Top Banner

Click here to load reader

Effect of image downsampling on steganographic · PDF file1 Effect of image downsampling on steganographic security Jan Kodovský, Member, IEEE and Jessica Fridrich, Member, IEEE

May 17, 2019





Effect of image downsampling on steganographic

securityJan Kodovsk, Member, IEEE and Jessica Fridrich, Member, IEEE

AbstractThe accuracy of steganalysis in digital im-ages primarily depends on the statistical properties ofneighboring pixels, which are strongly affected by theimage acquisition pipeline as well as any processingapplied to the image. In this paper, we study how thedetectability of embedding changes is affected when thecover image is downsampled prior to embedding. Thistopic is important for practitioners because the vastmajority of images posted on websites, image sharingportals, or attached to e-mails are downsampled. It isalso relevant to researchers as the security of stegano-graphic algorithms is commonly evaluated on databasesof downsampled images. In the first part of this paper,we investigate empirically how the steganalysis resultsdepend on the parameters of the resizing algorithm the choice of the interpolation kernel, the scaling factor(resize ratio), anti-aliasing, and the downsampled pixelgrid alignment. We report on several novel phenomenathat appear valid universally across the tested coversources, steganographic methods, and the steganalysisfeatures. The paper continues with a theoretical analy-sis of the simplest interpolation kernel the box kernel.By fitting a Markov chain model to pixel rows, weanalytically compute the Fisher information rate forany mutually independent embedding operation andderive the proper scaling of the secure payload withresizing. For LSB matching and a limited range ofdownscaling, the theory fits experiments rather well,which indicates the existence of a new scaling lawexpressing the length of the secure payload when thecover size is modified by subsampling.

I. Introduction

Steganography is the art of hiding secret messages incover objects. When the object is a digital media file, themessage is typically embedded by slightly changing theindividual cover elements.1

The work on this paper was supported by the Air Force Office ofScientific Research under the research grant FA9550-12-1-0124. TheU.S. Government is authorized to reproduce and distribute reprintsfor Governmental purposes notwithstanding any copyright notationthere on. The views and conclusions contained herein are those of theauthors and should not be interpreted as necessarily representing theofficial policies, either expressed or implied of AFOSR or the U.S.Government.

Jan Kodovsk is currently with Facebook, Inc. His work on thispaper has been done while he was with the Department of Electri-cal and Computer Engineering, Binghamton University, NY, USA.Email: [email protected]

Jessica Fridrich is with the Department of Electrical andComputer Engineering, Binghamton University, NY, USA. Email:[email protected]

Copyright (c) 2013 IEEE. Personal use of this material is permit-ted. However, permission to use this material for any other purposesmust be obtained from the IEEE by sending a request to [email protected]

1This embedding paradigm is known as steganography by covermodification (see, e.g., Chapter 4 in [6]).

In this paper, we deal with covers in the form of digitalimages represented in the spatial domain. The statisticaldetectability of steganographic embedding changes pri-marily depends on the strength and type of dependenciesamong neighboring pixels, which in turn depend on the im-age acquisition pipeline as well as any processing appliedto the image prior to embedding. It is, for example, wellrecognized that embedding changes are very difficult todetect in scans of analogue photographs due to the strongnoise typically present (see, e.g., the results on the NRCSdatabase in [13]). On the other hand, previous JPEGcompression (and low-pass filtering in general) removes thehigh spatial frequency components of the image content(noise), which allows for more accurate steganalysis [8],[2], [10], [17], [13], [21]. The final bit depth representationof the cover image also has a very strong effect on ste-ganalysis [7]. Even simple point-wise operations, such ascontrast/brightness adjustment and gamma correction canhave a very strong impact because of their potential to in-troduce spikes in the first-order statistic of pixel values [3],[25]. The effect of local image variance and saturationon the error of structural steganalyzers appeared in [2].Finally, the impact of the image size on steganalysis isaddressed by the Square Root Law (SRL) of imperfectsteganography [5], [15]. Note that this law pertains to thecase when the cover size is changed by removing/addingcover elements from the same distribution (which is ap-proximately valid when cropping or concatenating imageswhen creating a panorama) and does not address imageresizing, which changes the statistical properties of thecover source.

The main goal of this article is to study the effect ofdownsampling on the detectability of steganographic em-bedding changes. We consider this an important topic forseveral reasons. Full-resolution images are rarely used onthe Internet, and image downscaling is commonly adoptedby many popular high-traffic websites, including socialnetworking websites (Facebook), on-line stores (Amazon,eBay), news websites (CNN, MSNBC), etc. Most of theimage-sharing portals (Picasa Web Albums, Photobucket,Flickr) also utilize image downsampling and some of themallow downloading several different downscaled versions ofa given image.2 Email attachments and presentation slidesare yet another two examples of communication channelswhere resized images are commonly used.

Additionally, for the purpose of benchmarking steganog-

2Many portals also apply lossy JPEG compression to the resizedimages. We note that in this paper we do not study the case whenthe cover images are resized and subsequently JPEG compressed.


raphy and steganalysis, the steganographic communityadopted several image databases that contain resizedimages. Among the most often used databases are theBOSSbase3 and BOWS2.4 BOSSbase was originally usedfor the Break Our Steganographic System (BOSS) com-petition [1] aimed at attacking the content-adaptiveembedding scheme called HUGO (Highly UndetectablesteGO) [24]. Both BOSSbase and BOWS2 images areall downsampled (and cropped) versions of their RAWoriginals. As will be shown in this paper, the outcomeof steganalysis can vary quite dramatically based on thedownscaling algorithm and its parameters. Understandingthese implications is important since practitioners oftentake the steganalysis results obtained on these databasesas an absolute measure of security of a steganographicalgorithm.

In summary, given the proliferation of imagery sub-jected to downscaling, it is rather surprising that, to thebest knowledge of the authors, the effect of resizing onsteganographic security has not yet been methodologicallyaddressed. The only prior art the authors are aware ofis the early conference version of this paper published atIEEE ICASSP in 2013 [18]. Here is the summary of themain differences between [18] and this paper:

1) This manuscript includes experiments on three dif-ferent camera sources while in [18], only a singlesource was used. Furthermore, all images used inthis manuscript are publicly available in their RAWformat to facilitate reproducibility.

2) Instead of steganalysis features constructed using asingle kernel originally proposed in [14], state-of-the-art rich features [9] and SPAM features [23] are usedhere.

3) Besides LSB matching used in [18], we added astate-of-the-art content-adaptive steganographic al-gorithm WOW [12].

4) We include a much more comprehensive study of theeffects of anti-aliasing and kernel-shifting.

We start the next section with a motivational experi-ment showing strikingly different results of steganalysisof HUGO [24] depending on the choice of the resizingkernel used to downsample the original full-resolutionimages forming the BOSSbase. In Section III, we formallyintroduce the process of image downsampling and describeits parameters. We also introduce the common core of allsubsequent experiments in this paper. The first part of themain results of this paper appears in Section IV, wherewe empirically study the effect of the interpolation kernel,downsampling factor, anti-aliasing, and the downsampledgrid alignment on statistical detectability. We point outsome interesting phenomena that appear to hold univer-sally across the tested sources, steganography methods,and steganalysis features. In Section V, we provide atheoretical analysis of the impact of downsampling usingthe nearest neighbor resizing algorithm by adopting a


Markov chain model for the cover source. For this type ofthe cover source and the resizing algorithm, there existsa closed-form expression for the steganographic Fisherinformation rate for any mutually independent embeddingoperation, which allows us to determine the size of thesecure payload that leads to the same level of statisticaldetectability. The paper is concluded in Section VI.

II. Illustrative experiment on BOSSbase

The BOSSbase image database (version 1.01) consistsof 10,000 grayscale images of size 512 512 pixels ob-tained from full-resolution RAW images (coming fromseven different cameras) by executing the following four-step procedure:

1) Image demosaicking (Color Filter Array interpola-tion);

2) Conversion to 8-bit grayscale;3) Downsampling so that the smaller side is 512 pixels;4) Central-cropping to 512 512 pixels.

Image demosaicking was performed using UFRaw,5 whilethe remaining steps were carried out using the ImageMag-icks convert command-line tool with all parameters keptat their default values. The actual script for creatingBOSSbase images is available a