Data_Hiding2

download Data_Hiding2

of 53

Transcript of Data_Hiding2

  • 8/7/2019 Data_Hiding2

    1/53

    Data Hiding

    http://www.jjtc.com/stegdoc/sec302.html

    Dr. Leonard Popyack

    With lots of help from my friends,Richard Simard, Neil Johnson, Jiri

    Fredrick

  • 8/7/2019 Data_Hiding2

    2/53

    Data Hiding Many forms: in text, watermarks, audio, images,

    MP3s, video

    Much different than Cryptography(codes andciphers)

    Steganography is the art and science ofcommunicating in a way which hides the existence

    of the communication. Watermarking imprints a distinctive mark so that

    one can use it for identification purposes.

  • 8/7/2019 Data_Hiding2

    3/53

    Definition: Data EmbeddingSecure adding of information contentto a data product,using mathematical techniques which workat the primitive level of digital data products, with

    no perceptual degradation to data product integrity,and no additions to data size.

    Technological Basis for ResearchTechnological Basis for Research

    Chaos Theory

    Spread Spectrum Techniques

    Transforms (wavelets, random, DCT, )

    Coding Theory

    Cryptography

    Theory of Human Perception

    Information Hiding, Protection, & Authentication

  • 8/7/2019 Data_Hiding2

    4/53

    Conflicting Requirements / Trade-offs

  • 8/7/2019 Data_Hiding2

    5/53

    Information Hiding, Protection, & Authentication

    SteganographySteganography = origins in Greek

    covered writing, covert communication

  • 8/7/2019 Data_Hiding2

    6/53

    Steganography The goal of steganography is to hide

    messages inside other harmless messages in

    a way that does not allow any enemy to

    even detect that there is a second secret

    message present" [Markus Kuhn 1995-07-03]

  • 8/7/2019 Data_Hiding2

    7/53

    History of Steganography In ancient Greece, text was written on wax

    covered tablets. In one story Demeratus wanted to

    notify Sparta that Xerxes intended to invadeGreece. To avoid capture, he scraped the wax off

    of the tablets and wrote a message on the

    underlying wood. He then covered the tablets with

    wax again. The tablets appeared to be blank andunused so they passed inspection by sentries

    without question.

  • 8/7/2019 Data_Hiding2

    8/53

    History of Steganography

    Shave the head of a messenger and tattoo a

    message or image on the messengers head.

    After allowing his hair to grow, the message

    would be undetected until the head was

    shaved again.

  • 8/7/2019 Data_Hiding2

    9/53

    History of Steganography Invisible inks. Such inks were used with much

    success as recently as WWII. An innocent letter

    may contain a very different message writtenbetween the lines [Zim48]. Early in WWII

    steganographic technology consisted almost

    exclusively of invisible inks [Kahn67].

    Common sources for invisible inks are milk,vinegar, fruit juices and urine. All of these darken

    when heated.

  • 8/7/2019 Data_Hiding2

    10/53

    History of Steganography more sophisticated inks were developed

    which react to various chemicals. Some

    messages had to be "developed" much as

    photographs are developed with a number

    of chemicals in processing labs.

  • 8/7/2019 Data_Hiding2

    11/53

    Null ciphers

    (unencrypted messages)

    The real message is "camouflaged" in an

    innocent sounding message.

    Due to the "sound" of many open coded

    messages, the suspect communications were

    detected by mail filters.

    However "innocent" messages were

    allowed to flow through

  • 8/7/2019 Data_Hiding2

    12/53

    Null ciphers (Example)News Eight Weather: Tonight

    increasing snow. Unexpected

    precipitation smothers easterntowns. Be extremely cautious and

    use snowtires especially heading

    east. The highways are knowingly

    slippery. Highway evacuation is

    suspected. Police report

    emergency situations in downtown

    ending near Tuesday.

  • 8/7/2019 Data_Hiding2

    13/53

    Null ciphers (Example)News Eight Weather: Tonight

    increasing snow. Unexpected

    precipitation smothers easterntowns. Be extremely cautious and

    use snowtires especially heading

    east. The highways are knowingly

    slippery. Highway evacuation is

    suspected. Police report

    emergency situations in downtown

    ending near Tuesday.

    Newt is upset because he thinks he is

    President.

  • 8/7/2019 Data_Hiding2

    14/53

  • 8/7/2019 Data_Hiding2

    15/53

    Actually sent by a German Spy in

    WWII [Kahn67]:

    Apparently neutral's protest is

    thoroughly discounted and ignored.

    Isman hard hit. Blockade issue affectspretext for embargo on by products,

    ejecting suets and vegetable oils.

    Taking the second letter in each word the

    following message emerges:

    Pershing sails fromNY June 1.

  • 8/7/2019 Data_Hiding2

    16/53

    Microdots The Germans developed microdot technology

    which FBI Director J. Edgar Hoover referred to as

    "the enemy's masterpiece of espionage." Microdots are photographs the size of a printed

    period having the clarity of standard-sized

    typewritten pages. The first microdots were

    discovered masquerading as a period on a typedenvelope carried by a German agent in 1941.

  • 8/7/2019 Data_Hiding2

    17/53

  • 8/7/2019 Data_Hiding2

    18/53

    Word ShiftingWe explore new steganographic and

    cryptographic algorithms and

    techniques throughout the world to

    produce wide variety and security inthe electronic web called the

    Internet.

    We explore new steganographic and

    cryptographic algorithms and

    techniques throughout the world to

    produce wide variety and security in

    the electronic web called the

    Internet.

  • 8/7/2019 Data_Hiding2

    19/53

    Word ShiftingWe explore new steganographic and

    cryptographic algorithms and

    techniques throughout the world to

    produce wide variety and security inthe electronic web called the

    Internet.

    We explore new steganographic and

    cryptographic algorithms andtechniques throughout the worldto

    produce wide variety and security in

    the electronic web called the

    Internet.

  • 8/7/2019 Data_Hiding2

    20/53

    Software that Provide

    Steganographic Services software enables information to be hidden

    in graphic, sound and apparently "blank"

    media.

    StegoDos, etc (about 90-140 different

    packages out there!)

  • 8/7/2019 Data_Hiding2

    21/53

    Images There are usually two type of files used when

    embedding data into an image.

    The innocent looking image which will hold thehidden information is a "container."

    A "message" is the information to be hidden. A

    message may be plain-text, ciphertext, other

    images or any thing that can be embedded in the

    least significant bits (LSB) of an image.

  • 8/7/2019 Data_Hiding2

    22/53

    Information Hiding, Protection, & Authentication

    Steganography

    Secret image874x666

    (may also bedigital

    documents,digital video,

    digital sound,etc.)

    Original carrier image1748x1332

    Modified Carrier image1748x1332

    Secretenciphered image

    874x666

    Secure covert communication using digital images

    Methods determined byimage format and content

    lossless (BMP) lossy (JPG) palette (GIF)

  • 8/7/2019 Data_Hiding2

    23/53

    Example Carrier

    Suppose we have a 24-bit image 1024 x 768

    This may produce a file over 2 megabytes in size(1024x768x24/8 = 2,359,296 bytes).

    All color variations are derived from three primarycolors, Red, Green and Blue.

    Each primary color is represented by 1 byte (8 bits).

    24-bit images use 3 bytes per pixel.

    If information is stored in the least significant bit(LSB) of each byte, 3 bits can be a stored in eachpixel. The "container" image will lookidenticaltothe human eye, even if viewing the picture side by

    side with the original.

  • 8/7/2019 Data_Hiding2

    24/53

    Big Files! Unfortunately, 24-bit images are uncommon

    They would draw attention to themselves

    when being transmitted across a network.

    Compression would be beneficial if not

    necessary to transmit such a file. But file

    compression may interfere with the storageof information.

  • 8/7/2019 Data_Hiding2

    25/53

    Compression Lossless compression is preferred when there is a

    requirement that the original information remain

    intact (as with steganographic images). Theoriginal message can be reconstructed exactly.This type of compression is typical in GIF andBMP images.

    Lossy compression, while also saving space, maynot maintain the integrity of the original image.This method is typical in JPG images and yieldsvery good compression.

  • 8/7/2019 Data_Hiding2

    26/53

    Carrier Images Most steganographic software available

    does not support, nor recommends, using

    JPG files

    best alternative to 24-bit images, is to use

    256 color (or gray-scale) images. These are

    the most common images found on theInternet in the form of GIF files. Each pixel

    is represented as a byte (8-bits).

  • 8/7/2019 Data_Hiding2

    27/53

    The PaletteMany authors of thesteganography software and

    articles stress the use of gray-

    scale images (those with 256

    shades of gray or better)

    [Arachelian, Aura95,

    Kurak92, Maroney].

    The importance is not whether

    the image is gray-scale or not,

    the importance is the degree to

    which the colors change

    between bit values.

  • 8/7/2019 Data_Hiding2

    28/53

  • 8/7/2019 Data_Hiding2

    29/53

    Color Variations in the Palette

    subtle changes in

    color variations

    Subtle color changes can be

    seen in Figure 2, but other

    color variances seem to be

    rather drastic

  • 8/7/2019 Data_Hiding2

    30/53

    Choice of Carrier Image Obviously, an image with large areas of

    solid colors is a poor choice as variances

    created from the embedded message will benoticeable in the solid areas

    Like a cartoon!

  • 8/7/2019 Data_Hiding2

    31/53

    Which is a better carrier

    image?

  • 8/7/2019 Data_Hiding2

    32/53

    Software Hide and Seek v4.1, StegoDos v0.90a,

    White Noise Storm, and S-Tools for

    Windows v3.00

  • 8/7/2019 Data_Hiding2

    33/53

    Hide and Seek v 4.1

    Hide and Seekversions 4.1 and 5.0 by ColinMaroney have limitations with minimum image

    sizes (320 x 480). In version 4.1 if the image issmaller than the minimum, then the stego-image ispadded with black space. If the cover image islarger, the stego-image is cropped to fit. In version5.0 the same is true with minimum image sizes. If

    any image exceeds 1024 x 768, an error messageis returned.

    The Hide and Seek 1.0 for Windows 95 versionseems to have these issues resolved and is a much

    improved steganography tool.

  • 8/7/2019 Data_Hiding2

    34/53

    Hide and Seek4.1 is free software which containsa series of DOS programs that embed data in GIFfiles and comes with the source code.

    Hide and Seekuses the Least Significant Bit ofeach pixel to encode characters, 8 pixels percharacter and spreads the data throughout the GIFin a somewhat random fashion. The larger the

    message the more likely the resulting image willbe degraded. Since the data is dispersed"randomly" and the message file header isencrypted, there is no telling what is in an

    embedded file. Unfortunately the hidden file can be no longer

    than 19,000 bytes because the maximum displayused is 320 x 480 pixels. Each character takes 8pixels two hide ( (320x480)/8 = 19200).

  • 8/7/2019 Data_Hiding2

    35/53

    Steganography is the art and science of communicating in a way

    which hides the existence of the communication. In contrast to

    cryptography, where the "enemy" is allowed to detect, intercept

    and modify messages without being able to violate certain

    security premises guaranteed by a cryptosystem, the goal of

    steganography is to hide messages inside other "harmless"

    messages in a way that does not allow any "enemy" to even detect

    that there is a second secret message present [Markus Kuhn 1995-

    07-03].

  • 8/7/2019 Data_Hiding2

    36/53

    StegoDos StegoDos is also known as Black Wolf's Picture Encoder version

    0.90a. This is Public Domain software written by Black Wolf(anonymous). This is a series of DOS programs that require far toomuch effort for the results. It will only work with 320x200 images with256 colors. To encode a message, one must:

    1. Run GETSCR. This starts a TSR which will perform a screen capture

    when PRINTSCREEN is pressed.2. View the image with a third-party image viewing software (notincluded with StegoDos) and press PRINTSCREEN to save the imagein MESSAGE.SCR.

    3. Save your message to be embedded in the image as MESSAGE.DAT.

    4. Run ENCODE. This will merge MESSAGE.DAT with

    MESSAGE.SCR.5. Use a third party screen capturing program (not included with

    StegoDos) to capture the new image from the screen.

    6. Run PUTSCR and capture the image displayed on the screen.

  • 8/7/2019 Data_Hiding2

    37/53

  • 8/7/2019 Data_Hiding2

    38/53

  • 8/7/2019 Data_Hiding2

    39/53

    White Noise Storm This application uses the Least Significant

    Bit method with less success than the

    others. It also appends an EOF (end of file)character to the end of the message. Even

    with the EOF character, the message

    retrieved from the altered imaged mostlikely contained garbage at the end.

  • 8/7/2019 Data_Hiding2

    40/53

  • 8/7/2019 Data_Hiding2

    41/53

    White Noise Storm

    WNS was designed based on the idea of spread spectrumtechnology and frequency hopping. "Instead of having Xchannels of communication which are changed with afixed formula and passkey. Eight channels are spreadwithin a number of 8-bits*Wbyte channels. W represents a

    random sized window ofWbytes. Each of these eightchannels represents one single bit, so each window holdsone byte of information and a lot of unused bits. Thesechannels rotate among themselves, for instance bit 1 mightbe swapped with bit 7, or all the bits may rotate positions

    at once. These bits change location within the window onthe byte level. The rules for this swapping are dictated notonly by the passphrase by also by the previous window'srandom data (similar to DES block encryption)"[Arachelian, RE: Steganography].

  • 8/7/2019 Data_Hiding2

    42/53

    WNS WNS also used the Least Significant Bit (LSB) application

    of steganography and applies this method to PCX8 files.The software extracts the LSBs from the container imageand stores them in a file. The message is encrypted andapplied to these bits to create a "new" set of LSBs. These

    are then "injected" into the container image to create a newimage. The documentation that accompanies White NoiseStorm is well organized and explains some of the theorybehind the implementation of encryption andsteganography.

    The main disadvantage of applying the WNS encryptionmethod to steganography is the loss of many bits that canbe used to hold information. Relatively large files must beused to hold the same amount of information othermethods provide.

  • 8/7/2019 Data_Hiding2

    43/53

  • 8/7/2019 Data_Hiding2

    44/53

    S-Tools applies the LSB methods discussed before to bothimages and audio files. Due to the lack of resources, onlyimages were tested. Brown developed a very nice interface

    with prompts and well developed on-line documentation.The only apparent limitations were the resources available.There were times large 24-bit images would bring theWindows to a halt. A very useful feature is a status linethat displays the largest message size that can be store in

    an open container file. This saved the time of attempting tostore a message that is too large for a container. Afterhiding the message, the "new" image will be displayed andlet you toggle between the new and original images. Attimes the new image looked to be grossly distorted, but

    after saving the new image looked nearly identical to theoriginal. This may be due to memory limitations. Onoccasion a saved image was actually corrupted and couldnot be read. A saved image should always be reviewedbefore sending it out.

  • 8/7/2019 Data_Hiding2

    45/53

    S-Tools provided the most impressive results.

    Unlike the obvious distortions in "A Cautionary

    Note on Image Downgrading" [Kurak92], S-Tools

    maintained remarkable image integrity. Thefollowing figure illustrates the text message M1

    embedded in container C2.

  • 8/7/2019 Data_Hiding2

    46/53

    Information Hiding, Protection, & Authentication

    Compression 100:1 Additive Noise Dithering

    Robust Digital Watermarking Copyright protection and fingerprinting

    Original image

    + =

    Watermark Watermarked image

    The watermark can carry multiple bits, such as ID, metadata, etc.Requirements: Robustness against all kinds ofimage distortion,intentional removal, perceptual transparence

    Detected bit-string = 10010110

    Past and Ongoing Research

    - Key-dependent transforms- Robustness to geometrical

    attacks- Capacity vs. robustness

    trade-off- Public watermark detector

    Embedded bit-string = 10010110

  • 8/7/2019 Data_Hiding2

    47/53

    Alliance Operations: Potential Application 3

    Watermarked Images for Tamper Detection

    Detection and localization of tampered/modified areas.

    Logical extension: image self-repair.

    Original, Watermarked Image

    Verification Results

    Fragile Watermark

    Verification Results

    Robust Watermark

    Tampered Image

  • 8/7/2019 Data_Hiding2

    48/53

    Non-adaptive steganography= modifications due to message

    embedding are uncorrelated with image features. Examples are LSB

    encoding in randomly selected pixels, modulation of randomly

    selected frequency bins in a fixed band, etc.

    Adaptive steganography= modifications are correlatedwith the

    image content (features).

    - Pixels carrying message bits are selected adaptively

    depending on the image

    - Avoiding areas of uniform color- Selecting pixels with large local standard deviation

    Message recovery: Extract the same set of message carrying

    pixels at the receiving end from the stego-image.

    Adaptive Steganography

  • 8/7/2019 Data_Hiding2

    49/53

    Divide pixels into good and bad pixels

    Pixel is good if all four 2v2 squares containing

    that pixel have three or more colors, otherwise

    it is bad

    For N message bits randomly choose N good

    pixels, embedding the bits as color parities

    If the parity of the pixel does not agree with

    the message bit, choose the closest color that

    preserves the goodness of that pixel

    Adaptive Message embedding

    Adaptive Message extraction

    Determine the set of good and bad pixels

    Generate the same random walk through the

    good pixels

    Message = parity of the colors of that walk

    Four 2v2 squares

    containing this pixel

    Information Hiding, Protection, & Authentication

  • 8/7/2019 Data_Hiding2

    50/53

    Secure Stego Comparison with EZ Stego: Maximal color change

    500 %

    Improvement

  • 8/7/2019 Data_Hiding2

    51/53

    Conclusions

    Steganography has its place in security. It is not

    intended to replace cryptography but supplement

    it. Hiding a message with steganography methodsreduces the chance of a message being detected.

    However, if that message is also encrypted, if

    discovered, it must also be cracked (yet another

    layer of protection). There are an infinite number of steganography

    applications

  • 8/7/2019 Data_Hiding2

    52/53

    References

    [Aura95] Tuomas Aura, "Invisible Communication," EET1995,

    http://deadlock.hut.fi/ ste/ ste_html.html, ftp://saturn.hut.fi/ pub/ aaura/ ste1195.ps

    [Brassil-Infocom95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

    "Document Marking and Identification using Both Line and Word Shifting," Infocom95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/

    infocom95.ps.Z

    [Brassil-Infocom94] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

    "Electronic Marking and Identification Techniques to Discourage Document Copying," Infocom94, ftp://ftp.research.att.com/ dist/ brassil/ 1994/

    infocom94a.ps.Z. [Brassil-CISS95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

    "Hiding Information in Document Images," CISS95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/ ciss95.ps.Z.

    [Kahn67] David Kahn, The Codebreakers,

    The Macmillan Company. New York, NY 1967.

    [Kurak92] C. Kurak, J. McHugh,

    "A Cautionary Note On Image Downgrading," IEEEEighth AnnualComputerSecurity Applications Conference, 1992. pp. 153-159.

    [Norman73] Bruce Norman, SecretWarfare,

    Acropolis Books Ltd. Washington, DC 1973.

    [Zim48] Herbert S. Zim, Codes and SecretWriting,

    William Marrow and Company. New York, NY, 1948.

  • 8/7/2019 Data_Hiding2

    53/53

    5.2. Software References

    There are many other software applications available that provide steganographic results. This is just a sample of software available for the

    PC platform. Every effort is being made to credit the authors of the software reviewed in this paper. However, some authors wish to remain

    anonymous. Only links to software outside the United States are made below.

    [Arachelian] Ray Arachelian, White Noise Storm,

    Shareware 1992, 1993, 1994. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ wns210.zip.

    [Brown] Andy Brown, S-Tools forWindows, Shareware 1994.

    s-tools3.zip (version 3.0) s-tools4.zip (version 4.0 - not yet reviewed). [Hastur] Henry Hastur, Stealth forPGPv1.1,

    ftp://ftp.netcom.com.

    MandelStegv1.0 and GIFExtractv1.0, ftp://ftp.dsi.unimi.it/pub/security/crypt/code.

    [Maroney] Colin Maroney, Hide and Seekv4.1, Freeware.

    ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ hdsk41b.zip.

    [JSteg] Independent JPEG Group, Jpeg-Jstegv 4.

    ftp://ftp.funet.fi/ pub/ crypt/ steganography.

    [StegoDos] Author alias: Black Wolf,

    StegoDos - BlackWolf's Picture

    Encoderv0.90B, Public Domain. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/stegodos.zip.

    5.3. WEB Page Resources

    AT&T Bell Laboratories Research Web Page,

    http://www.research.att.com .

    Carl Landwehr (ed), Cipher -

    Electronic Newsletter of the IEEE Computer Societys TC on Security and Privacy, http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/

    cipher/ (see also http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/ cipher/ cipher-links.html for an excellent listing of links to

    organizations and publications related to security).

    Codex Links to Law Enforcement, Security, Intelligence, Investigative and Other sites,

    http://www.trcone.com/ t_links.html. Cypherpunks, ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ index.html.

    Digimarc Corporation Web Site, http://www.teleport.com/~digimarc.

    Electronic Privacy Information Center (EPIC), http://www.epic.org.

    National Security Institute Library, http://nsi.org/ Library/ Library.html.

    Security and Privacy Issues by Neil Johnson,

    http://www.jjtc.com/Security .

    Steganography News Mailing List maintained by Markus Kuhn.

    Information about the list can be found at ../sec/steglist.htm.