6/20/2015Perry Fowler STEGANOGRAPHY Perry Fowler CSC 585 The University of Rhode Island.

04/21/23 Perry Fowler

STEGANOGRAPHY

Perry FowlerCSC 585

The University of Rhode Island


The main Fear

• [Tr note: The truncated Arabic text in the upper right-hand corner of this image reads: “a secret message from a secret soldier of al-Qaeda, Rakan Bin...to the General Command in Afghanistan and also to the…in Londonistan…about the operation…to strike nuclear

stations…in the following cities that…planning…]


Material to be covered• In this lecture the following material will be covered:

– Introduction– Camouflage– Terminology– History– Some types of steganography

• Visual– Writing (hand written and digital)– Photographic

• Aural– Voice and computer generated

• Computer based

– Tools to create steganography– Algorithms employed in steganography


Introduction

• Steganography is the technique of hiding a message from detection. If it’s done properly, the message is never detected by those not intended to receive it.

• It differs from cryptography in that cryptographic techniques don’t deny the existence of the message, they just don’t want it to be readable. In some cases the steganographic hidden message may be in plain text.


Terminology

• Technical Steganography – the use of scientific Methods to hide a message. Examples are invisible ink, and size reduction methods like microdots.

• Linguistic Steganography – hides a message in a carrier some non-obvious way. Is also termed semagrams or open codes.


Linguistic Steganography

• Semagrams – hide information by the use of symbols or signs – Visual Semagrams - use ordinary visual

objects like icons or doodles, or the positions of objects on say a workbench or a door.

– . Text Semagrams – hide a message by modifying the carrier text with changes in spacing, either horizontal or vertical or font size, or perhaps flourishes in hand written text.


OPEN CODES• Open Codes – employ legitimate overt carrier

messages to hide a covert message. – Jargon Codes - these open codes use a

language that is understood by a select group of people, but meaningless to others

– Covered Ciphers - hide a message openly in a carrier so that it can be recovered by anyone who knows the secret of how it was concealed. • Null Cipher – hides the message according

to some set of rules, like the first character of every other word is used to construct the message.


So, let’s talk about….

• Photographic Steganography• Textural Steganography• Audio Steganography


Watermarking II

In this example, the watermark would, of course, be invisible


Picture HidingThe digital image of the cat on the right was imbedded steganographically in the left digital photo of the tree.

If we consider a digital image to be made up of an array of columns, each column representing the bits that are used to represent the color density of a pixel, then, the tops of the columns would represent the most significant bits (MSBs as we all know), of color density, and the bottom bits the least significant bits or LSBs. All the bits at any particular level are considered to be in a BIT PLANE.


BIT PLANES

Think of a bit plane as a layer of bits, each layer representing one bit in a byte which represents the color of a pixel. Stacked vertically then, we see something like the left side of the above figure. The matrices represented are one small portion of a digital picture; say the lower right hand corner.

These represent a column


BIT PLANES IIOn the right hand side of the figure we see representations of three planes. The top one is the original LSB layer of this portion of the image. The middle plane is the data we wish to hide in the image, with the bottom plane being a representation of the LSB plane after the data is imbedded.


One Technique

The technique employed in this example simply adds (binarily) the LSB Plane of the cover image and the embedded data.


Line Shift Encoding

Line shift encoding

Another Line to shift

And another line still

The spacing between these lines

is different. Can you tell? It’s about +.01” in the top 2 lines, and - .01” in the bottom 2.

This can be done in word – Format/Line

spacing


Word Shift encoding

The spacing between these words is different, can you tell which ones?


Character Spacing

The spacing between these characters is different. Can you tell which ones?

Two of the characters in the above text have been changed to a different font, which is narrower than the others.

The “a” in spacing and the “w” in between


Geometrical Open Code

• Hidden words or messages at fixed, geometrical positions on the page.

• E.G., captured WWII U-boat officers spelled out messages by adding a little space after significant letters.

• Cardan, or “grill” cipher, uses a careful pattern of fixed locations on the page to hide a message.


A Null CipherThe Envelope

FRANK G. JONELIS, 1st LT. USAGARBLED WAR PRISONERS CAMPNIPPON

MR. F. B. IERS%Federal BLDG. CompanyROOM 1619 100 MAIN ST.LOS ANGELES, CALIFORNIAUSA

Here is an example of a covered cipher, specifically a NULL cipher. Consider the following message from a prisoner in a Japanese POW camp in WWII The original was hand written:


A Null Cipherand now the letter

AUGUST 29, 1943

DEAR IERS:

AFTER SURRENDER, HEALTH IMPROVED ~FIFTY PERCENT. BETTER FOOD ETC.AMERICANS LOST CONFIDENCEIN PHILLIPINES. AM COMFORTABLE IN NIPPON. MOTHER: INVEST30%, SALARY, IN BUSINESS. LOVE

Frank g. Jonelis


A Null Cipherand now the intrepretation

AUGUST 29, 1943

DEAR IERS:

AFTER SURRENDER, HEALTH IMPROVED ~FIFTY PERCENT. BETTER FOOD ETC.AMERICANS LOST CONFIDENCEIN PHILLIPINES. AM COMFORTABLE IN NIPPON. MOTHER: INVEST30 %, SALARY, IN BUSINESS. LOVE

Frank g. Jonelis


S-Tools

This is the Carrier


S-Tools

This is the imbedded image


S-ToolsAnd this is the carrier after insertion. I can notice granularity in the front fender, the fairing and the front disk brake.


JPHide and Seek

• Do a web search for jphs05.zip or JPHide and Seek

• Download jphs05.zip

• Unzip it and find jphide.exe, jpseek.exe and jphswin.exe

• Double click on jphswin.exe and you will see what’s on the next slide:


JPHide

Click on open JPEG, this will be the carrier

To make things easy, put all files in one folder.Double-click on JPHSWIN

Then the HIDE button becomes active, so click it.You will be asked to enter a Password

After you do that, then a window will appear asking for you to select the file to be imbedded


Carrier Image


The file to be InsertedTHIS IS A TEST FILE

These programs are available for test purposes only.

Please send me any useful comments for improvements.In particular if you discover ways to detect the presence of the hiddendata (even if you can't extract it) I would like to hear about it. Thisexcludes the case where both the original and the modified jpeg areavailable (in which case it is a trivial task!)

Remember they are FREE and BETA test versions. They may not work asyou expect. I offer no warranty and accept to liability for their use.

They are incompatible with earlier versions of similar products I havewritten.

JPHIDE.EXE is a DOS program to hide a data file in a jpeg file.JPSEEK.EXE is a DOS program to recover a file hidden with JPHIDE.EXE

JPHSWIN.EXE is a Windows-95 program which performs the same functions asthe two programs above.

The programs are free standing and require no special installation.

Allan Latham <[email protected]> 7th January 1999.


The Carrier with the Hidden File Inserted


Results• This tool works, with restrictions• The file to be imbedded in the carrier can’t

be too large.• However, it can be extracted and saved

somewhere.• It does use a password to protect the data,

I like that.• In looking at the carrier before and after, I

can’t tell the difference, as I could with some other tools.



JPEG

• JPEG is important to consider when discussing steganography, because it employs a technique, called DCT, that can be both a help and a hindrance to the process.

• On the surface, JEPG is an image compression technique used to reduce the size of pictures transmitted over the internet.


Quantization (Rounding)As a mono-dimentional visual example, here is a curve, the red one, made by a sum of two sine waves. One with a low frequency, one with a high frequency. After DCT quantization, you will be left only with the low frequency component, the blue one. It's intuitively simple to understand: you're going to keep the main variations, or the most significant information (low frequency), and eliminate the less important details (high frequency).


So, What’s it look like?What does JPEG look like? How far can one compress an image and have it look identical to the original? presentable? merely recognizable? The pictures below illustrate this point.


Quantization (Rounding)Now, lets consider this curve as representative of an audio signal. Considering the high frequency component (the red curve). This can be represented by the LSBs of the signal and replaced by using some of the before mentioned techniques for photographic steganography, like pattern matching, or random substitution.


Quantization (Rounding)These techniques when applied at the higher frequencies, outside of the boundary of human audio perception, can result in undetectable signal imbedding in the carrier.

6/20/2015Perry Fowler STEGANOGRAPHY Perry Fowler CSC 585 The University of Rhode Island.

Documents

secret message

covert message

steganographic hidden

carrier text

layer of bits

hand written text

plain text

door text semagrams