Authorised By

SANTOSH BHARADWAJ REDDY

Email: help@matlabcodes.com
Engineeringpapers.blogspot.com
More Papers and Presentations available on above site

1
 ABSTRACT:
As the information age is growing rapidly and
data becomes highly valuable and sensitive,
methods need to be discovered to protect and
secure sensitive data. One such method that
transfers data over network securely is achieved by
Steganography. This paper deals with some of the
steganographic techniques and detailed look at
hiding information in Image and TCP/IP protocol
that are used frequently in the internet.
Bret and Crystal. Amy wants to send a secret
message (M) to Bret using a random (R) harmless
message to create a cover (C) which can be sent to
Bret without raising suspicion. Amy then changes
the cover message (C) to a stego-object (S) by
embedding the secret message (M) into the cover
message (C) by using a stego-key (K). Amy should
then be able to send the stego-object (S) to Bret
without being detected by Crystal. Bret will then be
able to read the secret message (M) because he
knows the stego-key (K) used to embed it into the
cover message (C).

INTRODUCTION
"Steganography is the art and science of
communicating in a way which hides the existence
of the communication”. This basically
comes down to using unnecessary bits in an
innocent file to store your sensitive data. The
techniques used make it impossible to detect that
there is anything inside the innocent file, but the
intended recipient can obtain the hidden data. This
way, one can not only hide the message itself, but
also the fact that he is sending this message.

GOAL OF STEGANOGRAPHY
In contrast to Cryptography, where the enemy is
allowed to detect, intercept and modify messages
without being able to violate certain security
premises guaranteed by a cryptosystem, the goal of
Steganography is to hide messages inside other
harmless messages in a way that does not allow
any enemy to even detect that there is a second
message present".
A DETAILED LOOK AT
STEGANOGRAPHY
This section discusses Steganography at length and
deals with the different types which we
practice today along with some of the other
principles that are used in Steganography and some
of the Steganographic techniques in use
today. This is where one can look at the nuts and
bolts of Steganography and all the different ways
one can use this technology.
steganography_medium = secret message +
cover message + key [11]
As Fabien A.P. Petitcolas points out, "in a 'perfect'
system, a normal cover should not be
distinguishable from a stego-object, neither by a
human nor by a computer looking for statistical
patterns." In practice, however, this is not always
the case. In order to embed secret data into a cover
message, the cover must contain a sufficient
amount of redundant data or noise. This is because
the embedding process Steganography uses
actually replaces this redundant data with the secret
message. This limits the types of data that one can
use with Steganography.
In practice there are three types of
steganography protocols used. They are Pure
Steganography, Secret Key Steganography and
Public Key Steganography.

Let’s look at what a theoretically perfect Pure Steganography

secret communication. To illustrate this concept,
consider three fictitious characters named Amy,

2
It is defined as a steganographic system that does
not require the exchange of a cipher such as a
stego-key. This method of Steganography is the
least secure means by which to communicate
secretly because the sender and receiver can rely
only upon the presumption that no other parties are
aware of this secret message. Using open systems
such as the Internet, this is not the case at all.
Secret Key Steganography
It is defined as a steganographic system that
requires the exchange of a secret key (stego-key)
prior to communication. Secret Key Steganography
takes a cover message and embeds the secret
message inside of it by using a secret key (stego-
key). Only the parties who know the secret key can
reverse the process and read the secret message.
Unlike Pure Steganography where a perceived
invisible communication channel is present, Secret
Key Steganography exchanges a stego-key, which
makes it more susceptible to interception. The
benefit to Secret Key Steganography is even if it is
intercepted, only parties who know the secret key
can extract the secret message.
Public Key Steganography
It takes the concepts from Public Key
Cryptography as explained below. Public Key
Steganography is defined as a steganographic
system that uses a public key and a private key to
secure the communication between the parties
wanting to communicate secretly. The sender will
use the public key during the encoding process and
only the private key, which has a direct
mathematical relationship with the public key, can
decipher the secret message. Public Key
Steganography provides a more robust way of
implementing a steganographic system because it
can utilize a much more robust and researched
technology in Public Key Cryptography. It also has
multiple levels of security in that unwanted parties
must first suspect the use of steganography and
then they would have to find a way to crack the
algorithm used by the public key system before
they could intercept the secret message.
ENCODING SECRET
MESSAGE IN TEXT
Encoding secret messages in text can be a very
challenging task. This is because text files have a
very small amount of redundant data to replace
with a secret message. Another drawback is the
ease of which text based Steganography can be
altered by an unwanted parties by just changing the
text itself or reformatting the text to some other
form (from .TXT to .PDF, etc.). There are
numerous methods by which to accomplish text
based Steganography.
Line-shift encoding
It involves actually shifting each line of text
vertically up or down by as little as 3 centimeters.
Depending on whether the line was up or down
from the stationary line would equate to a value
that would or could be encoded into a secret
message.
Word-shift encoding
It works in much the same way that line-shift
encoding works, only one can use the horizontal
spaces between words to equate a value for the
hidden message. This method of encoding is less
visible than line-shift encoding but requires that the
text format support variable spacing.
Feature specific encoding
It involves encoding secret messages into
formatted text by changing certain text attributes
such as vertical/horizontal length of letters such as
b, d, etc.
This is by far the hardest text encoding method to
intercept as each type of formatted text has a large
amount of features that can be used for encoding
the secret message. All three of these text based
encoding methods require either the original file or
the knowledge of the original files formatting to be
able to decode the secret messages.
ENCODING SECRET
MESSAGES IN IMAGE
Coding secret messages in digital images is
widely used in the digital world of today. This is
because it can take advantage of the limited power
of the human visual system (HVS). Almost any
plain text, cipher text, image and any other media
that can be encoded into a bit stream can be hidden
in a digital image. With the continued growth of
strong graphics power in computers and the
research being put into image based
Steganography, this field will continue to grow at a
very rapid pace. To the computer, an image is an
array of numbers that represent light intensities at
various points (pixels). These pixels make up the
images raster data. When dealing with digital
images for use with Steganography, 8-bit and 24-
bit per pixel image files are typical. Both have
advantages and disadvantages,
• 8-bit images are a great format to use
because of their relatively small size. The
3
 drawback is that only 256 possible colors
can be used which can be a potential
problem during encoding. Usually a gray
scale color palette is used when dealing
with 8-bit images such as (.GIF) because
its gradual change in color will be harder
to detect after the image has been encoded
with the secret message.
• 24-bit images offer much more flexibility
when used for Steganography. The large
number of colors (over 16 million) that
can be used go well beyond the human
visual system (HVS), which makes it very
hard to detect once a secret message, has
been encoded. The one major drawback to
24-bit digital images is their large size
(usually in MB) makes them more suspect
than the much smaller 8-bit digital images
(usually in KB) when sent over an open
system such as the Internet.
Digital image compression is a good solution to
large digital images such as the 24-bit images.
There are two types of compression techniques.
They are,
• Lossless compression is preferred when
there is a requirement that the original
information remain intact (as with
steganographic images). The original
message can be reconstructed exactly.
This type of compression is typical in GIF
and BMP images.
• Lossy compression, while also saving
space, may not maintain the integrity of
the original image. This method is typical
in JPG images and yields very good
compression.
The popular digital image encoding techniques
used today are least significant bit (LSB) encoding,
masking & filtering, Transformation, spread
spectrum steganography, statistical steganography,
distortion, and covers generation steganography.
The following are some of these techniques.
Least significant bit (LSB) encoding
It is by far the most popular of the coding
techniques used for digital images. By using the
LSB of each byte (8 bits) in an image for a secret
message, one can store 3 bits of data in each pixel
for 24-bit images and 1 bit in each pixel for 8-bit
images.
Logic: A 24-bit bitmap will have 8 bits
representing each of the three color values (red,
green, and blue) at each pixel. If we consider just
the blue there will be 28 different values of blue.
The difference between say 11111111 and
11111110 in the value for blue intensity is likely to
be undetectable by the human eye. If we do it with
the green and the red as well we can get one letter
of ASCII text for every three pixel.
Therefore, the least significant bit can be used
(more or less undetectably) for something else
other than color information. As you can see, much
more information can be stored in a 24-bit image
file. Disadvantage of using LSB alteration are
mainly in the fact that it requires a fairly large
cover image to create a usable amount of hiding
space. Even now a day, uncompressed image of
800 x 600 pixels are not often used on the Internet,
so using these might raise suspicion. Another
disadvantage will arise when compressing an
image concealing a secret using a lossy
compression algorithm. The hidden message will
not survive this operation and is lost after the
transformation.
Masking and filtering
These techniques are usually restricted to 24 bits or
grayscale images; take a different approach to
hiding a message. These methods are effectively
similar to paper watermarks, creating markings in
an image. This can be achieved for example by
modifying the luminance of parts of the image.
While masking does change the visible properties
of an image, it can be done in such a way that the
human eye will not notice the anomalies. Since
masking uses visible aspects of the image, it is
more robust than LSB modification with respect to
compression, cropping and different kinds of image
processing.
Transformations
A more complex way of hiding a secret inside an
image comes with the use and modifications of
discrete cosine transformations. Discrete cosine
transformations (DCT)), are used by the JPEG
compression algorithm to transform successive 8 x
8 pixel blocks of the image, into 64 DCT
coefficients each. It follows Jsteg algorithm
(D.Upham) used JPEG image format. According to
Jsteg algorithm,
Replace sequentially the least-significant bit
of discrete cosine transform coefficients with the
message data .
Logic: The secret data is inserted into the cover
image in the DCT domain. The signature (secret
4
message) DCT coefficients are encoded using a
lattice coding scheme before embedding. Each
block of cover DCT coefficients is first checked for
its texture content and the signatured codes are
appropriately inserted depending on a local texture
measure. Experimental results indicate that high
quality embedding is possible, with no visible
distortions. Signature images can be recovered
even when the embedded data is subject to
significant lossy JPEG compression.
Each DCT coefficient F (u, v) of an 8 x 8 block of
image pixels f(x, y) is given by:
where C(x) = 1/√2 when x equals 0 and C(x) = 1
otherwise. After calculating the coefficients, the
following quantizing operation is performed:
where Q (u, v) is a 64-element quantization table.
A simple pseudo-code algorithm to hide a message
inside a JPEG image could look like this:
Input: message, cover image
Output: steganographic image containing message
while data left to embed do
get next DCT coefficient from cover
image
if DCT . 0 and DCT . 1 then
get next LSB from message
replace DCT LSB with message bit
end if
insert DCT into steganographic image
end while
Although a modification of a single DCT will
affect all 64 image pixels, the LSB of the quantized
DCT coefficient can be used to hide information.
Lossless compressed images will be suspectible to
visual alterations when the LSB are modified. This
is not the case with the above described method, as
it takes place in the frequency domain inside the
image, instead of the spatial domain and therefore
there will be no visible changes to the cover image.
In addition to DCT, images can be processed with
Fast Fourier transform (FFT). FFT is "an
algorithm for computing the Fourier transform of a
set of discrete data values". The FFT expresses a
finite set of data points in terms of its component
frequencies. It also solves the identical inverse
problem of reconstructing a signal from the
frequency data. Thus simple logic for encoding and
decoding using transforms is hiding the data. The
steps are to take the DCT or wavelet transform of
the cover image and find the coefficients below a
specific threshold. Replace these bits with bits to
be hidden (for example, use LSB insertion) and
then take the inverse transform and store it as a
regular image.
Recovering the data To extract the hidden data
take the transform of the modified image and find
the coefficients below a specific threshold. Extract
bits of data from these coefficients and combine
the bits into an actual message.
Patchwork
Patchwork is a statistical technique that uses
redundant pattern encoding to embed a message in
an image. The algorithm adds redundancy to the
hidden information and then scatters it throughout
the image.
Logic: A pseudorandom generator is used to select
two areas of the image (or patches), patch A and
patch B. All the pixels in patch A is lightened
while the pixels in patch B are darkened. In other
words the intensities of the pixels in the one patch
are increased by a constant value, while the pixels
of the other patch are decreased with the same
constant value. The contrast changes in this patch
subset encodes one bit and the changes are
typically small and imperceptible, while not
changing the average luminosity.
A disadvantage of the patchwork approach is that
only one bit is embedded. One can embed more
bits by first dividing the image into sub-images and
applying the embedding to each of them.
The advantage of using this technique is that the
secret message is distributed over the entire image,
so should one patch be destroyed, the others may
still survive. This however, depends on the
message size, since the message can only be
repeated throughout the image if it is small enough.
If the message is too big, it can only be embedded
once.
There are also other methods that are not discussed
in this paper which are of less utility over the
above topics.
5
ENCODING INFORMATION
IN A TCP/IP HEADER
The TCP/IP header contains a number of areas
where information can be stored and sent to a
remote host in a covert manner. Take the following
diagrams which are textual representations of the
IP and TCP headers respectively:
IP Header (Numbers represent bits of data from 0
to 32 and the relative position of the fields in the
datagram)
Fig 5.1 Basic IP Header Structure [4]
TCP Header (Numbers represent bits of data from
0 to 32 and the relative position of the fields in the
diagram.)
Fig 5.2 Basic TCP header structure [4]
Logic: Within each header there are multitudes of
areas that are not used for normal transmission or
are "optional" fields to be set as needed by the
sender of the datagrams. An analysis of the areas of
a typical IP header that are either unused or
optional reveals many possibilities where data can
be stored and transmitted.
For general purposes, this paper focuses on
encapsulation of data in the more mandatory fields.
Because these fields are not as likely to be altered
in transit as say the IP or TCP options fields which
are sometimes changed or stripped off by packet
filtering mechanisms or through fragment re-
assembly. They are
- The IP packet identification field.
- The TCP initial sequence number field.
- The TCP acknowledged sequence number field.
Hence data can be placed into these fields. Though
the ASCII code of character can be placed simply,
it will not look innocent thus some special
techniques are used to encode and decode for much
safety.
Manipulating IP packet identification field
The identification field of the IP protocol helps
with re-assembly of packet data by remote routers
and host systems. Its purpose is to give a unique
value to packets so if fragmentation occurs along a
route, they can be accurately re- assembled. In the
following example, the lines below show a tcp
dump representation of the packets on a network
between two hosts "nemesis.psionic.com" and
"blast.psionic.com". This is one of the packets
received during transmission which has character
„H. in its IP packet identification field.
Manipulating Initial Sequence Number field
(ISN)
The Initial Sequence Number field (ISN) of the
TCP/IP protocol suite enables a client to establish a
reliable protocol negotiation with a remote server.
It is similar to above but here it has 32 bits field,
hence it serves as a perfect medium for
transmitting clandestine data. Consider following
line. Here 1207959552 is ISN. Dividing it by
65536*256 gives 72(i.e., „H.)
Because of the sheer amount of information any
one can represent in a 32 bit address space
(4,294,967,296 numbers), the sequence number
makes an ideal location for storing data. Aside
from the obvious example given above, a number
of other techniques are used to store information in
either a byte fashion, or as bits of information
represented through careful manipulation of the
sequence number. The simple algorithm of the
covert tcp program takes the ASCII value of our
data and converts it to a usable sequence number
Also there are other methods for hiding data in
TCP/IP header that may vary depending on the
type of application and requirement. Also data can
be hidden in audio and video files which are not
discussed in this paper. And they are also widely
used in open environment systems.
APPLICATIONS
The three most popular and researched uses for
steganography in an open systems environment are
covert channels, embedded data and digital
watermarking.
• Covert channels in TCP/IP involve
masking identification information in the
TCP/IP headers to hide the true identity of
one or more systems. This can be very
useful for any secure communications
needs over open systems such as the
6
 Internet when absolute secrecy is needed
for an entire communication process and
not just one document as mentioned next.
• Embedding Data using containers
(cover messages) is by far the most
popular use of Steganography today. This
method of Steganography is very useful
when a party must send a top secret,
private or highly sensitive document over
an open systems environment such as the
Internet. By embedding the hidden data
into the cover message and sending it, you
can gain a sense of security by the fact
that no one knows you have sent more
than a harmless message other than the
intended recipients.
• Digital watermarking is usually used for
copy write reasons by companies or
entities that wish to protect their property
by either embedding their trademark into
their property or by concealing serial
numbers/license information in software,
etc. Digital watermarking is very
important in the detection and prosecution
of software pirates/digital thieves.
CONCLUSION
Although only some of the main image
steganographic techniques were discussed in this
paper, one can see that there exists a large selection
of approaches to hiding information in images. All
the major image file formats have different
methods of hiding messages, with different strong
and weak points respectively. Where one technique
lacks in payload capacity, the other lacks in
robustness. For example, the patchwork approach
has a very high level of robustness against most
type of attacks, but can hide only a very small
amount of information. Least significant bit (LSB)
in both BMP and GIF makes up for this, but both
approaches result in suspicious files that increase
the probability of detection when in the presence of
a warden. Thus for an agent to decide on which
steganographic algorithm to use, he would have to
decide on the type of application he want to use the
algorithm for and if he is willing to compromise on
some features to ensure the security of others.
REFERENCES
[1]. Hide and Seek: An Introduction to
Steganography - Niels Provos and Peter Honeyman
URL: http:// niels.xtdnet.nl/papers/practical.pdf
[2]. Johnson, Neil F., “Steganography”, 2000,
URL: http://www.jjtc.com/stegdoc/index2.html
[3]. Steganography - Wikipedia, the free
encyclopedia_files
URL: http://en.wikipedia.org/wiki/Steganography
[4]. Embedding Covert Channels into TCP/IP -
Steven J. Murdoch and Stephen Lewis
URL: http://www.cl.cam.ac.uk/users/{fsjm217,
srl32g}/
[5]. Krenn, R., “Steganography and Steganalysis”,
URL: http://www.krenn.nl/univ/cry/steg/article.pdf
[6]. Rowland, C.H.: Covert channels in the TCP/IP
protocol suite. First Monday 2 (1997) URL:
http://www.firstmonday.org/issues/issue2_5/rowla
nd/
[7]. Steganography Links & Whitepapers
(Computer Forensics)
URL: http:// www.forensics.nl/steganography/
[8].URL:http://io.acad.athabascau.ca/~grizzlie
[9]. The WEPIN Store, “Steganography (Hidden
Writing)”, 1995,
URL: http://www.wepin.com/pgp/stego.html
[10]. Petitcolas, Fabien A.P., “The Information
Hiding Homepage: Digital Watermarking and
Steganography”, URL:
http://www.cl.cam.ac.uk/~fapp2/steganography/
[11].Forensic Science Communications - July 2004
URL:
http://www.fbi.gov/hq/lab/fsc/backissu/july2004/re
search/
[12]. Steganography-Tutorial
URL: http://www.jjtc.com/stegdoc/stegdoc.html
[13]. Steganography Papers, Johnson, N.F.&
Jajodia, S., “Exploring Steganography:
Seeing the Unseen”, Computer Journal, February
1998
URL:http://www.cs.arizona.edu/~collberg/Teachin
g/620/1999/Handouts/hual1.ps
[14]. Bender, W., Gruhl, D., Lu, A., Morimoto, N.,
IBM Systems Journal, “Techniques for Data
Hiding
Authorised By
SANTOSH BHARADWAJ REDDY
Email: help@matlabcodes.com
Engineeringpapers.blogspot.com
More Papers and
Presentations available on
above site