This action might not be possible to undo. Are you sure you want to continue?
edu Steganography and Digital Watermarking -- Applications, Attacks and Countermeasu res Introduction Steganography is the science of hiding information in data. Normally steganograp hy is done intelligently such that it is difficult for an adversary to detect th e existence of a hidden message in the otherwise innocuous data. The piece of da ta that has the message embedded in it is visible to the world in the clear and appears as harmless and normal. This is in stark contrast with cryptography wher e the message is scrambled to make it extremely difficult or impossible for an adversary to put together. A message in ciphertext arouses some sort of suspicio n whereas invisible message embedded in clear text does not. This is the advant age of steganography. Generally, a steganographic message will appear to be something else: a picture, an audio file, a video file or a message in clear text - the covertext. Histor ically, messages were written using hidden invisible ink between the visible lin es of innocuous documents, or even written onto clothing. Other techniques used were writing messages in Morse code in knitting yarn, or marking particular word s or letters in the message, using invisible ink or pin prick that form the secr et message. During WWII Germans used the microdot technology, where an image the size of a period had the clarity of typewritten pages. In this case the period was the covertext and the image is the message. Though smart hiding and innocuou s hiding techniques are used to hide the stegotext, the algorithm itself is secu re and only known to the communicating parties and not to the world. This is in slight contrast to classical cryptography where the algorithm is well known and only the key(s) are secret. Though data is not encrypted in steganography, authe nticity of a message is normally established by using a MAC or a signature. Steganography can be used to code messages in any transport layer – an image (GIF/ BMP/JPEG), a MP3 file, a communications protocol like UDP etc. Steganogrpahic in formation can also be added to richer multimedia content like DVDs. There are no rmally two motivations – to send a secret message or to establish authenticity of a piece of information – usually a multimedia file. The later is a major applicati on of modern steganography and known as Digital Watermarking and Fingerprinting. Watermarks establish ownership of an artifact while fingerprints or labels help to identify intellectual property violators. They are different protocol implem entation of the same basic idea. Information theory and human sensory perception Steganography is possible for the same reasons that compression is – a combination of information theory and human perception of vision and audio. Digital signal contains redundancy which manifests itself as noise. Humans cannot detect all le vels of noise; in other words, humans often cannot tell an image or an audio cli p from another with slight difference in levels of noise. The larger the cover message is (in data content terms — number of bits) relative to the hidden message , the easier it is to hide the latter. For example, a 24 bit bitmap image has 8 bits representing three colors – Red, green and blue at each pixel – 256 shades of e ach basic color. So changing the least significant bit of any of these basic col
But on the flipside. The prisoners accept t his condition and find a way to communicate secretly in exchanges --. i. Thethe situation is paradoxical because the warden demands access and the prison er’s need to authenticate each other. Historically. which can be exploited as a noise cover. They need to communicate with each other but they have to use a public channel which is monitored by the Warden of the jail. From an inform ation theoretical point of view. Ron Rivest’s “Chaffing and Wi nnowing” protocol discussed later can be argued as an example of timing covert cha nnel. symmetric key is a natural fit. the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier/container (the original signal) due to the injection of the payload (the signal to covertly emb ed) are visually and ideally. The warden will only forward the messages if they are intelligible.ors would make an extremely negligible change on that pixel – and possibly less on the image. bitmaps are better fits that GIFs and JPEGs because GIF is 8 bits per pixel and JPEG is a lossy compression techn ique. statistically negligible. This is calle d LSB manipulation and a very conventional and simple steganographic implementat ion. It can also be noted that the actual message itself can be compressed using some compression coding methodologies like run length coding. it may be noise from recording techniques – amplitude or frequency modulation.establishi ng a subliminal channel even though the messages themselves are not encrypted. Subtlety in changes is a very important featu re and stego-images should only have subtle changes. However. Often the embedded message is itself encrypted using a key that may or may not b e known to the adversary. A ny system with an analog (signal) amplification stage will also introduce therm al noise. Since steganography requires that communicating partie s have some prior shared information. that is to say. this may be noise from the imaging element. In case of images. This re port primarily discusses storage covert channels where a covert message is commu nicated by manipulating a stored object like an image. It is fairly obvious that more the data content of the cover message.e. Fo r a digital image. the chan ges are indistinguishable from the Gaussian noise of the carrier. a l ot of invisible ink steganographic messages were encoded using Polybius squares or similar text to integer mapping schemes. It is this capab .temporal in case of audio or v ideo content) is also a determining factor in the efficiency of the hiding proce ss. so they will authenticate each other’s me ssages before accepting them – authentication without secrecy. there is redundancy. we get 9 bits -. the easier it is to hide the message. An image with large areas o f solid colors would be a bad fit since large variances created by the embedded message would cause drastic differences easily spotted by the human eye. if we change the LSB of each basic color of three adjacent pixels. So the least significant bit can be easily used to store the stegano graphic message. Steganographic channel is a covert channel in Information theory terms since it transfers some kind of infor mation using a method originally not intended to transfer this kind of informati on. Authentication without secrecy channels ach ieve that by placing a pre arranged condition on all messages.. bigger images will attract more attention than small er images as suspect stego-images. we have techniques for both Gaussian and LaPlacian dis tribution using maximum likelihood estimators for the stego-messages. p ublic steganography with steganographic key exchanges is also possible. for digital audio . As we will see later. Steganography also supports both storage and timing covert channels. So. this means that the channel must have more capa city than the 'surface' signal requires (entropy). Two inmates Alice and Bob are accomplices in a crime and are sent to the prison. Stated somewhat more formally. The spa tial frequency distribution of the image (spatio.enough space to store an ASCII character. Prisoner’s problem and subliminal channel The study of steganography in machine cryptography was first stated in the priso ner’s problem by Simmons. T he warden will also try to deceive them.
The receiver now doesn’t have to do anything special since the normal protocol of a receiver is to discard packets that do not have correct MACs.ility that creates a subliminal channel for the prisoners. There are various techniques of placing dig ital watermarks on images but they can conceptually be divided into two categori es – 1. weak MAC functions can potentially leak information in this protocol . When an artifact is sold to an entity. In a two step process. Null ciphers are used to hide the actual cipherte xt by introducing nulls to confuse the cryptanalyst. it cannot tell chaff from wheat as the MAC will look like a random functio n. Fingerprinting is a slight different implementation of digital watermarks.e. As with most steganographic trans fers. Though the adversary can see the entire communica tion. The concept is analogous to separating (win nowing) wheat from chaff where wheat is the actual payload and chaff is the null ciphers. These methods are used to hide messages alo ng the frequency distribution of hues. Spatial techniques. Digital Watermarking and Fingerprinting Digital watermarking is the technique of adding identifying information to digit al artifacts using steganographic principles i. intensities. the watermark inform ation would reveal the violator. The other key idea is that since the creation of “chaff” involves generation of a bad MAC and not the knowledge of a secr et key. A slight modification of this would be using th e canary trap protocol where unique alterations are made to each copy of artifac t sold. the transmitters add a MAC to establish authenticity of the communication to any message that is sent. Watermarks can be visible or invisible in the context of images. If ‘m’ redundant bits are allowed to establish authenticity. Frequency Domain techniques. The receiver “winnows” the actual payload from the non-interesting data. smoo thing would obliterate watermarks. information about that entity is hidden in the artifact.e. The illegitimate copy has a tell-a-tale that traces back to the violator . It is also important to note that it is not possible to use digital signatures here since anyone will be then able to compare the signatures and tell “chaff” from “wheat”. . The tra nsmitter attaches bogus MACs for the chaff packets instead of calculating it. These methods are based on hiding the messages on ge ometric characteristics of the image. Classical steganography can also be thought of as an extension of this concept where the carrier / containe r data are actually the null ciphers – data that create confusion and diffuse the actual payload. If illegitimate copies of the artifact are sold. Ron Rivest extended this concept to an idea of “Chaffing and Winnowing” to create st eganographic communication channels. These are highly susceptible to signal alt eration algorithms. visible digital watermarks are really not steganographic object – they enhance information instead of hiding. However. then these redundant bits create a bit by bi t subliminal channel which can be used to transmit extra information. 2. cropping. “designated verifier signature” schemes where only signature designat es can verify a signature would work fine. Even simple signal manipulation like zooming. These are comparatively robust to simple image manipulations but can fall prey to statistical steganalysis. In strict terms. intersperse the actual payload with meaningless data. Null ciphers and “Chaffing and Winnowing” A null cipher is a form of encryption where the plaintext is mixed with a large amount of non-cipher material. MACs are calculated over the entire message and a s erial number of the message using a secret symmetric authentication key. hiding the information cleverl y so that extraction is difficult by any adversary. However. Th is is what distinguishes the “chaff” from the “wheat”. luminance etc of the images. the transmitter introduces chaff to the wheat i . any entity can play the role of a “chaffer”.
this can still work unless all artifacts are sniffed for steganographic information. It is fairly easy to hide an image in 3 or even 4 least significant bits of another image without causing major noticeable change. Mathematically and statistically th ese numbers are known to have desirable autocorrelation functions. Patchwork makes the assumption that the image has a Gaussian distri bution. These two bl ocks would get altered identically for all non-geometric alterations of the imag e. If the stego message is encoded using m-sequences. This is clearly a frequency distribu tion method. The key idea to avoid detection is to hide the message in such a w ay that statistically it comes across like normal distribution making pattern de tection very difficult. Spread Spectrum methods In spread spectrum methods. the adversary would have to do the same computations without any apriori knowledge. it pic ks up two patches up in random and then brightens one by S and darkens one by S. If the intention is to covertly pass messages. Patchwork is a too l from IBM uses this technique to scatter hidden information based on statistica l distribution of luminance in the image. Texture Block coding In this method. Masking and filtering These are some basic techniques to create visible watermarks by altering the lum inance or colors of certain regions in the image. This patch information i s vital to decode the hidden message later. brightens one and darkens one. rotation and other basic image manipulation techniques to o bliterate the watermark. M-Sequences using linear shift registers M-sequences are based on starting vectors of a Fibonacci recursion relation whic h form a Galois field of finite cardinality. A more secure implement ation would be to use LSB addition instead to embed the watermark. These two blocks can then contain information about these images. This process is iterated and the whole image palette is laid in a mosaic of bri ght and dark patches one of which is used to hide data. So it will re quire the examination of the complete bit pattern and the current linear shift r egister implementation. we can get two large blocks of identical textures. it can easily be embedded in the image by a LSB substitution. Iterat ing a few times. Thus we have identical blocks of texture in the image. So images encoded using m-sequences are statistica lly impossible to distinguish from the original as they are similar to noise in a normal distribution. it is very easy to extract and /or get rid of the info. LSB Manipulation This is the manipulation described in the Introduction that is susceptible to ev en slight image modification. These can be detected very eas ily by simple statistical analysis but these are fairly resistant to lossy compr ession and image cropping. S between light and dark patches over the sample patches. It iteratively selects two patches on the image. The motivation for steganography is important here. This is also somewhat resistant to statistical steganal ysis because it gives it the impression of noise in an image. It then calculates the standard deviat ion. This is more secure because to crack this. . It is very efficient in hiding a GIF or BMP image in another but a linear analysis is enough to figure this out. It doesn’t hide the data in noise but embed it in signi ficant areas – just the reverse of LSB manipulation.Some digital watermarking algorithms It is not too difficult to formulate algorithms that can cleverly hide informati on in images. the message is scattered across the image making it harder for cropping. To encode. But if this is meant f or digital watermarks. the distribut ion of Galois field numbers is known to be of normal distribution thus resemblin g Gaussian noise in an image. pairs of areas of similar texture are found and one area is copi ed over the other.
The case of visible watermarks is obviously different. bits are swapped a ccording to rules that are dictated by the stego-key and random data from the pr evious round. Some common types of attacks on Digital Watermarking are 1. On top of that there are algorithms that instead of disabling watermarks. The idea again is to simulate a distribution that is similar to a Gaussian distribution. Volos hoynovisky proposed an algorithm where he used the MAP estimator and then remodu lates the image to find the least favorable noise distribution. this is mitigated by algorithms that can hide infor mation directly in compressed data. Luis Von Ahn et al formulates and proposed “universal robustness” for ste ganographic information. Disabling/ Destruction of hidden message. to find an estimate of the digital watermark. an implementation of this methodology. Each channel however carry only one bit of the message and a lot of unused bits. Steganalysis and Digital Watermarking Attacks Steganalysis is analogous to cryptanalysis in the context of steganography. There are several other watermark estimator alg orithms that uses either Maximum Aposteriori Probability (MAP) if we know the im age statistics or Maximum likelihood (ML) Classifier algorithms if we do not kno w anything about the images. where W is a random number.Frequency hopping In this method scattering of the message is done on the basis of rules that chan ge cumulatively. However. . would completely w ipe out the watermark since the raw data would be replaced by Direct Cosine Tran sforms of the data. Since a lo t of steganography algorithms try to hide data as noise. These algorithms they try to estimate the cover data using a given statistic for the noise in it. White noise storm. jittering etc. removal of noise should obliterate the watermark. They prove that “robust steganography” is as secure as the underlying crypto used to encrypt the message that is hidden in the clear. either overwrite watermarks or create exact replicas – rendering the watermark useless e ither way. Removal attacks – Denoising. Extracting of hidden message (Active Steganalysis) 3. Ste ganalysis is composed of three steps:1. It is important to note here that it is not necessary to extract a message to di sable or destruct a message. The bits inside a window permutate and rotate according t o an algorithm that is regulated by the previous window’s operations and the stego -key. Often lossy compression of uncompressed image data like JPEG. Remodulation. transforming. Finally this encoded message is embedded in the image using LSB substitut ion. Lossy Compression These attacks attempt at completely removing watermark from the data. But their alg orithm doesn’t prove that obliteration of the steganographic secret is not possibl e. Detection of hidden message (Passive Steganalysis) 2. This is guessed to be the watermark. highpass filtering) on the image to denoise the image that will likely g et rid of the digital watermark. Langelaar et al proposes a sequence of filtering operations( median filt ering. It is often very difficult to extract a hidden mes sage and at times even to detect one because they are scattered and show up as n oise. creates a message space of 8 channels where each channel has a window of W bytes. But t his just ensures extraction is hard and likens it to cryptography. 2. It assumes the noise to be the wate rmark. The idea is similar to DES block encryption. We can run algorithms that are known to destruct digital watermarks in messages. But the problem lie s in the fact – detection is also not important if we have a “suspicious attitude”. Geometric Attacks – Warping.
Bob gets an image from Alice that has her wa termark.blending in as Gaussian noise. Alice’s signature would st ill be readable from this image making it almost identical to the image Alice ci rculated. it has moved in such a way that the watermark detector can no longer detect th e data. The result of these at tacks is to scatter and alter the way the watermark is laid out in the image. Oracle attac k These are similar to normal cryptographic attacks where the steganographic key i s searched exhaustively. Collusion.. there is a high likelihood that the watermark would fall out of sync with the watermark detecto r. Copy Attack. Luis von Ahn et al propose robus . A modification of the averaging algorithm is the collusion attack where smaller portions of the data set are taken and attacked data set f ound using averaging algorithms. Defenses against Steganalysis We noticed that most steganographic algorithms pretty cleverly hide data to avoi d detection by --. This introduces a jitter in the signal that is not detectable by humans. they succumb to a combinati on of different attacks. Due to overmarking. if an image is rotated by a slight angle. repeated iterations of StirMark degrade the image to the point that humans can detect the differenc e between the original and the processed. However. Bob can now argue that Alice has removed his signature and added hers to generate this image. The key idea here is though the digital watermark data exists in the artifact . Jittering is another effective attack that works extremely well for audio data. Instead of removing the watermark. resizing etc. shearing. Fo r a simple attack. but to att ack the basic tenets of watermarking e. Protocol attacks – Watermark inversion. These smaller datasets are then combined to get a new attacked data set.g. An audio signal is chunked up into “n” chunks and then either one chunk is deleted o r a copy is made and then assembled back together ending up in either (n -1) or (n +1) samples. sheared and rotated by a random small amount. Statistical averaging attacks involve taking the same d ata set with different instances of watermarks and then averaging them to find t he attacked data set. destroy or disable the watermark. StirMark is an implementation based on these principles that simulates an iterative resampling process – where the image is slightly resi zed. Averaging. Bob subsequently generates his own watermark and subtracts his watermar k from the image he got from Alice. It then processes this watermark using the least favorable noise function (ment ioned in replacement attacks) to smoothen the watermark. This will establish that Bob was the actual owner of the image. These attacks do not aim to detect. The Copy Attack gets an estimate of the watermark using a MAP or a ML estimator. The Watermark inversion attack uses the feature of overmarking that is the abili ty to mark an image more than once. Crypto attacks – Exhaustive key search. 3. these stress on distortion of embedded data by spatial o r temporal alterations (in case of audio and video data). 4. Copy attack allows anyone to identify his own document as being watermarked by a well known entity by placing a watermark copied from a d ocument published by that entity on it. say 1 degree and th e edges filled by the texture of the average of adjacent pixels.These attacks are the easiest to implement and often very effective. It has also been seen that it is often not easy to extract a digital watermark. Digital watermarks would totally get destroyed in this attack. It then adds the waterm ark to a new document. Unzign implements a pixel jittering algorithm that works well on spatial domain waterma rks. This is a very serious attack that Kutte r et al experimentally succeeded to accomplish. watermarks cannot be extracted from no n watermarked data. embedding in significant areas . scattering across the frequency spectrum etc. Another important observation is that though some algorithms survive basic geome tric attacks like rotation.
5. Bender. 2. This makes it more robust against changes of lower bits. We have also notices that watermarks are partic ularly susceptible to attacks that are combination of more than one attack. 11. Neil F Johnson. Ross J Anderson and Markus Kuhn. References 1. I think the solution may very well lie in better statistical models based on information theory. One idea proposed by Neil Johnson is to us e a gradual mask instead of a sharp mask for the visible watermark. the image would also be distorted enough by so much processing. one can still launch a geometric attack and obliter ate the watermark. Techniques for data hiding. Gustavus J Simmons. Information-Theoritic Analysis of in formation Hiding 6. so that the watermark is not visible until the luminance of the image is significantly incre ased. Since the image would be perpetually similar the signature wo uld be the same. Gruhl. Bradley and Hannigan. Ronald L. Chaffing and Winnowing: Confidentiality without Encryp tion 4. 9. The Prisoner’s Problem and the Sublimimal channel 3. John Langford and Luis Von Ahn. Rivest. and image signature would not mitigate the attack. Barr. But this often doesn’t safeguard against attacks to destroy or replace waterm arks on images. The Watermark Copy attack 12. The key idea is to make the digital watermark such that destruction of the water mark would destroy the image itself. Using Digital watermarks to mitigate the thr .small noise insertion doesn’t create humanly noticeable changes to an artifact. Neil Johnson and Sushil Jajodia. Pierre Moulin and Joseph O’ Sullivan. error cor rection of coding theory using hamming distance (or some other distance measurin g algorithm like Euclidean algorithm ) for statistical steganalysis. Steganalysis : The investigation of hid den information 8. Niels Provos. Though extensive image processing and spatially selective alteration of luminance based on the lu minance distribution may make the digital watermark vulnerable. While this would successful ly mitigate the copy attack. audio files etc. Martin Kutter and Sviatoslav Voloshynoviskiy. Information Hiding a Survey.t steganographic algorithms as well as new advances to public key steganography etc. Nicholas J Hopper. Fabien A Petitcolas. Attacks on copyrig ht marking systems. Ther e have been mitigations suggested to particular types of attacks e. Neil Johnson and Sushil Jajodia. Barr et al from DigiMarc are s uggesting the concept of image signature to mitigate the copy attack where perpe tually similar images would produce the same signature whereas perpetually diffe rent image would produce very different signatures. Additionally the problem here is that there is an additional burden on the watermark detecto r to verify the signature of the image. An Introduction to Watermark recovery from Images 10. This is double verification and needs ad ditional security.g. Conclusion The challenges in digital watermarking stem from the fact that the attacks deriv e from the same phenomenon as the watermarking technology itself -. Clearly right now the watermarking technology is not robust enough to mitigate combination of attacks. Ross J Anderson and Markus Kuhn. We can mitiga te some attacks using authentication and authorization – but pattern detection and obfuscation should be mitigated by better scattering algorithms. Provably Secure Stega nography 7. Defending against Statistical Steganlysis 13. Exploring Steganography: Seeing the Uns een. But the pr oblem is that attacks are preceding mitigations. Fabien A Petitcolas. Morimoto and Lu. Introduction of new authentication schemes as proposed by public key s teganography would attach another layer of security but does not in itself guara ntee universal absolute robustness of watermarks.
Securing symmetric watermarking sc hemes against protocol attacks. A novel approach to coll usion resistant Video watermarking. . Stefan Katzenbeiser and Helmut Beith.eat of copy attacks. Karen Su. Deepa Kundur and Dmitrios Hatzinakoa. 14. 15.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.