Steganography
-Archana Sapkota
-Deepti Reddy
1
CS691 Summer 2009
What is it?
 The art and science of writing hidden messages in such a way
that no one, apart from the sender and intended recipient,
suspects the existence of the message.
"Boss said that we should blow up the bridge at midnight.”
2
CS691 Summer 2009
Cover Image and Stego-Image
3
CS691 Summer 2009
Some Terms….
• Cryptography:
- cryptography - concealing the content of messages
- steganography - concealing their existence
• Digital watermarking:
- Information is embedded into digital multimedia content such
that the watermark (information) can later be extracted and
detected for purposes such as copy prevention and control.
• Steganalysis
- Refers to the body of techniques that aid someone in
distinguishing between cover-objects and stego-objects.
4
CS691 Summer 2009
Prisoners Problem
Wendy
Is it stego??
Suppress Message
Bob
Alice
Extracting
algorithm
Embedding
algorithm
Secret key
5
Secret Message
CS691 Summer 2009
Cover Message
Hidden Message
Secret key
Some examples from past..
 Message tattooed on a slave’s shaved head.
 Al Qaida might have used it for 9/11.
 Use of invisible ink.
 Writing on wooden surface before applying wax in wax
table.
6
CS691 Summer 2009
Classification of Steganographic
systems
 Substitution system: Substitute the redundant parts of a cover
with a secret message.
 Transform Domain Techniques: Embed secret information in
a transform space of the signal (e.g. in the frequency domain).
 Spread Spectrum Techniques: Adopts ideas from spread
spectrum communication.
7
CS691 Summer 2009
Classification of Steganographic
systems
 Statistical Methods: Encode information by changing several
statistical properties and a cover and use hypothesis testing in the
extraction process.
 Distortion Techniques: Store information by signal distortion
and measure the deviation from the original signal in the decoding
step.
 Cover generation method: Encode information in the way a
cover for secret communication is created.
8
CS691 Summer 2009
Secure Steganographic System
 Kerckhoffs’principle:
The embedding algorithm is supposed to be known to the
public. Therefore, the embedding process may use an
embedding key so that only the legal user can successfully
extract the embedded data by using the corresponding
extraction key in the extraction process.
9
CS691 Summer 2009
Least Significant Bit Substitution
 Embedding process:
- Choose a subset of cover elements
- Exchange LSB of each element by 0 or 1
- Another approach is to use a 2-bit LSB
 Extraction process:
- Extract LSB of each cover element (either 1 or 2-bit)
- Line them up to reconstruct secret message
 Receiver must know the sequence of element indices used in the
embedding process.
10
CS691 Summer 2009
Problems with LSB substitution
 A strong assumption of a passive attacker that the small
changes in the carrier are not noticed.
 The main problem with this is the part of the image in which
the information is embedded has different statistical
properties than the rest of the image.
 Most image hiding techniques use uncompressed (BMP) or
lossless (GIF) cover images but take a lot of transmission
bandwidth and storage space.
11
CS691 Summer 2009
LSB substitution
 Pseudorandom- Slightly Better Approach:
- Use pseudorandom number generator
- Spread secret message over the cover in a random manner
- Distance between two embedded bits is determined
pseudorandomly
- Receiver should be aware of the seed and knowledge of the
number generator
12
CS691 Summer 2009
Problems with Pseudo-Random
 Alice creates a sequence j[1] through j[m] of element indices . Alice then
stores the kth message bit in the element with index j[k]
 Collisions - BAM!!!!!!!
- An index can appear more than once in a sequence
- Causes Alice to insert more than one message bit into one cover element
corrupting some
- The larger the secret message, the greater the chances of collisions
 Solution to this problem
- Alice keeps track of all cover elements which have been used for
substitution. If collision occurs, she discards the element and she chooses a
different cover element pseudo-randomly.
13
CS691 Summer 2009
JPEG steganography
 JPEG compression is based on the discrete cosine transform
(DCT), and reduces the visual redundancy to achieve good
compression performance.
 JPEG steganography uses the DCT coefficients to embed the
secret bits.
 J-Steg, OutGuess, F5 etc.
14
CS691 Summer 2009
Review of JPEG compression
 Compression:
Original Image
DCT
Quantization
Entropy
Encoding
Compressed
Code
 Decompression
Compressed
Code
15
CS691 Summer 2009
Entropy
Decoding
Dequantization
DCT
Reconstructed
Image
JPEG Steganography
 J-Steg :
Embeds the secret data by sequentially flipping the LSB of
the quantized DCT coefficients (except 0s and 1s) without
causing detectable artificial distortion.
16
CS691 Summer 2009
JPEG Steganography
OutGuess:
 In the first pass, the secret bits are embedded in the LSBs of
the quantized DCT coefficients (skipping 0s and 1s) along a
random walk.
 In the second pass, the histogram of the stego-image is
adjusted to match that of the cover-image.
17
CS691 Summer 2009
JPEG Steganography
F5:
 Instead of replacing the LSBs of the quantized DCT
coefficients with the secret bits, the absolute value of the
coefficient is decreased by 1.
 It also randomly chooses randomly DCT coefficients to
embed the secret bits.
18
CS691 Summer 2009
Steganalysis
 Refers to the body of techniques that aid someone in
distinguishing between cover-objects and stego-objects.
Theoretically expected
frequency distribution
in steganograms
19
CS691 Summer 2009
Sample distribution
observed in the
possibly changed
carrier
J-Steg Breaks
 Chi-Square Attack:
If the bits used for overwriting the least significant bits are
equally distributed, the frequencies of both values of each
PoV(Pair of Values) become equal.
 Extended chi-square method for smaller portion of the
images can detect the randomly scattered attack also.
20
CS691 Summer 2009
Chi-square attack on J-stag
21
CS691 Summer 2009
F5 Breaks
 Changes the histogram of DCT coefficients.
 The number of Zeros in the histogram increases.
 Algorithm(Histogram):
• Estimate the cover image histogram.
• Compare the stego-image histogram with cover image.
22
CS691 Summer 2009
Histogram Comparison
23
CS691 Summer 2009
OutGuess Breaks!!
 Not that easy to break with histogram!
 Algorithm (Re-embedding):
• Estimate the cover image
• Re-embed another message in possibly stego-image.
• Embed the same message in the estimated cover image.
• Results more noise in DCT and thus more discontinuities in
the estimated cover image than in stego-image.
24
CS691 Summer 2009
Attack on OutGuess
Colored graphs represent the different images taken for test.
25
CS691 Summer 2009
Complementary Embedding
 Secret bits are embedded in the cover-image by subtracting
one from or adding one to the non-zero DCT coefficients.
Stego key
DCT of Cover Image
Encrypted Message
Coefficient
Permutation
Coefficient
Separation
Secret Bit
Separation
Secret Bits
Embedding
Stego Image
26
CS691 Summer 2009
Entropy
Encoding
Coefficient
Combination
Coefficient DePermutation
Applications..
 Confidential communication and secret data storing
 Protection of data alteration
 Access control system for digital content distribution
 Media Database systems
Reference: http://www.datahide.com/BPCSe/applicationse.html
27
CS691 Summer 2009
References
 Liu, C. and Liao, S. 2008. High-performance JPEG steganography using
complementary embedding strategy. Pattern Recogn. 41, 9 (Sep. 2008), 29452955. DOI= http://dx.doi.org/10.1016/j.patcog.2008.03.005
 New Methodology for Breaking Steganographic Techniques for
JPEGs, with M. Goljan and D. Hogea, Proc. SPIE, Electronic Imaging, Security,
Steganography, andWatermarking of Multimedia ContentsV, Santa Clara, California,
pp. 143-155, 2003
 N. F. Johnson and S. Katzenbeisser, “A survey of steganographic techniques,” in
Information Hiding, S. Katzenbeisser and F. Petitcolas,Eds. Norwood, MA: Artech
House, 2000, pp. 43–78.
 Christian Cachin. An information-theoretic model for steganography.
Information and Computation, 192(1):41-56, July 2004. Parts of this paper
appeared in Proc. 2nd Workshop on Information Hiding, Springer, 1998
28
CS691 Summer 2009