University of Bahrain College of Information Technology Department of Computer Science Cryptography and Network security - ITCS 412 Semester

I 2007 / 2008

STEGANOGRAPHY IN IMAGES
ITCS412 Project

Prepared by:
Ibrahim Mokdad Saleh Khalaf Mutlaq ID. 20043581 ID. 20040123

Submitted to: Dr. Wafik Ajoor Section: A

January 2008

Table Of Content

Department of Computer Science..........................................................................1 Table Of Content...........................................................................................................2 Table of Figures............................................................................................................3 1- Absract......................................................................................................................4 2- Introduction...............................................................................................................4 3- What Is Steganography?...........................................................................................4 3.1- Basic Steganography Terms...........................................................................5 4- How Does It Work?..................................................................................................5 4.1- Substitution - Altering/Replacing The LSB, Also known as Spatial Domain Embedding. ..............................................................................................6 4.2- Injection..........................................................................................................6 5- Detecting Steganography........................................................................................13 6- Requirements for hiding information digitally.......................................................15 7- Attacks....................................................................................................................16 7.1- Robustness attacks .......................................................................................16 7.2- Presentation attacks.......................................................................................17 8- Conclusion..............................................................................................................18 9- References...............................................................................................................19 http://en.wikipedia.org/wiki/Steganography...............................................................19 http://www.securityfocus.com/infocus/1684..............................................................19 http://www.garykessler.net/library/steganography.html.............................................19 http://www.petitcolas.net/fabien/steganography/........................................................19 http://dictionary.reference.com/search?q=steganography...........................................19 http://www.webopedia.com/TERM/S/steganography.html........................................19 http://www.jjtc.com/stegdoc/sec202.html...................................................................19 http://www.computerworld.com/securitytopics/security/story/0,10801,71726,00.html ......................................................................................................................................19 http://www.strangehorizons.com/2001/20011008/steganography.shtml....................19 http://www.citi.umich.edu/u/provos/stego/abc.html...................................................19 http://www.vu.union.edu/~queirolf/ESSAYS/Steganography.pdf.............................19 http://isis.poly.edu/~steganography/pubs/ims04.pdf...................................................19 http://www.ece.stevens-tech.edu/~mouli/lsbsteg.pdf..................................................19 http://www.ims.nus.edu.sg/Programs/imgsci/files/memon/sing_stego.pdf................19 http://www.ws.binghamton.edu/fridrich/Research/stochastic_modulation02.pdf......19 http://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/index.html............................19 http://steganography.qarchive.org/..............................................................................19

Table of Figures
Figure 1: The Folder Name "Secret", Image name "img.jpg" and The text file "hide.txt".........................................................................................................................7 Figure 2: "Hide.rar" file is created which contains the secret text................................8 Figure 3 The Image "hidden.jpg" is created...................................................................8 Figure 4: "hidden.jpg" the new image that contains out secret file is being created......9 Figure 5: Opening the hidden data...............................................................................10 Figure 6: Choosing the image with the hidden information.........................................10 Figure 7: revealing the hidden text...............................................................................11 Figure 8: embedding and decoding process in steganography.....................................12 Figure 9: One of these images contain hidden data......................................................13 Figure 10: Hex representation of the original Image...................................................14 Figure 11: Hex representation of the embedded Image...............................................15 Figure 12: StirMark in action.......................................................................................17 Figure 13: Mosaic in Action.........................................................................................18

1- Absract
Security of information has been the topic of todays information exchange in many fields, many forms of securing data were introduced to the current world, one of the powerful techniques nowadays is Steganography.

2- Introduction
Steganography is being mixed up with cryptography by many entities, both Steganography and encryption tend to declining unauthorized persons to view data; But they are not the same thing. Steganography tends to hiding information most of the time it is encrypted and hidden; from the viewer perspective it appears that no information is hidden at all11. A special case of information hiding is digital watermarking. Digital watermarking is the process of embedding information into digital multimedia (Digital Pictures, Videos or Audio Files) content such that the watermark (The information) can later be either detected or extracted.

3- What Is Steganography?
Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out of the usual. Steganography is often confused with cryptology because the two are similar in the way that they both are used to protect important information. The difference between the two is that Steganography involves hiding information so it appears that no information is hidden at all. If a person views the object that the information is hidden inside he or she will have no idea that there is any hidden information, therefore the person will not attempt to decrypt the information. Steganography comes from the Greek words Stegans (Covered) and Graptos (Writing). Steganography in the modern day sense the word usually refers to information or a file that has been concealed inside a digital Picture, Video or Audio file. What Steganography essentially does is exploit human perception, human senses are not trained to look for files that have information hidden inside of

1 There are programs available that can do what is called Steganalysis (Detecting use of Steganography.)

them, although there are programs available that can do what is called Steganalysis (Detecting use of Steganography.) The most common use of Steganography is to hide a file inside another file. When information or a file is hidden inside a carrier file, the data is usually encrypted with a password.

3.1- Basic Steganography Terms

Steganography has several terms used in its categories, the major are: cover_medium + hidden_data + stego_key = stego_image cover_medium is the file in which we will hide the hidden_data stego_image is the result of the cover medium and hidden data wich is encrypted by a stego key Carrier File the hidden information exist here. Steganalysis The process of detecting hidden information inside of a file. Redundant Bits Pieces of information inside a file which can be overwritten or altered with out damaging the file. Payload The information which is concealed.

4- How Does It Work?

Images typically use either 8-bit or 24-bit color. 8-bit color images can identify up to 256 colors forming different colors (palette) for this image, each color is denoted by an 8-bit value. A 24-bit color scheme, uses 24 bits per pixel and thus, this would generate a much better set of colors. Each pixel is represented by three bytes, each byte represents the intensity of the three primary colors red, green, and blue (RGB). As an example, we can consider text colors in HTML code, when representing a color lets say Orange, first we get the color from the basic colors, red, blue and green, setting the red 100% (which is 255 DEC and FF HEX), and green to 50% (which is 127 DEC and 7F HEX), and the blue to 0% (which is 0 DEC and 0 HEX) we get the orange color (#FF7F00). The representation of the image can reflect the type of colors used, for example the 640x480 pixels image uses 8 bit (256) colors usually 300 KB in size, whereas the 1024x768 pixels (high-resolution) uses 24-bit colors. Steganography has lots of varieties of methods of hiding information in Images, Audio and video. The two common are: LSB (Least Significant Byte) and Injection.

4.1- Substitution - Altering/Replacing The LSB, Also known as Spatial Domain Embedding.
Usually when files are created, there exists within them some bits or bytes that are of no importance, these are replaced in this technique with the information that is supposed to be hidden, without changing or corrupting the file. This creates a huge difficulty to any person to detect the message; and this usually works best with high resolution pictures (24 Bit BMP Bitmap). Due to its files large size; but some may use 8 Bit BMP such that GIF to use in the internet to avoid suspicions of use of large size images.

Lets say we have three pixels (nine bytes) with the following RGB encoding: 10010101 00001101 11001001 10010110 00001111 11001010 10011111 00010000 11001011 Assuming that we want to hide: 101101101 we will combine these 9 bits over the LSB of the 9 bytes above, we get the following (some bits at the end of each byte need not to be changed, where bits in bold have been changed): 10010101 00001100 11001001 10010111 00001110 11001011 10011111 00010000 11001011 As a result the 9 bits are successfully hidden with the maximum change of roughly 50%, of the LSBs.

The obstacle that faces the message hidden in image is that when changing the format of the image it is most likely that the hidden information may be lost. This technique is not directly suitable for gray-scale images since it can be detected by simply observing that some colors in the color palette are not exactly gray To a computer an image file is simply a file that shows different colors and intensities of light on different areas of an image.

4.2- Injection
Injection is quite a simple method which simply involves directly injecting the secret information into the carrier file. 6

The main problem with this method is that it can significantly increase the size of the carrier file. There are variety of different programs, with their own techniques that all fall under one of the methods above. Such as Outguess which uses frequency counts in JPEG images; that would lead to difficulty of detecting the presence of Steganography within an image. A simple implementation Here we are going to show you how to hide a file in a jpeg image by using command prompt and the Winrar application: 1- Make new folder in the desktop and give it any name (in our example we named it "secret"). Then put an image and the file you want to hide it. (file name "hide.txt" and the image name "img.jpg").

Figure 1: The Folder Name "Secret", Image name "img.jpg" and The text file "hide.txt"

2- Compress the file you want to hide in WinRar; you will end up with a file named "hide.rar".

Figure 2: "Hide.rar" file is created which contains the secret text

3- Go to command prompt and change to the directory where the image and the rar file that contains the secret document are located using the command cd directoryname. Type down "copy /b img.jpg + hide.rar hidden.jpg" and press enter. You see that command prompt shows that 1 file copied.

Figure 3 The Image "hidden.jpg" is created

4- Go to folder "secret" you can see that there is a new image named "hidden.jpg" looking at the size you would notice that it differs from the

original and that would lead us to that hidden.jpg contains our secret text.

Figure 4: "hidden.jpg" the new image that contains out secret file is being created

5- If you want to see the hidden file inside the image, open WinRar and click on "File" from the menu bar, and choose "Open Archive".

Figure 5: Opening the hidden data

6- Then, choose "All Files" from the combo box "Files of Type". And choose "hidden.jpg".

Figure 6: Choosing the image with the hidden information

10

7- Finally, you find that the file "hide.txt" is shown in front of you.

Figure 7: revealing the hidden text.

Hiding the information within an image does not stop at the point of just hiding the information inside, it goes beyond that. Figure 8 demonstrates a simple representation of embedding and decoding process in Steganography. A secret image is being embedded inside a cover image to produce the stego image. The first step in hiding information is to pass both the cover message and the secret message into the encoder (see Figure 8).

11

Figure 8: embedding and decoding process in steganography

For the embedding process a key is often needed. This can be in the form of a public/private key; to reduce the chance of a third party hacker getting hold of the stego object and decoding it to reveal the secret information. Then the stego object will be sent off via some communications channel, such as email, to the intended recipient for decoding. For the recipient to view the message he/she must decode the stego object. The decoding process is simply the reverse of the encoding process. It is the extraction of secret data from a stego object. For the decoding process, the stego object is fed into the system. And the key that can decode the stego object should be the same key that encoded the original message. Depending on the encoding technique, sometimes the original cover object is also needed in the decoding process. Otherwise, there may be no way of extracting the secret information from the stego object. After the decoding process is completed, the secret information embedded in the stego object can then be extracted and viewed.

12

5- Detecting Steganography
The art of detecting Steganography is referred to as Steganalysis. Steganalysis does not deal with trying to decrypt the hidden information inside of a file, just discovering it. There are many methods that can be used to detect Steganography such as: Viewing the file and comparing it to another copy of the file found on the Internet (Picture File). There are usually multiple copies of images on the Internet, so you may want to look for several of them and try and compare the suspected file to them. For example if you download a JPEG and your suspect file is also a JPEG and the two files look almost identical apart from the fact that one is larger than the other, it is most probable your suspect file has hidden information inside of it. There are of course pieces of Software you can use to detect Steganography. Ive done an example using two images

Figure 9: One of these images contain hidden data.

Looking at the pictures above, it is hard to say that either has any hidden data within its structure; to make sure that neither has any hidden inside it I used freeware software called XVI32 a hexadecimal editor software, I choose this to check the hexadecimal structure of both pictures I opened the first picture

13

Figure 10: Hex representation of the original Image

As I opened the second Picture I realized that the image ends at FF D9 and the second picture exceeds that which concludes that there is a secret message with it hexadecimal we can determine it.

14

Figure 11: Hex representation of the embedded Image

Detecting Steganography can face problems due to many reasons one of the biggest problems is that, digital cameras are manufactured by many different companies, and each may have its own format or different compression algorithm. Another problem is that a picture might be edited by any editing program without including any hidden data in it.

6- Requirements for hiding information digitally

Techniques that enable us to hide data in a given object are many. However, they must satisfy some requirements for Steganography to be applied correctly. These are the main requirements that Steganography techniques must satisfy:

The stego object should not be altered or changed in a way the naked can determine that the object has changed, if it happened the naked eye can determine that the object has been altered then a third party may see that information is being hidden and therefore could attempt to extract or even destroy it.

15

The secret message should not be changed after it has been hidden in order to keep it as is. If using watermarking, changes in the Stego object must have no effect on the watermark. We have to assume that the attacker knows that there is hidden information inside the Stego object.

7- Attacks
Steganography would have no meaning what so ever if the recipient has no idea that the image received contain any hidden data. Still Steganography can face major attacks which can be combined under:

7.1- Robustness attacks

Though most of the Steganography technique can survive a variety of transformations, compression, noise addition, etc, they do not survive easily with combinations of random geometric distortions. If a series of slight distortions are applied, the stego object can be lost while the image remains largely unchanged. Protecting against these attacks can be done by predicting which transformations pirates are likely to use. StirMark is a tool used for such attacks by applying minor geometric distortions, followed by a random low frequency deviation and finally introduce error into all sample values similar to the effects of a scanner.

16

Figure 12: StirMark in action

Figure (12) shows the results of StirMark applied to image (a), as seen in figure 12 image (b) changes (distortions) are almost invisible, but looking at the grids (figure 12-c) distortions are easier to see (figure 12-d).

7.2- Presentation attacks

Presentation attacks modify the content of the file. Using the mosaic attack that works by splitting the Stego object into small sections which in its place would make the detection a bit confusing can defeat web crawlers which download pictures from the Internet and check them for the presence of a secret data.

17

Figure 13: Mosaic in Action

8- Conclusion
As you navigate searching for Steganography you would find many resources state that Steganography is a tool that is used to hide illegal material other than it being used to hide sensitive information and transfer it from one place to another. Steganography exceed those limits of just hiding information for a purpose similar to the above it is used in modern technologies such as in modern printers like Xerox brand color laser printers; there are tiny yellow dots added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time.

18

9- References
http://en.wikipedia.org/wiki/Steganography http://www.securityfocus.com/infocus/1684 http://www.garykessler.net/library/steganography.html http://www.petitcolas.net/fabien/steganography/ http://dictionary.reference.com/search?q=steganography http://www.webopedia.com/TERM/S/steganography.html http://www.jjtc.com/stegdoc/sec202.html http://www.computerworld.com/securitytopics/security/stor y/0,10801,71726,00.html http://www.strangehorizons.com/2001/20011008/steganogra phy.shtml http://www.citi.umich.edu/u/provos/stego/abc.html http://www.vu.union.edu/~queirolf/ESSAYS/Steganography. pdf http://isis.poly.edu/~steganography/pubs/ims04.pdf http://www.ece.stevens-tech.edu/~mouli/lsbsteg.pdf http://www.ims.nus.edu.sg/Programs/imgsci/files/memon/si ng_stego.pdf http://www.ws.binghamton.edu/fridrich/Research/stochastic _modulation02.pdf http://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/inde x.html http://steganography.qarchive.org/

19

20