Data_Hiding2

8/7/2019 Data_Hiding2

1/53

Data Hiding

http://www.jjtc.com/stegdoc/sec302.html

Dr. Leonard Popyack

With lots of help from my friends,Richard Simard, Neil Johnson, Jiri

Fredrick


2/53

Data Hiding Many forms: in text, watermarks, audio, images,

MP3s, video

Much different than Cryptography(codes andciphers)

Steganography is the art and science ofcommunicating in a way which hides the existence

of the communication. Watermarking imprints a distinctive mark so that

one can use it for identification purposes.


3/53

Definition: Data EmbeddingSecure adding of information contentto a data product,using mathematical techniques which workat the primitive level of digital data products, with

no perceptual degradation to data product integrity,and no additions to data size.

Technological Basis for ResearchTechnological Basis for Research

Chaos Theory

Spread Spectrum Techniques

Transforms (wavelets, random, DCT, )

Coding Theory

Cryptography

Theory of Human Perception

Information Hiding, Protection, & Authentication


4/53

Conflicting Requirements / Trade-offs


5/53


SteganographySteganography = origins in Greek

covered writing, covert communication


6/53

Steganography The goal of steganography is to hide

messages inside other harmless messages in

a way that does not allow any enemy to

even detect that there is a second secret

message present" [Markus Kuhn 1995-07-03]


7/53

History of Steganography In ancient Greece, text was written on wax

covered tablets. In one story Demeratus wanted to

notify Sparta that Xerxes intended to invadeGreece. To avoid capture, he scraped the wax off

of the tablets and wrote a message on the

underlying wood. He then covered the tablets with

wax again. The tablets appeared to be blank andunused so they passed inspection by sentries

without question.


8/53

History of Steganography

Shave the head of a messenger and tattoo a

message or image on the messengers head.

After allowing his hair to grow, the message

would be undetected until the head was

shaved again.


9/53

History of Steganography Invisible inks. Such inks were used with much

success as recently as WWII. An innocent letter

may contain a very different message writtenbetween the lines [Zim48]. Early in WWII

steganographic technology consisted almost

exclusively of invisible inks [Kahn67].

Common sources for invisible inks are milk,vinegar, fruit juices and urine. All of these darken

when heated.


10/53

History of Steganography more sophisticated inks were developed

which react to various chemicals. Some

messages had to be "developed" much as

photographs are developed with a number

of chemicals in processing labs.


11/53

Null ciphers

(unencrypted messages)

The real message is "camouflaged" in an

innocent sounding message.

Due to the "sound" of many open coded

messages, the suspect communications were

detected by mail filters.

However "innocent" messages were

allowed to flow through


12/53

Null ciphers (Example)News Eight Weather: Tonight

increasing snow. Unexpected

precipitation smothers easterntowns. Be extremely cautious and

use snowtires especially heading

east. The highways are knowingly

slippery. Highway evacuation is

suspected. Police report

emergency situations in downtown

ending near Tuesday.


13/53

Null ciphers (Example)News Eight Weather: Tonight

increasing snow. Unexpected

precipitation smothers easterntowns. Be extremely cautious and

use snowtires especially heading

east. The highways are knowingly

slippery. Highway evacuation is

suspected. Police report

emergency situations in downtown

ending near Tuesday.

Newt is upset because he thinks he is

President.


14/53


15/53

Actually sent by a German Spy in

WWII [Kahn67]:

Apparently neutral's protest is

thoroughly discounted and ignored.

Isman hard hit. Blockade issue affectspretext for embargo on by products,

ejecting suets and vegetable oils.

Taking the second letter in each word the

following message emerges:

Pershing sails fromNY June 1.


16/53

Microdots The Germans developed microdot technology

which FBI Director J. Edgar Hoover referred to as

"the enemy's masterpiece of espionage." Microdots are photographs the size of a printed

period having the clarity of standard-sized

typewritten pages. The first microdots were

discovered masquerading as a period on a typedenvelope carried by a German agent in 1941.


17/53


18/53

Word ShiftingWe explore new steganographic and

cryptographic algorithms and

techniques throughout the world to

produce wide variety and security inthe electronic web called the

Internet.

We explore new steganographic and



produce wide variety and security in

the electronic web called the

Internet.


19/53

Word ShiftingWe explore new steganographic and



produce wide variety and security inthe electronic web called the

Internet.

We explore new steganographic and

cryptographic algorithms andtechniques throughout the worldto

produce wide variety and security in

the electronic web called the

Internet.


20/53

Software that Provide

Steganographic Services software enables information to be hidden

in graphic, sound and apparently "blank"

media.

StegoDos, etc (about 90-140 different

packages out there!)


21/53

Images There are usually two type of files used when

embedding data into an image.

The innocent looking image which will hold thehidden information is a "container."

A "message" is the information to be hidden. A

message may be plain-text, ciphertext, other

images or any thing that can be embedded in the

least significant bits (LSB) of an image.


22/53


Steganography

Secret image874x666

(may also bedigital

documents,digital video,

digital sound,etc.)

Original carrier image1748x1332

Modified Carrier image1748x1332

Secretenciphered image

874x666

Secure covert communication using digital images

Methods determined byimage format and content

lossless (BMP) lossy (JPG) palette (GIF)


23/53

Example Carrier

Suppose we have a 24-bit image 1024 x 768

This may produce a file over 2 megabytes in size(1024x768x24/8 = 2,359,296 bytes).

All color variations are derived from three primarycolors, Red, Green and Blue.

Each primary color is represented by 1 byte (8 bits).

24-bit images use 3 bytes per pixel.

If information is stored in the least significant bit(LSB) of each byte, 3 bits can be a stored in eachpixel. The "container" image will lookidenticaltothe human eye, even if viewing the picture side by

side with the original.


24/53

Big Files! Unfortunately, 24-bit images are uncommon

They would draw attention to themselves

when being transmitted across a network.

Compression would be beneficial if not

necessary to transmit such a file. But file

compression may interfere with the storageof information.


25/53

Compression Lossless compression is preferred when there is a

requirement that the original information remain

intact (as with steganographic images). Theoriginal message can be reconstructed exactly.This type of compression is typical in GIF andBMP images.

Lossy compression, while also saving space, maynot maintain the integrity of the original image.This method is typical in JPG images and yieldsvery good compression.


26/53

Carrier Images Most steganographic software available

does not support, nor recommends, using

JPG files

best alternative to 24-bit images, is to use

256 color (or gray-scale) images. These are

the most common images found on theInternet in the form of GIF files. Each pixel

is represented as a byte (8-bits).


27/53

The PaletteMany authors of thesteganography software and

articles stress the use of gray-

scale images (those with 256

shades of gray or better)

[Arachelian, Aura95,

Kurak92, Maroney].

The importance is not whether

the image is gray-scale or not,

the importance is the degree to

which the colors change

between bit values.


28/53


29/53

Color Variations in the Palette

subtle changes in

color variations

Subtle color changes can be

seen in Figure 2, but other

color variances seem to be

rather drastic


30/53

Choice of Carrier Image Obviously, an image with large areas of

solid colors is a poor choice as variances

created from the embedded message will benoticeable in the solid areas

Like a cartoon!


31/53

Which is a better carrier

image?


32/53

Software Hide and Seek v4.1, StegoDos v0.90a,

White Noise Storm, and S-Tools for

Windows v3.00


33/53

Hide and Seek v 4.1

Hide and Seekversions 4.1 and 5.0 by ColinMaroney have limitations with minimum image

sizes (320 x 480). In version 4.1 if the image issmaller than the minimum, then the stego-image ispadded with black space. If the cover image islarger, the stego-image is cropped to fit. In version5.0 the same is true with minimum image sizes. If

any image exceeds 1024 x 768, an error messageis returned.

The Hide and Seek 1.0 for Windows 95 versionseems to have these issues resolved and is a much

improved steganography tool.


34/53

Hide and Seek4.1 is free software which containsa series of DOS programs that embed data in GIFfiles and comes with the source code.

Hide and Seekuses the Least Significant Bit ofeach pixel to encode characters, 8 pixels percharacter and spreads the data throughout the GIFin a somewhat random fashion. The larger the

message the more likely the resulting image willbe degraded. Since the data is dispersed"randomly" and the message file header isencrypted, there is no telling what is in an

embedded file. Unfortunately the hidden file can be no longer

than 19,000 bytes because the maximum displayused is 320 x 480 pixels. Each character takes 8pixels two hide ( (320x480)/8 = 19200).


35/53

Steganography is the art and science of communicating in a way

which hides the existence of the communication. In contrast to

cryptography, where the "enemy" is allowed to detect, intercept

and modify messages without being able to violate certain

security premises guaranteed by a cryptosystem, the goal of

steganography is to hide messages inside other "harmless"

messages in a way that does not allow any "enemy" to even detect

that there is a second secret message present [Markus Kuhn 1995-

07-03].


36/53

StegoDos StegoDos is also known as Black Wolf's Picture Encoder version

0.90a. This is Public Domain software written by Black Wolf(anonymous). This is a series of DOS programs that require far toomuch effort for the results. It will only work with 320x200 images with256 colors. To encode a message, one must:

1. Run GETSCR. This starts a TSR which will perform a screen capture

when PRINTSCREEN is pressed.2. View the image with a third-party image viewing software (notincluded with StegoDos) and press PRINTSCREEN to save the imagein MESSAGE.SCR.

3. Save your message to be embedded in the image as MESSAGE.DAT.

4. Run ENCODE. This will merge MESSAGE.DAT with

MESSAGE.SCR.5. Use a third party screen capturing program (not included with

StegoDos) to capture the new image from the screen.

6. Run PUTSCR and capture the image displayed on the screen.


37/53


38/53


39/53

White Noise Storm This application uses the Least Significant

Bit method with less success than the

others. It also appends an EOF (end of file)character to the end of the message. Even

with the EOF character, the message

retrieved from the altered imaged mostlikely contained garbage at the end.


40/53


41/53

White Noise Storm

WNS was designed based on the idea of spread spectrumtechnology and frequency hopping. "Instead of having Xchannels of communication which are changed with afixed formula and passkey. Eight channels are spreadwithin a number of 8-bits*Wbyte channels. W represents a

random sized window ofWbytes. Each of these eightchannels represents one single bit, so each window holdsone byte of information and a lot of unused bits. Thesechannels rotate among themselves, for instance bit 1 mightbe swapped with bit 7, or all the bits may rotate positions

at once. These bits change location within the window onthe byte level. The rules for this swapping are dictated notonly by the passphrase by also by the previous window'srandom data (similar to DES block encryption)"[Arachelian, RE: Steganography].


42/53

WNS WNS also used the Least Significant Bit (LSB) application

of steganography and applies this method to PCX8 files.The software extracts the LSBs from the container imageand stores them in a file. The message is encrypted andapplied to these bits to create a "new" set of LSBs. These

are then "injected" into the container image to create a newimage. The documentation that accompanies White NoiseStorm is well organized and explains some of the theorybehind the implementation of encryption andsteganography.

The main disadvantage of applying the WNS encryptionmethod to steganography is the loss of many bits that canbe used to hold information. Relatively large files must beused to hold the same amount of information othermethods provide.


43/53


44/53

S-Tools applies the LSB methods discussed before to bothimages and audio files. Due to the lack of resources, onlyimages were tested. Brown developed a very nice interface

with prompts and well developed on-line documentation.The only apparent limitations were the resources available.There were times large 24-bit images would bring theWindows to a halt. A very useful feature is a status linethat displays the largest message size that can be store in

an open container file. This saved the time of attempting tostore a message that is too large for a container. Afterhiding the message, the "new" image will be displayed andlet you toggle between the new and original images. Attimes the new image looked to be grossly distorted, but

after saving the new image looked nearly identical to theoriginal. This may be due to memory limitations. Onoccasion a saved image was actually corrupted and couldnot be read. A saved image should always be reviewedbefore sending it out.


45/53

S-Tools provided the most impressive results.

Unlike the obvious distortions in "A Cautionary

Note on Image Downgrading" [Kurak92], S-Tools

maintained remarkable image integrity. Thefollowing figure illustrates the text message M1

embedded in container C2.


46/53


Compression 100:1 Additive Noise Dithering

Robust Digital Watermarking Copyright protection and fingerprinting

Original image

+ =

Watermark Watermarked image

The watermark can carry multiple bits, such as ID, metadata, etc.Requirements: Robustness against all kinds ofimage distortion,intentional removal, perceptual transparence

Detected bit-string = 10010110

Past and Ongoing Research

- Key-dependent transforms- Robustness to geometrical

attacks- Capacity vs. robustness

trade-off- Public watermark detector

Embedded bit-string = 10010110


47/53

Alliance Operations: Potential Application 3

Watermarked Images for Tamper Detection

Detection and localization of tampered/modified areas.

Logical extension: image self-repair.

Original, Watermarked Image

Verification Results

Fragile Watermark

Verification Results

Robust Watermark

Tampered Image


48/53

Non-adaptive steganography= modifications due to message

embedding are uncorrelated with image features. Examples are LSB

encoding in randomly selected pixels, modulation of randomly

selected frequency bins in a fixed band, etc.

Adaptive steganography= modifications are correlatedwith the

image content (features).

- Pixels carrying message bits are selected adaptively

depending on the image

- Avoiding areas of uniform color- Selecting pixels with large local standard deviation

Message recovery: Extract the same set of message carrying

pixels at the receiving end from the stego-image.

Adaptive Steganography


49/53

Divide pixels into good and bad pixels

Pixel is good if all four 2v2 squares containing

that pixel have three or more colors, otherwise

it is bad

For N message bits randomly choose N good

pixels, embedding the bits as color parities

If the parity of the pixel does not agree with

the message bit, choose the closest color that

preserves the goodness of that pixel

Adaptive Message embedding

Adaptive Message extraction

Determine the set of good and bad pixels

Generate the same random walk through the

good pixels

Message = parity of the colors of that walk

Four 2v2 squares

containing this pixel



50/53

Secure Stego Comparison with EZ Stego: Maximal color change

500 %

Improvement


51/53

Conclusions

Steganography has its place in security. It is not

intended to replace cryptography but supplement

it. Hiding a message with steganography methodsreduces the chance of a message being detected.

However, if that message is also encrypted, if

discovered, it must also be cracked (yet another

layer of protection). There are an infinite number of steganography

applications


52/53

References

[Aura95] Tuomas Aura, "Invisible Communication," EET1995,

http://deadlock.hut.fi/ ste/ ste_html.html, ftp://saturn.hut.fi/ pub/ aaura/ ste1195.ps

[Brassil-Infocom95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

"Document Marking and Identification using Both Line and Word Shifting," Infocom95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/

infocom95.ps.Z

[Brassil-Infocom94] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

"Electronic Marking and Identification Techniques to Discourage Document Copying," Infocom94, ftp://ftp.research.att.com/ dist/ brassil/ 1994/

infocom94a.ps.Z. [Brassil-CISS95] J. Brassil, S. Low, N. Maxemchuk, L. OGoram,

"Hiding Information in Document Images," CISS95, ftp://ftp.research.att.com/ dist/ brassil/ 1995/ ciss95.ps.Z.

[Kahn67] David Kahn, The Codebreakers,

The Macmillan Company. New York, NY 1967.

[Kurak92] C. Kurak, J. McHugh,

"A Cautionary Note On Image Downgrading," IEEEEighth AnnualComputerSecurity Applications Conference, 1992. pp. 153-159.

[Norman73] Bruce Norman, SecretWarfare,

Acropolis Books Ltd. Washington, DC 1973.

[Zim48] Herbert S. Zim, Codes and SecretWriting,

William Marrow and Company. New York, NY, 1948.


53/53

5.2. Software References

There are many other software applications available that provide steganographic results. This is just a sample of software available for the

PC platform. Every effort is being made to credit the authors of the software reviewed in this paper. However, some authors wish to remain

anonymous. Only links to software outside the United States are made below.

[Arachelian] Ray Arachelian, White Noise Storm,

Shareware 1992, 1993, 1994. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ wns210.zip.

[Brown] Andy Brown, S-Tools forWindows, Shareware 1994.

s-tools3.zip (version 3.0) s-tools4.zip (version 4.0 - not yet reviewed). [Hastur] Henry Hastur, Stealth forPGPv1.1,

ftp://ftp.netcom.com.

MandelStegv1.0 and GIFExtractv1.0, ftp://ftp.dsi.unimi.it/pub/security/crypt/code.

[Maroney] Colin Maroney, Hide and Seekv4.1, Freeware.

ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/ hdsk41b.zip.

[JSteg] Independent JPEG Group, Jpeg-Jstegv 4.

ftp://ftp.funet.fi/ pub/ crypt/ steganography.

[StegoDos] Author alias: Black Wolf,

StegoDos - BlackWolf's Picture

Encoderv0.90B, Public Domain. ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ steganography/stegodos.zip.

5.3. WEB Page Resources

AT&T Bell Laboratories Research Web Page,

http://www.research.att.com .

Carl Landwehr (ed), Cipher -

Electronic Newsletter of the IEEE Computer Societys TC on Security and Privacy, http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/

cipher/ (see also http://www.itd.nrl.navy.mil/ ITD/ 5540/ ieee/ cipher/ cipher-links.html for an excellent listing of links to

organizations and publications related to security).

Codex Links to Law Enforcement, Security, Intelligence, Investigative and Other sites,

http://www.trcone.com/ t_links.html. Cypherpunks, ftp://ftp.csua.berkeley.edu/ pub/ cypherpunks/ index.html.

Digimarc Corporation Web Site, http://www.teleport.com/~digimarc.

Electronic Privacy Information Center (EPIC), http://www.epic.org.

National Security Institute Library, http://nsi.org/ Library/ Library.html.

Security and Privacy Issues by Neil Johnson,

http://www.jjtc.com/Security .

Steganography News Mailing List maintained by Markus Kuhn.

Information about the list can be found at ../sec/steglist.htm.

Data_Hiding2

Documents

Transcript of Data_Hiding2