1

Steganography

Security through obscurity

stegano graphycovered writing

The art of hiding information in ways that prevents the detection of hidden messages.

(≈hide a small needle of information in a large hay stack of dummy information).

Added level of protection to cryptography

2

Traditional techniques

Invisible ink

Microdots

Character arrangement

Spread spectrum

WW II

Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetables oil.

Apparently neutral’s protest isthoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetables oil.

Pershing sails from NY June 1.

3

Today

Dear Friend ; You made the right decision when you signed up for our mailing list . This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 1621 , Title 5 , Section 301 ! This is not a get rich scheme ! Why work for somebody else when you can becomerich inside 84 DAYS ! Have you ever noticed how long the line-ups are at bank machines and people love convenience ! Well, now is yourchance to capitalize on this ! WE will help YOU SELL MORE and SELL MORE . The best thing about our system is that it is absolutely risk free for you . But don't believe us . Mrs Jones who resides in Virginia tried us and says "Now I'm rich, Rich, RICH" . This offer is 100% legal. ...

www.spammimmic.com

== ‘Password: 123abc’

Overview

Message

Encrypt message

Embed in cover data

Message

Decrypt message

Remove from cover data

Insecure channel

4

Criteria for a good algorithm

• Perceptual transparency + -/+• Hiding capacity + -• Robustness - +

• Computational complexity - -/+

Stegano Watermark

Least Significant Bit insertion (LSB)

01101011 10100101 00101101 11111101 00011001 01100001

11101000 10000111 10101111 00101101 00011101 11100000

01101011 10101101 00101101 11101101 00000001 01100011

H 01001000

e 01100101

l 01101100

l 01101100

o 01101111

01101010 10100101 00101100 11111100 00011001 01100000

11101000 10000110 10101110 00101101 00011101 11100000

01101010 10101101 00101100 11101101 00000000 01100011

H 01001000

e 01100101

l 01101100

l 01101100

o 01101111

Header

Image raster

5

Bit 0Bit 2Bit 3Bit 4Bit 5Bit 6Bit 7OriginalBit 1

Structure at bit index

Hiding data in single bit (35kb)

Bit 7Bit 6Bit 5Bit 4Bit 3Bit 2Bit 1Bit 0

6

LSB

Diff(x,y)=abs(f(x,y)-f_stego(x,y))*200

LSB in uncompressed images

• Ease of detection depends on size and placement of payload.

• High capacity (93kb for a 500*500 image).

• Very easy to destroy.

• Computationally inexpensive

7

GIF files

Unsorted Sorted

Gif images have max 256 distinct colours. Each pixel indexes into colour table.

= Sort colour table and use LSB insertion in image raster.

=Hide info in the arrangement og the colour table itself. 255bit - 1.6 kbit.

GIF files (S-Tools)

Original +40 kb

8

GIF files (S-Tools)

Diff(x,y)=abs(f(x,y)-f_stego(x,y))*3

Frequency domain (JPG)

T (u,v)f (x,y) T’ (u,v)DCT T (u,v) / Q(u,v)

9

Hiding information in frequency domain

LSB in n last coefficients

Relative size of two medium /(low) frequency coefficients

Hiding information in spatial domainT (u,v)f (x,y) T’ (u,v)

IDCT T’ (u,v) * Q(u,v)

JPG steganography (JPHS)

Original + 4kb data

10

Diff(x,y)=abs(f(x,y)-f_stego(x,y))*50

JPG steganography (JPHS)

Detecting hidden contentPerceptual transparency not good enough!

First order statistics: Changes in frequency distribution of pixels values (histogram changes)

As with cryptography, counterattack has to be tailored to stenographic algorithm, as each reduces image structure in characteristic ways (statistical signatures).

Before After

11

Detecting hidden content

Higher order statistics: Detect lack of correlation/covariance between pixels in LSB.

JPG: Not all patterns of DCT coefficients possible after quantization.

Model expected level of entropy and compare to measured. (Add random noise to LSB).