OTP-Steg One-Time Pad Image Steganography Using OTP-Steg V.1.0 Software October 2015 Dr. Michael J. Pelosi
What is Steganography? Steganography literally means covered writing Encompasses methods of transmitting secret messages through innocuous cover carriers in such a manner that the existence of the embedded messages is undetectable Carriers can be audio, video, text, or any other digitally represented code or transmission The hidden message may be plaintext, ciphertext, or anything that can be represented as a bit stream 2
The Need for Data Hiding Covert communication using images (secret message is hidden in a carrier image) Ownership of digital images, authentication, copyright Data integrity, fraud detection, self-correcting images Traitor-tracing (fingerprinting video-tapes) Adding captions to images, additional information, such as subtitles, to video, embedding subtitles or audio tracks to video (video-in-video) Intelligent browsers, automatic copyright information, viewing a movie in a given rated version Copy control (secondary protection for DVD) 3
Requirements Application Covert communication Copyright protection of images (authentication) Fingerprinting (traitor-tracing) Adding captions to images, additional information, such as subtitles, to videos Image integrity protection (fraud detection) Copy control in DVD capacity robustness invisibility security embedding complexity detection complexity Intelligent browsers, automatic copyright information, viewing movies in given rated version Low Requirements High 4
Data Hiding - Definition Key Secret message Secret message Carrier document Embedding algorithm Transmission via network Detector Key Relationship carrier - message Who extracts the message? (source versus destination coding) How many recipients are there? Is the key a public knowledge or a shared secret? Do we embed different messages into one carrier? Embedding / detection bundled with a key in a tamper-proof hardware? Is the speed of embedding / detection important? 5
Properties of hiding schemes Robustness The ability to extract hidden information after common image processing operations: linear and nonlinear filters, lossy compression, contrast adjustment, recoloring, resampling, scaling, rotation, noise adding, cropping, printing / copying / scanning, D/A and A/D conversion, pixel permutation in small neighborhood, color quantization (as in palette images), skipping rows / columns, adding rows / columns, frame swapping, frame averaging (temporal averaging), etc. Undetectability Impossibility to prove the presence of a hidden message. This concept is inherently tied to the statistical model of the carrier image. The ability to detect the presence does not automatically imply the ability to read the hidden message. Undetectability should not be mistaken for invisibility a concept related to human perception. Invisibility Perceptual transparency. This concept is based on the properties of the human visual system or the human audio system. Security The embedded information cannot be removed beyond reliable detection by targeted attacks based on a full knowledge of the embedding algorithm and the detector (except a secret key), and the knowledge of at least one carrier with hidden message. 6
The Magic Triangle Capacity Naïve steganography There is a trade-off between capacity, invisibility, and robustness Secure steganographic techniques Digital watermarking Undetectability Robustness Additional factors: Complexity of embedding / extraction Security 7
Steganography for RGB images LSB Encoding (Least Significant Bit) Method: Replace the LSB of each pixel with the secret message Pixels may be chosen randomly according to a secret key Pixels may be chosen adaptively according to neighborhood Message should always be encrypted Comments: The simplest and most common steganographic technique Premise = changes to the least significant bit will be masked by noise commonly present in digital images. Color images provide more room for hiding messages If more than one LSB is used, statistically detectable changes may result A provably secure method should introduce changes consistent with the noise model 8
OTP Steg [Encrypt] 9
OTB Steg [Decrypt] 10
OTP Steg [Generate Keys] 11
12
XOR - "one or the other but not both" XOR Truth Table Input A B Output 0 0 0 0 1 1 1 0 1 1 1 0 13
XOR 14
Decryption XOR Process 15
Adaptive Steganography Non-adaptive steganography = modifications due to message embedding are uncorrelated with image features. Examples are LSB encoding in randomly selected pixels, modulation of randomly selected frequency bins in a fixed band, etc. Adaptive steganography = modifications are correlated with the image content (features). - Pixels carrying message bits are selected adaptively depending on the image - Avoiding areas of uniform color - Selecting pixels with large local standard deviation Potential problem with message recovery: We have to be able to extract the same set of message carrying pixels at the receiving end from the modified image. 16
Artifacts caused by nonadaptive methods Artifacts around the Julia set. Artifacts in the fonts. 17
Adaptive block embedding Message embedding Divide the image into disjoint 3 3 blocks Randomly choose blocks and evaluate some loc statistical quantity, such as standard deviation o number of colors and decide whether or not a message bit can be embedded (good vs. bad bl If block is bad, skip it and do not insert message If block is good, insert the bit into the block parit If after embedding the block becomes bad, keep the change but repeat the same message bit in next block Message extraction Generate the same random walk through the image blocks Read the parity from all good blocks 18
Limitations Ultimately, image understanding is important for secure adaptive steganography. A human can easily recognize that a pixel is actually a dot above the letter "i" and must not be changed. However, it would be very hard to write a computer program capable of making such intelligent decisions in all possible cases. Example of a difficult area for secure adaptive message embedding - fonts on a complex background 19
Performance example Test image in JPEG format Original Non-adaptive Adaptive 20
Steganalysis Modern steganography s goal is to keep its mere presence undetectable, but steganographic systems, because of their invasive nature, leave behind detectable traces in the cover medium. Even if secret content is not revealed, the existence of it is there. The process of finding these distortions is called statistical steganalysis 21
HUGO (Highly Undetectable stego) - B.O.S.S. http://agents.fel.cvut.cz/boss/index.php?mode=view&t mpl=home 22