Professional Documents
Culture Documents
I 2007 / 2008
STEGANOGRAPHY IN IMAGES
ITCS412 Project
Prepared by:
Ibrahim Mokdad Saleh Khalaf Mutlaq ID. 20043581 ID. 20040123
January 2008
Table Of Content
Department of Computer Science..........................................................................1 Table Of Content...........................................................................................................2 Table of Figures............................................................................................................3 1- Absract......................................................................................................................4 2- Introduction...............................................................................................................4 3- What Is Steganography?...........................................................................................4 3.1- Basic Steganography Terms...........................................................................5 4- How Does It Work?..................................................................................................5 4.1- Substitution - Altering/Replacing The LSB, Also known as Spatial Domain Embedding. ..............................................................................................6 4.2- Injection..........................................................................................................6 5- Detecting Steganography........................................................................................13 6- Requirements for hiding information digitally.......................................................15 7- Attacks....................................................................................................................16 7.1- Robustness attacks .......................................................................................16 7.2- Presentation attacks.......................................................................................17 8- Conclusion..............................................................................................................18 9- References...............................................................................................................19 http://en.wikipedia.org/wiki/Steganography...............................................................19 http://www.securityfocus.com/infocus/1684..............................................................19 http://www.garykessler.net/library/steganography.html.............................................19 http://www.petitcolas.net/fabien/steganography/........................................................19 http://dictionary.reference.com/search?q=steganography...........................................19 http://www.webopedia.com/TERM/S/steganography.html........................................19 http://www.jjtc.com/stegdoc/sec202.html...................................................................19 http://www.computerworld.com/securitytopics/security/story/0,10801,71726,00.html ......................................................................................................................................19 http://www.strangehorizons.com/2001/20011008/steganography.shtml....................19 http://www.citi.umich.edu/u/provos/stego/abc.html...................................................19 http://www.vu.union.edu/~queirolf/ESSAYS/Steganography.pdf.............................19 http://isis.poly.edu/~steganography/pubs/ims04.pdf...................................................19 http://www.ece.stevens-tech.edu/~mouli/lsbsteg.pdf..................................................19 http://www.ims.nus.edu.sg/Programs/imgsci/files/memon/sing_stego.pdf................19 http://www.ws.binghamton.edu/fridrich/Research/stochastic_modulation02.pdf......19 http://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/index.html............................19 http://steganography.qarchive.org/..............................................................................19
Table of Figures
Figure 1: The Folder Name "Secret", Image name "img.jpg" and The text file "hide.txt".........................................................................................................................7 Figure 2: "Hide.rar" file is created which contains the secret text................................8 Figure 3 The Image "hidden.jpg" is created...................................................................8 Figure 4: "hidden.jpg" the new image that contains out secret file is being created......9 Figure 5: Opening the hidden data...............................................................................10 Figure 6: Choosing the image with the hidden information.........................................10 Figure 7: revealing the hidden text...............................................................................11 Figure 8: embedding and decoding process in steganography.....................................12 Figure 9: One of these images contain hidden data......................................................13 Figure 10: Hex representation of the original Image...................................................14 Figure 11: Hex representation of the embedded Image...............................................15 Figure 12: StirMark in action.......................................................................................17 Figure 13: Mosaic in Action.........................................................................................18
1- Absract
Security of information has been the topic of todays information exchange in many fields, many forms of securing data were introduced to the current world, one of the powerful techniques nowadays is Steganography.
2- Introduction
Steganography is being mixed up with cryptography by many entities, both Steganography and encryption tend to declining unauthorized persons to view data; But they are not the same thing. Steganography tends to hiding information most of the time it is encrypted and hidden; from the viewer perspective it appears that no information is hidden at all11. A special case of information hiding is digital watermarking. Digital watermarking is the process of embedding information into digital multimedia (Digital Pictures, Videos or Audio Files) content such that the watermark (The information) can later be either detected or extracted.
3- What Is Steganography?
Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out of the usual. Steganography is often confused with cryptology because the two are similar in the way that they both are used to protect important information. The difference between the two is that Steganography involves hiding information so it appears that no information is hidden at all. If a person views the object that the information is hidden inside he or she will have no idea that there is any hidden information, therefore the person will not attempt to decrypt the information. Steganography comes from the Greek words Stegans (Covered) and Graptos (Writing). Steganography in the modern day sense the word usually refers to information or a file that has been concealed inside a digital Picture, Video or Audio file. What Steganography essentially does is exploit human perception, human senses are not trained to look for files that have information hidden inside of
1 There are programs available that can do what is called Steganalysis (Detecting use of Steganography.)
them, although there are programs available that can do what is called Steganalysis (Detecting use of Steganography.) The most common use of Steganography is to hide a file inside another file. When information or a file is hidden inside a carrier file, the data is usually encrypted with a password.
4.1- Substitution - Altering/Replacing The LSB, Also known as Spatial Domain Embedding.
Usually when files are created, there exists within them some bits or bytes that are of no importance, these are replaced in this technique with the information that is supposed to be hidden, without changing or corrupting the file. This creates a huge difficulty to any person to detect the message; and this usually works best with high resolution pictures (24 Bit BMP Bitmap). Due to its files large size; but some may use 8 Bit BMP such that GIF to use in the internet to avoid suspicions of use of large size images.
Lets say we have three pixels (nine bytes) with the following RGB encoding: 10010101 00001101 11001001 10010110 00001111 11001010 10011111 00010000 11001011 Assuming that we want to hide: 101101101 we will combine these 9 bits over the LSB of the 9 bytes above, we get the following (some bits at the end of each byte need not to be changed, where bits in bold have been changed): 10010101 00001100 11001001 10010111 00001110 11001011 10011111 00010000 11001011 As a result the 9 bits are successfully hidden with the maximum change of roughly 50%, of the LSBs.
The obstacle that faces the message hidden in image is that when changing the format of the image it is most likely that the hidden information may be lost. This technique is not directly suitable for gray-scale images since it can be detected by simply observing that some colors in the color palette are not exactly gray To a computer an image file is simply a file that shows different colors and intensities of light on different areas of an image.
4.2- Injection
Injection is quite a simple method which simply involves directly injecting the secret information into the carrier file. 6
The main problem with this method is that it can significantly increase the size of the carrier file. There are variety of different programs, with their own techniques that all fall under one of the methods above. Such as Outguess which uses frequency counts in JPEG images; that would lead to difficulty of detecting the presence of Steganography within an image. A simple implementation Here we are going to show you how to hide a file in a jpeg image by using command prompt and the Winrar application: 1- Make new folder in the desktop and give it any name (in our example we named it "secret"). Then put an image and the file you want to hide it. (file name "hide.txt" and the image name "img.jpg").
Figure 1: The Folder Name "Secret", Image name "img.jpg" and The text file "hide.txt"
2- Compress the file you want to hide in WinRar; you will end up with a file named "hide.rar".
3- Go to command prompt and change to the directory where the image and the rar file that contains the secret document are located using the command cd directoryname. Type down "copy /b img.jpg + hide.rar hidden.jpg" and press enter. You see that command prompt shows that 1 file copied.
4- Go to folder "secret" you can see that there is a new image named "hidden.jpg" looking at the size you would notice that it differs from the
original and that would lead us to that hidden.jpg contains our secret text.
Figure 4: "hidden.jpg" the new image that contains out secret file is being created
5- If you want to see the hidden file inside the image, open WinRar and click on "File" from the menu bar, and choose "Open Archive".
6- Then, choose "All Files" from the combo box "Files of Type". And choose "hidden.jpg".
10
7- Finally, you find that the file "hide.txt" is shown in front of you.
Hiding the information within an image does not stop at the point of just hiding the information inside, it goes beyond that. Figure 8 demonstrates a simple representation of embedding and decoding process in Steganography. A secret image is being embedded inside a cover image to produce the stego image. The first step in hiding information is to pass both the cover message and the secret message into the encoder (see Figure 8).
11
For the embedding process a key is often needed. This can be in the form of a public/private key; to reduce the chance of a third party hacker getting hold of the stego object and decoding it to reveal the secret information. Then the stego object will be sent off via some communications channel, such as email, to the intended recipient for decoding. For the recipient to view the message he/she must decode the stego object. The decoding process is simply the reverse of the encoding process. It is the extraction of secret data from a stego object. For the decoding process, the stego object is fed into the system. And the key that can decode the stego object should be the same key that encoded the original message. Depending on the encoding technique, sometimes the original cover object is also needed in the decoding process. Otherwise, there may be no way of extracting the secret information from the stego object. After the decoding process is completed, the secret information embedded in the stego object can then be extracted and viewed.
12
5- Detecting Steganography
The art of detecting Steganography is referred to as Steganalysis. Steganalysis does not deal with trying to decrypt the hidden information inside of a file, just discovering it. There are many methods that can be used to detect Steganography such as: Viewing the file and comparing it to another copy of the file found on the Internet (Picture File). There are usually multiple copies of images on the Internet, so you may want to look for several of them and try and compare the suspected file to them. For example if you download a JPEG and your suspect file is also a JPEG and the two files look almost identical apart from the fact that one is larger than the other, it is most probable your suspect file has hidden information inside of it. There are of course pieces of Software you can use to detect Steganography. Ive done an example using two images
Looking at the pictures above, it is hard to say that either has any hidden data within its structure; to make sure that neither has any hidden inside it I used freeware software called XVI32 a hexadecimal editor software, I choose this to check the hexadecimal structure of both pictures I opened the first picture
13
As I opened the second Picture I realized that the image ends at FF D9 and the second picture exceeds that which concludes that there is a secret message with it hexadecimal we can determine it.
14
Detecting Steganography can face problems due to many reasons one of the biggest problems is that, digital cameras are manufactured by many different companies, and each may have its own format or different compression algorithm. Another problem is that a picture might be edited by any editing program without including any hidden data in it.
The stego object should not be altered or changed in a way the naked can determine that the object has changed, if it happened the naked eye can determine that the object has been altered then a third party may see that information is being hidden and therefore could attempt to extract or even destroy it.
15
The secret message should not be changed after it has been hidden in order to keep it as is. If using watermarking, changes in the Stego object must have no effect on the watermark. We have to assume that the attacker knows that there is hidden information inside the Stego object.
7- Attacks
Steganography would have no meaning what so ever if the recipient has no idea that the image received contain any hidden data. Still Steganography can face major attacks which can be combined under:
16
Figure (12) shows the results of StirMark applied to image (a), as seen in figure 12 image (b) changes (distortions) are almost invisible, but looking at the grids (figure 12-c) distortions are easier to see (figure 12-d).
17
8- Conclusion
As you navigate searching for Steganography you would find many resources state that Steganography is a tool that is used to hide illegal material other than it being used to hide sensitive information and transfer it from one place to another. Steganography exceed those limits of just hiding information for a purpose similar to the above it is used in modern technologies such as in modern printers like Xerox brand color laser printers; there are tiny yellow dots added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time.
18
9- References
http://en.wikipedia.org/wiki/Steganography http://www.securityfocus.com/infocus/1684 http://www.garykessler.net/library/steganography.html http://www.petitcolas.net/fabien/steganography/ http://dictionary.reference.com/search?q=steganography http://www.webopedia.com/TERM/S/steganography.html http://www.jjtc.com/stegdoc/sec202.html http://www.computerworld.com/securitytopics/security/stor y/0,10801,71726,00.html http://www.strangehorizons.com/2001/20011008/steganogra phy.shtml http://www.citi.umich.edu/u/provos/stego/abc.html http://www.vu.union.edu/~queirolf/ESSAYS/Steganography. pdf http://isis.poly.edu/~steganography/pubs/ims04.pdf http://www.ece.stevens-tech.edu/~mouli/lsbsteg.pdf http://www.ims.nus.edu.sg/Programs/imgsci/files/memon/si ng_stego.pdf http://www.ws.binghamton.edu/fridrich/Research/stochastic _modulation02.pdf http://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/inde x.html http://steganography.qarchive.org/
19
20