Top Banner

Click here to load reader

Bitmap Steganography

Nov 29, 2015

ReportDownload

Documents

Bitmap images are were introduced by Microsoft to be a standard image file format between users
of their Windows operating system. The file format is now supported across multiple file systems and
operating systems, but is being used less and less often

Steganography in digital technology is often associated with files which require a human
perspective to verify the integrity and quality. This includes the realm of media files (video, audio,
images). Image files lend themselves to exploitation particularly well, which we will explore throughout
this article. Focus will primarily be on bitmap formatted images

  • BitmapSteganography:AnIntroduction

    BeauGrantham20070413

    COT4810:TopicsinComputerScience

    Dr.Dutton

  • I.Introduction

    Steganographyisdefinedastheartandscienceofcommunicatinginawaywhichhidestheexistenceofthecommunication[2].Methodsofsteganographyhaveexistedforcenturies,thoughwiththeadventofdigitaltechnology,havetakenonanewform.Embeddingdatawithintheredundancyandnoiseofmediafilesisamongthesedigitaltechniques.InthisarticleIwillexploreandimplementtheprocessinvolvedwithhidingmessagesandfileswithinuncompressedbitmapimagefiles.Itwillpresenttheresultsofapplyingtheleastsignificantbitprocess,andexploreareasforimprovement.

    II.IntroductiontoSteganography

    Examplesofsteganographydateasfarbackas440B.C.,whereHistiuswassaidtoshavetheheadsofslavesandtattoomessagesonthem.Oncethehairhadgrownback,themessagewaseffectivelyhiddenuntilthereceivershavedtheheadsonceagain.Anothertechniquewastoconcealmessageswithinawaxtablet,byremovingthewaxandplacingthemessageonthewoodunderneath.[1]

    Beingabletocommunicatemessagesbetweentwoormorepartieswithoutraisingsuspicionisapowerful technique.This isanimportantanddistinguishingfeaturefromthecloselyrelatedfieldofcryptography,whereplaintextmessagesaretransformedintounintelligibleblocksofciphertext.Whilecryptographyfocusonprivacy,steganographyisfocusedonsecrecy,andhasnointerestinthemessageitself.[4]

    Theabilitytocommunicatemessageswithoutraisingawarenesscanbeapowerfultechnique,andevenmoresowiththeconceptofplausibledeniability.Whenappliedtocryptographyandsteganography,thistermreferstotheabilitytoplausiblydenythatarecoveredmessagewaseverencryptedorhidden.Incryptography,thisconceptiscloselyrelatedtotheonetimepadcipher,whereamessagecouldpossiblytransformedintoanyothermessageatheoreticallyunbreakablecipher.Insteganography,itiscloselyrelatedwiththerandomsamplingofbitsthroughoutpatternsinthefile.Beingabletoplausiblydenytheresultsofsomeanalysiscanbeusedtoonesadvantage.[4]

    Steganography in digital technology is often associatedwith files which require a humanperspective toverify theintegrityandquality. This includestherealmofmediafiles (video,audio,images).Imagefileslendthemselvestoexploitationparticularlywell,whichwewillexplorethroughoutthisarticle.Focuswillprimarilybeonbitmapformattedimages.[1]

    III.BitmapImages

    BitmapimagesarewereintroducedbyMicrosofttobeastandardimagefileformatbetweenusersoftheirWindowsoperatingsystem.Thefileformatisnowsupportedacrossmultiplefilesystemsandoperatingsystems,butisbeingusedlessandlessoften.Akeyreasonforthisisthelargefilesize,

  • resultingfrompoorcompressionandverbosefileformat.Thisis,however,anadvantageforhidingdatawithoutraisingsuspicion.Tounderstandhowbitmapimagescanbeusedtoconcealdata,thefileformatmustfirstbeexplained.

    IV.BitmapFileFormat

    Abitmapfilecanbebrokenintotwomainblocks,theheaderandthedata.Theheader,whichconsistsof54bytes,canbebrokenintotwosubblocks.TheseareidentifiedastheBitmapHeader,andtheBitmapInformation.Imageswhicharelessthan16bithaveanadditionalsubblockwithintheheaderlabeledtheColorPalette.FollowingtheheaderistheBitmapData.[3]

    BitmapHeader

    TheBitmapHeaderisusedtoidentifythefileasavalidbitmapimage.Thisisdoneprimarilybythefirsttwobytes,whichread0x42and0x4D(inASCII:BM).Thefollowingfourbytesexpressthesizeofthefile,andtheremainingeightbytesarereservedforapplicationidentificationandoffsetlengths.

    0-1 Bitmap identifier 0x42 0x4D (in ASCII it reads BM)2-5 Bitmap file size6-9 Reserved10-13 Bitmap data offset

    TheBitmapInformationiscomposedofthenextthirtybytesofthefile,startingatbytefourteen.Theinformationisdescribedasfollows:

    14-17 Bitmap header size18-21 Bitmap image width22-25 Bitmap image height28:29 Bitmap color depth26-27 Number of color planes28:29 Bitmap color depth30-33 Bitmap compression method34-37 Bitmap data size38-41 Bitmap image horizontal rule42-45 Bitmap image vertical resolution46-49 Number of colors used50-53 Number of important colors used

    Thecolorpaletteisnotusedwhendealingwithbitmapimagesof16bitorhigher.

    BitmapData

    TheBitmapDatablockofabitmapfilecontainstheactualimage,storedaspixels.Thisfileformatexhibitssomeuniqueproperties,oneofwhichlendsitselftoexploitationforsteganography.Firstisthattheimagestoresitselfinreverse.Thefirstlineofdatacorrespondstothebottomlineofanimage,

  • movingitswayup.Inaddition,thepixelsarestoredinreversebluefirst,followedbygreenandthenred.Thepropertythatisimportanttosteganographyisthefactthatthesepixelsareexplicitlywrittenoutinthefilewhichallowsforeasyidentificationandmodification.

    FollowingisasnippetoftheBitmapDatablockofabitmapimage.

    35 DA F2 37 D7 F2 47 DC F2 46 D6 F2 47 D6 EF 4F 5..7..G..F..G..O DB F3 52 DA EF 4E DC F3 44 DC F4 4E D9 F2 45 DE ..R..N..D..N..E. F5 48 DE F3 52 DB F0 4D DA F2 49 D8 EF 51 D6 EE .H..R..M..I..Q.. 4B CF EB 47 DC F3 4D DB F2 4A D8 F3 4E DB F3 46 K..G..M..J..N..F D9 EF 41 D8 EF 43 D3 F0 46 D6 ED 49 D6 EF 47 DB ..A..C..F..I..G. F1 4B DA F2 45 D1 EE 47 D3 EC 45 D5 EF 47 CE ED .K..E..G..E..G.. 42 D3 ED 3B D3 F1 46 D8 F2 47 D5 F0 3E D5 F0 3A B..;..F..G..>..: D9 F1 45 DA F4 3D D1 EE 3B D2 EE 3E D3 EF 39 D1 ..E..=..;..>..9. EC 35 CF EB 3D D6 EF 3F D2 EE 36 CD EA 32 D4 EE .5..=..?..6..2.. 3C CF EE 42 D3 F1 3D CD EB 3D CB EA 39 CE ED 3F

  • Figure1Animagewhichdemonstratesalargeamountofnoise.

    This is the image, further scaled, andbrokenintothreecolorplanes,red,green,andblue.Thisisdone zeroing outallbytesexceptthoseoftheplanebeingexpressed.

    Forexample,ifapixelwasrepresentedin binary as 01001110 10110010 10000111, torepresenttheredplane,itwouldbemodifiedto010011100000000000000000.Thegreenplanewould be represented in binary as 000000001011001000000000.Thisisdoneforeachpixelintheimagetodisplaytheentireimageplane.

    Inrubycode,fortheredplane,itwouldbedonebythefollowing:

    out.push(((0b00000000).to_i).chr) out.push(((0b00000000).to_i).chr) out.push(((byte[i+2]).to_i).chr)

  • Itisimportanttorememberthatdatainabitmap image is stored in reverse, so the lastbyteofapixelisactuallytheredplane.

    Identifyingtheplanes,andhowtheyareaccessed are important in understandingtechniques to hide data. One of the popularmethodsistoexclusivelyuseasingleplanetomodifybits,asnottodisrupttheentireimage.Different combinations of the planes are alsousedwithvariousresults.

    Figures2,3,4Thecolorplanes,red,green,andbluerespectively,oftheoriginalimage.

    V.Noise

    Themostimportantpropertyofabitmapimagewhichisconsideredhelpfulinembeddingdataisthe amount of noise that exists. There are various definitions of noise, depending on the type ofapplicationitisbeingconsideredin,butforbitmapimagesitreferstotherandomsamplingoftheleastsignificantbits.[1]

    Letusconsiderthesameimage,andexaminethebitsampling.

    First we will extract the mostsignificantbits. It is apparent that this imageresemblesitsparent.Shapesareconsistent,andcolorsareidentical,onlydifferinginintensityfromtheoriginal.Inimageswithrecognizableobjectsorlocations,thegeneralideawouldstillbepresentinthemostsignificantbits.

    Figure5Themostsignificantbitsamplingofanimage,demonstratinghowthebitsareimportantandshouldavoidmodification,

  • We will now examine the leastsignificantbit sampling. It is immediatelyapparentthatthenewimagehasnoresemblancetotheoriginal,onlyexpressingarandomnoisepattern.Smallsolidportionsarevisibleinthelower left portion of the image, whichcorrespond to locationsof theoriginal imagewherethepixelsareidentical,havinga0astheleastsignificantbit.

    Figure6Theleastsignificantbitsamplingofanimage,demonstratinghowthebitsexpressrandompatterns,makingthemusefulformodification.

    Extractingthebitsamplingofanimageisdonebyrepresentingeachplaneofapixelaseither11111111or00000000,dependingonthebitbeingsampled.Forexample,ifapixelisrepresentedinbinary as 01001101 01101110 10101111, the leastsignificantbit pixel would be 11111111 0000000011111111,andthemostsignificantbitpixelwouldbe000000000000000011111111.

    Inrubycode,itwouldbedoneasfollows:

    def getLSB byte def getMSB byte if ((byte.to_i % 2) == 1) if (byte.to_i > 127) return 0b11111111 return 0b11111111 else else return 0b00000000 return 0b00000000 end end end end

    Itisimportanttonotethatsomeimagesrepresentwhatisknownasselectivenoise,ornoiseconfinedtogeneralareas.Thiscanbeaproblemwhenembeddingdata,asitneedstobedoneinareasofnoisetobelessdetectablebymethodsofsteganalysis.[2]

    Forexample, let usconsider thefollowingimage.While itmayappearthattheobjectisasolidcolor,acloserlookrevealsthatisit expresses nice variation and gradient patterns. However, theprobleminthisimageisthedistinctshape,surroundedbyassolidnoiselesswhite.Itmayappearinnocent,butletustakealookatthebitsampling.

  • The mostsignificantbit sampling is once again,representative of the original image. Modifying thesebits wouldresult in major areasof modification in the newly createdcoverimage.

    Theleastsignificantbit samplingshowsthattheoriginalisindeedmadeofvaryingcolorsandradiantpatterns.Itisalsoapparentfromthissampling,theoriginalshape,possiblyidentifyingtheobjectrepresentedbytheoriginalimage.Thegoal is tousetheareasofnoisetohidedata,whichrequirethehidertoknowthegeometryofobjectsinimagessuchasthis.Itcanbedone,butitrequiresalotofadditionalcodeandcomputations.Wewillexaminehowitcanhurttheprocesswhenweexaminetheoutputofembeddedmessages.

    Figures7,8,9Theoriginal,mostsignificantbit,andleastsignificantbitsamplingofanimagethatrepresent