Steganography

Implementation & Detection

Robert Krenn
rkrenn@xidc.nl
January 21, 2004
 Overview
● What is steganography?
● Implementations
● Detection
● Defeating steganography
● Conclusion
● Questions
What is steganography?

Stega-
covered, from the Greek “stegos” or roof

-nography
writing, from the Greek “graphia”
What is steganography?

● The art of hiding information inside information

Since everyone can read, encoding text

in neutral sentences is doubtfully effective
What is steganography?

● The art of hiding information inside information

Since everyone can read, encoding text

in neutral sentences is doubtfully effective

Since Everyone Can Read, Encoding Text

In Neutral Sentences Is Doubtfully Effective

 Secret inside
What is steganography?

What is it used for?

● Hiding the fact that you are sending messages
● Hiding several messages inside data
● Digital watermarking

Kerckhoffs' principle
● Secure with knowlegde of the system
● Message can only be read with secret key
What is steganography?

Hiding several messages

● Deniable cryptography
● Knowledge of encrypted data
● No proof of how much information is stored
● Rubberhose (http://www.rubberhose.org)
What is steganography?

Digital watermarking
● Not really hiding information
● Important: not modificable
● Uses the hiding-property of steganography
● Recent: MPAA hides watermarks in movies
Implementation

Hiding information
● Text / Webpages
● Images
● Audio
● Video
Implementation

Text / Webpages
● Use of a codebook
● Layout of texts
● Every Nth character
● Use of whitespaces and newlines
● Can be difficult to detect and decode
Implementation

Text / Webpages
In the midway of this our mortal life,
I found me in a gloomy wood, astray
Gone from the path direct: and e'en to tell
It were no easy task, how savage wild
That forest, how robust and rough its growth,
Which to remember only, my dismay
Renews, in bitterness not far from death.
Yet to discourse of what there good befell,
All else will I relate discover'd there.
How first I enter'd it I scarce can say
Implementation

Text / Webpages
In the midway of this our mortal life,
I found me in a gloomy wood, astray
Gone from the path direct: and e'en to tell
It were no easy task, how savage wild
That forest, how robust and rough its growth,
Which to remember only, my dismay
Renews, in bitterness not far from death.
Yet to discourse of what there good befell,
All else will I relate discover'd there.
How first I enter'd it I scarce can say

06081913030629170827  meet at dawn

Implementation

Images
● Cover image
● Identify redundant data
● Replace (a subset of) redundant bits with data
Implementation

Images
● JPEG uses discrete cosine transformations (DCT)
● Transform pixel blocks to DCT coefficients
● Get least significant bit of each DCT coefficient
● Replace LSB with secret message bit
● Insert modified DCT into output image
Implementation

Images

Original image Data embedded inside

Implementation

Images
● JPEG stegencryption
● Operates in transformation space
● No visual changes
● GIF and BMP stegencryption
● Operates in low bit planes
● Subject to visual attacks
Implementation

Images

Original image Data embedded inside

Implementation

Audio
● Use frequencies inaudible to humans
● Embed data using the LSB
● Encoding musical tones
Implementation

Video
● Visible signals (gestures, movements)
● Same techniques as with images
● Same techniques as with audio
Detection

Text
● Look for (disturbings of) patterns
● Odd use of language
● Line heights and whitespaces
Detection

Images
● Examine color palette
● Size of the image
● Differences:
− Format
− Last modified date
Detection

Images
● Statistical analysis
● Analyze frequency of DCT coefficients
● Entropy of redundant data
− Hidden content  higher entropy
Detection

Images
● Apply filters to steganograms
● Visible representation of statistical data
Detection

Filtered

Original image Embedded data

Detection

Filtered

Original image Embedded data

Detection

Audio
● Statistical analysis
● Analyze patterns in background noise
● Distortions
● Measure inaudible frequencies
Detection

Video
● Look for distinguishing movements
● Same techniques as with images
● Same techniques as with audio
Defeating steganography

Text
● Change spacing, interpunction
● Modify line heights, layout
● Add or remove words
Defeating steganography

Images
● Compress with lossy compression
● Convert to different format
● Resize the image
● Modify colors
Defeating steganography

Audio
● Compress with lossy compression
● Change bitrate
● Alter / limit frequency spectrum
Defeating steganography

Video
● Same techniques as with images
● Same techniques as with audio
Conclusion

● Hide data practically everywhere

● Detection of steganography
− Possible, but can be difficult
− Hard when valid to Kerckhoffs' principle
● Defeating steganography is not hard
Steganography

● Questions?
Steganography