i nformation h iding : s teganography dr. shahriar bijani shahed university sep 2014
TRANSCRIPT
INFORMATION HIDING:STEGANOGRAPHYDr. Shahriar Bijani
Shahed University
Sep 2014
2
SLIDES REFERENCES
Stefan Katzenbeisser & Fabien A. Petitcolas, Information hiding techniques for steganography and digital watermarking, 2000, chapter 2.
CS 4953, The Hidden Art of Steganography, University of Texas at St Antonio, 2005.
Sanjay Goel, Watermarking & Steganography, University at Albany, State University of New York.
Anastasios Tefas , Information HidingContent Verification, Dept. of Informatics, Aristotle University of Thessaloniki.
THE PRISONER’S PROBLEM
Alice and Bob are in jail and want to device an escape plan.
Alice and Bob can communicate, but all their communications pass through Wendy, the warden.
Options for private communication:encryption:
Wendy will suspect something is up and frustrate their plan by placing them in solitary confinement.
data hiding:Wendy can’t find or prove that there is secret communication, Alice and Bob have a secure channel in which to communicate.
THE PRISONER’S PROBLEM
Yes
THE PRISONERS’ PROBLEM MODEL
NoEmbedding Algorithm
CoverMessage
Stego Message
SecretKey
SecretMessag
e
Message Retrieval Algorithm
Secret Message
Secret Key
Is Stego Message
?
Suppress
Message
Alice Wendy Bob
Steganographic algorithms are in general based on replacing noise component of a digital object with a to-be-hidden message.
FRAMEWORKS FOR SECRET COMMUNICATION A general model of a cryptographic system has already emerged.
Alice randomly chooses a cover c using her private random source r and embeds the message m in c using a key k, creating the stego-object s to pass on to Bob. Bob reconstructs m with the key k he shares with Alice.
Key generation facility
Cover i
Cover i
Randomness r
Alice
Bob
7
TYPES OF INFORMATION HIDING
In the literature there are basically three types of steganosystems (steganographic protocols):
Pure: no key is needed for the detection of the secret message.
Secret key: the embedding and the detection of the message is done using a secret key.
Public key: message embedding using a secret key and detection using a public key.
8
KIRCHOFFOV PRINCIPLE
Kirchoffov principle holds also for
steganography: Security of the system
should not be based on hiding the
embedding algorithm, but on hiding the
key.
9
STEGOSYSTEM DEFINITIONS: PURE
Pure stegosystem S = á C, M, E, D ń, where C is the set of possible covers, M is the set of secret messages, |C| ł |M|, E: C ´ M ® C is the embedding function and D: C ® M, is the extraction function, with the property that D(E(c,m)) = m, for all m Î M and c Î C.
Security of the pure stegosystems depends completely on its secrecy (≠ Kirchoffov principle ). On the other hand, security of other two stegosystems depends on the secrecy of the key used.
10
STEGOSYSTEM DEFINITIONS: SECRET KEY
Secret-key (asymetric) stegosystem S = á C, M, K , EK, DKń, where C is the set of possible covers, M is the set of secret messages with |C| ł |M|, K is the set of secret keys, EK:C ´ M ´ K ® C, DK:C ´ K ® M with the property that DK(EK(c,m,k),k) = m for all m Î M , c Î C and k Î K.
11
PUBLIC-KEY STEGANOGRAPHY
Similarly as in case of the public-key cryptography, 2 keys are used: a public-key E for embedding and a private-key D for recovering.
It is often useful to combine such a public-key stegosystem with a public-key cryptosystem.
For example, in case Alice wants to send a message m to Bob, encode first m using Bob’s public key eB, then make embedding of eB(m) using process E into a cover and sends the resulting stegotext to Bob, who recovers eB(m) using D and then decrypts it, using decryption function dB.
12
A STEGANOGRAPHIC KEY-EXCHANGE PROTOCOL
13
STEGANALYSIS: SIMILARITY Similarity function: Let C be a nonempty set. A function sim :
C2 (-, 1] is called similarity function on C, if for x, y C sim(x,y) =1 x=y
sim(x,y) <1 x≠y In the case of digital images or digital sound the
correlation between two signals can be used as a similarity function.
Therefore, most practical steganographic systems try to fulfil the condition sim(c, E(c, m)) ≈ 1 for all m ∈ M and c ∈ C.
Application: a cover can randomly be chosen. Instead, the sender could also look through the database of usable covers and select one that the embedding process will change the least: c= max sim(x,E(x,m)) xC
STEGANALYSIS: :PERFECT SECRECY OF STEGOSYSTEMS
A formal information-theoretic definition of the security of steganographic systems (Cachin, 1998). The main idea: the selection of a cover as a random variable C with
probability distribution Pc
In order to define secrecy of a stegosystems we need to consider probability distribution PC on the set C of covers; probability distribution PM on the set M of secret messages; probability distribution PK on the set K of keys; probability distribution PS on the set
{ EK(c, m, k), | c Î C, m Î M, k Î K } of stego objects (the set of all stego-objects produced by the steganographic system)
The basic related concept is that of the relative entropy D (P1||P2) of two probability distributions P1 and P2 defined on a set Q by
which measures the inefficiency of assuming that the distribution on Q is P2 where the true distribution is P1.
,lg
2
1121
Qq qP
qPqPPPD
STEGANALYSIS: PERFECT SECRECY OF STEGOSYSTEMS
Let S be a stegosystem, PC the probability distribution on covers C and PS the probability distribution of the stego objects and e > 0. S is called e-secure against passive attackers, if
D (PC || PS ) Ł e
and perfectly secure if e = 0.
A perfectly secure stegosystem can be constructed out of ONE TIME-PAD CRYPTOSYSTEM
Theorem There exist perfectly secure stegosystems.
STEGANALYSIS: PERFECT SECRECY OF STEGOSYSTEMS
PROBLEMS WITH CACHIN DEFINITION
Problems: In practice, leads to assumption that cover and
stego object (e.g. image) is a sequence of independent, identically distributed random variables
Works well with random bit streams, but real life cover objects have a rich statistical structure
There are examples for which D(X||Y)=0 but other related statistics are non-zero and might enable detection by steganalysis
There are some alternative definitions but they have their own set of problems.
19
STEGANOGRAPHIC HIDING TECHNIQUES
STEGANOGRAPHIC HIDING TECHNIQUES
Substitution techniquesPut a message in redundant or noisy parts of a cover
Transform domain techniquesEmbed information in the transform space of the signal (e.g. in the frequency domain).
Spread spectrum techniquesMessage is spread across frequency spectrum of cover
Statistical methodsAlter some statistical properties of the cover
Distortion techniquesStore message by altering the cover slightly and detecting the change from the original
Cover generation methodsdo not embed messages in randomly chosen cover, but create covers that fit a message.
BASIC SUBSTITUTION TECHNIQUESLSB substitution: the LSB (Least Significant Bit) of an i-th
binary block cki is replaced by the bit mi of the secret message. The methods differ by techniques how to determine ki for a given i. For example, ki+1 = ki + ri, where ri is a sequence of numbers
generated by a pseudo-random generators.
Substitution into parity bits of blocks. If parity bit of the block cki is mi, then the block cki is not changed; otherwise one of its bits is changed.
Substitution in binary images. If image ci has more (less) black pixels than white pixels and mi = 1 (mi = 0), then ci is not changed; otherwise the portion of black and white pixels is changed (by making changes at those pixels that are neighbors of pixels of the opposite color).
Substitution in unused or reserved space in computer systems.
LSB SUBSTITUTION
Replaces least significant bits with the message to be encoded
Most popular technique when dealing with images
Simple, but susceptible to lossy compression and image manipulation
WHY DIGITAL IMAGE AS A COVER?
It is the most widely used medium being used today
Takes advantage of human’s limited visual perception of colors
This field is expected to continually grow as computer graphics power also grows
Many programs are available to apply steganography
IMAGE ATTRIBUTES
Digital images are made up of pixels
The arrangement of pixels make the image
8-bit and 24-bit images are common
The larger the image size, the more
information you can hide. However, larger
images may require compression to avoid
detection
25
AN LSB EXAMPLE FOR A 24-BIT PIXEL
An Example of Hiding character ‘A’
Red Component Green Component Blue Component
pixel 0 00100111 11101001 11001000pixel 1 00100111 11001000 11101001pixel 2 11001000 00100111 11101001
Red Component Green Component Blue Component
pixel 0 00100111 11101000 11001000pixel 1 00100110 11001000 11101000pixel 2 11001001 00100111 11101001
3 Pixels of a cover image
Replacing ‘A’ (10000011) as LSBs in the Stego-image
LSB SUBSTITUTION …
Best to use a grayscale palette or one with gradual changes in shades
Otherwise, it is best to use images with “noisy areas” – areas with ample color variation and without large areas of solid color
GRAYSCALE PALLETE RED PALLETE
“NOISY AREAS” - EXAMPLE
Renoir painting
LBS ExampleCover image:1336*1753 image (6.07 MB),
Secret massage: 1,489,024 characters (1.70 MB)
Cover ImageSecret message
LBS Example: an image in a cover image
1-bit replacement
Stego-image
Secret message
Stego image
2-bit replacement
Secret message
Stego image
3-bit replacement
Secret message
Stego image
Secret message
4-bit replacement
Stego image
Secret message
5-bit replacement
Stego image
Secret message
6-bit replacement
Stego image
Secret message
7-bit replacement
LSB - USES
Storing passwords and/or other confidential information
Covert communication of sensitive data
Speculated uses in terrorist activities Being widely used to hide and/or transfer
illegal content
40
DIFFERENT LSB TECHNIQUES
Different approaches in LSB
Change LSB of pixels in a random walk
Change LSB of subsets of pixels (i.e. around
edges)
Increment/decrement the pixel value instead
of flipping the LSB
41
LSB: PROS & CONS Advantages/Disadvantages
Easy to implement Scalability Does not stand up to compression Vulnerable to even small cover modifications.