and SHA-1 that could be put into use
quickly; there are so many products using these hash functions that it could take many years to
flush out all use of 128- and 160-bit hashes. That said, NIST announced in 2007 their
Cryptographic Hash Algorithm Competition to find the next-generation secure hashing method.
Dubbed SHA-3, this new scheme will augment FIPS 180-2. A list of submissions can be found at
The SHA-3 Zoo. The SHA-3 standard may not be available until 2011 or 2012.
Certain extensions of hash functions are used for a variety of information security and
digital forensics applications, such as:
Hash libraries are sets of hash values corresponding to known files. A hash
library of known good files, for example, might be a set of files known to be a
part of an operating system, while a hash library of known bad files might be of a
set of known child pornographic images.
Rolling hashes refer to a set of hash values that are computed based upon a fixed-
length "sliding window" through the input. As an example, a hash value might be
computed on bytes 1-10 of a file, then on bytes 2-11, 3-12, 4-13, etc.
Fuzzy hashes are an area of intense research and represent hash values that
represent two inputs that are similar. Fuzzy hashes are used to detect documents,
images, or other files that are close to each other with respect to content. See
"Fuzzy Hashing" (PDF | PPT) by Jesse Kornblum for a good treatment of this
topic.
College Name Page 24
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
2.2 SteganographyThe word steganography literally means covered writing as derived from Greek. It
includes a vast array of methods of secret communications that conceal the very existence of the
message. Among these methods are invisible inks, microdots, character arrangement (other than
the cryptographic methods of permutation and substitution), digital signatures, covert channels
and spread-spectrum communications.
Steganography is the art of concealing the existence of information within seemingly
innocuous carriers. Steganography can be viewed as akin to cryptography. Both have been used
throughout recorded history as means to protect information. At times these two technologies
seem to converge while the objectives of the two differ. Cryptographic techniques "scramble"
messages so if intercepted, the messages cannot be understood. Steganography, in an essence,
"camouflages" a message to hide its existence and make it seem "invisible" thus concealing the
fact that a message is being sent altogether. An encrypted message may draw suspicion while an
invisible message will not.
Over the past couple of years, steganography has been the source of a lot of discussion,
particularly as it was suspected that terrorists connected with the September 11 attacks might
have used it for covert communications. While no such connection has been proven, the concern
points out the effectiveness of steganography as a means of obscuring data. Indeed, along with
encryption, steganography is one of the fundamental ways by which data can be kept
College Name Page 25
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
confidential. This article will offer a brief introductory discussion of steganography: what it is,
how it can be used, and the true implications it can have on information security.
David Kahn places steganography and cryptography in a table to differentiate against the
types and counter methods used. Here security is defined as methods of "protecting" information
where intelligence is defined as methods of "retrieving" information.
Signal Security Signal Intelligence
Communication Security Communication Intelligence
Steganography (invisible inks, open codes, messages in hollow heels) and Transmission Security (spurt radio and spread spectrum systems)
Interception and direction-finding
Cryptography(codes and ciphers) Cryptanalysis
Traffic security(call-sign changes, dummy messages, radio silence)
Traffic analysis (direction-finding, message-flow studies, radio finger printing)
Electronic Security Electronic Intelligence
Emission Security (shifting of radar frequencies, spread spectrum)
Electronic Reconnaissance (eaves-dropping on radar emissions)
Counter-Countermeasures "looking through" (jammed radar)
Countermeasures (jamming radar and false radar echoes)
Table 1: Kahn's Security Table
College Name Page 26
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Steganography has its place in security. It is not intended to replace cryptography but
supplement it. Hiding a message with steganography methods reduces the chance of a message
being detected. However, if that message is also encrypted, if discovered, it must also be cracked
(yet another layer of protection).
While we are discussing it in terms of computer security, steganography is really nothing
new, as it has been around since the times of ancient Rome. For example, in ancient Rome and
Greece, text was traditionally written on wax that was poured on top of stone tablets. If the
sender of the information wanted to obscure the message - for purposes of military intelligence,
for instance - they would use steganography: the wax would be scraped off and the message
would be inscribed or written directly on the tablet, wax would then be poured on top of the
message, thereby obscuring not just its meaning but its very existence[1].
According to Dictionary.com, steganography (also known as "steg" or "stego") is "the art
of writing in cipher, or in characters, which are not intelligible except to persons who have the
key; cryptography" [2]. In computer terms, steganography has evolved into the practice of hiding
a message within a larger one in such a way that others cannot discern the presence or contents
of the hidden message[3]. In contemporary terms, steganography has evolved into a digital
strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav
or mp3) or even a video file.
2.2.1 History and Steganography
Throughout history, a multitude of methods and variations have been used to hide
information. David Kahn's The Codebreakers provides an excellent accounting of this history
[Kahn67]. Bruce Norman recounts numerous tales of cryptography and steganography during
times of war in Secret Warfare: The Battle of Codes and Ciphers.
One of the first documents describing steganography is from the Histories of Herodotus. In
ancient Greece, text was written on wax covered tablets. In one story Demeratus wanted to notify
Sparta that Xerxes intended to invade Greece. To avoid capture, he scraped the wax off of the
College Name Page 27
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
tablets and wrote a message on the underlying wood. He then covered the tablets with wax again.
The tablets appeared to be blank and unused so they passed inspection by sentries without
question.
Another ingenious method was to shave the head of a messenger and tattoo a message or
image on the messengers head. After allowing his hair to grow, the message would be undetected
until the head was shaved again.
Another common form of invisible writing is through the use of Invisible inks. Such inks
were used with much success as recently as WWII. An innocent letter may contain a very
different message written between the lines [Zim48]. Early in WWII steganographic technology
consisted almost exclusively of invisible inks [Kahn67]. Common sources for invisible inks are
milk, vinegar, fruit juices and urine. All of these darken when heated.
With the improvement of technology and the ease as to the decoding of these invisible
inks, more sophisticated inks were developed which react to various chemicals. Some messages
had to be "developed" much as photographs are developed with a number of chemicals in
processing labs.
Null ciphers (unencrypted messages) were also used. The real message is "camouflaged"
in an innocent sounding message. Due to the "sound" of many open coded messages, the suspect
communications were detected by mail filters. However "innocent" messages were allowed to
flow through. An example of a message containing such a null cipher from [JDJ01] is:
Fishing freshwater bends and saltwater
coasts rewards anyone feeling stressed.
Resourceful anglers usually find masterful
leapers fun and admit swordfish rank
overwhelming anyday.
By taking the third letter in each word, the following message emerges [Zevon]:
College Name Page 28
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Send Lawyers, Guns, and Money.
The following message was actually sent by a German Spy in WWII [Kahn67]:
Apparently neutral's protest is thoroughly discounted
and ignored. Isman hard hit. Blockade issue affects
pretext for embargo on by products, ejecting suets and
vegetable oils.
Taking the second letter in each word the following message emerges:
Pershing sails from NY June 1.
As message detection improved, new technologies were developed which could pass
more information and be even less conspicuous. The Germans developed microdot technology
which FBI Director J. Edgar Hoover referred to as "the enemy's masterpiece of espionage."
Microdots are photographs the size of a printed period having the clarity of standard-sized
typewritten pages. The first microdots were discovered masquerading as a period on a typed
envelope carried by a German agent in 1941. The message was not hidden, nor encrypted. It was
just so small as to not draw attention to itself (for a while). Besides being so small, microdots
permitted the transmission of large amounts of data including drawings and photographs
[Kahn67].
With many methods being discovered and intercepted, the Office of Censorship took
extreme actions such as banning flower deliveries which contained delivery dates, crossword
puzzles and even report cards as they can all contain secret messages. Censors even went as far
as rewording letters and replacing stamps on envelopes.
With every discovery of a message hidden using an existing application, a new
steganographic application is being devised. There are even new twists to old methods. Drawings
College Name Page 29
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
have often been used to conceal or reveal information. It is simple to encode a message by
varying lines, colors or other elements in pictures. Computers take such a method to new
dimensions as we will see later.
Even the layout of a document can provide information about that document. Brassil et al
authored a series of publications dealing with document identification and marking by
modulating the position of lines and words [Brassil-Infocom94, Brassil- Infocom94, Brassil-
CISS95]. Similar techniques can also be used to provide some other "covert" information just as
0 and 1 are informational bits for a computer. As in one of their examples, word-shifting can be
used to help identify an original document [Brassil-CISS95]. Though not applied as discussed in
the series by Brassil et al, a similar method can be applied to display an entirely different
message. Take the following sentence (S0):
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
and apply some word shifting algorithm (this is sentence S1).
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
By overlapping S0 and S1, the following sentence is the result:
We explore new steganographic and cryptographic
algorithms and techniques throughout the world to
produce wide variety and security in the electronic web
called the Internet.
College Name Page 30
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
This is achieved by expanding the space before explore, the, wide, and web by one point and
condensing the space after explore, world, wide and web by one point in sentence S1.
Independently, the sentences containing the shifted words appear harmless, but combining this
with the original sentence produces a different message: explore the world wide web.
2.3 Steganography – Uses:
Like many security tools, steganography can be used for a variety of reasons, some good,
some not so good. Legitimate purposes can include things like watermarking images for reasons
such as copyright protection. Digital watermarks (also known as fingerprinting, significant
especially in copyrighting material) are similar to steganography in that they are overlaid in files,
which appear to be part of the original file and are thus not easily detectable by the average
person. Steganography can also be used as a way to make a substitute for a one-way hash value
(where you take a variable length input and create a static length output string to verify that no
changes have been made to the original variable length input). Further, steganography can be
used to tag notes to online images (like post-it notes attached to paper files). Finally,
steganography can be used to maintain the confidentiality of valuable information, to protect the
data from possible sabotage, theft, or unauthorized viewing.
Unfortunately, steganography can also be used for illegitimate reasons. For instance, if
someone was trying to steal data, they could conceal it in another file or files and send it out in
an innocent looking email or file transfer. Furthermore, a person with a hobby of saving
pornography, or worse, to their hard drive, may choose to hide the evidence through the use of
steganography. And, as was pointed out in the concern for terroristic purposes, it can be used as a
means of covert communication. Of course, this can be both a legitimate and an illegitimate
application.
2.4 Steganography Tools
There are a vast number of tools that are available for steganography. An important
distinction that should be made among the tools available today is the difference between tools
College Name Page 31
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
that do steganography, and tools that do steganalysis, which is the method of detecting
steganography and destroying the original message. Steganalysis focuses on this aspect, as
opposed to simply discovering and decrypting the message, because this can be difficult to do
unless the encryption keys are known.
A comprehensive discussion of steganography tools is beyond the scope of this article.
However, there are many good places to find steganography tools on the Net. One good place to
start your search for stego tools is on Neil Johnson's Steganography and Digital Watermarking
Web site. The site includes an extensive list of steganography tools. Another comprehensive
tools site is located at the StegoArchive.com.
For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site. Niels
Provos's site, is also a great reference site, but is currently being relocated, so keep checking
back on its progress.
The plethora of tools available also tends to span the spectrum of operating systems.
Windows, DOS, Linux, Mac, Unix: you name it, and you can probably find it.
2.4.1 Working of Steganography Tools:
To show how easy steganography is, I started out by downloading one of the more
popular freeware tools out now: F5, then moved to a tool called SecurEngine, which hides text
files within larger text files, and lastly a tool that hides files in MP3s called MP3Stego. I also
tested one commercial steganography product, Steganos Suite.
F5 was developed by Andreas Westfield, and runs as a DOS client. A couple of GUIs
were later developed: one named "Frontend", developed by Christian Wohne and the other,
named "Stegano", by Thomas Biel. I tried F5, beta version 12. I found it very easy to encode a
message into a JPEG file, even if the buttons in the GUI are written in German! Users can simply
do this by following the buttons, inputting the JPEG file path, then the location of the data that is
being hidden (in my case, I used a simple text file created in Notepad), at which point the
College Name Page 32
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
program prompts the user for a pass phrase. As you can see by the before and after pictures
below, it is very hard to tell them apart, embedded message or not.
Granted, the file that I embedded here was very small (it included one line of text: "This is a
test. This is only a test."), so not that many pixels had to be replaced to hide my message. But
what if I tried to hide a larger file? F5 only hides text files. I tried to hide a larger word document
and although it did hide the file, when I tried to decrypt it, it came out as garbage. However,
larger text files seemed to hide in the picture just as well as my small, one-line message.
SecurEngine doesn't seem to be as foolproof as the tools that hide text within pictures. When I
hid my small text file in a bigger text file, I found an odd character at the bottom of the encoded
file ("ÿ"). This character was not in the original file. SecurEngine gives users the option of just
hiding the image, hiding the image as well as encrypting it, or both. The test message was
encrypted and decrypted without issue. SecurEngine also has a feature that helps to "wipe" files
(to delete them more securely).
MP3Stego, a tool that hides data in MP3 files worked very well. How the process works
is like this: you encode a file, a text file for example, with a .WAV file, in order for it to be
compressed into MP3 format. One problem that I ran into was that in order to hide data of any
size, I had to find a file that was proportional in size. So, for instance, my small text message
from the previous exercise was too big to hide in a .WAV file (the one that I originally tried was
121KB, and the text file was around 36 bytes). In order to ultimately hide a file that was 5 bytes
(only bearing the message "test."), I found a .WAV file that was 627 KB. The ultimate MP3 file
size was 57KB.
Steganos Suite is a commercial software package of numerous stego tools all rolled into
one. In addition to a nifty Internet trace destructor function and a computer file shredder, it has a
function called the File Manager. This allows users to encrypt and hide files on their hard drive.
The user selects a file or folder to hide, and then selects a "carrier" file, which is defined as a
graphic or sound file. It will also create one for you if you prefer, if you have a scanner or
College Name Page 33
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
microphone available. If you don't have a file handy or if you want to create one, the File
Manager will search your hard drive for an appropriate carrier. This tool looks for a wider
variety of file types than the majority of the freeware tools that I perused (such as .DLL and .DIB
files), so if you intend to do quite a bit of file hiding, you might want to invest in a commercial
package.
2.5 Steganography and Security
As mentioned previously, steganography is an effective means of hiding data, thereby
protecting the data from unauthorized or unwanted viewing. But stego is simply one of many
ways to protect the confidentiality of data. It is probably best used in conjunction with another
data-hiding method. When used in combination, these methods can all be a part of a layered
security approach. Some good complementary methods include:
Encryption - Encryption is the process of passing data or plaintext through a series of
mathematical operations that generate an alternate form of the original data known as
ciphertext. The encrypted data can only be read by parties who have been given the
necessary key to decrypt the ciphertext back into its original plaintext form. Encryption
doesn't hide data, but it does make it hard to read!
Hidden directories (Windows) - Windows offers this feature, which allows users to hide
files. Using this feature is as easy as changing the properties of a directory to "hidden",
and hoping that no one displays all types of files in their explorer.
Hiding directories (Unix) - in existing directories that have a lot of files, such as in
the /dev directory on a Unix implementation, or making a directory that starts with three
dots (...) versus the normal single or double dot.
Covert channels - Some tools can be used to transmit valuable data in seemingly normal
network traffic. One such tool is Loki. Loki is a tool that hides data in ICMP traffic (like
ping).
2.6 Protecting Against Malicious Steganography
College Name Page 34
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized
or unwanted activity. What can you do to prevent or detect issues with stego? There is no easy
answer. If someone has decided to hide their data, they will probably be able to do so fairly
easily. The only way to detect steganography is to be actively looking for in specific files, or to
get very lucky. Sometimes an actively enforced security policy can provide the answer: this
would require the implementation of company-wide acceptable use policies that restrict the
installation of unauthorized programs on company computers.
Using the tools that you already have to detect movement and behavior of traffic on your
network may also be helpful. Network intrusion detection systems can help administrators to
gain an understanding of normal traffic in and around your network and can thus assist in
detecting any type of anomaly, especially with any changes in the behavior of increased
movement of large images around your network. If the administrator is aware of this sort of
anomalous activity, it may warrant further investigation. Host-based intrusion detection systems
deployed on computers may also help to identify anomalous storage of image and/or video files.
A research paper by Stefan Hetzel cites two methods of attacking steganography, which
really are also methods of detecting it. They are the visual attack (actually seeing the differences
in the files that are encoded) and the statistical attack: "The idea of the statistical attack is to
compare the frequency distribution of the colors of a potential stego file with the theoretically
expected frequency distribution for a stego file." It might not be the quickest method of
protection, but if you suspect this type of activity, it might be the most effective. For JPEG files
specifically, a tool called Stegdetect, which looks for signs of steganography in JPEG files, can
be employed. Stegbreak, a companion tool to Stegdetect, works to decrypt possible messages
encoded in a suspected steganographic file, should that be the path you wish to take once the
stego has been detected.
College Name Page 35
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Chapter 3
PC Software that Provide Steganographic Services
3.1 Background
Steganographic software is new and very effective. Such software enables information to
be hidden in graphic, sound and apparently "blank" media. Charles Kurak and John McHugh
discuss the implications of downgrading an image (security downgrading) when it may contain
some other information [Kurak92]. Though not explicitly stated the author(s) of StegoDos
mention embedding viruses in images [StegoDos].
In the computer, an image is an array of numbers that represent light intensities at various
points (pixels1) in the image. A common image size is 640 by 480 and 256 colors (or 8 bits per
pixel). Such an image could contain about 300 kilobits of data.
There are usually two type of files used when embedding data into an image. The
innocent looking image which will hold the hidden information is a "container." A "message" is
College Name Page 36
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
the information to be hidden. A message may be plain-text, ciphertext, other images or any thing
that can be embedded in the least significant bits (LSB) of an image.
For example:
Suppose we have a 24-bit image 1024 x 768 (this is a common resolution for satellite images,
electronic astral photographs and other high resolution graphics). This may produce a file over 2
megabytes in size (1024x768x24/8 = 2,359,296 bytes). All color variations are derived from
three primary colors, Red, Green and Blue. Each primary color is represented by 1 byte (8 bits).
24-bit images use 3 bytes per pixel. If information is stored in the least significant bit (LSB) of
each byte, 3 bits can be a stored in each pixel. The "container" image will look identical to the
human eye, even if viewing the picture side by side with the original. Unfortunately, 24-bit
images are uncommon (with exception of the formats mentioned earlier) and quite large. They
would draw attention to themselves when being transmitted across a network. Compression
would be beneficial if not necessary to transmit such a file. But file compression may interfere
with the storage of information.
1 A pixel is an instance of color, a point in a picture.
Kurak and McHugh identify two kinds of compression, lossless and lossy [Kurak92]. Both
methods save storage space but may present different results when the information is
uncompressed.
Lossless compression is preferred when there is a requirement that the original
information remain intact (as with steganographic images). The original message can be
reconstructed exactly. This type of compression is typical in GIF2 and BMP3 images.
Lossy compression, while also saving space, may not maintain the integrity of the
original image. This method is typical in JPG4 images and yields very good compression.
To illustrate the advantage of lossy compression, Renoir's Le Moulin de la Galette was
retrieved as a 175,808 byte JPG image 1073 x 790 pixels with 16 million possible colors. The
College Name Page 37
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
colors were maintained when converting it to a 24-bit BMP file but the file size became
2,649,019 bytes! Converting again to a GIF file, the colors were reduced to 256 colors (8-bit)
and the new file is 775,252 bytes. The 256 color image is a very good approximation of Renoir's
painting.
2 Graphic Interchange Format developed by Compuserve to be a
device-independent method of storing images.
3 Windows and OS/2 bitmap picture file.
4 Joint Photography experts Group (JPG/JPEG) is a device-
independent method for storing images which supports 24-bit
images.
Most steganographic software available does not support, nor recommends, using JPG
files (an exception is noted later in the paper). The next best alternative to 24-bit images, is to use
256 color (or gray-scale) images. These are the most common images found on the Internet in
the form of GIF files. Each pixel is represented as a byte (8-bits). Many authors of the
steganography software and articles stress the use of gray-scale images (those with 256 shades of
gray or better) [Arachelian, Aura95, Kurak92, Maroney]. The importance is not whether the
image is gray-scale or not, the importance is the degree to which the colors change between bit
values.
Gray-scale images are very good because the shades gradually change from byte to byte.
The following is a palette containing 256 shades of gray.
College Name Page 38
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
3.2 Evaluation Method
A similar image with 16 shades of gray (four-bit color) may look very close to one with
256 shades of gray but the palette has less variations with which to work. The subtleties permit
data to be stored without the human eye catching the changes. Many argue that gray-scale
images render the "best" results for steganography. However, using gray- scale or color is not as
important as the subtleties in color variation. Consider the following two 256 color palettes.
College Name Page 39
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Figure 3 illustrates subtle changes in color variations. It is difficult to differentiate
between many of the colors in this palette. Is this palette in Figure 2 "good" for steganography?
Well, it depends. Subtle color changes can be seen in Figure 2, but other color variances seem to
be rather drastic. However, one must consider the image in addition to the palette. Obviously, an
image with large areas of solid colors is a poor choice as variances created from the embedded
message will be noticeable in the solid areas (a palette as in Figure 3 would offset this). Figure 2
is the palette from a 256 color version of Renoir's Le Moulin de la Galette. Based on embedding
this image with text and graphic messages, it is a very good container for holding data.
Various steganographic software packages were explored. The evaluation process was to
determine limitations and flexibility of the software readily available to the public.
Message and container files were selected before testing. This proved to be a problem
with some packages due to limitations of the software. The images selected had to be altered to
fit into the constraints of the software and other containers were used. In all, a total of 25 files
were used as containers (much more than I have room to discuss).
College Name Page 40
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
The files used for evaluation included two "message" files and two "container" files. The
"message" files are those to be hidden in the innocent looking "container" files.
Message 1 contains the following plain-text and will be referred to as M1:
Steganography is the art and science of communicating in a way which hides the existence
of the communication. In contrast to cryptography, where the "enemy" is allowed to detect,
intercept and modify messages without being able to violate certain security premises guaranteed
bya cryptosystem, the goal of steganography is to hide messages inside other "harmless"
messages in a way that does not allow any "enemy" to even detect that there is a second secret
message present.
5 The satellite photograph is of a major Soviet strategic bomber base near Dolon,
Kazakhstan taken August 20, 1966. An Executive Order, signed by President Clinton on 23
February 1995, has authorized the declassification of satellite photographs collected by the U.S.
College Name Page 41
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
intelligence community during the 1960's. This and other photographs are available on the
Internet via U.S Geological Survey - National Mapping Information - EROS Data Center.
The Container Files Figure 5: Renoir's Le Moulin de la Galette - Container C1
Figure 6: Droeshout engraving of William Shakespeare - Container C27
College Name Page 42
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
6 Le Moulin de la Galette by Pierre-Auguste Renoir is available via the WebMuseum, Paris
and accessible.
7 A JPG version of Droeshout engraving of William Shakespeare is available.
The image of Shakespeare is too small to contain M2, but M1 could be embedded
without any degradation of the image. For the most part, all the software tested could handle the
518 byte plain- text message, however, only two could handle the image labeled M2. Of the two,
only one software package could reliably handle 24-bit images and other formats consistently: S-
Tools by Andy Brown.
Next, an attempt was made to embed messages M1 and M2 using each software package.
If the software could not handle processing these containers (C1 and C2), other containers were
tried. All the software could embed M1 into some container. These files were reviewed before
and after applying steganographic methods.
3.3 Software Evaluation
The following software packages were reviewed with respect to steganographic
manipulation of images: Hide and Seek v4.1, StegoDos v0.90a, White Noise Storm, and S-Tools
for Windows v3.00. Nearly all the authors encourage encrypting messages before embedding
College Name Page 43
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
them in images as an added layer of protection and reviewing the images after embedding data.
Even with the most reliable software tested, there may be some unexpected results.
3.3.1 Hide and Seek v 4.1
Hide and Seek versions 4.1 and 5.0 by Colin Maroney have similar limitations with
minimum image sizes (320 x 480). In version 4.1 if the image is smaller than the minimum, then
the stego-image is padded with black space. If the cover image is larger, the stego-image is
cropped to fit. In version 5.0 the same is true with minimum image sizes. If any image exceeds
1024 x 768, an error message is returned. The Hide and Seek 1.0 for Windows 95 version seems
to have these issues resolved and is a much improved steganography tool. Version 4.1 is
evaluated here to illustrate limitations of some steganography tools.
Hide and Seek 4.1 is free software which contains a series of DOS programs that embed
data in GIF files and comes with the source code.
Hide and Seek uses the Least Significant Bit of each pixel to encode characters, 8 pixels
per character and spreads the data throughout the GIF in a somewhat random fashion. The larger
the message the more likely the resulting image will be degraded. Since the data is dispersed
"randomly" and the message file header is encrypted, there is no telling what is in an embedded
file.
Unfortunately the hidden file can be no longer than 19,000 bytes because the maximum
display used is 320 x 480 pixels. Each character takes 8 pixels two hide ( (320x480)/8 = 19200).
C2 (Shakespeare) was used to embed M1. The original image of Shakespeare is 222 x
282 pixels and 256 shades of gray. The resulting image was forced to 320 x 480 pixels. Instead
of "stretching" the image to fit, large black areas were added to the image making it 320 x 480.
The image on the left is the original C2 and the image on the right is embedded with M1.
College Name Page 44
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
3.3.2 StegoDos
StegoDos is also known as Black Wolf's Picture Encoder version 0.90a. This is Public
Domain software written by Black Wolf (anonymous). This is a series of DOS programs that
require far too much effort for the results. It will only work with 320x200 images with 256
colors. To encode a message, one must:
1. Run GETSCR. This starts a TSR which will perform a screen capture when
PRINTSCREEN is pressed.
2. View the image with a third-party image viewing software (not included with StegoDos)
and press PRINTSCREEN to save the image in MESSAGE.SCR.
3. Save your message to be embedded in the image as MESSAGE.DAT.
4. Run ENCODE. This will merge MESSAGE.DAT with MESSAGE.SCR.
5. Use a third party screen capturing program (not included with StegoDos) to capture the
new image from the screen.
College Name Page 45
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
6. Run PUTSCR and capture the image displayed on the screen.
Decoding the message is not as involved but still requires a third party program to view the
image. To decode a message, one must:
1. Run GETSCR. This starts a TSR which will perform a screen capture when
PRINTSCREEN is pressed.
2. View the image containing a message with a third-party image viewing software (not
included with StegoDos) and press PRINTSCREEN to save the image in
MESSAGE.SCR.
3. Run DECODE. This will extract the stored message from MESSAGE.SCR.
Due to the size restrictions, M2 and C1 could not be used. C2 (Shakespeare) and a number of
other containers were tested (both color and gray-scale) with M1. Every one of them were
obviously distorted. There was little distortion within the C2 image, but it was cropped and fitted
into a 320 x 200 pixel image. The image on the left is the original C2 file. The image on the right
contains the M1 message:
College Name Page 46
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
This application uses the Least Significant Bit method with less success than the others. It
also appends an EOF (end of file) character to the end of the message. Even with the EOF
character, the message retrieved from the altered imaged most likely contained garbage at the
end. The following is the original message (M1) and a portion of the message extracted from the
image created with StegoDos:
Steganography is the art and science of communicating in a way which hides the
existence of the communication. In contrast to cryptography, where the "enemy" is allowed to
detect, intercept and modify messages without being able to violate certain security premises
guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other
"harmless" messages in a way that does not allow any "enemy" to even detect that there is a
second secret message present.
The original file is 518 bytes. The extracted file is around 8 kilobytes:
Steganography is the art and science of communicating in a way which hides the existence of
the communication. In contrast to cryptography, where the "enemy" is allowed to detect,
intercept and modify messages without being able to violate certain security premises guaranteed
by a cryptosystem, the goal of steganography is to hide messages inside other "harmless"
College Name Page 47
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
messages in a way that does not allow any "enemy" to even detect that there is a second secret
message present.
3.3.3 White Noise Storm
White Noise Storm by Ray (Arsen) Arachelian is a very versatile steganography
application for DOS. Embedding M1 in the containers C1 and C2 was rather trivial and no
degradation could be detected. White Noise Storm was the first software tested that could embed
M2 into C1 - notice the "noise" interfering with the image integrity.
The image on the left is the original C2. The image on the right contains message M1:
College Name Page 48
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Arachelian encourages encrypting the message before embedding it into an image. White
Noise Storm (WNS) also includes an encryption routine to "randomize" the bits with in an image.
His use of encryption with steganography is well integrated, but is beyond the scope of this
paper.
WNS was designed based on the idea of spread spectrum technology and frequency
hopping. "Instead of having X channels of communication which are changed with a fixed
formula and passkey. Eight channels are spread within a number of 8-bits*W byte channels. W
represents a random sized window of W bytes. Each of these eight channels represents one single
bit, so each window holds one byte of information and a lot of unused bits. These channels rotate
among themselves, for instance bit 1 might be swapped with bit 7, or all the bits may rotate
positions at once. These bits change location within the window on the byte level. The rules for
this swapping are dictated not only by the passphrase by also by the previous window's random
data (similar to DES block encryption)" [Arachelian, RE: Steganography].
WNS also used the Least Significant Bit (LSB) application of steganography and applies
this method to PCX8 files. The software extracts the LSBs from the container image and stores
them in a file. The message is encrypted and applied to these bits to create a "new" set of LSBs.
These are then "injected" into the container image to create a new image. The documentation that
accompanies White Noise Storm is well organized and explains some of the theory behind the
implementation of encryption and steganography.
The main disadvantage of applying the WNS encryption method to steganography is the
loss of many bits that can be used to hold information. Relatively large files must be used to hold
the same amount of information other methods provide.
College Name Page 50
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
3.3.4 S-Tools
Steganography Tools (S-Tools) for Windows 3.00 by Andy Brown is the most versatile
steganography tools of any applications tested. It includes several programs that process GIF and
BMP images (ST-BMP.EXE), audio WAV files (ST-WAV.EXE) and will even hide information
in the "unused" areas on floppy diskettes (ST-FDD.EXE). In addition to supporting 24-bit
images, S-Tools also includes a barrage of encryption routines (Idea, MPJ2, DES, 3DES and
NSEA) with many options.
S-Tools applies the LSB methods discussed before to both images and audio files. Due to
the lack of resources, only images were tested. Brown developed a very nice interface with
prompts and well developed on-line documentation. The only apparent limitations were the
resources available. There were times large 24-bit images would bring the Windows to a halt. A
very useful feature is a status line that displays the largest message size that can be store in an
open container file. This saved the time of attempting to store a message that is too large for a
container. After hiding the message, the "new" image will be displayed and let you toggle
between the new and original images. At times the new image looked to be grossly distorted, but
after saving the new image looked nearly identical to the original. This may be due to memory
limitations. On occasion a saved image was actually corrupted and could not be read. A saved
image should always be reviewed before sending it out.
S-Tools provided the most impressive results. Unlike the obvious distortions in "A
Cautionary Note on Image Downgrading" [Kurak92], S-Tools maintained remarkable image
integrity. The following figure illustrates the text message M1 embedded in container C2.
College Name Page 51
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
The following is the original C1 (top) and C1 embedded with M2 (airfield):
College Name Page 53
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
The following is derived from S-Tools BMP - How it is done by Andy Brown:
"S-Tools works by 'spreading' the bit-pattern of the message file to be hidden across the
least-significant bits of the color levels in the image. S-Tools tries to reduce the number of image
colors in a manner that preserves as much of the image detail as possible. It is difficult to tell the
difference between a 256 color image and one reduced to 32."
"S-Tools adds some extra information on to the front of the message file before hiding.
32 bits of time-dependent random garbage is added first. This step means that two identical
hidden files that are encrypted in CBC or PCBC mode will never encipher to the same
ciphertext. The 32 bit length of the hidden file is then included. This is required for S- Tools to
be able to extract the hidden file. Encryption will conceal this value."
"To further conceal the presence of a file, S-Tools picks its bits from the image based on
the output of a random number generator. This is designed to defeat an attacker who might apply
a statistical randomness test to the lower bits of the image to determine whether encrypted data is
hidden there (well-encrypted data shows up as pure white noise). The random number generator
used by S-Tools is based on the output of the MD5 message digest algorithm, and is not easily (if
at all) defeatable" [S-Tools Documentation by Andy Brown].
College Name Page 54
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
3.4. Software not tested but worth noting
The following software packages were reviewed but not tested: Jpeg-Jsteg v4 and Stealth v1.1.
3.4.1 Jpeg-Jsteg v4
Cryptography and steganography rely on retrieving a message in its original form without
losing any information. Such is the idea behind lossless compression. Since JPG images use
lossy encoding to compress its data, it is generally thought that steganography would be
infeasible with such images. "This version of the Independent JPEG Group's JPEG Software has
been modified for 1-bit steganography in JFIF output files" [Independent JPEG Group]. The
Jpeg-Jsteg software comes with source code and instructions for compiling the code on various
platforms.
According to the Independent JPEG Group (IJPG), the JFIF format is composed of lossy
and non-lossy stages. Information can be inserted between these stages without corrupting the
image.
As discussed earlier with Renoir's Le Moulin de la Galette compression is a great
advantage JPG images have over other formats. JPEG images are becoming more abundant on
the Internet because large images with unlimited colors can be stored in relatively small files (a
1073 x 790 pixel image with 16 million colors can be stored in a 170 Kilobyte file. The same
image is over 2 Megabytes if converted to a BMP).
3.4.2 Stealth v1.1
Stealth by Henry Hastur in and of itself is not a steganographic program or method. It is
usually found with steganographic software on the Internet and is used to complement the
steganographic methods. Stealth is a filter that strips off the PGP header that is on a PGP
encrypted file. This leaves only the encrypted data. Why is this important? Applying
steganography to an encrypted message is more secure than a "plain text" message. However,
many encryption applications add header information to the encrypted message. This header
College Name Page 55
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
information identifies the method used to encrypt the data. For example, if a cracker has
identified hidden data in an image and has successfully extracted the encrypted message, a
header for the encryption method would point the cracker in the right direction for additional
cryptanalysis. But, if the header is removed, the cracker cannot determine the method for
encryption. Some steganography software (White Noise Storm and S-Tools) provide this step in
security, but others do not.
3.5 Code:
function varargout = steg(varargin)
% STEG M-file for steg.fig
% STEG, by itself, creates steg new STEG or raises the existing
% singleton*.
%
% H = STEG returns the handle to steg new STEG or the handle to
% the existing singleton*.
%
% STEG('CALLBACK',hObject,eventData,handles,...) calls the local
% function named CALLBACK in STEG.M with the given input arguments.
%
% STEG('Property','Value',...) creates steg new STEG or raises the
% existing singleton*. Starting from the left, property value pairs are
% applied to the GUI before steg_OpeningFunction gets called. An
% unrecognized property name or invalid value makes property application
% stop. All inputs are passed to steg_OpeningFcn via varargin.
%
College Name Page 56
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
% *See GUI Options on GUIDE's Tools menu. Choose "GUI allows only one
% instance to run (singleton)".
%
% See also: GUIDE, GUIDATA, GUIHANDLES
% Copyright 2002-2003 The MathWorks, Inc.
% Edit the above text to modify the response to help steg
% Last Modified by GUIDE v2.5 27-Jun-2007 02:17:56
% Begin initialization code - DO NOT EDIT
gui_Singleton = 1;
gui_State = struct('gui_Name', mfilename, ...
'gui_Singleton', gui_Singleton, ...
'gui_OpeningFcn', @steg_OpeningFcn, ...
'gui_OutputFcn', @steg_OutputFcn, ...
'gui_LayoutFcn', [] , ...
'gui_Callback', []);
if nargin && ischar(varargin{1})
gui_State.gui_Callback = str2func(varargin{1});
end
if nargout
[varargout{1:nargout}] = gui_mainfcn(gui_State, varargin{:});
else
gui_mainfcn(gui_State, varargin{:});
end
College Name Page 57
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
% End initialization code - DO NOT EDIT
% --- Executes just before steg is made visible.
function steg_OpeningFcn(hObject, eventdata, handles, varargin)
% This function has no output args, see OutputFcn.
% hObject handle to figure
% eventdata reserved - to be defined in steg future version of MATLAB
% handles structure with handles and user data (see GUIDATA)
% varargin command line arguments to steg (see VARARGIN)
% Choose default command line output for steg
handles.output = hObject;
% Update handles structure
guidata(hObject, handles);
% UIWAIT makes steg wait for user response (see UIRESUME)
% uiwait(handles.figure1);
% --- Outputs from this function are returned to the command line.
function varargout = steg_OutputFcn(hObject, eventdata, handles)
% varargout cell array for returning output args (see VARARGOUT);
% hObject handle to figure
% eventdata reserved - to be defined in steg future version of MATLAB
% handles structure with handles and user data (see GUIDATA)
% Get default command line output from handles structure
varargout{1} = handles.output;
% --- Executes on button press in mat.
function mat_Callback(hObject, eventdata, handles)
College Name Page 58
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
% hObject handle to mat (see GCBO)
% eventdata reserved - to be defined in steg future version of MATLAB
% handles structure with handles and user data (see GUIDATA)
mat
% --- Executes on button press in itu.
function itu_Callback(hObject, eventdata, handles)
% hObject handle to itu (see GCBO)
% eventdata reserved - to be defined in steg future version of MATLAB
% handles structure with handles and user data (see GUIDATA)
itu
% --- Executes on button press in dec.
function dec_Callback(hObject, eventdata, handles)
% hObject handle to dec (see GCBO)
% eventdata reserved - to be defined in steg future version of MATLAB
% handles structure with handles and user data (see GUIDATA)
global var
% Loading the Image
[filename, pathname, filterindex]=uigetfile( ...
{'*.jpg','JPG File (*.bmp)'; ...
'*.*','Any Image file (*.*)'}, ...
'Pick an image file');
var=strcat(pathname,filename);
dec(var)
College Name Page 59
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Chapter 4
Conclusion & Future Scope
Steganography has its place in security. It is not intended to replace cryptography but
supplement it. Hiding a message with steganography methods reduces the chance of a message
being detected. However, if that message is also encrypted, if discovered, it must also be cracked
(yet another layer of protection).
There are an infinite number of steganography applications. This paper explores a tiny
fraction of the art of steganography. It goes well beyond simply embedding text in an image.
Steganography does not only pertain to digital images but also to other media (files such as
voice, other text and binaries; other media such as communication channels, the list can go on
and on). Consider the following example:
A person has a cassette tape of Pink Floyd's "The Wall." The plans of a Top Secret
project (e.g., device, aircraft, covert operation) are embedded, using some steganographic
method, on that tape. Since the alterations of the "expected contents" cannot be detected,
(especially by human ears and probably not easily so by digital means) these plans can cross
borders and trade hands undetected. How do you detect which recording has the message?
This is a trivial (and incomplete) example, but it goes far beyond simple image encoding
in an image with homogeneous regions. Part of secrecy is selecting the proper mechanisms.
Consider encoding using an Mandelbrot image [Hastur].
In and of itself, steganography is not a good solution to secrecy, but neither is simple
substitution and short block permutation for encryption. But if these methods are combined, you
have much stronger encryption routines (methods).
College Name Page 60
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
For example (again over simplified): If a message is encrypted using substitution
(substituting one alphabet with another), permute the message (shuffle the text) and apply a
substitution again, then the encrypted ciphertext is more secure than using only substitution or
only permutation. NOW, if the ciphertext is embedded in an [image, video, voice, etc.] it is even
more secure. If an encrypted message is intercepted, the interceptor knows the text is an
encrypted message. With steganography, the interceptor may not know the object contains a
message.
College Name Page 61
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
References:
1. [Aura95] Tuomas Aura, "Invisible Communication," EET 1995,
2. [Brassil-Infocom95] J. Brassil, S. Low, N. Maxemchuk, L. O’Goram, "Document Marking and Identification using Both Line and Word Shifting," Infocom95,
3. [Brassil-Infocom94] J. Brassil, S. Low, N. Maxemchuk, L. O’Goram, "Electronic Marking and Identification Techniques to Discourage Document Copying,"
4. [Brassil-CISS95] J. Brassil, S. Low, N. Maxemchuk, L. O’Goram, "Hiding Information in Document Images," CISS95,
5. [JDJ01] Neil F. Johnson, Zoran Duric, Sushil Jajodia, Information Hiding: Steganography and Watermarking - Attacks and Countermeasures Kluwer Academic Press, Norwrll, MA, New York, The Hague, London, 2000.
6. [Kahn67] David Kahn, The Codebreakers, The Macmillan Company. New York, NY 1967.
7. [Kurak92] C. Kurak, J. McHugh, "A Cautionary Note On Image Downgrading," IEEE Eighth Annual Computer Security Applications Conference, 1992. pp. 153-159.
8. [Norman73] Bruce Norman, Secret Warfare, Acropolis Books Ltd. Washington, DC 1973.
9. [Zevon] Warren Zevon, Lawyers, Guns, and Money. Music track released in the albums Excitable Boy, 1978; Stand in the Fire, 1981; A Quiet Normal Life, 1986; Learning to Flinch, 1993.
10. [Zim48] Herbert S. Zim, Codes and Secret Writing, William Marrow and Company. New York, NY, 1948.
College Name Page 62
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Appendix - A
Steganography: Hiding Data Within Data
Cryptography — the science of writing in secret codes — addresses all of the elements necessary
for secure communication over an insecure channel, namely privacy, confidentiality, key
exchange, authentication, and non-repudiation. But cryptography does not always provide
safe communication.
Consider an environment where the very use of encrypted messages causes suspicion. If a
nefarious government or Internet service provider (ISP) is looking for encrypted
messages, they can easily find them. Consider the following text file; what else is it likely
to be if not encrypted?
qANQR1DBwU4D/TlT68XXuiUQCADfj2o4b4aFYBcWumA7hR1Wvz9rbv2BR6WbEUsy
ZBIEFtjyqCd96qF38sp9IQiJIKlNaZfx2GLRWikPZwchUXxB+AA5+lqsG/ELBvRa
c9XefaYpbbAZ6z6LkOQ+eE0XASe7aEEPfdxvZZT37dVyiyxuBBRYNLN8Bphdr2zv
z/9Ak4/OLnLiJRk05/2UNE5Z0a+3lcvITMmfGajvRhkXqocavPOKiin3hv7+Vx88
uLLem2/fQHZhGcQvkqZVqXx8SmNw5gzuvwjV1WHj9muDGBY0MkjiZIRI7azWnoU9
3KCnmpR60VO4rDRAS5uGl9fioSvze+q8XqxubaNsgdKkoD+tB/4u4c4tznLfw1L2
YBS+dzFDw5desMFSo7JkecAS4NB9jAu9K+f7PTAsesCBNETDd49BTOFFTWWavAfE
gLYcPrcn4s3EriUgvL3OzPR4P1chNu6sa3ZJkTBbriDoA3VpnqG3hxqfNyOlqAka
mJJuQ53Ob9ThaFH8YcE/VqUFdw+bQtrAJ6NpjIxi/x0FfOInhC/bBw7pDLXBFNaX
HdlLQRPQdrmnWskKznOSarxq4GjpRTQo4hpCRJJ5aU7tZO9HPTZXFG6iRIT0wa47
AR5nvkEKoIAjW5HaDKiJriuWLdtN4OXecWvxFsjR32ebz76U8aLpAK87GZEyTzBx
dV+lH0hwyT/y1cZQ/E5USePP4oKWF4uqquPee1OPeFMBo4CvuGyhZXD/18Ft/53Y
WIebvdiCqsOoabK3jEfdGExce63zDI0=
=MpRf
College Name Page 63
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
The message above is a sentence in English that is encrypted using Pretty Good Privacy (PGP),
probably the most commonly used e-mail encryption software today. Besides being
nonsensical to a casual reader, the other indication that this is encrypted is that the
characters comprising the message appear more-or-less at random and do not adhere to
the relative frequency counts that one would expect in a non-encrypted message.
Encrypted data sticks out like a sore thumb.
Steganography is the science of hiding information. Whereas the goal of cryptography is to make
data unreadable by a third party, the goal of steganography is to hide the data from a third
party. In this article, I will discuss what steganography is, what purposes it serves, and
will provide an example using available software.
STEGANOGRAPHY
There are a large number of steganographic methods that most of us are familiar with (especially
if you watch a lot of spy movies!), ranging from invisible ink and microdots to secreting
a hidden message in the second letter of each word of a large body of text and spread
spectrum radio communication. With computers and networks, there are many other
ways of hiding information, such as:
Covert channels (e.g., Loki and some distributed denial-of-service tools use the Internet
Control Message Protocol, or ICMP, as the communications channel between the "bad
guy" and a compromised system)
Hidden text within Web pages
Hiding files in "plain sight" (e.g., what better place to "hide" a file than with an important
sounding name in the c:\winnt\system32 directory?)
Null ciphers (e.g., using the first letter of each word to form a hidden message in an
otherwise innocuous text)
College Name Page 64
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Steganography today, however, is significantly more sophisticated than the examples above
suggest, allowing a user to hide large amounts of information within image and audio
files. These forms of steganography often are used in conjunction with cryptography so
that the information is doubly protected; first it is encrypted and then hidden so that an
adversary has to first find the information (an often difficult task in and of itself) and then
decrypt it.
There are a number of uses for steganography besides the mere novelty. One of the most widely
used applications is for so-called digital watermarking. A watermark, historically, is the
replication of an image, logo, or text on paper stock so that the source of the document
can be at least partially authenticated. A digital watermark can accomplish the same
function; a graphic artist, for example, might post sample images on her Web site
complete with an embedded signature so that she can later prove her ownership in case
others attempt to portray her work as their own.
Stego can also be used to allow communication within an underground community. There are
several reports, for example, of persecuted religious minorities using steganography to
embed messages for the group within images that are posted to known Web sites.
STEGANOGRAPHIC METHODS
The following formula provides a very generic description of the pieces of the steganographic
process:
cover_medium + hidden_data + stego_key = stego_medium
In this context, the cover_medium is the file in which we will hide the hidden_data, which may
also be encrypted using the stego_key. The resultant file is the stego_medium (which will,
of course. be the same type of file as the cover_medium). The cover_medium (and, thus,
the stego_medium) are typically image or audio files. In this article, I will focus on image
files and will, therefore, refer to the cover_image and stego_image.
College Name Page 65
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Before discussing how information is hidden in an image file, it is worth a fast review of how
images are stored in the first place. An image file is merely a binary file containing a
binary representation of the color or light intensity of each picture element (pixel)
comprising the image.
Images typically use either 8-bit or 24-bit color. When using 8-bit color, there is a definition of
up to 256 colors forming a palette for this image, each color denoted by an 8-bit value. A
24-bit color scheme, as the term suggests, uses 24 bits per pixel and provides a much
better set of colors. In this case, each pix is represented by three bytes, each byte
representing the intensity of the three primary colors red, green, and blue (RGB),
respectively. The Hypertext Markup Language (HTML) format for indicating colors in a
Web page often uses a 24-bit format employing six hexadecimal digits, each pair
representing the amount of red, blue, and green, respectively. The color orange, for
example, would be displayed with red set to 100% (decimal 255, hex FF), green set to
50% (decimal 127, hex 7F), and no blue (0), so we would use "#FF7F00" in the HTML
code.
The size of an image file, then, is directly related to the number of pixels and the granularity of
the color definition. A typical 640x480 pix image using a palette of 256 colors would
require a file about 307 KB in size (640 • 480 bytes), whereas a 1024x768 pix high-
resolution 24-bit color image would result in a 2.36 MB file (1024 • 768 • 3 bytes).
To avoid sending files of this enormous size, a number of compression schemes have been
developed over time, notably Bitmap (BMP), Graphic Interchange Format (GIF), and
Joint Photographic Experts Group (JPEG) file types. Not all are equally suited to
steganography, however.
GIF and 8-bit BMP files employ what is known as lossless compression, a scheme that allows
the software to exactly reconstruct the original image. JPEG, on the other hand, uses
lossy compression, which means that the expanded image is very nearly the same as the
College Name Page 66
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
original but not an exact duplicate. While both methods allow computers to save storage
space, lossless compression is much better suited to applications where the integrity of
the original information must be maintained, such as steganography. While JPEG can be
used for stego applications, it is more common to embed data in GIF or BMP files.
The simplest approach to hiding data within an image file is called least significant bit (LSB)
insertion. In this method, we can take the binary representation of the hidden_data and
overwrite the LSB of each byte within the cover_image. If we are using 24-bit color, the
amount of change will be minimal and indiscernible to the human eye. As an example,
suppose that we have three adjacent pixels (nine bytes) with the following RGB
encoding:
10010101 00001101 11001001
10010110 00001111 11001010
10011111 00010000 11001011
Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually
compressed prior to being hidden): 101101101. If we overlay these 9 bits over the LSB of
the 9 bytes above, we get the following (where bits in bold have been changed):
10010101 00001100 11001001
10010111 00001110 11001011
10011111 00010000 11001011
Note that we have successfully hidden 9 bits but at a cost of only changing 4, or roughly 50%, of
the LSBs.
This description is meant only as a high-level overview. Similar methods can be applied to 8-bit
color but the changes, as the reader might imagine, are more dramatic. Gray-scale
images, too, are very useful for steganographic purposes. One potential problem with any
College Name Page 67
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
of these methods is that they can be found by an adversary who is looking. In addition,
there are other methods besides LSB insertion with which to insert hidden information.
Without going into any detail, it is worth mentioning steganalysis, the art of detecting and
breaking steganography. One form of this analysis is to examine the color palette of a
graphical image. In most images, there will be a unique binary encoding of each
individual color. If the image contains hidden data, however, many colors in the palette
will have duplicate binary encodings since, for all practical purposes, we can't count the
LSB. If the analysis of the color palette of a given file yields many duplicates, we might
safely conclude that the file has hidden information.
But what files would you analyze? Suppose I decide to post a hidden message by hiding it in an
image file that I post at an auction site on the Internet. The item I am auctioning is real so
a lot of people may access the site and download the file; only a few people know that the
image has special information that only they can read. And we haven't even discussed
hidden data inside audio files! Indeed, the quantity of potential cover files makes
steganalysis a Herculean task.
A STEGANOGRAPHY EXAMPLE
There are a number of software packages that perform steganography on just about any software
platform; readers are referred to Neil Johnson's list of steganography tools at
http://www.jjtc.com/Steganography/toolmatrix.htm. Some of the better known packages
for Windows NT and Windows 2000 systems include:
Hide4PGP (http://www.heinz-repp.onlinehome.de/Hide4PGP.htm)
MP3Stego (http://www.cl.cam.ac.uk/~fapp2/steganography/mp3stego/)
Stash (http://www.smalleranimals.com/stash.htm)
Steganos (http://www.steganos.com/english/steganos/download.htm)
College Name Page 68
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
S-Tools (available from http://www.webattack.com/download/dlstools.shtml)
FIGURE 1. The cover_image (5th wave.gif), hidden_data file (virusdetectioninfo.txt),
College Name Page 69
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
and stego_key.
The following examples come from Andy Brown's S-Tools for Windows. S-Tools allows users
to hide information into BMP, GIF, or WAV files. The basic scheme of the program is
straight-forward; you drag an image or audio file into the S-Tools active window to act as
the cover_medium, drag the hidden_data file onto the cover_medium, and then provide a
stego_key for encryption. The result is the stego_medium. All of this is shown in Figure
1:
1. I highlighted the GIF image file 5th wave.gif and dragged it to the S-Tools active window.
Note that S-Tools reports that up to 138,547 bytes can be hidden in this image file.
2. I next highlighted a 14 KB text file called virusdetectioninfo.txt and dragged it onto the
image file in S-Tools.
3. A dialog box pops up telling me that I am hiding 6,019 bytes of data and asks for a passphrase with
which to encrypt the hidden text; the default secret key crypto scheme used by S-Tools is the
International Data Encryption Algorithm (IDEA).
College Name Page 70
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
FIGURE 3. Extracting hidden information from the image file.
College Name Page 72
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
4. Once the image file has been received, the user merely drags the file to S-Tools and right-clicks over the image, specifying the Reveal option. A dialog box will pop up requesting the passphrase. Figure 3 shows the information about the hidden archive file, and allows the user to open the file.
College Name Page 73
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Appendix – B
MATLAB
MATLAB is a numerical computing environment and fourth generation programming
language. Developed by The MathWorks, MATLAB allows matrix manipulation, plotting of
functions and data, implementation of algorithms, creation of user interfaces, and interfacing
with programs in other languages. Although it is numeric only, an optional toolbox uses the
MuPAD symbolic engine, allowing access to computer algebra capabilities. An additional
package, Simulink, adds graphical multidomain simulation and Model-Based Design for
dynamic and embedded systems.
In 2004, MathWorks claimed that MATLAB was used by more than one million people
across industry and the academic world.[
MATLAB (meaning "matrix laboratory") was invented in the late 1970s by Cleve
Moler, then chairman of the computer science department at the University of New Mexico. He
designed it to give his students access to LINPACK and EISPACK without having to learn
Fortran. It soon spread to other universities and found a strong audience within the applied
mathematics community. Jack Little, an engineer, was exposed to it during a visit Moler made to
Stanford University in 1983. Recognizing its commercial potential, he joined with Moler and
Steve Bangert. They rewrote MATLAB in C and founded The MathWorks in 1984 to continue
its development. These rewritten libraries were known as JACKPAC. [citation needed] In 2000,
MATLAB was rewritten to use a newer set of libraries for matrix manipulation, LAPACK.
MATLAB was first adopted by control design engineers, Little's specialty, but quickly spread to
many other domains. It is now also used in education, in particular the teaching of linear algebra
and numerical analysis, and is popular amongst scientists involved with image processing.
College Name Page 74
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Variables
Variables are defined with the assignment operator, =. MATLAB is dynamically typed,
meaning that variables can be assigned without declaring their type, except if they are to be
treated as symbolic objects[6], and that their type can change. Values can come from constants,
from computation involving values of other variables, or from the output of a function. For
example:
>> x = 17x = 17>> x = 'hat'x =hat>> x = [3*4, pi/2]x = 12.0000 1.5708>> y = 3*sin(x)y = -1.6097 3.0000
Vectors/Matrices
MATLAB is a "Matrix Laboratory", and as such it provides many convenient ways for
creating vectors, matrices, and multi-dimensional arrays. In the MATLAB vernacular, a vector
refers to a one dimensional (1×N or N×1) matrix, commonly referred to as an array in other
programming languages. A matrix generally refers to a 2-dimensional array, i.e. an m×n array
where m and n are greater than or equal to 1. Arrays with more than two dimensions are referred
to as multidimensional arrays.
MATLAB provides a simple way to define simple arrays using the syntax:
init:increment:terminator. For instance:
>> array = 1:2:9
array =
1 3 5 7 9
College Name Page 75
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
defines a variable named array (or assigns a new value to an existing variable with the name
array) which is an array consisting of the values 1, 3, 5, 7, and 9. That is, the array starts at 1 (the
init value), increments with each step from the previous value by 2 (the increment value), and
stops once it reaches (or to avoid exceeding) 9 (the terminator value).
>> array = 1:3:9
array =
1 4 7
the increment value can actually be left out of this syntax (along with one of the colons), to use a
default value of 1.
>> ari = 1:5
ari =
1 2 3 4 5
assigns to the variable named ari an array with the values 1, 2, 3, 4, and 5, since the default value
of 1 is used as the incrementer.
Indexing is one-basedwhich is the usual convention for matrices in mathematics. This is atypical
for programming languages, whose arrays more often start with zero.
Matrices can be defined by separating the elements of a row with blank space or comma and
using a semicolon to terminate each row. The list of elements should be surrounded by square
brackets: []. Parentheses: () are used to access elements and subarrays (they are also used to
denote a function argument list).
>> A = [16 3 2 13; 5 10 11 8; 9 6 7 12; 4 15 14 1]A = 16 3 2 13 5 10 11 8 9 6 7 12 4 15 14 1 >> A(2,3)
College Name Page 76
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
ans =
11
Sets of indices can be specified by expressions such as "2:4", which evaluates to [2, 3, 4]. For
example, a submatrix taken from rows 2 through 4 and columns 3 through 4 can be written as:
>> A(2:4,3:4)
ans =
11 8
7 12
14 1
A square identity matrix of size n can be generated using the function eye, and matrices of any
size with zeros or ones can be generated with the functions zeros and ones, respectively.
>> eye(3)
ans =
1 0 0
0 1 0
0 0 1
>> zeros(2,3)
ans =
0 0 0
0 0 0
>> ones(2,3)
ans =
1 1 1
1 1 1
Most MATLAB functions can accept matrices and will apply themselves to each element. For
example, mod(2*J,n) will multiply every element in "J" by 2, and then reduce each element
College Name Page 77
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
modulo "n". MATLAB does include standard "for" and "while" loops, but using MATLAB's
vectorized notation often produces code that is easier to read and faster to execute. This code,
excerpted from the function magic.m, creates a magic square M for odd values of n (MATLAB
function meshgrid is used here to generate square matrices I and J containing 1:n).
[J,I] = meshgrid(1:n);
A = mod(I+J-(n+3)/2,n);
B = mod(I+2*J-2,n);
M = n*A + B + 1;
Semicolon
Unlike many other languages, where the semicolon is used to terminate commands, in MATLAB
the semicolon serves to suppress the output of the line that it concludes.
Graphics
Function plot can be used to produce a graph from two vectors x and y. The code:
x = 0:pi/100:2*pi;y = sin(x);plot(x,y)
produces the following figure of the sine function:
College Name Page 78
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Three-dimensional graphics can be produced using the functions surf, plot3 or mesh.
[X,Y] = meshgrid(-10:0.25:10,-10:0.25:10);f = sinc(sqrt((X/pi).^2+(Y/pi).^2));mesh(X,Y,f);axis([-10 10 -10 10 -0.3 1])xlabel('{\bfx}')ylabel('{\bfy}')zlabel('{\bfsinc} ({\bfR})')hidden off
[X,Y] = meshgrid(-10:0.25:10,-10:0.25:10);f = sinc(sqrt((X/pi).^2+(Y/pi).^2));surf(X,Y,f);axis([-10 10 -10 10 -0.3 1])xlabel('{\bfx}')ylabel('{\bfy}')zlabel('{\bfsinc} ({\bfR})')
This code produces a wireframe 3D plot of the two-dimensional unnormalized sinc function:
This code produces a surface 3D plot of the two-dimensional unnormalized sinc function:
Object-Oriented Programming
MATLAB's support for object-oriented programming includes classes, inheritance, virtual dispatch, packages, pass-by-value semantics, and pass-by-reference semantics.[8]
classdef hello methods function doit(this) disp('hello') end endend
When put into a file named hello.m, this can be executed with the following commands:
>> x = hello;>> x.doit;hello
College Name Page 79
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Limitations
For a long time there was criticism that because MATLAB is a proprietary product of
The MathWorks, users are subject to vendor lock-in. Recently an additional tool called the
MATLAB Builder under the Application Deployment tools section has been provided to deploy
MATLAB functions as library files which can be used with .NET or Java application building
environment. But the drawback is that the computer where the application has to be deployed
needs MCR (MATLAB Component Runtime) for the MATLAB files to function normally.
MCR can be distributed freely with library files generated by the MATLAB compiler.
MATLAB, like Fortran, Visual Basic and Ada, uses parentheses, e.g. y = f(x), for both
indexing into an array and calling a function. Although this syntax can facilitate a switch
between a procedure and a lookup table, both of which correspond to mathematical functions, a
careful reading of the code may be required to establish the intent.
Many functions have a different behavior with matrix and vector arguments. Since
vectors are matrices of one row or one column, this can give unexpected results. For instance,
function sum(A) where A is a matrix gives a row vector containing the sum of each column of A,
and sum(v) where v is a column or row vector gives the sum of its elements; hence the
programmer must be careful if the matrix argument of sum can degenerate into a single-row
array. While sum and many similar functions accept an optional argument to specify a direction,
others, like plot, do not, and require additional checks. There are other cases where MATLAB's
interpretation of code may not be consistently what the user intended[citation needed] (e.g. how spaces
are handled inside brackets as separators where it makes sense but not where it doesn't, or
backslash escape sequences which are interpreted by some functions like fprintf but not directly
by the language parser because it wouldn't be convenient for Windows directories). What might
be considered as a convenience for commands typed interactively where the user can check that
MATLAB does what the user wants may be less supportive of the need to construct reusable
code.[citation needed]
College Name Page 80
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Array indexing is one-based which is the common convention for matrices in
mathematics, but does not accommodate any indexing convention of sequences that have zero or
negative indices. For instance, in MATLAB the DFT (or FFT) is defined with the DC component
at index 1 instead of index 0, which is not consistent with the standard definition of the DFT in
any literature. This one-based indexing convention is hard coded into MATLAB, making it
difficult for a user to define their own zero-based or negative indexed arrays to concisely model
an idea having non-positive indices.
Code written for a specific release of MATLAB often does not run with earlier releases
as it may use some of the newer features. To give just one example: save('filename','x') saves the
variable x in a file. The variable can be loaded with load('filename') in the same MATLAB
release. However, if saved with MATLAB version 7 or later, it cannot be loaded with MATLAB
version 6 or earlier. As workaround, in MATLAB version 7 save('filename','x','-v6')
generates a file that can be read with version 6. However, executing save('filename','x','-
v6') in version 6 causes an error message.
Interactions with other languages
MATLAB can call functions and subroutines written in the C programming language or
Fortran. A wrapper function is created allowing MATLAB data types to be passed and returned.
The dynamically loadable object files created by compiling such functions are termed "MEX-
files" (for MATLAB executable).
Libraries written in Java, ActiveX or .NET can be directly called from MATLAB and
many MATLAB libraries (for example XML or SQL support) are implemented as wrappers
around Java or ActiveX libraries. Calling MATLAB from Java is more complicated, but can be
done with MATLAB extension, which is sold separately by MathWorks.
Through the MATLAB Toolbox for Maple, MATLAB commands can be called from within the
Maple Computer Algebra System, and vice versa.
College Name Page 81
AN IMAGE STEGNOGRAPHY IMPLEMENTATION FOR JPEG-COMPRESSED IMAGES
Alternatives
MATLAB has a number of competitors.
There are free open source alternatives to MATLAB, in particular GNU Octave, FreeMat, and
Scilab which are intended to be mostly compatible with the MATLAB language (but not the
MATLAB desktop environment). Among other languages that treat arrays as basic entities (array
programming languages) are APL and its successor J, Fortran 95 and 2003, as well as the
statistical language S (the main implementations of S are S-PLUS and the popular open source
language R).
There are also several libraries to add similar functionality to existing languages, such as Perl
Data Language for Perl and SciPy together with NumPy and Matplotlib for Python.
College Name Page 82