A New Steganographic Method Based on the Run Length of the Stego-Message

7/29/2019 A New Steganographic Method Based on the Run Length of the Stego-Message

1/10

1

A New Steganographic Method Based on the Run Length of the Stego-Message

Eyas El-Qawasmeh and Alaa Alomari

Jordan University of Science and Technology

[email protected]

Abstract.

This work will propose a new method called threshold based method to conserve and

hide a message in a cover image using least significant bits of colored image. This

method is based on the Run-Length of the secret message. However, the runs-down

will be stored in the red components of the image, while the runs-up will be stored inthe green components of the image. The blue component has a special use, i.e. it is

used as a parity bit to ensure that the hidden message did not face any distortion or

modification and to indicate the end of the hidden message. The proposed method is

not robust against modification, and it can hide large amount of data inside the cover

image. Experimental results of this method showed that the suggested method has a

very good image quality when comparing it with other tools.

Keywords: threshold, Run-Length, run-down, run-up.

1- Introduction

Steganography is a combination of two Greek words which are stegano which means

secret or covered, and graphy which means writing [3, 16]. Steganography prevents

intruders from recognizing a secret message or secret communication, i.e. it is a way

to hide the existence of communication [16]. A famous example is the prisoner

problem [1]; in this problem Alice and Bob are arrested in a jail. They plan how to

escape from the jail by exchanging images between them. Thus, they communicate

via images by hiding the secret message inside the transmitted image. But any sent

image will be checked by Wendy, the warden. Wendy may be an active or passivewarden. In the case of a passive warden, she examines the image carefully, if she has

any evidence that the image is a stego image, she will take the appropriate action. Butif the image sounds free from a hidden message, she will pass it as it is (without any

modification). On the other hand, if Wendy plays the role of an active warden, she

will alter and modify the image even if she does not note anything in the sent image.

There are four key terms in steganography and they should be known for whomever

reads about steganography. The first term is the cover medium which is the medium

that is used to hide the secret message inside it. The second one is the secret or

embedded message which is the data that need to be hidden in the cover medium and

sometimes it is calledstego-message. The third term is thestego-medium which is the

output of embedding the secret message inside the cover medium. The last term is the

stegokey which is the key point in security, and it is used to extract the stego messagefrom the stego medium [15].


2/10

2

Steganography may use any cover medium to hide the stego message. The cover

medium can be an image, sound, video, text or network packet, or any file format that

resists the small changes in its bit sequences. However, the image is the most suitable

cover medium since it can hide a large amount of data in the cover image [8].

We should note that the cover-medium and the stego-medium must be of the sametype, but the embedded-message (stego-message) may be of a different type. The

stego-key is not of the backbone of the steganography system because the assumption

that the eavesdropper does not have any information or background about the usedalgorithm in the steganography [11].

Any steganography technique should focus on two main constraints:

1- Difficulty in detecting the stego message and extracting it in cases that

the attacker has complete knowledge about the algorithm of embedding

which refers to Kerckhoffs principle [5, 9, 13, 15].

2- Maximizing the amount of data that can be hidden in the cover medium[9, 15].

Steganography can be classified into two main categories which are technicalsteganography and linguistic steganography. Technical steganography depends on a

scientific methods such as invisible ink, while linguistic steganography uses a cover

message to transfer the stego message [8].

This paper is organized as follows: section two shows some steganographic tools.

Section three shows the proposed method. Section four is the performance analysis.

And section five is the conclusion.

2 Current Related Work and Steganographic Tools

There are a lot of software products and tools used to hide a secret message inside

a cover medium, audio or image. Some of these image Steganographic products

are shown in table 1 [2, 7, 10, 14], and some of them will be represented briefly.

Software Technique Autour Image format

Hide and Seek Image Domain (LSB) Colin Maroney GIF

Mandelsteg Image Domain (LSB) Henry Hastur GIF

Steganos Image Domain (LSB) Steganos GmbH BMPStegoDos Image Domain (LSB) Back Wolf GIF, PCX

S-Tools Image Domain (LSB) Andrew Brown BMP, GIF

Stego Image Domain (LSB) Romana Machado GIF

Ezstego Image Domain (LSB) Romana Machado GIF, PICT

White Noise Storm Image Domain (LSB) Ray Arachelian PCX

Jpeg/Jsteg Transform Domain Derek Upham JPEG

JPHide Transform Domain Allan Latham JPEG

Outguess Transform Domain Niels Provos JPEG, PNG

PictureMarc Transform Domain Digimarc

Corporation

JPEG

SysCop Transform Domain MediaSec MPEG-1,


3/10

3

TechnologiesLLC

MPEG-2

Table 1: List of some steganographic tools

2-4-1 Jpeg/Jsteg

JSTEG is a tool introduced by Derek Upham to work with a different platform.

JSTEG does not support any encryption level to the hidden message, and it uses

the LSB of the DCT coefficients which are scaled using the quantization table.

JSTEG scans the block in a zigzag order that is shown in figure 2-2, where the

used coefficients in the hiding process are neither -1, 0, nor 1. After inserting the

sub-stream bits in the block, the jpeg compression is accomplished normally, and

the stego-image is obtained [4, 10, 14].

Korejwa has developed a new tool derived from JSTEG to work as windows userinterface. This tool is called JSTEG-Shell. Here, an encryption is applied to the

secret message to work as a second level of security. Stream Cipher RC4 with akey space restricted to 40 bits is the encryption algorithm that is used in the

JSTEG-Shell [14].

2-4-2 JPHide

JPHIDE Tool is more modern than JSTEG, and it has two versions; 3 and 5.Version 5 provides an additional compression to the stego message. As in JSTEG,it uses the quantized DCT coefficients. But the coefficients used here are selected

pseudo randomly according to a fixed table that contains the coefficients. These

coefficients are sorted downwardly by the probability of having a high value, (the

coefficients are sorted in a way that selects the most probably numerically high at

first). The advantage of JPHide over JSTEG is that the use of pseudo random

makes the message that hidden by JPHide more difficult to be detected [10, 14].

2-4-3Steganos

Maybe, this is the most powerful security tool [12]. It is a security suit that uses asecond level of security by applying encryption standard AES with 128 bits. This

1 2 6 7 15 16 28 29

3 5 8 14 17 27 30 43

4 9 13 18 26 31 42 44

10 12 19 25 32 41 45 54

11 20 24 33 40 46 53 55

21 23 34 39 47 52 56 61

22 35 38 48 51 57 60 62

36 37 49 50 58 59 63 64

Figure 2-2: Zigzag scanning

method


4/10

4

security tool includes file encryption and hiding, e-mail encryption, and password

manager and generator [6].

Steganos hides the secret message in the LSB of the image spatial domain of BMP

file. In addition, it can hide the secret message inside DIB, VOC, WAVE, ASCII, and

HTML files.

2-4-4 S-Tools

This tool seems to be the easiest tool. It uses the RGB of the image to hide the secret

message [12]. The cover medium can be GIF, WAV, or BMP files.

S-Tools can hide more than one file in the same cover medium. To encrypt the secret

file, it uses IDEA, DES, Triple DES, or MDC encryption algorithm. However, this

tool compresses the secret files (if the compression process is required) and then hides

them in the bit-stream of the cover medium.

3- Proposed method

The proposed method is based on the idea of identifying a threshold for R, a threshold

for G, and a threshold for B. These thresholds may be considered as a key between the

sender and receiver. They are also used to identify the embeddable pixels. Pseudo-

random number generator can be used to identify the location of a pixel in the

embeddable area. However, this method depends on the computation of run up and

down of the message to indicate the number of bits that will be used in the hidden

process from any embeddable pixel. Run is the sequence of observations or data of

the same category occurred consecutively; run down is a sequence of zeros and therun up is the sequence of ones occurred successively. The following algorithm

expresses the fundamental operations employed in the hiding process of this method.

Algorithm Threshold_Method

Begin

1- Determine the thresholds for R, G, and B (user defined thresholds). By using

these thresholds, the embeddable area can be recognized. Any pixel that hasvalues for R, G and B less than the given threshold for R, G and B respectively

will be considered an embeddable pixel. Otherwise, this pixel is not anembeddable pixel.

//minimize the required space of the image that will be used to hide the stego

//message by adapting the number of bits that will be used in the embedding

//process.

2- Compute runs up and runs down to the binary representation of the stego

message to detect the number of bits (E) that will be used to embed the

message.

//choose the least one, two, or three significant bits will depend on the message//itself.


5/10

5

3- Choose exactly the least significantEbits of each embeddable pixel to

store the data inside.

4- Start the hiding process as follows:

a. The first embeddable pixel will identify the number of bits used to

perform the hiding process.

If (L1SB ( R ) = 1) and (L1SB ( G ) = L1SB ( B ) = 0) then

Use L1SB.

If (L1SB ( R ) = L1SB ( G ) = 1) and the (L1SB ( B ) = 0) then

Use L2SB.

If L1SB ( R ) = L1SB ( G ) = L1SB ( B ) = 1

Use L3SB.

b. The number of bits that will be used in the hiding process will bespecified only for R and G. While in the B spectrum, only the L1SB

will be always used, and this bit will be used as a parity bit to ensure

that the data is hidden correctly in the extraction process, this parity bit

will be zero if the count of the hidden bits (from the secret message) in

R and G is odd, and one if the count of the hidden bits is even.

// in any embeddable pixel, the R part will be used to hide the current run

//down or part of it, and the G part will be used to hide the current run up//or part of it.

c. Store the number of consecutive 0s of the stego-message inside the

least Ebits of the red component of the selected pixels. It is expected

that at most 2E 1 consecutive 0s can be stored in the red component

of one pixel. In case that the number of consecutive 0s is greater than

2E 1, the remainder of 0s bits is stored at the next pixel in the red

component.

d. Store the number of consecutive 1s of the stego-message inside theleastEbits of the green component of the selected pixels. It is expected

that at most 2E

1 consecutive 1s can be stored in the greencomponent of one pixel, in case of the number of consecutive 1s is

greater than 2E 1, the remainder of 0s bits is stored at the next pixel

in the green part.

e. If (the stego message bit stream is completely hidden) then

stop the hiding process by making the number of the hidden

bits in the current embeddable pixel equal to zero (i.e. LSB(s)

of R and G are zeros) and the parity bit is also zero (i.e. L1SB

(B) is zero).

End


6/10

6

Extracting the message is simply accomplished by using the same thresholds for R, G

and B, and by using the same pseudo-random number generator. Thus, the receiver

will extract the specified number of bits from each traversed pixel (the specified

number is determined by the first embedding pixel which identifies the number of bits

used in the hiding process).

Note that, if the thresholds which have been defined are (X, Y, Z) for RGB

respectively, then the algorithm avoids hiding part of the secret message inside any

pixel with one of the following cases:

1- Red component value X 2E.

2- Green component Y 2E.

3- Blue component Z 2.

This is because the argument of the pixel may exceed the given threshold after

hiding part of data inside it. For example assume that the defined threshold for the

red component is 129 and the E value is 2 (where 2 is the number of bits that willbe used from the red and green components). In the case of encountering a pixelwith R=128 = (10000000)b and hiding run down of length 3 inside it, the new

value for R will be (10000011)b = 131. Thus, this pixel will not be recognized as

an embeddable pixel during the extraction process because the red value exceeds

the given red threshold. So, if the algorithm encounters any pixel with this case, it

will store a run down of length zero inside the red component of this pixel, store a

run up of length zero inside green component of it and so the blue component

(parity bit) will be one.

4 Performance analysis

This section introduces a comparison between the proposed method (Threshold based

method) and some steganographic tools. This comparison compares the proposedmethod with JPHide steganographic tool. The type of images that were used in the

comparison are JPEG images with image quality factor equal to 95% and imagedimensions equal to 125 x 125. S-Tools will be used to compare the threshold method

for BMP images with image dimensions equal to 125 x 125.

The measurements which are used to prove the efficiency of the proposed method are

Mean Square Error (MSE), Peak Signal to Noise Ratio (PSNR), Pearson Correlation

Coefficient (Corr.), and Structural Content (SC). MSE is the expected value for thesquare error between the input and output images, the smaller value for MSE is, the

better image quality and the smallest distortion on the image will be.

PSNR is used to represent the ratio between the maximum value of the signal and the

quantity of distortion or noise. It is measured by decibel which is abbreviated by dB.

Here, the larger value for PSNR indicates the better image quality.

Pearson Correlation Coefficient is a statistical and numerical measurement for the

linear relationship between the input and the output images. Correlation value may be

ranged from -1 to 1 where the perfect negative correlation is at -1, no correlation is at

zero, and the perfect positive correlation is at 1.


7/10

7

the Structural Content (SC) is a correlation based measurement. Here, this measure

measures the similarity between the input and the output image. Thus, it works as

complementary for measurements which based on pixel difference like MSE and

PSNR

the first experiment was to do comparison with the JPHide tool.

The image shown in figure 4-1-a is the Lena image and it is stored as JPEG image

with a 95% image quality factor.

After embedding 512 bytes in the image, the stego images were as is shown in figure

4-1-b and 4-1-c, and the image quality measures are shown in table 4-1.

Table 4-1 points out that the Threshold based method is the better than JPHide..

However, to ensure the obtained indication, other comparisons are performed with

128, 256, and 384 bytes. Note that the comparison cannot be applied for 1024 bytes,

this is because JPHide cannot hold this amount of hidden data inside Lena test image.

The results of the full comparison are shown in the same table.

MSE

Method 128 256 384 512

JPHide 0.082 0.086 0.087 0.082

Threshold 0.018 0.036 0.054 0.072

PSNR

Method 128 256 384 512

JPHide 58.983 58.744 58.695 58.963

Threshold 65.490 62.505 60.791 59.553

CorrMethod 128 256 384 512

JPHide 0.99998 0.99998 0.99998 0.99998

Threshold 0.99999 0.99999 0.99998 0.99998

SC

Method 128 256 384 512

JPHide 0.99985 0.99988 0.99989 0.99991

Threshold 0.99992 0.99983 0.99974 1.00024

Table 4-1: comparison between JPHide and Threshold

a: Original JPEG

image

b: JPEG Stego image

using JPHide

c: JPEG Stego image

using Threshold

Figure 4-1: JPEG cover and stego image


8/10

8

The second part of experiment is to compare our suggested approach with S-Tools.

Figure 4-2 part a shows a 125 x 125 BMP image that is used in the comparison with

S-Tools.

After embedding 512 bytes in the image that appears in figure 4-3, the obtained result

is shown in table 4-2 and figure 4-2:As for JPHide a full comparison is shown in table 4-3. The results obtained from the

table show that the threshold method is comparable with S-ToolsMSE

Method 128 256 384 512

S-Tools 0.009792 0.0091306 0.011456 0.012053333

Threshold 0.01819733 0.0357547 0.053696 0.072085

PSNR

Method 128 256 384 512

S-Tools 68.2220895 68.525778 67.540474 67.31973194

Threshold 65.5307261 62.597476 60.831384 59.55233

Corr

Method 128 256 384 512

S-Tools 0.9999974 0.9999976 0.999997 0.999996988

Threshold 0.99999565 0.9999916 0.9999879 0.99998

SC

Method 128 256 384 512

S-Tools 1.00000001 0.9999991 1.0000098 0.999997405

Threshold 0.99991828 0.999825 0.9997343 0.999645574

Table 4-3: comparison between S-Tools and Threshold

5 Conclusions

The proposed steganographic method, which is called threshold method aims to hide a

secret message in the spatial domain of the cover image. Threshold method is based

on the run length of the secret message. In this method the key will be the thresholdvalues that are used to identify the embedding pixels. Threshold method may use

PRNG to improve security, i.e. by using PRNG the hiding process chooses theembeddable pixels from the embeddable area in a random manner. However, in this

method, one of the encryption algorithms can be used to encrypt the secret message inorder to improve the security.

a: Original BMP

imageb: BMP Stego image

usin S-Tools

c: BMP Stego image

usin Threshold

Figure 4-2: BMP cover and stego images


9/10

9

A comparison was performed between the threshold method with JPHide and S-

Tools. The result of the comparison with JPHide (hiding in a JPEG image) shows that

the threshold method gives the better image quality. While the result of comparison

with S-Tools (hiding in a BMP image) points out that the threshold method is

comparable with S-Tools.

However, when hiding a secret message in the spatial domain of a JPEG image, it

should be stored with a high image quality in order to maximize the robustness

against detection.

References

Avcibas I., Memon N., and Sankur B.: Steganalysis Using Image Quality Metrics.

IEEE Transactions On Image Processing, Vol. 12 No. 2 (2003) P.P. 221

229.

Bayer P., and Widenfors H.: Information Hiding Steganographic Content inStreaming Media. Master thesis, Blekinge Institute of Technology, Sweden

(2002).

Besdok, E.: Hiding Information In Multispectral Spatial Images. InternationalJournal AEU of Electronics and Communications, Vol. 59 (2005) P.P.15

24.

Chang C.C., Chen T.S., and Chung L.Z.: A Steganographic Method Based Upon

JPEG And Quantization Table Modification. An International Journal ofInformation Sciences Vol. 141 (2002) P.P. 123 138.

Fridrich J.: A New Steganographic Method for Palette-Based Images. IS&T PICS,

Savannah, Georgia (1999) P.P. 285289.

Information about Steganos tool (online) [accessed 2005 august]. Available from

URL http://www.snapfiles.com/get/steganos.html.

Johnson N.F., and Jajodia S.: Exploring Steganography: Seeing the Unseen. IEEEComputer Magazine Vol. 31 No. 2 (1998) P.P. 26 34.

Kessler G.C.: An Overview of Steganography for the Computer Forensics

Examiner. FBI Forensic Science Communications, Vol. 6 No. 3 (2004) P.P.

1 29.

Lenti J.: Steganographic Methods. Periodica Polytechnica Ser. El. Eng. Vol. 44

No. 3-4 (2000) P.P. 249 258.

McBride B.T., Peterson G.L., and Gustafson SC.: A New Blind Method for

Detecting Novel Steganography. Digital Invstigation Vol. 2 (2005) P.P. 50 70.


10/10

10

Moskowitz I.S., Longdon G.E., and Chang L.W.: A New Paradigm Hidden in

Steganography. Proceedings of the 2000 Workshop on New Security

Paradigms, New York (2000) P.P. 4150.

Phrack Magazine. Steganography Thumbprinting. Volume 8, Issue 52 January

26, 1998, article 08 of 20.

Popa R.: An Analysis Of Steganographic Techniques. Master Thesis, The

"Politehnica" University of Timisoara, Romania (1998).

Provos N, and Honeyman P.: Detecting Steganographic Content on the Internet.

CITI Technical Report 01-11; Center for Information Technology

Integration. University of Michigan (2001).

Steganography and Digital watermarking: a global view. (online) [accessed august

2005]; available from URL

http://lia.deis.unibo.it/Courses/RetiDiCalcolatori/Progetti00/fortini/project.pdf

Toz F.G., Palancioglu H.M., and Besdok E.: Hidden Communication in

Frequency Domain For Information Exchange, Proceedings of ISPRS 2004,

Istanbul, Turkey (2004) P.P. 326 330..

A New Steganographic Method Based on the Run Length of the Stego-Message

Documents

Transcript of A New Steganographic Method Based on the Run Length of the Stego-Message