Steganography

Paul Gretes

Gangster pay ho

Dennis Pattersonno sniper DNA testA lepers gut

Topics

Driving Interest and Examples Prisoner’s Problem Public/Private Key Steganography Attacks Basic Theory Watermarking/Fingerprinting

phgloji

m

ei

ss

un

afyn e

i

r sn

r

Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils.

Intercepted message:

phgloji

m

ei

ss

un

afyn e

i

r sn

r

(Perishing sails from NY June I)

Steganography

Comes from the greek words and – literally, “covered writing”

Steganography conceals the fact that a message even exists.

Driving Interest behind Steganography

Military and Intelligence agencies

– Battlefield Communications Criminals

– Or terrorists (Bin Laden suspected use) Law Enforcement and counter intelligence agencies

– Interested in weaknesses

Earlier Examples

Prisoners hid messages in letters home using the dots and dashes on i, j, t, & f to spell out a hidden text in Morse Code

Herodotus tells us Histiaeus shaved the head of his most trusted slave and tattooed it with a message which disappeared after the hair had regrown.

Example

Steganography diagram

Definitions…

Embedded data – message you want to send Cover object – text, image, audio, or other object to hide

data in Stego-key – used to control hiding process Stego-object – resulting object when data is hidden in

cover object Robustness –>

Steganography in pictures

How?– Least Significant Bit Insertion

– Masking and Filtering

• More robust than LSB Insertion

– Algorithms and Transformations

LSB Insertion

3 pixels of a picture might be (without compression) (00100111 11101001 11001000)

(00100111 11001000 11101001)

(11001000 00100111 11101001)

Binary value for A is 10000011 New data for 3 pixels would be (00100111 11101000 11001000)

(00100110 11001000 11101000)

(11001000 00100111 11101001)

Change won’t be visually noticeable!

Steganography in Audio

Echo hiding

– We cannot perceive short echoes (millisecond short)

– Introduce two types of short echo with different delays to encode zeros and ones

Example program: MP3Stego

– Information hidden during compression process

Aphex Twin

Steganography in Programs

Example program: Hydan– Exploits redundancy in the i386 instruction set by

defining sets of functionally equivalent instructions

• Can add 50 or subtract –50

• XOR DX,DX MOV BX, 4MOV AX,3 versus MOV AX, 3MOV BX,4 XOR DX, DXMUL BX MUL BX

– Same code, new order---when paired with original, can give meaning

Marks should not degrade the perceived quality of the work

Detecting the presence and/or value of a mark should require knowledge of a secret

Multiple marks should not interfere with each other Mark should survive all attacks that do not degrade work’s

perceived quality– Resampling, dithering, compression, and combinations

of these

Qualities of a Robust Marking System

Channels

Covert Channels– Usually non-digital– Flower pot example

Subliminal channel– Exploits existing randomness– Regular communication through stego-object

“Supraliminal” channel– Low bandwidth – maybe establish session key– Information not hidden but cannot be modified

• Example: a novel

Prisoners’ Problem Two individuals attempt to communicate covertly without

alerting a “warden” who controls the communications channel

Prisoners’ Problem, continued

Passive Warden – monitors traffic and signal to some process outside the system if unauthorized message traffic is detected; (just spies on channel)

Active Warden – tries to remove all possible covert messages from cover texts that pass through their hands; (can slightly modify data being sent)– Much harder to deal with

Pure Steganography

In the best case, prisoners would not have to communicate prior to imprisonment (to trade encryption keys)

Is it possible?

– Very difficult to engineer

Public/Private Key Steganography

Intertwined with Prisoner’s Problem Private-Key Steganography assumes that Alice and

Bob are allowed to share a secret key prior to imprisonment, or even trade public keys

Public-Key Steganography – shared key isn’t necessary – one only needs to know the other’s public key (may have to check all objects for messages)

Role of Randomness

Average information rate given by entropy Example: entropy of monochrome images is generally

around 4 – 6 bits/pixel

– Use this difference to hide information

– All the gain provided by compression is used for hiding

Watermarking/Fingerprinting Cousin to steganography Not limited to images (but is main focus) Fingerprint – hidden serial number Watermarking – hidden copyright message

– Visible• Company logo (image)

– Invisible• More applications• Fragile – mark destroyed if image manipulated (ex: in

Court)• Robust – mark is resistant to image manipulation

(verify ownership)

Types of Marking

Private Marking – require original for comparison– What if original is tampered with?

Public Marking (or Blind Marking) – requires neither secret original or embedded mark– More challenging– More useful

Attacks Robustness attack

– Try to diminish or remove mark Presentation attack

– Modify content such that detector cannot find mark

Interpretation attack– Devise a situation which prevents assertion of

ownerships Many attacks are combinations of above

Original image

Rotated

Stretched

Cropped

Blurred(would more likely be a combination of manipulations)

Robustness Attacks

Robustness Attacks

Program: StirMark– Slightly stretches, shifts, bends, rotates by

an unnoticeable, random amount. Then, adds a low frequency deviation to each pixel. Also adds smoothly distributed error.

Attack on Echo Hiding– Try to detect echo and remove it

Presentation Attack

Mosaic Attack– Chop image into

smaller images

– Prevents web crawlers from finding whole image and checking for watermark

Interpretation Attack

Owner of document d encodes watermark w, publishes the marked version d + w and has no other proof of ownership.

Attacker registers his watermark as w’ can claim that original unmarked version of it was d + w – w’.

Goal: discover covert messages Extended 2 tests Stuff way to complicated for this presentation

Statistical Steganalysis

Conclusions/Summary

Complicated Many methods of implementation Implementation depends on situation

– Many situations

– Many assumptions Must ensure robustness (in most cases)

Works used Most information:

– Fabien A. P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn. Information hiding - a survey. Proceedings of the IEEE, 87(7), pp. 1062-1078, July 1999.

– Neil F. Johnson, Sushil Jajodia. Exploring Steganography: Seeing the Unseen, IEEE Computer, February 1998. pp. 26-34

– Niels Provos. Defending Against Statistical Steganalysis. In Proceedings of the 10th USENIX Security Symposium, pages 323-335, August 2001.

– R. Anderson, "Stretching the limits of steganography," in Information Hiding, Springer Lecture Notes in Computer Science vol. 1174, pp. 39--48, 1996.

– R. Anderson and F. Petitcolas. On the limits of steganography, ieee journal on selceted areas in communications 16, pp. 474-481, may 1998., 1998.

– ‘Resolving Rightful Ownerships with Invisible Watermarking Techniques: Limitations, Attacks, and Implications.’ Craver, N. Memon, B.-L. Yeo, M. M. Yeung, IEEE Journal of Selected Areas in Communications, vol. 16 no. 4 pp. 573–586, May 1998, Special issue on copyright & privacy protection.

– S. Craver, "On Public-Key Steganography in the Presence of an Active Warden." in Information Hiding II, Springer Lecture Notes in Computer Science v 1525 (April 1996), pp 355—368.

Other information: various websites