i Abstract Every few years, computer security has to re-invent itself. New technologies and new applications bring new threats, and force us to invent new protection mechanisms. Cryptography became important when businesses started to build networked computer systems; virus epidemics started once large numbers of PC users were swapping programs; and when the Internet took off, the firewall industry was one of the first to benefit. One of the newest hot spots in security research is information hiding. It is driven by two of the biggest policy issues of the information age—copyright protection and state surveillance. The ease with which perfect copies can be made of digital music and video has made the entertainment industry nervous that their content might be pirated much more than currently happens with analogue home taping. The growing popularity of MP3 encoded music has sharpened these fears. Part of the solution may come from a change in the way music and video are sold; after all, the software industry has largely abandoned copy-control mechanisms in favor of a business model that combines frequent upgrades, online registration for technical support, prosecution of large-scale pirates, and the networking of everything from business applications to games. But in the case of music and video, it is hoped that technical protection mechanisms will also provide part of the solution. One of these mechanisms is copyright marking—hiding copyright notices and serial numbers in the audio or video in such a way that they are difficult for pirates to remove. This work mainly concentrates on increasing network security using several Steganography tools. Few methods are implemented in MATLAB environments. In addition to this, weaknesses of different Steganography method are also described in detailed and how those weaknesses can be eliminated.
80
Embed
Copy Increasing Network Security Using Steganography
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
i
Abstract
Every few years, computer security has to re-invent itself. New technologies and new
applications bring new threats, and force us to invent new protection mechanisms. Cryptography
became important when businesses started to build networked computer systems; virus
epidemics started once large numbers of PC users were swapping programs; and when the
Internet took off, the firewall industry was one of the first to benefit.
One of the newest hot spots in security research is information hiding. It is driven by two of the
biggest policy issues of the information age—copyright protection and state surveillance.
The ease with which perfect copies can be made of digital music and video has made the
entertainment industry nervous that their content might be pirated much more than currently
happens with analogue home taping. The growing popularity of MP3 encoded music has
sharpened these fears. Part of the solution may come from a change in the way music and video
are sold; after all, the software industry has largely abandoned copy-control mechanisms in favor
of a business model that combines frequent upgrades, online registration for technical support,
prosecution of large-scale pirates, and the networking of everything from business applications
to games. But in the case of music and video, it is hoped that technical protection mechanisms
will also provide part of the solution. One of these mechanisms is copyright marking—hiding
copyright notices and serial numbers in the audio or video in such a way that they are difficult
for pirates to remove.
This work mainly concentrates on increasing network security using several Steganography
tools. Few methods are implemented in MATLAB environments. In addition to this, weaknesses
of different Steganography method are also described in detailed and how those weaknesses can
be eliminated.
iii
Content
Title
Abstract
Acknowledgement
Content
List of Figure
List of Tables
i
ii
iii
iv
v
Chapter 1 – Introduction
1.1 Definition
1.2 History of Steganography
1.3 Steganographic Services
1.3.1Background
1.3.2Steganography
1.3.3Steganalysis
1.4 On the Edge: Hidden in Plain Sight
1.5 How much can be hidden?
1.6 Steganography vs. Cryptography
1
2
2
2
3
5
6
7
8
Chapter 2 – Attacks on Steganographic Systems
2.1 Breaking the Steganographic Utilities
2.2 Threats to Steganography Techniques
2.2.1Least Significant Bit (LSB)
2.2.2JSTEG
11
11
11
17
iv
Chapter 3 – BMP Image File Format
3.1 Introduction
3.2 Basic Structure
3.3 Exact Structure
3.4 The Pixel Data
22
22
22
25
Chapter 4 – Methods for Steganography
4.1 Stegosystem
4.2 Digital Image
4.3 Least Significant Bit
4.4 Algorithms and Transformations
4.5 Masking and Filtering
4.6 Jpeg-Jsteg
4.7 Ezstego
4.8 Redundant Pattern Encoding
4.9 Encryption and Scattering
4.10 Spread Spectrum
26
27
28
29
31
32
32
33
33
34
Chapter 5 – Data Flow Diagrams
5.1 1st Level DFD at Server Side
5.2 2nd Level DFD at Server Side
5.3 1st Level DFD at Client Side
5.4 2nd Level DFD at Client Side
38
39
40
41
Chapter 6 – Steganography Tools
6.1 Blind Side 42
v
6.2 Camera/Shy
6.3 Data Stash
6.4 Fort Knox
6.5 MP3Stego
6.6 Stegdetect
6.7 S-Tool
42
46
48
50
51
53
Chapter 7 – Conclusion & Future Enhancements
7.1 Conclusion
7.2 Future Enhancements
7.3 Cryptography
7.4 Steganography vs. Cryptography
58
58
58
59
Chapter 8 – An Intro to MATLAB
8.1 Introduction
8.2 The MATLAB Environment
8.3 Object Oriented Programming
8.4 Interfacing with other Languages
60
61
69
70
References
Bibliography
72
73
vi
List of Figures
Figure 2.1
Figure 2.2
Figure 2.3
Figure 2.4
Figure 2.5
Figure 2.6
Figure 4.1
Figure 4.2
Figure 4.3
Figure 4.4
Figure 4.5
Figure 4.6
Figure 5.1
Figure 5.2
Figure 5.3
Figure 5.4
Figure 6.1
Figure 6.2
Figure 6.3
Figure 6.4
Figure 6.5
Figure 6.6
Visual Effects of Least Significant Bit Embedding
Effect of Least Significant Bit Embedding
LSB: Cumulative Probabilities of embedding, drived from x2
Visual effect of JSTEG embedding
JSTEG: Least Significant Bits
JSTEG: Cumulative probabilities of embedding, derived from x2
Stegosystem
Graphical Version of Stegosys
Pre/Post Processed Stegano Image
Discrete Cosine Transformation
Decoding
Watermarked Image
First level DFD at server side
Second Level DFD at Server Side
First Level DFD at Client Side
Second level of DFD at client side
Blindside
Camera/shy
Data Stash
Hiding images in video file
Resultant video file
The Comparison
12
13
16
18
19
20
26
27
27
29
31
32
38
39
40
41
42
44
46
47
47
50
vii
Figure 6.7
Figure 6.8
Figure 6.9
Figure 6.10
Figure 6.11
Figure 6.12
Figure 6.13
Figure 8.1
Figure 8.2
Figure 8.3
Stegdetect
S-tool Welcome Screen
Cover Image
Hiding Information
The Comparison of Original and Modified Image
Extracting Information
The Hidden Message
Sine Wave
Wireframe 3D plot of Sinc Function
Surface 3D plot of Sinc Function
52
53
54
55
56
56
57
66
67
68
viii
List of Tables
Table 3.1
Table 3.2
Table 3.3
Table 3.4
Table 4.1
Table 4.2
Table 4.3
BMP file data structure
The Bitmap File Header
Bitmap Info Header
RGB QUAD Array
24 bit pixel value
An Example with a 24 bit pixel
An example with an 8 bit pixel
22
23
24
25
28
28
29
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 1/73
Chapter 1 – Introduction
Steganography is no routine way to protect confidentiality. Normally,
cryptography is used to communicate confidentially. Cryptographic algorithms—the
securities of which can be proven or traced back to known hard mathematical problems
are widely available. However, in contrast to steganography, cryptographic algorithms
generate messages which are recognizable as encrypted messages, although their
content remains confidential. [2]
Steganography embeds a confidential message into another, more extensive
message which serves as a carrier. The goal is to alter the carrier in an imperceptible
way only, so that it reveals nothing, neither the embedding of a message nor the
embedded message itself.
1.1 Definition
The word "Steganography" literally means "covered writing" derived from
Greek. It covers a wide range of methods of secret communications that conceal the
very existence of the message. Among these methods are invisible ink, Microdot,
character arrangement (other than the cryptographic methods of permutation and
substitution), digital signatures, covert channels and spread-spectrum
communications.[3]
Steganography is the art of concealing the information within seemingly
innocuous carriers. Steganography can be viewed as akin to cryptography. Both have
been used throughout history as a means to protect information. At times these two
technologies seem to converge while the aims of the two differ. Cryptographic
techniques "scramble" messages so if intercepted, messages may not be understood.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 2/73
Steganography in an essence, "camouflages" a message to conceal its existence and
make it seem "invisible" thus concealing the fact that a message is being sent altogether.
An encrypted message may draw suspicion while an invisible message does not. [4]
1.2 History of Steganography
In ancient Greece, people used to conceal messages on wax-covered tablets. The
first documented instance of steganography was documented history of Herodotus,
when Demeratus sent a secret message past the guards by removing wax from the
tablet, writes on the tablet itself, covering the tablet with wax again to hide the message.
Invisible ink is a type of steganography used in recent centuries. You could hide a text
message in a section of words, so that by isolating each 10th word, the secret message
being detected. The Note itself would sound innocent to escape detection. This type of
steganography was often used during wars among spies. Recently, computerized
steganography become popular. Using different methods for encoding secret messages
hidden in digital data such as .bmp or .jpg images, wav sound files or emails. These
methods are described below. Authors are able to watermark their property this way.
Unfortunately, steganography is also suspected to play a role as a source
communications between terrorist groups around the world. In the past year, several
doubted that Osama bin Laden may have been posting images with hidden messages in
to send to several other terrorist groups. [5]
1.3 Steganographic Services
1.3.1 Background
Steganographic software is new and quite effective. In the computer, an image is
represented by an array of numbers that have light intensities at various points (pixels1)
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 3/73
in an image. An image size of 640 by 480 and 256 colors (or 8 bits per pixel)is
commonly used. Such an image could contain about 300 kilobits of data.
Usually there are two type of files used when embedding data into an image.
The innocent looking image which has the hidden information is a "container." A
"message" is the information to be hidden. A message may be plain-text, cipher text,
other images or any thing that can be embedded in the least significant bits (LSB) of an
image. [3]
1.3.2 Steganography
Suppose we have a 24-bit image 800 x 640 (this is a common resolution for
satellite images, electronic astral photographs and other high resolution graphics). This
may produce a file over 2 megabytes in size (800,640 = 5,12,000 bytes).
Here, in my application I have used following technique for hiding the data
inside the .bmp image file.
First of all enter your message which you want to transfer by hiding it inside the
image file.
Then after converts your message in to its equivalent binary string notations.
Import the .bmp image file inside which you want to hide your message by
using the file dialog.
Get the pixel values of imported image file.
Then get one by one binary character form the binary string notation and take
the one pixel for one binary character.
Then use following logic for hiding the message‘s binary information inside the
pixels of an .bmp image file.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 4/73
Suppose that I want to hide the following message,
this is steganography system
The binary notation for this above message is for example:
10110010010100011010101110
And the pixel values of the selected .bmp image file are as follows,
255 =11111111
089 =01011001
254 =11111110
248 =11111000
250 =11111010
Here ,then after take one binary bit from the message and take one 8-bit binary
pixel of the .bmp image and replace its value to the least significant bit of the 8-
bit pixel value.
For example, if the first bit of the message is 1 and the value of the pixel is
111111111=255
Here the least significant bit is 1, so there is no any change in the value of the
11111111=255 simply traverses to the next bit of the message. If the second bit is 0 and
the second pixel of the .bmp image file is
01011001=89
Here the least significant bit is 1 so; replace the value of 8-bit pixel with either
incrementing 1in to it or decrementing 1 from it. So the modified value of the pixel is
01011010=90
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 5/73
And the value of the pixel will be changed but, it will change very slightly that will not
change the image just the slight change in the shade of its pixel color.
By repeating this process until length of the bits value of the message the whole
message will be hidden inside the specified .bmp image file.
1.3.3 Steganalysis
“The process of extracting the hidden message from specified image file is called the
Steganalysis system”
For extracting the message from the image file from above hiding image file we can
extract this message as follows:
First of all import the modified image file and also its pixel values
After getting its pixel values take the least significant bit from the 8-bit pixel
value and continuously stores this bit value in to the String
After collecting the string convert this string in to the equivalent character value
and again store this characters into the string this string is the original message,
which is to be hidden
Suppose the modified value of the 8-bit pixel is as follows:
254 =11111110
090 =01011010
255 =11111111
249 =11111001
251 =11111011
By performing the AND operation of that 8-bit pixel value with the 0x01 H hexadecimal
value as follows:
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 6/73
(11111110 & 0x01)=0
(01011010 & 0x01)=0
(11111111 & 0x01)=1
(11111001 & 0x01)=1
(11111011 & 0x01)=1
Then after collect this all the bits in to the string continuously and converts it in
to its equivalent character values that returns the original message.
The original message is,
This is steganography system
1.4 On the Edge: Hidden in Plain Sight
One of the few noteworthy aspects of the 2001 movie Along Came a Spider is
that it probably marks the debut of steganography in mainstream culture. About six
months later, steganography was back in the public spotlight, but for a darker reason:
terrorists were using it.
In both cases, steganography was used to pass messages over the Internet using
innocuous-looking images. Although you can embed messages in video and audio files,
too, steganography usually involves image files such as JPEGs. The common
denominator is that, unlike the better-known process of encryption, where a message is
garbled but remains in plain view, steganography hides it altogether.
There are multiple ways that steganography embeds data in an image, which is
then called a "cover" image. One method is to hide the information in the headers and
footers that images typically have. Another is to append the data to the file, although
trying to attach too much can be a dead give-away. "There you have unlimited
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 7/73
bandwidth, but it would be odd to see a tiny image that’s tremendous," said Neil F.
Johnson. [3]
The most common technique is to change the least significant bit in each pixel.
Because it manipulates existing data that makes up an image rather than adding to it,
this approach doesn’t swell the file size. "If you’re modifying the least significant bit on
a color photograph, the human eye isn’t going to see it," Johnson said.
The bits that make up a photo are created by a computer using binary numbers
that are recognized by a program as having meaning. A JPEG image file is made up of
pixels, with binary values given for each color: red, green, and blue. The binary value
for a pure red pixel would be 1111 0000 0000 (100 percent red, zero percent green, and
zero percent blue). A steganographer could insert the tiniest portion of a message in this
pixel by adding one bit of information to the blue portion of the pixel, making the
binary composition look like 1111 0000 0001. This small change to the image is
imperceptible to the eye, but by inserting different bits of information in thousands of
pixels, a message can be recorded in the image file.
Manipulating bits has its limits. Suppose that you have an eight-bit image that
measures 800 x 640, which gives you a total of 5,12,000 bits to work with. "If you
want to hide a message in the least significant bit of each pixel, you can hide 64,000
bytes," said Hany Farid, an assistant professor of computer science at Dartmouth
College.
"This message will almost certainly be imperceptible to the human eye. If you want to
store another 32,768 bits of data, you can do so in the second-to-least-significant bit.
The risk is that degradation in the cover may become more noticeable"
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 8/73
1.5 How Much Can Be Hidden?
How much longer message can be hidden inside the image file is totally
depended on the size of that imported/specified image file or the resolution of that
image file. Suppose here, we are using the image file that have the 800-horizontal
pixels and 640-vertical pixels so it includes the total no of pixels 5,12,000 and for one
bit we are using one pixel. So there are 64,000 bytes can be hidden inside the image file
in my application. If we are changing or replacing the least two significant bits of the
pixel values we can hide more no. of bytes inside the image file. The change in the two
least significant bits value does not affect even the actual image that is no differentiate
by any one in any no of look.
There is no limit of how much data can be hidden inside the image file, because
there is data which can be hidden inside the image file may be in the form of the text
(.txt) file, audio file, & also it may bi in the form of video, image file. So the limit of the
hidden data is depended on the file format of the data which you want to hide inside the
image file. The file format for the .bmp image file is shown letter on in next chapter.
Steganalysis is the name given to the techniques used to identify images that
have been altered, but intercepting a steganographic message is hugely difficult. It
involves having knowledge of a suspected sender or recipient, access to the suspect’s
computer and/or e-mail account, and an examination of the files on that system, not
easy to get done in a free society. It’s enough to keep the good guys awake at night.
1.6 Steganography vs. Cryptography
Basically, the purpose of cryptography and steganography is to provide secret
communication. However, steganography is not the same as cryptography.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 9/73
Cryptography hides the contents of a secret message from a malicious people, where as
steganography even conceals the existence of the message. Steganography must not be
confused with cryptography, where we transform the message so as to make it meaning
obscure to a malicious people who intercept it. Therefore, the definition of breaking the
system is different. In cryptography, the system is broken when the attacker can read the
secret message. Breaking a steganographic system need the attacker to detect that
steganography has been used and he is able to read the embedded message.
In cryptography, the structure of a message is scrambled to make it meaningless
and unintelligible unless the decryption key is available. It makes no attempt to disguise
or hide the encoded message. Basically, cryptography offers the ability of transmitting
information between persons in a way that prevents a third party from reading it.
Cryptography can also provide authentication for verifying the identity of someone or
something.
In contrast, steganography does not alter the structure of the secret message, but
hides it inside a cover-image so it cannot be seen. A message in cipher text, for
instance, might arouse suspicion on the part of the recipient while an “invisible”
message created with steganographic methods will not. In other words, steganography
prevents an unintended recipient from suspecting that the data exists. In addition, the
security of classical steganography system relies on secrecy of the data encoding
system. Once the encoding system is known, the steganography system is defeated.
It is possible to combine the techniques by encrypting message using
cryptography and then hiding the encrypted message using steganography. The
resulting stego-image can be transmitted without revealing that secret information is
being exchanged. Furthermore, even if an attacker were to defeat the steganographic
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 10/73
technique and detect the message from the stego-object, he would still require the
cryptographic decoding key to decipher the encrypted message.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 11/73
Chapter 2 - Attacks on Steganographic Systems
2.1 Breaking the Steganographic Utilities
The majority of steganographic utilities for confidential communication suffer
from fundamental weaknesses. On the way to more secure steganographic algorithms,
the development of attacks is essential to assess security. Both visual attacks, making
use of the ability of humans to clearly discern between noise and visual patterns, and
statistical attacks which are much easier to automate. The visual attacks exemplify that
software suffer from the misassumption that least significant bits of image data are
uncorrelated noise. [6]
By the visual attacks, we will reveal that this assumption is wrong. The majority
of steganographic algorithms embed messages replacing carefully selected bits by
message bits. Actually, it is difficult to distinguish randomness and image contents by
machine, and it is even more difficult to distinguish least significant bits and random
bits. It is extremely difficult to specify permissible image content in a formal way. A
substitute is having people realize what image content is. However, the border becomes
blurred and depends on our imagination. The human sight is trained to recognize known
things. This human ability is used for the visual attacks. Represents the least significant
bits, which is actually not an attack on steganography.
2.2 Threats to Steganography Techniques
2.2.1 Least Significant Bit (LSB)
Least-significant bit steganography in Matlab by replacing the green channel of
a cover image with the message bit stream XORed with a pseudorandom key. The
message used was a 1-bit image of equal size to the cover image, but this technique can
be used for messages of any length up to 3NM in a N by M color image.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 12/73
Matlab Code for Pseudocode demonstrating simple LSB embedding
I = cover image
M = message
K = pseudorandom keystream
I = I - mod(I,2);
T=xor(M,K);
I=I+T
By using messages smaller than the image and then spreading the message out in a
simple way, for example skipping a key-determined pseudorandom number of pixels,
some of the described attacks can be defeated. The results of such embedding are
visually indistinguishable, as shown in Figure 2.1. Although simple, this technique, with
some variation, is widely used.
Visual Attacks
As mentioned previously, least-significant bits are not in fact pseudorandom.
Therefore, changing these bits in an image to pseudorandom noise should be detectible.
This can be shown by simply amplifying and examining the least-significant bits of the
(a)Original Image (b) Image with Embedded data
Figure 2.1: Visual Effect of Least Significant Bit Embedding
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 13/73
image, as shown in Figure 2.1. If embedding had been performed in all three color
channels, the effect would be even more pronounced.
(a)Unmodified Image
(b)Image Embedded with data
Figure 2.2: Effect of Least Significant bit Embedding
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 14/73
Chi-square Attacks
This attack can be automated using statistical techniques. As the embedded data
is pseudorandom and the natural image data is not, a test for randomness should let us
differentiate between a natural image and one with pseudorandom data embedded in it.
The chi-squared statistic is a measure of fit between two discrete distributions, and is:
(1)
To apply it here, measure the frequency of pixels of each value, and then derive an
expected value for each using the assumption that the least-significant bits are random;
with this assumption, the expected value for f is:
∗ = +(2)
Then a distribution with i=2 bins, each containing the frequency of the even bit values.
The expected frequencies calculated for each bin as shown above, and the “x2” value is
then calculated by:
(3)
To use this value to give a probability of embedding, we integrate to find the area under
the probability density function:
= − ( − / )(3)
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 15/73
This is implemented and tested it on several images with varying lengths of embedded
message using the following Matlab code.
Matlab Code for Matlab code for computing probability of LSB consisting of
pseudorandom data
G = imread(’image. tif ’ );
Bins(256)=0;
tsize =size(G);
Chis( tsize (1))=0;
P(tsize(1))=0;
for i=1: tsize (1),
%count pixel frequency
for j=1: tsize (2),
Bins(G(i,j)+1)=Bins(G(i,j)+1)+1;
end
% calculate chi squared
chi2=0;
for k=1:127
nexp=(Bins(2 k1)+Bins(2 k))/2;
if (nexp>5)
chi2=chi2+((Bins(2 k)nexp)ˆ2)/nexp;
end
end
Chis(i)=chi2;
end
% calculate P
xu=chi2;
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 16/73
r=127;
rOver2 = 0.5*r;
gammaval = gamma(rOver2);
F = @(x)x.ˆ(rOver21). exp(0.5*x)/gamma(rOver2)/2ˆrOver2;
if xu == inf
prob = 1
else
prob = quad(F,0,xu);
end
P(i)=1prob;
end
%plot graph
plot(P);
(a) Unmodified Image
(b) Image with message Embedded
(c) Message Embedded in first half of imageFigure 2.3: LSB: Cumulative Probabilities of embadding, drived from x2
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 17/73
Graphs of the probability of embedding against the cumulative number of rows being
examined is shown in figure 2.3. This method clearly and unambiguously differentiates
between modified and original images, and the case of partial embedding detects the
point where the embedding stops.
2.2.2 JSTEG
JSTEG works by embeding each message bit into more than one bit of the cover
image, to reduce the detectible effects of the embedding. This is achieved tby
transforming the image by dividing it into blocks and applying the discrete cosine
transform, and then altering coefficients and transforming back. This results to each
message bit affecting an whole block in the cover image, making it difficult to detect
the changes.[1]
JSTEG implementation consists of two nested parts. The outer part applies the
DCT, quantizes the coefficients, and inverts the transform. In between quantization and
the inversion, the inner stage embeds the message in the least significant bits of the
coefficients. There are a couple of subtleties; the algorithm avoids embedding data in
coefficients whose value is zero, as this usually is due to quantization, which means that
values other than zero will raise suspicion, and recompression (with the same
quantization table) will destroy the message bit. JSTEG is more fragile than the
previous technique described for this reason, as a change leading to non-zero
coefficients becoming zero will lead to the output bitstream becoming out of sync, while
with simple LSB embedding changes can just lead to flipped bits in the output.
Matlab Code for Pseudocode demonstrating JSTEG embedding
I = cover image
M = message
K = pseudorandom keystream
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 18/73
T = DCT(I, blocksize)
quantize(T, quantization table )
progress=0
for each element i of T:
if (i!=0 && i != max i )
setLSB(i, M(progress))
progress++
end
if (progress>size(M)) break
end
I=inverseDCT(T, blocksize)
Visual Attacks
Images with messages embedded using JSTEG are not susceptible to the simple
visual attacks demonstrated above. This is because the changes to the coefficients do
not simply alter bits in the final image in a predictable manner, but instead affect entire
blocks of the image in ways that cannot easily be perceived, even when examining the
least-significant bits of the image.
(a) Unmodified Image (b) Image with embedded data
Figure 2.4: Visual effect of JSTEG embedding
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 18/73
T = DCT(I, blocksize)
quantize(T, quantization table )
progress=0
for each element i of T:
if (i!=0 && i != max i )
setLSB(i, M(progress))
progress++
end
if (progress>size(M)) break
end
I=inverseDCT(T, blocksize)
Visual Attacks
Images with messages embedded using JSTEG are not susceptible to the simple
visual attacks demonstrated above. This is because the changes to the coefficients do
not simply alter bits in the final image in a predictable manner, but instead affect entire
blocks of the image in ways that cannot easily be perceived, even when examining the
least-significant bits of the image.
(a) Unmodified Image (b) Image with embedded data
Figure 2.4: Visual effect of JSTEG embedding
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 18/73
T = DCT(I, blocksize)
quantize(T, quantization table )
progress=0
for each element i of T:
if (i!=0 && i != max i )
setLSB(i, M(progress))
progress++
end
if (progress>size(M)) break
end
I=inverseDCT(T, blocksize)
Visual Attacks
Images with messages embedded using JSTEG are not susceptible to the simple
visual attacks demonstrated above. This is because the changes to the coefficients do
not simply alter bits in the final image in a predictable manner, but instead affect entire
blocks of the image in ways that cannot easily be perceived, even when examining the
least-significant bits of the image.
(a) Unmodified Image (b) Image with embedded data
Figure 2.4: Visual effect of JSTEG embedding
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 19/73
(a) Image after DCT/inverse DCT application, no message embedded
(b) image with message embeddedFigure 2.5: JSTEG: Least significant bits
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 20/73
Figure 2.5 shows that The least-significant bits of a cover image, the same
image passed through the DCT/inverse DCT algorithm without having any of its
coefficients altered (i.e. there is no embedded message), and the image with a message
embedded. Although there is a clear difference between the latter two images, it is not
apparent that one is more random than the other, and in general human observers cannot
determine whether pseudorandom data has been inserted into the DCT coefficients.
Chi-square Attacks
Although the least-significant bits of the image do not exhibit pseudorandom
properties, the DCT coefficients into which message bits were hidden do. Therefore, if
we know the transform performed, in this case the discrete cosine transform with an 8x8
block size, we can recreate the coefficients and analyze them to determine if they are
drawn from a pseudorandom distribution.
(a) Unmodified Image
(b) Image after DCT/inverse DCT application, no message embedded
(c) Image with embedded message
Figure 2.6: JSTEG: Cumulative probabilities of embedding, derived from x2
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 21/73
The embedding algorithm is reversed to extract the least-significant bit of each
coefficient which is not zero or maximum, and then the chi square statistic and
embedding probability are computed as in the simpler attack.
Figure 2.6 shows the resulting graphs; (a) shows the original image, (b) shows
the probability graph resulting from applying the algorithm without a message, i.e.
performing the transform and then inverting it, to show that this doe not cause false
positives, and (c) shows the graph of an image with an embedded message.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 22/73
Chapter 3 - BMP Image File Format
3.1 Introduction
The .bmp file format is the standard for a Windows 3.0 or later DIB(device
independent bitmap) file. It may use compression and is not efficient enough to store
animation. There are different ways to compress a .bmp-file, but they are so rarely used.
The image data itself may contain references to entries in a color table or literal RGB
values.
3.2 Basic structure
A .bmp file contains of the following data structures:
BIT MAP FILE HEADER bmfh;
BIT MAP INFO HEADER bmih;
RGB QUAD aColors[];
BYTE aBitmapBits[];
Table 3.1: BMP file data structure
bmfh contains some information about the bitmap file. bmih contains information about
the bitmap such as size and colors. The rest is the image data, which format is specified
by the bmih structure.
3.3 Exact structure
The following tables give exact information regarding the data structures and
also contain the settings for a bitmap with the dimensions: size 100x100, 256 colors, no
compression. The Location of the byte in the file at which the explained data element of
the structure starts is the start value, the size-value contains the number of bytes used by
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 23/73
this data element, the name-value is the name assigned to this data element by the
Microsoft API documentation. Stdvalue stands for standard value.
a) The BITMAP FILE HEADER
Start Size Name Std value Purpose
1 2 bfType 19778must always be set to 'BM' to declare that this is a
.bmp-file.
3 4 bfSize ?? specifies the size of the file in bytes.
7 2 bfReserved1 0 must always be set to zero.
9 2 bfReserved2 0 must always be set to zero.
11 4 bfOffBits 1078specifies the offset from the beginning of the file
to the bitmap data.
Table 3.2: The Bitmap File Header
b) The BITMAP INFO HEADER
Start Size Name Stdvalue Purpose
15 4 biSize 40specifies the size of the
BITMAPINFOHEADER structure, in bytes.
19 4 biWidth 100 specifies the width of the image, in pixels.
23 4 biHeight 100 specifies the height of the image, in pixels.
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 24/73
27 2 biPlanes 1specifies the number of planes of the target
device, must be set to zero.
29 2 biBitCount 8 specifies the number of bits per pixel.
31 4 biCompression 0Specifies the type of compression, usually set
to zero (no compression).
35 4 biSizeImage 0
specifies the size of the image data, in bytes. If
there is no compression, it is valid to set this
member to zero.
39 4 biXPelsPerMeter 0
specifies the the horizontal pixels per meter on
the designated targer device, usually set to
zero.
43 4 biYPelsPerMeter 0
specifies the the vertical pixels per meter on
the designated targer device, usually set to
zero.
47 4 biClrUsed 0
specifies the number of colors used in the
bitmap, if set to zero the number of colors is
calculated using the biBitCount member.
51 4 biClrImportant 0
specifies the number of color that are
'important' for the bitmap, if set to zero, all
colors are important.
Table 3.3: Bitmap Info Header
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 25/73
c) The RGBQUAD array
Start Size Name Stdvalue Purpose
1 1 rgbBlue - specifies the blue part of the color.
2 1 rgbGreen - specifies the green part of the color.
3 1 rgbRed - specifies the red part of the color.
4 1 rgbReserved - must always be set to zero.
Table 3.4: RGB QUAD Array
In a color table (RGBQUAD), the specification for a color starts with the blue byte.
3.4 The Pixel Data
It is important to notice that the rows of a DIB are stored upside down. That
means that the top most row which appears on the screen actually is the lowest row
stored in the bitmap.
Another important thing is that the number of bytes in one row must always be adjusted
to fit into the border of a multiple of four. Simply add zero bytes until the number of
bytes in a row reaches a multiple of four, an example:
6 bytes that represent a row in the bitmap:
A0 37 F2 8B 31 C4
must be saved as:
A0 37 F2 8B 31 C4 00 00
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 26/73
Chapter 4 - Methods for Steganography
4.1 Stegosystem
The stegosystem is conceptually similar to the cryptosystem.
Figure 4.1: Stegosystem
emb : The message to be embedded.
cover: Medium in which emb will be embedded.
stego: Modified version of the cover that contains the embedded message, emb.
key: Additional data that is needed for embedding & extracting.
Here is a graphical version of the stegosystem:
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 26/73
Chapter 4 - Methods for Steganography
4.1 Stegosystem
The stegosystem is conceptually similar to the cryptosystem.
Figure 4.1: Stegosystem
emb : The message to be embedded.
cover: Medium in which emb will be embedded.
stego: Modified version of the cover that contains the embedded message, emb.
key: Additional data that is needed for embedding & extracting.
Here is a graphical version of the stegosystem:
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 26/73
Chapter 4 - Methods for Steganography
4.1 Stegosystem
The stegosystem is conceptually similar to the cryptosystem.
Figure 4.1: Stegosystem
emb : The message to be embedded.
cover: Medium in which emb will be embedded.
stego: Modified version of the cover that contains the embedded message, emb.
key: Additional data that is needed for embedding & extracting.
Here is a graphical version of the stegosystem:
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 27/73
4.2 Digital Image
In order to understand how steganography is applied to digital images, one must
understand what digital images are.
Figure 4.3: Pre/Post Processed Stegano Image
Figure 4.2: Graphical Version of Stegosys
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 28/73
On a computer, an image is an array of numbers that represent light intensities at
various points (pixels). Images can have 8 bits per pixel or 24 bits per pixel.
With 8 bits/pixel, there are 28, or 256, color varieties. With 24 bits/ pixel there are 224,
or 16,777,216, color varieties.
Color variation for a pixel is derived from 3 primary colors: Red, Green, and Blue.
24 bit image example:
24 bit images use 3 bytes to represent a color value (8 bits = 1 byte)
Color R G B
Pixel Value 00100111 11101001 11001000
Table 4.1: 24 bit pixel value
4.3 Least Significant Bit Insertion (LSB)
“The idea behind the LSB algorithm is to insert the bits of the hidden message into the
least significant bits of the pixels.”
Simplified Example with a 24 bit pixel
Pixel Value R G B
Before 00100111 11101001 11001000
After 00100111 11101000 11001001
Table 4.2: An Example with a 24 bit pixel
Simplified Example with an 8 bit pixel
Pixel Value White R G B
Before 00 01 10 11
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 29/73
After 00 00 11 11
Table 4.3: An example with an 8 bit pixel
Disadvantages of LSB Insertion
With the 8 bit pixel, applying LSB insertions can alter the color of the pixel.
This could lead to noticeable differences from the cover image to the stego image.
Color variations are less with 24 bit images.
Advantage of LSB Insertion
A major advantage of the LSB algorithm is it is quick and easy. LSB insertion
also works well with gray-scale images.
4.4 Algorithms and Transformations
Another steganography method is to hide data in mathematical functions that are
in compression algorithms. Function is Discrete Cosine Transformation (DCT).
The DCT transform data from one domain into another. The DCT function
transforms that data from a spatial domain to a frequency domain.
Figure 4.4: Discrete Cosine Transformation
The DCT function
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 29/73
After 00 00 11 11
Table 4.3: An example with an 8 bit pixel
Disadvantages of LSB Insertion
With the 8 bit pixel, applying LSB insertions can alter the color of the pixel.
This could lead to noticeable differences from the cover image to the stego image.
Color variations are less with 24 bit images.
Advantage of LSB Insertion
A major advantage of the LSB algorithm is it is quick and easy. LSB insertion
also works well with gray-scale images.
4.4 Algorithms and Transformations
Another steganography method is to hide data in mathematical functions that are
in compression algorithms. Function is Discrete Cosine Transformation (DCT).
The DCT transform data from one domain into another. The DCT function
transforms that data from a spatial domain to a frequency domain.
Figure 4.4: Discrete Cosine Transformation
The DCT function
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 29/73
After 00 00 11 11
Table 4.3: An example with an 8 bit pixel
Disadvantages of LSB Insertion
With the 8 bit pixel, applying LSB insertions can alter the color of the pixel.
This could lead to noticeable differences from the cover image to the stego image.
Color variations are less with 24 bit images.
Advantage of LSB Insertion
A major advantage of the LSB algorithm is it is quick and easy. LSB insertion
also works well with gray-scale images.
4.4 Algorithms and Transformations
Another steganography method is to hide data in mathematical functions that are
in compression algorithms. Function is Discrete Cosine Transformation (DCT).
The DCT transform data from one domain into another. The DCT function
transforms that data from a spatial domain to a frequency domain.
Figure 4.4: Discrete Cosine Transformation
The DCT function
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 30/73
Another example for the steganography system
r1 = temp
%2
t = r1
g1 = (temp-T)/2
%2
t = t+2*g
b1 = (temp-T)/4
%2
r = r-r
%2+r1
g = g-g
%2+g1
b = b-b
%2+b1
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 31/73
To Decode the Hidden Data
Figure 4.5: Decoding
Steps to be performed
Take the transform of the modified image
Find the coefficients below a certain threshold
Extract bits of data from these coefficients
Combine the bits into an actual message
4.5 Masking and Filtering
Masking and filtering techniques, usually restricted to 24-bit and gray-scale
images, hide information by marking an image, in a matter similar to paper watermarks.
Watermarking technique may be applied without fear of image destruction due to lossy
compression because they are more integrated into image. [7]
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 32/73
Visible watermarks are not steganography by definition. The difference is
primarily one of intent. Traditional steganography conceal information; watermark
extends information and become an attribute of the cover image. Digital watermark may
include such information as copyright, ownership, or license, as shown in Figure 4.6. In
steganograpghy, the object of communication is hidden message. In digital watermarks,
the object of the communication is the cover.
To create the watermarked image in figure 4.6, the luminance of the masked
area is increased be 15 percent. If luminance is changed by smaller percentage, the mask
would be undetected by human eye. Now watermarked image can be used to hide
plaintext or encoded information.
Masking is more robust than LSB insertion with respect to compression,
cropping and some image processing. Masking techniques embed information in
significant areas so that the hidden message is more integral to cover image than just
hiding it in the “noise” level. This makes it more suitable than LSB with, for instance,
lossy JPEG image.
Figure 4.6: Watermarked Image
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 33/73
4.6 Jpeg-Jsteg
One steganography tool that integrates the compression algorithm for hiding
information is Jpeg-Jsteg. Jpeg-Jesteg creates a JPEG stego image from the input of the
message to be hidden and a lossless cover image. According to the independent JPEG
group JPEG software has been modified for 1-bit steganography in JIFF output files,
which are composed of lossy and nonlossy sections. The software combines the message
and the cover images using the JPEG algorithm to create lossy JPEG stego-images.
4.7 Ezstego
EzStego embeds data in GIF images, by altering the colors of pixels. To do this
imperceptibly, it sorts the image’s palette to minimize the perceptual distance between
consecutive colors. This is achieved by finding the shortest-path between the palette
colors within the RGB color space cube. Then, the message is embedded by altering
pixels, in order, so that the least significant bits of the pixels’ indexes into the sorted
palette are the message bits.
4.8 Redundant pattern encoding
Using the redundant bit encoding, one must trade off message size against
robustness. For example, a small message may be painted many times over an image as
shown in figure 4.6 so that if the stego-image is cropped, there is a high probability that
the watermarked can still be read. A large message may be embedded only once
because it will occupy a much greater portion of the image area.
4.9 Encryption and Scattering
This technique encrypts and scatters the data throughout the image. Scattering
the message makes it appear more like noise. Proponents of this approach assume that
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 34/73
even if the message bits are extracted, they will be useless without algorithm and stego-
key to decode them. For example, the white noise storm tool is based on spread
spectrum technology and frequency hopping, which scatter the message throughout the
image. Instead of having x channels of communication that are changed with a fixed
formula and passkey. White Noise Storm spreads eight channel within a random
number generated by the previous window size and data channel. Each channel
represents 1-bit, so each image window holds 1 byte of information and many unused
bits. These channel rotate, swap and interlace among themselves to yield a different bit
permutation. For instance, bit 1 might be swapped with bit 7, or both bits mat rotate one
position to right. The rules for swapping are dictated by the stego-key and by the
previous window’s random data (similar to DES block encryption).
Scattering and Encryption helps protect against hidden message extraction but
not against message destruction through image processing. A scattered message in the
image’s LSBs is still as vulnerable to destruction from lossy compression and image
processing as is a clear-text message inserted in LSBs.
4.10 Spread Spectrum
Spread spectrum techniques are "means of transmission in which the signal
occupies a bandwidth in excess of the minimum necessary to send the information; the
band spread is accomplished by means of a code which is independent of the data, and a
synchronized reception with the code at the receiver is used for de-spreading and
subsequent data recovery." Although the power of the signal to be transmitted can be
large, the signal-to-noise ratio in every frequency band will be small. Even if parts of
the signal could be removed in several frequency bands, enough information should be
present in the other bands to recover the signal. Thus, SS makes it difficult to detect
and/or remove a signal. This situation is very similar to a steganography system which
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 35/73
tries to spread a secret message over a cover in order to make it impossible to perceive.
Since spreaded signals tend to be difficult to remove, embedding methods based on SS
should provide a considerable level of robustness. Spread Spectrum methods are of
increasing importance in the field of information hiding.
In information hiding, two special variants of SS are generally used: direct-
sequence and frequency-hopping schemes. In direct-sequence schemes, the secret signal
is spread by a constant called chip rate, modulated with a pseudorandom signal and
added to the cover. On the other hand, in frequency-hopping schemes the frequency of
the carrier signal is altered in a way that it hops rapidly from one frequency to another.
SS are widely used in the context of watermarking.
Spread spectrum techniques for watermarking purposes have aroused a lot of
interest. The reasons for this are very similar to the arguments for using SS techniques
in steganography. Generally, the message used to watermark is a narrow-band signal
compared to the wide band of the cover (image). Spread spectrum techniques applied to
the message allow the frequency bands to be matched before transmitting the message
(watermark) through the covert channel (image). Furthermore, high frequencies are
relevant for the invisibility of the watermarked message but are inefficient as far as
robustness is concerned, whereas low frequencies are of interest with regard to
robustness but are useless because of the unacceptable visible impact. Spread spectrum
can reconcile these conflicting points by allowing a low-energy signal to be embedded
in each one of the frequency bands. Spread spectrum techniques also offer the
possibility of protecting the watermark privacy using a secret key to control a pseudo
noise generator. [8]
A practical watermarking scheme is presented here. This method is part of a
video scheme. Nevertheless, it is also applicable to still images. Let af (aj € {-1, 1}), be
a binary signal. From ai we derive a signal bi which is a temporal stretching of ai
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 36/73
(1)
“cr” is the chirp rate. Now a modulation is performed between bi and a pseudo
noise signal pi in order to obtain the watermark signal which will be directly embedded
in image vp
(2)
Where α is a strength factor controlling the robustness verses visibility trade-off. The
final embedding formula is
(3)
Where vi denotes the watermarked image.
The basic idea of watermark recovery is to demodulate the received signal and
to add each signal component corresponding to each piece of binary information,
(4)
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 37/73
Assuming that the pi signal is zero-mean and is statically independent with vi, we can
expect sj to be
(5)
Thus, aj is given by
(6)
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 38/73
Chapter 5 - Data Flow Diagrams
5.1 1st Level DFD at server side
User Hide
Original message to hide
Image inside which you want to hide message
Modified imagefile
Exception & Image insidewhich message has been
hidden
Figure 5.1: First level DFD at server side
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 39/73
5.2 2nd Level DFD at Server Side
Figure 5.2: Second Level DFD at Server Side
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 40/73
5.3 1st Level DFD at Client Side
Figure 5.3: First Level DFD at Client Side
TNTU – Olympia College B.Sc. (Hons) in Computer Systems Engineering (Networking)
Increasing Network Security Using Steganography Page 41/73