Data_Hiding2
-
Upload
aniket-deshpande -
Category
Documents
-
view
216 -
download
0
Transcript of Data_Hiding2
-
8/7/2019 Data_Hiding2
1/53
Data Hiding
http://www.jjtc.com/stegdoc/sec302.html
Dr. Leonard Popyack
With lots of help from my friends,Richard Simard, Neil Johnson, Jiri
Fredrick
-
8/7/2019 Data_Hiding2
2/53
Data Hiding Many forms: in text, watermarks, audio, images,
MP3s, video
Much different than Cryptography(codes andciphers)
Steganography is the art and science ofcommunicating in a way which hides the existence
of the communication. Watermarking imprints a distinctive mark so that
one can use it for identification purposes.
-
8/7/2019 Data_Hiding2
3/53
Definition: Data EmbeddingSecure adding of information contentto a data product,using mathematical techniques which workat the primitive level of digital data products, with
no perceptual degradation to data product integrity,and no additions to data size.
Technological Basis for ResearchTechnological Basis for Research
Chaos Theory
Spread Spectrum Techniques
Transforms (wavelets, random, DCT, )
Coding Theory
Cryptography
Theory of Human Perception
Information Hiding, Protection, & Authentication
-
8/7/2019 Data_Hiding2
4/53
Conflicting Requirements / Trade-offs
-
8/7/2019 Data_Hiding2
5/53
Information Hiding, Protection, & Authentication
SteganographySteganography = origins in Greek
covered writing, covert communication
-
8/7/2019 Data_Hiding2
6/53
Steganography The goal of steganography is to hide
messages inside other harmless messages in
a way that does not allow any enemy to
even detect that there is a second secret
message present" [Markus Kuhn 1995-07-03]
-
8/7/2019 Data_Hiding2
7/53
History of Steganography In ancient Greece, text was written on wax
covered tablets. In one story Demeratus wanted to
notify Sparta that Xerxes intended to invadeGreece. To avoid capture, he scraped the wax off
of the tablets and wrote a message on the
underlying wood. He then covered the tablets with
wax again. The tablets appeared to be blank andunused so they passed inspection by sentries
without question.
-
8/7/2019 Data_Hiding2
8/53
History of Steganography
Shave the head of a messenger and tattoo a
message or image on the messengers head.
After allowing his hair to grow, the message
would be undetected until the head was
shaved again.
-
8/7/2019 Data_Hiding2
9/53
History of Steganography Invisible inks. Such inks were used with much
success as recently as WWII. An innocent letter
may contain a very different message writtenbetween the lines [Zim48]. Early in WWII
steganographic technology consisted almost
exclusively of invisible inks [Kahn67].
Common sources for invisible inks are milk,vinegar, fruit juices and urine. All of these darken
when heated.
-
8/7/2019 Data_Hiding2
10/53
History of Steganography more sophisticated inks were developed
which react to various chemicals. Some
messages had to be "developed" much as
photographs are developed with a number
of chemicals in processing labs.
-
8/7/2019 Data_Hiding2
11/53
Null ciphers
(unencrypted messages)
The real message is "camouflaged" in an
innocent sounding message.
Due to the "sound" of many open coded
messages, the suspect communications were
detected by mail filters.
However "innocent" messages were
allowed to flow through
-
8/7/2019 Data_Hiding2
12/53
Null ciphers (Example)News Eight Weather: Tonight
increasing snow. Unexpected
precipitation smothers easterntowns. Be extremely cautious and
use snowtires especially heading
east. The highways are knowingly
slippery. Highway evacuation is
suspected. Police report
emergency situations in downtown
ending near Tuesday.
-
8/7/2019 Data_Hiding2
13/53
Null ciphers (Example)News Eight Weather: Tonight
increasing snow. Unexpected
precipitation smothers easterntowns. Be extremely cautious and
use snowtires especially heading
east. The highways are knowingly
slippery. Highway evacuation is
suspected. Police report
emergency situations in downtown
ending near Tuesday.
Newt is upset because he thinks he is
President.
-
8/7/2019 Data_Hiding2
14/53
-
8/7/2019 Data_Hiding2
15/53
Actually sent by a German Spy in
WWII [Kahn67]:
Apparently neutral's protest is
thoroughly discounted and ignored.
Isman hard hit. Blockade issue affectspretext for embargo on by products,
ejecting suets and vegetable oils.
Taking the second letter in each word the
following message emerges:
Pershing sails fromNY June 1.
-
8/7/2019 Data_Hiding2
16/53
Microdots The Germans developed microdot technology
which FBI Director J. Edgar Hoover referred to as
"the enemy's masterpiece of espionage." Microdots are photographs the size of a printed
period having the clarity of standard-sized
typewritten pages. The first microdots were
discovered masquerading as a period on a typedenvelope carried by a German agent in 1941.
-
8/7/2019 Data_Hiding2
17/53
-
8/7/2019 Data_Hiding2
18/53
Word ShiftingWe explore new steganographic and
cryptographic algorithms and
techniques throughout the world to
produce wide variety and security inthe electronic web called the
Internet.
We explore new steganographic and
cryptographic algorithms and
techniques throughout the world to
produce wide variety and security in
the electronic web called the
Internet.
-
8/7/2019 Data_Hiding2
19/53
Word ShiftingWe explore new steganographic and
cryptographic algorithms and
techniques throughout the world to
produce wide variety and security inthe electronic web called the
Internet.
We explore new steganographic and
cryptographic algorithms andtechniques throughout the worldto
produce wide variety and security in
the electronic web called the
Internet.
-
8/7/2019 Data_Hiding2
20/53
Software that Provide
Steganographic Services software enables information to be hidden
in graphic, sound and apparently "blank"
media.
StegoDos, etc (about 90-140 different
packages out there!)
-
8/7/2019 Data_Hiding2
21/53
Images There are usually two type of files used when
embedding data into an image.
The innocent looking image which will hold thehidden information is a "container."
A "message" is the information to be hidden. A
message may be plain-text, ciphertext, other
images or any thing that can be embedded in the
least significant bits (LSB) of an image.
-
8/7/2019 Data_Hiding2
22/53
Information Hiding, Protection, & Authentication
Steganography
Secret image874x666
(may also bedigital
documents,digital video,
digital sound,etc.)
Original carrier image1748x1332
Modified Carrier image1748x1332
Secretenciphered image
874x666
Secure covert communication using digital images
Methods determined byimage format and content
lossless (BMP) lossy (JPG) palette (GIF)
-
8/7/2019 Data_Hiding2
23/53
Example Carrier
Suppose we have a 24-bit image 1024 x 768
This may produce a file over 2 megabytes in size(1024x768x24/8 = 2,359,296 bytes).
All color variations are derived from three primarycolors, Red, Green and Blue.
Each primary color is represented by 1 byte (8 bits).
24-bit images use 3 bytes per pixel.
If information is stored in the least significant bit(LSB) of each byte, 3 bits can be a stored in eachpixel. The "container" image will lookidenticaltothe human eye, even if viewing the picture side by
side with the original.
-
8/7/2019 Data_Hiding2
24/53
Big Files! Unfortunately, 24-bit images are uncommon
They would draw attention to themselves
when being transmitted across a network.
Compression would be beneficial if not
necessary to transmit such a file. But file
compression may interfere with the storageof information.
-
8/7/2019 Data_Hiding2
25/53
Compression Lossless compression is preferred when there is a
requirement that the original information remain
intact (as with steganographic images). Theoriginal message can be reconstructed exactly.This type of compression is typical in GIF andBMP images.
Lossy compression, while also saving space, maynot maintain the integrity of the original image.This method is typical in JPG images and yieldsvery good compression.
-
8/7/2019 Data_Hiding2
26/53
Carrier Images Most steganographic software available
does not support, nor recommends, using
JPG files
best alternative to 24-bit images, is to use
256 color (or gray-scale) images. These are
the most common images found on theInternet in the form of GIF files. Each pixel
is represented as a byte (8-bits).
-
8/7/2019 Data_Hiding2
27/53
The PaletteMany authors of thesteganography software and
articles stress the use of gray-
scale images (those with 256
shades of gray or better)
[Arachelian, Aura95,
Kurak92, Maroney].
The importance is not whether
the image is gray-scale or not,
the importance is the degree to
which the colors change
between bit values.
-
8/7/2019 Data_Hiding2
28/53
-
8/7/2019 Data_Hiding2
29/53
Color Variations in the Palette
subtle changes in
color variations
Subtle color changes can be
seen in Figure 2, but other
color variances seem to be
rather drastic
-
8/7/2019 Data_Hiding2
30/53
Choice of Carrier Image Obviously, an image with large areas of
solid colors is a poor choice as variances
created from the embedded message will benoticeable in the solid areas
Like a cartoon!
-
8/7/2019 Data_Hiding2
31/53
Which is a better carrier
image?
-
8/7/2019 Data_Hiding2
32/53
Software Hide and Seek v4.1, StegoDos v0.90a,
White Noise Storm, and S-Tools for
Windows v3.00
-
8/7/2019 Data_Hiding2
33/53
Hide and Seek v 4.1
Hide and Seekversions 4.1 and 5.0 by ColinMaroney have limitations with minimum image
sizes (320 x 480). In version 4.1 if the image issmaller than the minimum, then the stego-image ispadded with black space. If the cover image islarger, the stego-image is cropped to fit. In version5.0 the same is true with minimum image sizes. If
any image exceeds 1024 x 768, an error messageis returned.
The Hide and Seek 1.0 for Windows 95 versionseems to have these issues resolved and is a much
improved steganography tool.
-
8/7/2019 Data_Hiding2
34/53
Hide and Seek4.1 is free software which containsa series of DOS programs that embed data in GIFfiles and comes with the source code.
Hide and Seekuses the Least Significant Bit ofeach pixel to encode characters, 8 pixels percharacter and spreads the data throughout the GIFin a somewhat random fashion. The larger the
message the more likely the resulting image willbe degraded. Since the data is dispersed"randomly" and the message file header isencrypted, there is no telling what is in an
embedded file. Unfortunately the hidden file can be no longer
than 19,000 bytes because the maximum displayused is 320 x 480 pixels. Each character takes 8pixels two hide ( (320x480)/8 = 19200).
-
8/7/2019 Data_Hiding2
35/53
Steganography is the art and science of communicating in a way
which hides the existence of the communication. In contrast to
cryptography, where the "enemy" is allowed to detect, intercept
and modify messages without being able to violate certain
security premises guaranteed by a cryptosystem, the goal of
steganography is to hide messages inside other "harmless"
messages in a way that does not allow any "enemy" to even detect
that there is a second secret message present [Markus Kuhn 1995-
07-03].
-
8/7/2019 Data_Hiding2
36/53
StegoDos StegoDos is also known as Black Wolf's Picture Encoder version
0.90a. This is Public Domain software written by Black Wolf(anonymous). This is a series of DOS programs that require far toomuch effort for the results. It will only work with 320x200 images with256 colors. To encode a message, one must:
1. Run GETSCR. This starts a TSR which will perform a screen capture
when PRINTSCREEN is pressed.2. View the image with a third-party image viewing software (notincluded with StegoDos) and press PRINTSCREEN to save the imagein MESSAGE.SCR.
3. Save your message to be embedded in the image as MESSAGE.DAT.
4. Run ENCODE. This will merge MESSAGE.DAT with
MESSAGE.SCR.5. Use a third party screen capturing program (not included with
StegoDos) to capture the new image from the screen.
6. Run PUTSCR and capture the image displayed on the screen.
-
8/7/2019 Data_Hiding2
37/53
-
8/7/2019 Data_Hiding2
38/53
-
8/7/2019 Data_Hiding2
39/53
White Noise Storm This application uses the Least Significant
Bit method with less success than the
others. It also appends an EOF (end of file)character to the end of the message. Even
with the EOF character, the message
retrieved from the altered imaged mostlikely contained garbage at the end.
-
8/7/2019 Data_Hiding2
40/53
-
8/7/2019 Data_Hiding2
41/53
White Noise Storm
WNS was designed based on the idea of spread spectrumtechnology and frequency hopping. "Instead of having Xchannels of communication which are changed with afixed formula and passkey. Eight channels are spreadwithin a number of 8-bits*Wbyte channels. W represents a
random sized window ofWbytes. Each of these eightchannels represents one single bit, so each window holdsone byte of information and a lot of unused bits. Thesechannels rotate among themselves, for instance bit 1 mightbe swapped with bit 7, or all the bits may rotate positions
at once. These bits change location within the window onthe byte level. The rules for this swapping are dictated notonly by the passphrase by also by the previous window'srandom data (similar to DES block encryption)"[Arachelian, RE: Steganography].
-
8/7/2019 Data_Hiding2
42/53
WNS WNS also used the Least Significant Bit (LSB) application
of steganography and applies this method to PCX8 files.The software extracts the LSBs from the container imageand stores them in a file. The message is encrypted andapplied to these bits to create a "new" set of LSBs. These
are then "injected" into the container image to create a newimage. The documentation that accompanies White NoiseStorm is well organized and explains some of the theorybehind the implementation of encryption andsteganography.
The main disadvantage of applying the WNS encryptionmethod to steganography is the loss of many bits that canbe used to hold information. Relatively large files must beused to hold the same amount of information othermethods provide.
-
8/7/2019 Data_Hiding2
43/53
-
8/7/2019 Data_Hiding2
44/53
S-Tools applies the LSB methods discussed before to bothimages and audio files. Due to the lack of resources, onlyimages were tested. Brown developed a very nice interface
with prompts and well developed on-line documentation.The only apparent limitations were the resources available.There were times large 24-bit images would bring theWindows to a halt. A very useful feature is a status linethat displays the largest message size that can be store in
an open container file. This saved the time of attempting tostore a message that is too large for a container. Afterhiding the message, the "new" image will be displayed andlet you toggle between the new and original images. Attimes the new image looked to be grossly distorted, but
after saving the new image looked nearly identical to theoriginal. This may be due to memory limitations. Onoccasion a saved image was actually corrupted and couldnot be read. A saved image should always be reviewedbefore sending it out.
-
8/7/2019 Data_Hiding2
45/53
S-Tools provided the most impressive results.
Unlike the obvious distortions in "A Cautionary
Note on Image Downgrading" [Kurak92], S-Tools
maintained remarkable image integrity. Thefollowing figure illustrates the text message M1
embedded in container C2.
-
8/7/2019 Data_Hiding2
46/53
Information Hiding, Protection, & Authentication
Compression 100:1 Additive Noise Dithering
Robust Digital Watermarking Copyright protection and fingerprinting
Original image
+ =
Watermark Watermarked image
The watermark can carry multiple bits, such as ID, metadata, etc.Requirements: Robustness against all kinds ofimage distortion,intentional removal, perceptual transparence
Detected bit-string = 10010110
Past and Ongoing Research
- Key-dependent transforms- Robustness to geometrical
attacks- Capacity vs. robustness
trade-off- Public watermark detector
Embedded bit-string = 10010110
-
8/7/2019 Data_Hiding2
47/53
Alliance Operations: Potential Application 3
Watermarked Images for Tamper Detection
Detection and localization of tampered/modified areas.
Logical extension: image self-repair.
Original, Watermarked Image
Verification Results
Fragile Watermark
Verification Results
Robust Watermark
Tampered Image
-
8/7/2019 Data_Hiding2
48/53
Non-adaptive steganography= modifications due to message
embedding are uncorrelated with image features. Examples are LSB
encoding in randomly selected pixels, modulation of randomly
selected frequency bins in a fixed band, etc.
Adaptive steganography= modifications are correlatedwith the
image content (features).
- Pixels carrying message bits are selected adaptively
depending on the image
- Avoiding areas of uniform color- Selecting pixels with large local standard deviation
Message recovery: Extract the same set of message carrying
pixels at the receiving end from the stego-image.
Adaptive Steganography
-
8/7/2019 Data_Hiding2
49/53
Divide pixels into good and bad pixels
Pixel is good if all four 2v2 squares containing
that pixel have three or more colors, otherwise
it is bad
For N message bits randomly choose N good
pixels, embedding the bits as color parities
If the parity of the pixel does not agree with
the message bit, choose the closest color that
preserves the goodness of that pixel
Adaptive Message embedding
Adaptive Message extraction
Determine the set of good and bad pixels
Generate the same random walk through the
good pixels
Message = parity of the colors of that walk
Four 2v2 squares
containing this pixel
Information Hiding, Protection, & Authentication
-
8/7/2019 Data_Hiding2
50/53
Secure Stego Comparison with EZ Stego: Maximal color change
500 %
Improvement
-
8/7/2019 Data_Hiding2
51/53
Conclusions
Steganography has its place in security. It is not
intended to replace cryptography but supplement
it. Hiding a message with steganography methodsreduces the chance of a message being detected.
However, if that message is also encrypted, if
discovered, it must also be cracked (yet another
layer of protection). There are an infinite number of steganography
applications
-
8/7/2019 Data_Hiding2
52/53
References
[Aura95] Tuomas Aura, "Invisible Communication," EET1995,
http://deadlock.hut.fi/ ste/ ste_html.html, ftp://saturn.hut.fi/ pub/ aaura/ ste1195.ps
[Brassil-Infocom95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,
"Document Marking and Identification using Both Line and Word Shifting," Infocom95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/
infocom95.ps.Z
[Brassil-Infocom94] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,
"Electronic Marking and Identification Techniques to Discourage Document Copying," Infocom94, ftp://ftp.research.att.com/ dist/ brassil/ 1994/
infocom94a.ps.Z. [Brassil-CISS95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,
"Hiding Information in Document Images," CISS95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/ ciss95.ps.Z.
[Kahn67] David Kahn, The Codebreakers,
The Macmillan Company. New York, NY 1967.
[Kurak92] C. Kurak, J. McHugh,
"A Cautionary Note On Image Downgrading," IEEEEighth AnnualComputerSecurity Applications Conference, 1992. pp. 153-159.
[Norman73] Bruce Norman, SecretWarfare,
Acropolis Books Ltd. Washington, DC 1973.
[Zim48] Herbert S. Zim, Codes and SecretWriting,
William Marrow and Company. New York, NY, 1948.
-
8/7/2019 Data_Hiding2
53/53
5.2. Software References
There are many other software applications available that provide steganographic results. This is just a sample of software available for the
PC platform. Every effort is being made to credit the authors of the software reviewed in this paper. However, some authors wish to remain
anonymous. Only links to software outside the United States are made below.
[Arachelian] Ray Arachelian, White Noise Storm,
Shareware 1992, 1993, 1994. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ wns210.zip.
[Brown] Andy Brown, S-Tools forWindows, Shareware 1994.
s-tools3.zip (version 3.0) s-tools4.zip (version 4.0 - not yet reviewed). [Hastur] Henry Hastur, Stealth forPGPv1.1,
ftp://ftp.netcom.com.
MandelStegv1.0 and GIFExtractv1.0, ftp://ftp.dsi.unimi.it/pub/security/crypt/code.
[Maroney] Colin Maroney, Hide and Seekv4.1, Freeware.
ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ hdsk41b.zip.
[JSteg] Independent JPEG Group, Jpeg-Jstegv 4.
ftp://ftp.funet.fi/ pub/ crypt/ steganography.
[StegoDos] Author alias: Black Wolf,
StegoDos - BlackWolf's Picture
Encoderv0.90B, Public Domain. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/stegodos.zip.
5.3. WEB Page Resources
AT&T Bell Laboratories Research Web Page,
http://www.research.att.com .
Carl Landwehr (ed), Cipher -
Electronic Newsletter of the IEEE Computer Societys TC on Security and Privacy, http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/
cipher/ (see also http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/ cipher/ cipher-links.html for an excellent listing of links to
organizations and publications related to security).
Codex Links to Law Enforcement, Security, Intelligence, Investigative and Other sites,
http://www.trcone.com/ t_links.html. Cypherpunks, ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ index.html.
Digimarc Corporation Web Site, http://www.teleport.com/~digimarc.
Electronic Privacy Information Center (EPIC), http://www.epic.org.
National Security Institute Library, http://nsi.org/ Library/ Library.html.
Security and Privacy Issues by Neil Johnson,
http://www.jjtc.com/Security .
Steganography News Mailing List maintained by Markus Kuhn.
Information about the list can be found at ../sec/steglist.htm.