Pattern Recognition 41 (2008) 2945 2955 www.elsevier.

com/locate/pr

High-performance JPEG steganography using complementary embedding strategy

Chiang-Lung Liu , Shiang-Rong Liao
Department of Electrical and Electronic Engineering, Chung Cheng Institute of Technology, National Defense University, Tahsi, Taoyuan 33509, Taiwan, ROC Received 12 June 2006; received in revised form 27 April 2007; accepted 3 March 2008

Abstract A high-performance JPEG steganography should be secure enough to resist modern steganalysis. In this paper, we propose a high-performance JPEG steganographic method. The proposed method adopts the complementary embedding strategy to avoid the detections of several statistical attacks. To show the effectiveness of the proposed method, several statistical attacks are simulated and used to detect the stego-images created by the proposed method. Several famous JPEG steganographic algorithms are also simulated for comparisons with the proposed method. Experimental results show that the proposed steganographic method has superior performance both in capacity and security, and is practical for the application of secret communication. 2008 Elsevier Ltd. All rights reserved.
Keywords: Image hiding; JPEG steganography; Chi-square family attack; S family attack; Statistical steganalysis; Complementary embedding

1. Introduction The success of the Internet facilitates communications of people, but also enables illegal users to access data transmitted on the Internet. To protect the important data from being illegally accessed, various modern cryptosystems [1] can be used to encrypt the content of these data prior to their transmissions. However, the encrypted data exists in a meaningless form and may attract the intention of the interceptors to break the secret codes. Steganographic methods can be used to make up this drawback. Steganographic methods [224] and various watermarking schemes[2528] are applications of information hiding techniques [29]. Steganographic methods hide the secret information in the cover carrier so that the existence of the embedded information is undetectable. The cover carrier can be many kinds of digital media such as text, image, audio, and video. Because of the insensitivity of the human visual system, digital images have been widely used as cover carriers in most

Corresponding author. Tel.: +886 3 3809991-370; fax: +886 3 3801407.

E-mail addresses: chianglung.liu@gmail.com (C.-L. Liu), shiang.ron@msa.hinet.net (S.-R. Liao). 0031-3203/$30.00 2008 Elsevier Ltd. All rights reserved. doi:10.1016/j.patcog.2008.03.005

steganographic schemes, and are especially referred to as image hiding techniques [2,3,15]. Each image hiding system consists of an embedding process and an extraction process. An innocuous-looking original image is used as the cover-image to conceal the secret data. The secret data are embedded into the cover-image by modifying the cover-image to form a stego-image. According to Kerckhoffs principle [30], the embedding algorithm is supposed to be known to the public. Therefore, the embedding process may use an embedding key so that only the legal user can successfully extract the embedded data by using the corresponding extraction key in the extraction process. The embedding key and the extraction key are referred to as stego-keys. If they are the same, the image hiding system is symmetric, otherwise asymmetric [1]. Most image hiding systems use uncompressed images (e.g., BMP) or losslessly compressed images (e.g., GIF) as coverimages. These images potentially contain much visual redundancy so that they can provide large capacity to hide secret data. Many image hiding systems [224] have been proposed and several stego-products have been developed based on lossless image formats (e.g., EzStego [19]). For reducing transmission bandwidth and storing space, the JPEG image is currently the most common format used on the Internet. Several image

2946

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

hiding techniques for JPEG images have been proposed, such as J-Steg [18], F5 [16], and OutGuess [17]. They are usually called the JPEG steganography or the JPEG steganographic methods which use the DCT coefcients to embed the secret bits, and will be mentioned alternately in the rest of this paper. As we know, the JPEG compression is based on the discrete cosine transform (DCT), and reduces the visual redundancy to achieve good compression performance. Therefore, the embedding capacity provided by JPEG steganography is relatively smaller than those provided by the other steganographic methods. In this paper, our discussions focus on the JPEG steganography. Generally, there are potentially two basic requirements for a secure image hiding system. First, the secret data embedded in the stego-image should be perceptually invisible. Secondly, the receiver can exactly recover the original data without the knowledge of the cover-image. These requirements can be easily achieved by LSB insertion methods that embed the secret data in the cover-image by directly replacing the least signicant bit (LSB) in spatial domain or frequency domain. For example, the JPEG steganographic tool J-Steg embeds the secret data by sequentially ipping the LSB of the quantized DCT coefcients (except 0s and 1s) without causing detectable articial distortion. Unfortunately, modern steganalysis tries to discover hidden data by examining the statistical properties of stego-images. Therefore, many existing steganographic techniques seem to be insecure when modern steganalysis is employed to test their security. Westfeld and Ptzmann [31] proposed a steganalytic method based on statistical analysis of Pairs of Values (PoVs) that are exchanged during message embedding. They observed that the embedding function replacing LSBs transforms PoVs into each other which only differ in the LSB. If the secret bits used for replacing the LSBs are equally distributed, the frequencies of both values of each PoV become equal. Based on this observation, they proposed a statistical method to automatically calculate the similarity of PoVs of the stego-image. Their method is generally known as the chi-square attack and provides very reliable results when the LSB placement is known (e.g., the sequential embedding). Therefore, the data embedded by the J-Steg can be detected by chi-square attack. Actually, the chisquare attack can be slightly modied to successfully detect randomly scattered data by applying the same idea to smaller portions of the stego-image [17]. The modied chi-square attack is especially referred to as the extended chi-square attack in the rest of this paper. We also briey use the chi-square family attack to represent both attacks together. To provide a secure and high-capacity JPEG steganography, Westfeld [16] proposed the F5 algorithm in 2001. Instead of replacing the LSBs of the quantized DCT coefcients with the secret bits, the absolute value of the coefcient is decreased by 1. Besides, the F5 algorithm randomly chooses DCT coefcients to embed the secret bits. Combining these two strategies, the F5 algorithm successfully defends both the chi-square and the extended chi-square attacks. In the same year, Provos [17] also proposed the OutGuess steganographic algorithm to counter the chi-square family attack. The OutGuess uses two passes to achieve the embedding

mission. In the rst pass, the secret bits are embedded in the LSBs of the quantized DCT coefcients (skipping 0s and 1s) along a random walk. In the second pass, the histogram of the stego-image is adjusted to match that of the cover-image. Because the histogram of the nal stego-image is similar to that of the cover-image, the stego-image created by the OutGuess algorithm can avoid the detection of the chi-square family attack. Although stego-images created by the F5 algorithm or the OutGuess algorithm can survive the chi-square family attack, they can be detected by a special steganalytic method proposed by Fridrich et al. [32]. The most important part of their method is to obtain the approximation of the cover-image. This is done by decompressing the stego-image, cropping by four pixels in each direction, and recompressing using the same quantization table. The estimated cover-image possesses many statistical properties that approximately equal to those of the original cover-image. These statistical properties can be used to design the distinguishing statistic S that also predictably changes with the embedded message length. The unknown message length is therefore can be obtained by comparing the values of S for the stego-image and the estimated cover-image. This kind of steganalysis has been successfully developed to detect the length of the secret bits embedded by the F5 and the OutGuess algorithms. We refer to the method used to break the F5 as the S1 attack, and OutGuess, the S2 attack, in the rest of this paper. We also briey use the S family attack to represent both attacks together. In this paper, we propose a secure and high-capacity JPEG steganography. Instead of ipping the LSBs of the DCT coefcients, the secret bits are embedded in the cover-image by subtracting one from or adding one to the non-zero DCT coefcients. Therefore, the proposed steganographic method cannot be detected by both the chi-square and the extended chi-square attacks. Moreover, a complementary strategy is also included in the proposed method to defend the S1 and S2 attacks. To completely describe the proposed steganographic technique, the rest of this paper is organized as follows. In Section 2, the JPEG compression technique is briey reviewed. The proposed embedding and extraction processes are described in Section 3. Several experimental results are demonstrated in Section 4 to show the effectiveness of the proposed JPEG steganography. Section 5 justies the signicance that the proposed method can resist both S1 and S2 attacks. Section 6 concludes this work. 2. Review of JPEG compression Because the proposed steganographic method is a JPEGbased steganography, we briey describe the JPEG compression technique in this section.

Original image

FDCT

Quantization

Entropy encoding

Compressed code

Fig. 1. The block diagram of the JPEG compression process.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

2947

Compressed code

Entropy decoding

Dequantization

IDCT

Reconstructed image

Fig. 2. The block diagram of the JPEG decompression process.

JPEG is an international standard for continuous-tone still image compression which has been approved by International Standard Organization (ISO) under the denomination of International Standard-10918 (IS-10918) [33]. The JPEG compression is based on the DCT and allows substantial compression to be achieved while producing a reconstructed image with high visual delity. Fig. 1 shows the JPEG encoding process which comprises three major steps: forward DCT (FDCT), quantization, and entropy encoding. The input image is rst divided into 8 8 non-overlapping blocks, and each block is transformed by the FDCT into a set of 64 DCT coefcients. These coefcients are then quantized using a quantization table with 64 entries. The quantized results are all integers and dened as the division of each DCT coefcient by its corresponding quantization value, and rounding to the nearest integer. The quantization step is lossy because of the rounding error. The quantized coefcients are then passed to the entropy encoding step to form the compressed code. One of two tables must be provided in this step according to different entropy coding schemes. If Huffman encoding is used, a Huffman table must be provided. If arithmetic encoding is used, an arithmetic coding conditioning table must be provided. It should be noted that the entropy encoding step is lossless. The JPEG decoding process is shown in Fig. 2, and also comprises three major steps: entropy decoding, dequantization, and inverse DCT (IDCT). Each step in decoding process performs essentially the inverse of its corresponding step in encoding procedure. The entropy decoding step decodes the compressed code to the quantized DCT coefcients. The dequantization step then converts each quantized DCT coefcient to its approximate value by multiplying with its quantization value. DCT is then used to convert the dequantized coefcients to their spatial value. As mentioned above, the entropy encoding step in the JPEG encoding process is lossless. It means that if the secret bits are embedded in the quantized DCT coefcients, they will not be destroyed by the follow-up encoding steps. Most of the JPEG steganographic methods (such as J-Steg, F5, OutGuess, etc.) adopt this strategy. In the next section, we propose a steganographic method which also uses the quantized DCT coefcients to embed the secret bits. 3. The proposed JPEG steganography In this section, a secure and high-capacity JPEG steganography is proposed. As mentioned previously, the S family attack obtains the approximate cover-image to break the F5 and OutGuess schemes. To counter the detection of such attack, the proposed JPEG steganographic method adopts a complemen-

tary strategy to reduce the loss of statistical property of the cover-image. This purpose is achieved by dividing the quantized DCT coefcients and the secret bits into two parts according to a predened partition ratio. The two parts of DCT coefcients are used to embed the corresponding parts of secret bits with different embedding algorithms. Specically, the secret bits are embedded by subtracting one from one part of coefcients, and adding one to the other part of coefcients. Specially, we call our proposed embedding algorithm the complementary embedding. Moreover, because the proposed embedding algorithm is not an LSB insertion one, the proposed JPEG steganographic method can also resist the chi-square family attack. The proposed stegnographic method comprises an embedding process and an extraction process. The details of the embedding and extraction process are described in the following subsections. 3.1. Embedding process The proposed embedding process is integrated with JPEG encoding process. Fig. 3 shows the block diagram of the embedding process. The raw data of the cover-image is rst transformed by DCT. The DCT coefcients are then quantized and rounded to the nearest integers. A stego-key, which provides the major security of the embedding algorithm, is then used to permute the DCT coefcients. The permuted coefcients are then divided into two parts according to a predened separation ratio which serves an important parameter to reduce the loss of statistical property of the cover-image resulted from the follow-up secret-bits embedding process. On the other hand, the original message is encrypted to form the secret bits by using a crypto-key. The secret bits are also divided into two parts according to the same separation ratio. Each part of secret bits is embedded in its corresponding part of the permuted non-zero DCT coefcients by using the proposed complementary embedding algorithm. The two parts of the modied coefcients are then combined, depermutated, and entropy encoded to generate a JPEG stegoimage. The details of the proposed embedding process are as follows. Step 1: Transform the raw data of the cover-image (e.g., the luminance component) into DCT coefcients. Step 2: Quantize the DCT coefcients, and round the quantized coefcients to the nearest integers D. Step 3: Use a stego-key K1 to permute the quantized coefcients. That is, Q = PERMK1 (D), (1)

2948

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

Stego-key

Cover image

FDCT

Coefficient quantization

Coefficient permutation

Coefficient separation

Crypto-key Original message

Cryptographic encryption

Secret-bits separation

Secret-bits embedding

JPEG stego-image

Entropy encoding

Coefficient de-permutation

Coefficient combination

Fig. 3. The block diagram of the proposed embedding process.

where PERM() is a key-dependent permutation function, and Q denotes the permuted coefcient sequence. Step 4: Divide Q into two parts, Q1 and Q2 , according to a predened separation ratio . Step 5: Use a crypto-key K2 to encrypt the original message O, and obtain the secret-bit sequence S. That is, S = ENCK2 (O), (2)

Table 1 The proposed E1 embedding algorithm

Algorithm: E1 embedding Input: B: the bit sequence to be embedded C: a coefcient sequence : adjustment parameter Output: C : the modied version of C Begin /* E1 embedding */ for i = 1 to length(B) if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 0 and C(i) 1 = 0 C (i) = C(i) 2 elseif B(i) = 0 and C(i) 1 = 0 C (i) = C(i) 1 elseif B(i) = 1 C (i) = C(i) endif elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 1 C (i) = C(i) 1 elseif B(i) = 0 C (i) = C(i) endif elseif C(i) < 0 and odd(C(i)) = 1 if B(i) = 1 C (i) = C(i) 1 elseif B(i) = 0 C (i) = C(i) endif elseif C(i) < 0 and odd(C(i)) = 0 if B(i) = 0 C (i) = C(i) 1 elseif C(i) = 1 C (i) = C(i) endif endif endfor for i = 1 to length(B) if C (i) = 2 C (i) = 1 endif endfor end /* E1 embedding */

where ENC() is a cryptographic encryption function. Step 6: Divide S into two parts, S1 and S2 , according to the separation ratio . Step 7: Let L1 denote the length of S1 , concatenate L1 and S1 to form the secret message M1 . That is, M1 = L1 S1 , (3)

where denotes the concatenation operation. Step 8: Let L2 denote the length of S2 , concatenate L2 and S2 to form the secret message M2 . That is, M2 = L2 S2 . (4)

Step 9: Embed M1 into the non-zero coefcients of Q1 according to the proposed E1 embedding algorithm given in Table 1. Note that, a secret parameter is also used in the embedding algorithm to make it more difcult for a statistical attack to obtain the original statistical property of the cover-image from a stego-image. Step 10: Embed M2 into the non-zero coefcients ofQ2 according to the proposed embedding E2 algorithm given in Table 2. Step 11: Combine the modied Q1 and Q2 to form a single coefcient sequence Q . Step 12: Use the stego-key K1 to de-permute the coefcient sequence Q . That is, D = DEPERMK1 (Q ), (5)

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

2949

where DEPERM() is a key-dependent de-permutation function, and D denotes the de-permuted DCT coefcients. Step 13: Compress the D using entropy encoding to obtain the JPEG stego-image.
Table 2 The proposed E2 embedding algorithm
Algorithm: E2 embedding Input: B: the bit sequence to be embedded C: a coefcient sequence Output: C : the modied version of C Begin /* E2 embedding */ for i = 1 to length(B) if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 1 C (i) = C(i) + 1 elseif B(i) = 0 C (i) = C(i) endif elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 0 C (i) = C(i) + 1 elseif B(i) = 1 C (i) = C(i) endif elseif C(i) < 0 and odd(C(i)) = 1 if B(i) = 0 and C(i) + 1 = 0 C (i) = C(i) + 2 elseif B(i) = 0 and C(i) + 1 = 0 C (i) = C(i) + 1 elseif B(i) = 1 C (i) = C(i) endif elseif C(i) < 0 and odd(C(i)) = 0 ifB(i) = 1 C (i) = C(i) + 1 elseif B(i) = 0 C (i) = C(i) endif endif endfor end /* E2 embedding */

It should be noted that, in most cases, we do not use all the coefcients of Q1 and Q2 to embed S1 and S2 . Therefore, in Steps 7 and 8, L1 and L2 are embedded prior to the embedding of S1 and S2 so that they can be extracted rst to inform the extraction algorithm to extract the exact size of S1 and S2 . 3.2. Extraction process The stego-key, crypto-key, and separation ratio used in the embedding process should be shared by both the sender and receiver so that the embedded message can be exactly extracted and decrypted by a legal receiver. Fig. 4 shows the block diagram of the proposed extraction process. The extraction process is also integrated with the JPEG decoding process, and is much simpler than the embedding process. The JPEG stego-image is rst entropy decoded to recover the quantized DCT coefcients. The shared stego-key is used to permute these coefcients which are then separated into two parts according to the shared separation ratio. Two parts of secret bits are extracted from their corresponding parts of coefcients respectively, and then combined into a secret-bit sequence. Finally, the shared crypto-key are used to decrypt the secret-bit sequence to recover the original message. The details of the proposed extraction process are as follows. Step 1: Entropy-decode the stego-image to recover the quantized DCT coefcients D. Step 2: Use the shared stego-key K1 to permute D. That is, Q = PERMK1 (D), (6)

where PERM() is a key-dependent permutation function, and Q denotes the permuted coefcient sequence. Step 3: Divide Q into two parts, Q1 and Q2 , according to a shared separation ratio . Step 4: Let l denote the bit length of L1 and L2 . For i = 1 to l, extract the ith bit of L1 from ith coefcient of Q1

JPEG stego-image

Entropy decoding

Coefficient permutation

Coefficient separation

Crypto-key

Stego-key

Original message

Cryptographic decryption

Secret-bits combination

Secret-bits extraction

Fig. 4. The block diagram of the proposed extraction process.

2950

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

according to the following equation: 0 1 if Q1 (i) > 0 Q1 (i) < 0 Q1 (i) > 0 if Q1 (i) < 0 and and and and odd odd odd odd (Q1 (i)) = 0, (Q1 (i)) = 1, (Q1 (i)) = 1, (Q1 (i)) = 0,

4. Experimental results Several experiments have been done to examine the performance of the proposed embedding method. Many standard 512 512 gray images with different textural properties were taken as the cover-images shown in Fig. 5. Our experiments are described in two major parts: capacity test and security test. The security test is further divided into three parts. They are imperceptibility test, the chi-square-family-attack resistance test, and the S-family-attack resistance test. 4.1. Capacity test Several standard 512 512 gray images with different textural properties were taken as the cover-images shown in Fig. 5. The capacities of the cover-images were evaluated by the proposed embedding algorithm. The experimental results are given in Table 3. The separation ratio and the adjustment parameter used in each embedding process were chosen carefully to resist the S family attack. It should be noted that both parameters and are independent of the embedding capacity. The details of choosing a proper separation ratio and an adjustment parameter will be further described in Section 4.4. To show the superiority of the proposed method over the other steganographic methods, we also used the math tool MATLAB [34] to simulate J-Steg, F5, and OutGuess algorithms,

L1 (i) =

(7)

where odd(x) determines the property of x. If x is odd, odd(x) returns the value 1, otherwise 0. Step 5: For i = 1 to L1 , extract the ith bit of the secret-bit sequence S1 from (l+i)th coefcient of Q1 according to the following equation: 0 1 if Q1 (k) > 0 Q1 (k) < 0 Q1 (k) > 0 if Q1 (k) < 0 and and and and odd odd odd odd (Q1 (k)) = 0, (Q1 (k)) = 1, (Q1 (k)) = 1, (Q1 (k)) = 0,

S1 (i) =

(8)

where k = l + i. Step 6: For i = 1 to l, extract the ith bit of L2 from ith coefcient of Q2 according to the following equation: 0 1 if Q2 (i) > 0 Q2 (i) < 0 Q2 (i) > 0 if Q2 (i) < 0 and and and and odd odd odd odd (Q2 (i)) = 1, (Q2 (i)) = 0, (Q2 (i)) = 0, (Q2 (i)) = 1.

L2 (i) =

(9)

Step 7: For i = 1 to L2 , extract the ith bit of the secret-bit sequence S2 from (l +i)th coefcient of Q2 according to the following equation: 0 1 if Q2 (k) > 0 Q2 (k) < 0 Q2 (k) > 0 if Q2 (k) < 0 and and and and odd odd odd odd (Q2 (k)) = 1, (Q2 (k)) = 0, (10) (Q2 (k)) = 0, (Q2 (k)) = 1,

Table 3 Comparison of capacity (in bits) for various embedding algorithms

Test image Embedding algorithm The proposed Barb Boat F16 Goldhill Lena Mandrill Peppers Tank Tiffany Zelda 59 229 50 042 46 079 60 890 44 131 98 989 46 346 61 220 43 300 37 086 J-Steg 45 363 38 374 35 373 45 196 32 998 75 751 34 295 44 417 31 674 27 557 F5 45 513 38 506 35 295 45 505 33 026 75 837 34 074 44 329 31 516 27 630 OutGuess 22 699 19 105 17 721 22 639 16 375 37 867 17 016 22 195 15 729 13 724

S2 (i) =

where k = l + i. Step 8: Combine S1 and S2 to form a single secret-bit sequence S. Step 9: Use a shared crypto-key K2 to decrypt S, and obtain the original message O. That is, O = DECK2 (S), (11)

where DEC() is a cryptographic decryption function.

Fig. 5. The test images used in our experiments: (a) Barb, (b) Boat, (c) F16, (d) Goldhill, (e) Lena, (f) Mandrill, (g) Peppers, (h) Tank, (i) Tiffany, and (j) Zelda.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

2951

and evaluate the capacity performance for these steganographic methods. Table 3 compares the capacity performance of various steganographic methods. It is clear that the capacity performance of the proposed method is superior to the other steganographic methods. To understand the superiority of the proposed method in Table 3, we can take the J-Steg as the basis of comparison. The J-Steg embeds the secret bits in DCT coefcients (except 0s and 1s). Therefore, the capacity of the J-Steg can be considered as the number of DCT coefcients (except 0s and 1s). The OutGuess also embeds the secret bits in DCT coefcients (except 0s and 1s). But to avoid the detection of the chi-square attack, the OutGuess only uses a half of the workable coefcients to embed secret bits. This is why the capacity of the OutGuess is about a half of that of the J-Steg. Unlike the J-Steg and the OutGuess, the F5 uses the non-zero DCT coefcients to embed the secret bits. Therefore, the capacity of the F5 is potentially larger than that of the J-Steg. But to effectively extract the embedded secret, if the embedding result of the current coefcient is 0, the same secret bit should be embedded into the next coefcient until non-zero result obtained. This is also known as shrinkage effect. This is why the capacity of the F5 is only slightly larger than that of the J-Steg. The proposed method also uses non-zero DCT coefcients to embed secret bits. Because the proposed method does not have the shrinkage problem, the capacity of the proposed method is higher than that of the F5. 4.2. Imperceptibility test To test the imperceptibility performance, without loss of generality, we generated enough random bits with uniform distribution to simulate the secret-bit sequence instead of using a specic encrypted plaintext. The secret bits were embedded in the cover-images with medium capacity (under 55 000 bits) using different embedding rates. The separation ratio used in each embedding process was chosen as 4:1. Let x and y denote the cover-image and the stego-image, respectively. The imperceptibility is evaluated by the objective quality measurement PSNR (peak signal to noise ratio) [35]: PSNR = 10 log 2552 (dB), MSE (12)

Table 4 The PSNR values (in dB) of the stego-images created by the proposed method using various embedding rates
Test image Embedding rate 20% Boat F16 Lena Peppers Tiffany Zelda 35.42 36.70 36.46 35.33 35.83 38.26 40% 35.02 36.34 36.11 35.09 35.53 38.03 60% 34.48 35.81 35.69 34.73 35.02 37.67 80% 33.58 34.90 34.91 34.06 34.17 36.94 100% 31.66 33.02 33.13 32.57 32.47 35.32

Table 5 Comparison of PSNR values (in dB) of the stego-images created by various embedding algorithms
Test image Embedding algorithm The proposed Boat F16 Lena Peppers Tiffany Zelda 34.53 35.89 35.67 34.75 35.07 37.64 J-Steg 35.67 36.79 36.36 35.45 35.93 38.31 F5 36.23 37.33 36.94 35.86 36.36 38.82 OutGuess 35.47 36.57 36.37 35.32 35.81 38.22

higher than 30 dB. It means that the proposed steganographic method can provide good imperceptibility performance. To compare with the other steganographic methods, we embedded the same amount of secret bits (the capacity of the OutGuess) in various cover-images using the J-Steg, the F5, the OutGuess, and the proposed method. Table 5 presents the comparison of PSNR values of the stego-images created by various steganographic methods. It is clear that although more complicated embedding strategy is adopted in the proposed method, the PSNR values of the stego-images created by the proposed method are only slightly lower than those created by the other steganographic methods. 4.3. Chi-square-family-attack resistance test The chi-square family attack explores the problem of PoV to detect the secret bits embedded in the LSB of the stego-image. The detection of the chi-square attack is achieved by sequentially accumulating the similarity of PoVs. That is, if the secret bits are embedded in the LSB of the stego-image, they could be detected by the chi-square attack. Different from the chi-square attack, the extended chi-square attack divides the stego-image into blocks, and detects the secret bits by calculating the similarity of PoVs in each block. If the chi-square attack is a global method, the extended chi-square attack can be considered as a local method because it detects the secret bits in each block of the stego-image independently. To avoid the detection of the chi-square and the extended chisquare attacks, the proposed method does not adopt the LSB replacement strategy. To show that the proposed steganographic

where MSE represents the mean square error between the coverimage x and the stego-image y: MSE = 1 512 512
512 512

(xij yij )2 .
i=1 j =1

(13)

Table 4 presents the PSNR values of the stego-images created by the proposed method using various embedding rates. In Table 4, the embedding rate is dened as embedding rate = actual embedding bits . embedding capacity (14)

It is clear that even the full capacities of the cover-images are used to embed the secret bits, the values of PSNRs are still

2952

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

chi-square attack

S1 attack for the proposed method 100

original J-Steg's ours

100 probability of embedding 80 60 40 20 0

detection of embedding rate

80 60 40 20 0 -20 -40

perfect Goldhill Lena Mandrill Zelda

20

40 60 size of sample (%)

80

100

10

20

30

40

50 60 70 embedding rate

80

90

100

Fig. 6. The detection results of the chi-square attack to the stego-images created by the J-Steg algorithm and the proposed steganographic method.

Fig. 8. The detection results of S1 attack for the stego-images created by the proposed steganographic method.

extended chi-square attack 100 probability of embedding 80 60

original J-Steg's ours

created by the proposed method have no responses to both the chi-square and the extended chi-square attacks. It means that the proposed method has excellent performance against the chisquare family attack. 4.4. S-family-attack resistance test

40 20 0 0 20 40 60 size of sample (%) 80 100

Fig. 7. The detection results of the extended chi-square attack to the stego-images created by the J-Steg algorithm and the proposed steganographic method.

method can resist both the chi-square and the extended chisquare attacks, we used the math tool MATLAB to simulate both attacks. We used the proposed method to create the stegoimage of Lena with half embedding capacity, and used the chi-square and the extended chi-square attacks to detect the stego-image. The same experiments were also performed on the stego-image created by the J-Steg method. Figs. 6 and 7 show the responses of the different stegoimages to the chi-square and the extended chi-square attacks, respectively. In Fig. 6, it can be found that the chi-square attack has successfully detected the existence of the embedded secret bits in the rst half of the DCT coefcients of the stego-image created by the J-Steg method. In Fig. 7, the extended chi-square attack has also successfully detected the existence of the secret bits in the rst half of blocks of the stego-image created by the J-Steg method. It is clear that in both gures, the stego-images

The S family attack detects the length of the embedded secret bits by estimating the approximate cover-image. In such a method, it has successfully broken the F5 and the OutGuess steganographic methods. The proposed method adopts the complementary embedding strategy to reduce the loss of statistical property of the cover-image in spatial domain. The proposed complementary embedding divides the secret bits and the DCT coefcients into two parts, respectively, by a predened separation ratio , and embeds each part of secret bits into the corresponding part of DCT coefcients by complementary embedding algorithms. In our experiments, we found that the proposed method can confuse the S family attack by 5 using 3 1 1 together with an adjustment parameter . We 4 set = 1 and = 1 throughout the follow-up experiments if 3 no other values are explicitly assigned. To show that the proposed steganographic method can resist the S1 and the S2 attacks, we used the math tool MATLAB to simulate both attacks. We also used the proposed method to create the stego-images for several standard images with different texture properties using various embedding capacities, and then used the S1 and the S2 attacks to detect these stegoimages. Figs. 8 and 9 show the detection results, respectively. For S1 attack, the same experiments were performed on the stego-images created by the F5 algorithm. The detection results are shown in Fig. 10. For S2 attack, the same experiments were performed on the stego-images created by the OutGuess algorithm. The detection results are shown in Fig. 11. Table 6 also provides the detection results of S1 and S2 attacks for

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

2953

S2 attack for the proposed method 100

perfect

Table 6 The detection results of S1 and S2 attacks for the stego-images created by the proposed embedding algorithm using embedding rate 50% and various
(embedding rate: 50%) Detection algorithm S1 attack (%)
1 2 1 4 1 6 1 8 1 10

detection of embedding rate

80 60 40 20 0 -20 -40 -60 10 20

Goldhill Lena Mandrill Zelda

S2 attack (%) 4.87 24.70 14.39 20.16 27.67

3.86 7.93 10.26 10.71 11.67

30

40

50 60 70 embedding rate

80

90

100

Fig. 9. The detection results of S2 attack for the stego-images created by the proposed steganographic method.

S1 attack for F5 algorithm 120 detection of embedding rate 100 80 60 40 20 0 -20 10 20 30 40 50 60 70 embedding rate 80 90 100
perfect Goldhill Lena Mandrill Zelda

Fig. 10. The detection results of S1 attack for the stego-images created by the F5 embedding algorithm.

S2 attack for OutGuess algorithm 120 detection of embedding rate 100 80 60 40 20 0 10 20 30 40 50 60 70 embedding rate 80 90 100
perfect Goldhill Lena Mandrill Zelda

the stego-images created by the proposed embedding algorithm using embedding rate 50% and various values of . In Figs. 811, the dash lines represent the perfect detection result. The closer the detection result to the dash line, the weaker the resistance of the steganographic method to the S family attack. In Fig. 10, the detection results of the stego-images created by the F5 algorithm are very close to the dash line. It means that the S1 attack has successfully broken the F5 algorithm. It is clear that in Fig. 8, for the proposed method, all the detection results are far beyond the dash line. It means that the proposed method can survive the S1 attack. On the other hand, in Fig. 11, for the OutGuess algorithm, the detection results of S2 attack are very close to the dash line. It means that the S2 attack has successfully broken the OutGuess algorithm. For the proposed method, in Fig. 9, all the detection results are unstable and have clear distances from the dash line. It implies that the proposed method can also survive the S2 attack. Further explanation of why the proposed steganographic method can resist both S1 and S2 attacks will be provided in Section 5. The readers may notice that some of the detection of embedding rate is negative in Figs. 810. This phenomenon results from the assumption of the S family attack. In brief, the S family attack uses a method to estimate the original image from the stego-image and then uses an equation derived from the assumptions of the estimated original image and the property of the stego-image to calculate the embedding rate. Because the equation used to calculate the embedding rate is very imagedependent, it may have different results when detecting different stego-images. Moreover, it may have negative results when the assumptions of the estimated original image and the property of the stego-image have bias. This is why there are some negative results appeared in Fig. 10 when embedding small amount secret bits in image Goldhill. Similarly, because the proposed method adopts quite different approach to embed secret bits, it also destroys the assumptions of the S family attack and results in quite unstable detection results including negative values as shown in Figs. 8 and 9. 5. Discussions The S1 and S2 attacks are good statistical attacks. Although they were originally designed for breaking F5 and OutGuess, they can also be used to break the other JPEG steganographic

Fig. 11. The detection results of S2 attack for the stego-images created by the OutGuess embedding algorithm.

2954

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

Table 8 The detection results of S2 attack for the stego-images created by the J-Steg algorithm using various embedding rates
Embedding rate (%) Lena (%) 1.84 4.78 0.80 0.97 2.24 0.07 4.13 2.05 5.20 1.01 Mandrill (%) 6.77 1.29 1.75 6.39 7.08 4.62 0.91 1.22 8.87 1.47 Zelda (%) 9.48 7.14 1.71 10.82 8.47 5.98 6.22 5.87 7.72 8.73 10 20 30 40 50 60 70 80 90 100 Test image Goldhill (%) 4.42 20.48 17.87 47.31 58.75 72.06 84.67 83.90 90.89 97.15 Lena (%) 10.49 9.61 30.95 53.74 69.93 74.48 84.27 90.53 89.97 107.17 Mandrill (%) 11.13 26.33 43.37 47.80 62.79 64.70 74.35 79.91 92.18 101.91 Zelda (%) 17.58 32.78 27.64 48.93 62.55 82.45 88.92 86.78 94.96 111.96

Table 7 The detection results of S1 attack for the stego-images created by the OutGuess algorithm using various embedding rates
Embedding rate (%) Test image Goldhill (%) 10 20 30 40 50 60 70 80 90 100 19.91 17.36 16.71 22.08 20.87 17.11 21.66 18.37 27.00 21.15

methods if the embedding strategy of any steganographic method matches the detection strategy of S1 or S2. In brief, the S1 attack uses a method to estimate the original image from the stego-image, and assumes that, after embedding, the number of the 0 and the absolute-value-1 DCT coefcients in the stego-images created by F5 will be changed drastically. Based on this property, the S1 attack can measure the amount of the embedded secret bits using the relation between the stego-images and the estimated original image. Because OutGuess preserves the property of the DCT coefcients of the stego-images, if we use S1 attack to detect the stegoimages created by the OutGuess algorithm, we will obtain incorrect detection results as given in Table 7. Similarly, because the proposed method uses the strategy of complementary embedding to maintain the property of DCT coefcients, the S1 attack cannot correctly detect the number of the embedded secret bits as shown in Fig. 8. This is why the proposed steganographic method can resist the S1 attack. On the other hand, in brief, the S2 attack also uses a method to estimate the original image from the stego-image. To detect an image, the S2 attack rst embeds random bits in the stegoimage using the same embedding algorithm. If the stego-image is created by an LSB-based method, the embedding effect of the stego-image will be canceled out. Therefore, the re-embedded image will be closer to the original image than the stego-image. The S2 attack then uses the relation among the estimated original image, stego-image, and the re-embedded image to measure the amount of the embedded secret bits. For example, as introduced previously, the J-Steg is an LSB-based method. If we use S2 attack to detect the stego-images created by J-Steg, we will obtain stable detection results as given in Table 8. On the contrary, if a stego-image is not created by an LSB-based method, the re-embedding strategy adopted by the S2 attack will fail and result in unstable detection results. For example, if we use S2 attack to detect the stego-images created by the F5 algorithm, we will obtain unstable detection results as given in Table 9. Because the proposed steganographic method is not an LSB-based method, if we use S2 attack to detect the stegoimages created by the proposed embedding algorithm, the de-

Table 9 The detection results of S2 attack for the stego-images created by the F5 algorithm using various embedding rates
Embedding rate (%) Detection algorithm Goldhill (%) 10 20 30 40 50 60 70 80 90 100 20.92 8.05 6.60 2.56 0.11 20.36 18.50 20.22 5.08 20.48 Lena (%) 30.68 18.79 43.01 7.51 44.82 11.43 58.72 8.96 1.86 0.17 Mandrill (%) 15.74 23.07 1.24 10.21 15.23 1.27 4.82 1.04 10.62 19.05 Zelda (%) 54.53 54.90 56.59 58.32 45.17 6.14 36.13 48.2 8.31 20.25

tection results are also unstable as shown in Fig. 9. This is why the proposed steganographic method can resist the S2 attack. 6. Conclusions In this paper, we have proposed a high-performance JPEG steganographic method. The proposed method adopts the complementary embedding strategy to reduce the loss of statistical property of the stego-image in spatial domain. In such a manner, the proposed steganographic method can resist the S family attack. Moreover, the proposed method does not adopt the LSB replacement strategy so that it can also avoid the detection of the chi-square family attack. To show the effectiveness of the proposed method, the chisquare, extended chi-square, S1 and S2 attacks were simulated, and used to detect the stego-images created by the proposed method. The J-Steg, F5, and OutGuess steganographic algorithms were also simulated and used to create the stego-images in the same experimental conditions. Experimental results show that the proposed steganographic method has the following advantages: (1) The capacity provided by the proposed method is larger than those provided by J-Steg, F5, and OutGuess steganographic methods.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 2955

2955

(2) The proposed method has excellent performance against the chi-square family attack. (3) The proposed method can successfully confuse the detection of the S family attack. With the above-mentioned advantages, the proposed steganographic method is practical for the application of covert communication. References
[1] W. Stallings, Cryptography and Network Security: Principles and Practice, third ed., Pearson Education, New Jersey, 2003. [2] C.-C. Chang, C.-S. Chan, Y.-H. Fan, Image hiding scheme with modulus function and dynamic programming strategy on partitioned pixels, Pattern Recognition 39 (6) (2006) 11551167. [3] S.-L. Li, K.-C. Leung, L.M. Cheng, C. -K, Chan, A novel image-hiding scheme based on block difference, Pattern Recognition 39 (6) (2006) 11681176. [4] H. Noda, M. Niimi, E. Kawaguchi, High-performance JPEG steganography using quantization index modulation in DCT domain, Pattern Recognition Lett. 27 (5) (2006) 455461. [5] Y.-H. Yu, C.-C. Chang, Y.-C. Hu, Hiding secret data in images via predictive coding, Pattern Recognition 38 (5) (2005) 691705. [6] C.-C. Chang, H.-W. Tseng, A steganographic method for digital images using side match, Pattern Recognition 25 (12) (2004) 14311437. [7] M.-Y. Wu, Y.-K. Ho, J.-H. Lee, An iterative method of palettebased image steganography, Pattern Recognition Lett. 25 (3) (2004) 301309. [8] C.-K. Chan, L.M. Cheng, Hiding data in images by simple LSB substitution, Pattern Recognition 37 (3) (2004) 469474. [9] C.-C. Thien, J.-C. Lin, A simple and high-hiding capacity method for hiding digit-by-digit data in images based on modulus function, Pattern Recognition 36 (12) (2003) 28752881. [10] D.-C. Wu, W.-H. Tsai, A steganographic method for images by pixelvalue differencing, Pattern Recognition Lett. 24 (910) (2003) 1613 1626. [11] D.-C. Lou, J.-L. Liu, Steganographic method for secure communications, Comput. Secur. 21 (5) (2002) 449460. [12] J. Spaulding, H. Noda, M.N. Shirazi, E. Kawaguchi, BPCS steganography using EZW lossy compressed images, Pattern Recognition Lett. 23 (13) (2002) 15791587. [13] J.J. Eggers, R. Bauml, B. Girod, A communications approach to image steganography, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 4675, 2002, pp. 2637.

[14] C.-C. Chang, T.-S. Chen, L.-Z. Chung, A steganographic method based upon JPEG and quantization table modication, Inf. Sci. 141 (12) (2002) 123138. [15] R.-Z. Wang, C.-F. Lin, J.-C. Lin, Image hiding by optimal LSB substitution and genetic algorithm, Pattern Recognition 34 (3) (2001) 671683. [16] A. Westfeld, High capacity despite better steganalysis (F5a steganographic algorithm), in: Proceedings of the Fourth International Workshop on Information Hiding, vol. 2137, 2001, pp. 289302. [17] N. Provos, Defending against statistical steganalysis, in: Proceedings of the 10th USENIX Security Symposium, 2001, pp. 323336. [18] J-Steg http://www.ussrback.com/crypto/steanography/DOS/jsteg.txt . [19] EzStego http://www.securityfocus.com/tools/586 . [20] F5 http://wwwrn.inf.tu-dresden.de/%7Ewestfeld/f5.html . [21] Hide4PGP http://www.heinz-repp.onlinehome.de/Hide4PGP.htm . [22] JP Hide&Seek ftp://ftp.gwdg.de/pub/linux/misc/ppdd/jphs_05.zip . [23] S-Tools ftp://ftp.ntua.gr/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/stools4.zip . [24] Snow http://www.darkside.com.au/snow/index.html . [25] I.J. Cox, M. Miller, J. Bloom, Digital Watermarking, Morgan Kaufmann, San Francisco, 2002. [26] J.-L. Liu, D.-C. Lou, M.-C. Chang, H.-K. Tso, A robust watermarking scheme using self-reference image, Comput. Stand. Interfaces 28 (3) (2006) 356367. [27] D.-C. Lou, J.-L. Liu, M.-C. Chang, Digital watermarking using multiresolution wavelet transform, in: Proceedings of the IEEE 37th Annual International Carnahan Conference on Security Technology, 2003, pp. 370377. [28] D.-C. Lou, J.-L. Liu, A robust watermarking scheme based on the justnoticeable-distortion, J. Chung Cheng Inst. Technol. 31 (2) (2003) 11 22. [29] F.A.P. Petitcolas, R.J. Anderson, M.G. Kuhn, Information hidinga survey, Proc. IEEE 87 (7) (1999) 3543. [30] J. Seberry, J. Pieprzyk, CRYPTOGRAPHY: An Introduction to Computer Security, Prentice-Hall, New York, 1989. [31] A. Westfeld, A. Ptzmann, Attacks on steganographic systems, in: Proceedings of the Third International Workshop on Information Hiding, 2000, pp. 6176. [32] J. Fridrich, M. Goljan, D. Hogea, New methodology for breaking steganographic techniques for JPEGs, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 5020, 2003, pp. 143155. [33] ISO/IEC, IS 10918, ITU-T, Rec. T.81, Information technologydigital compression and coding of continuous-tone still images, part 1: requirements and guidelines, 1992. [34] The MathWorks http://www.mathworks.com/index.shtml . [35] A.K. Jain, Fundamentals of Digital Image Processing, Prentice-Hall, New Jersey, 1989.

About the AuthorCHIANG-LUNG LIU received his Ph.D. degree in Electronic Engineering from Chung Cheng Institute of Technology (CCIT), National Defense University, Taiwan, ROC, in 2002. Since 2003, he has been with the Department of Electrical Engineering at CCIT, where he is currently an Associate Professor in the Department of Electrical and Electronic Engineering. His research interests include information security, information hiding, multimedia security, and image processing. About the AuthorSHIANG-RONG LIAO received his M.S. degree in Electronic Engineering from Chung Cheng Institute of Technology, National Defense University, Taiwan, ROC, in 2006. His research interests include information hiding and image processing.