Pattern Recognition 41 (2008) 2945 – 2955
Highperformance JPEG steganography using complementary embedding strategy
ChiangLung Liu ^{∗} , ShiangRong Liao
Department of Electrical and Electronic Engineering, Chung Cheng Institute of Technology, National Defense University, Tahsi, Taoyuan 33509, Taiwan, ROC
Received 12 June 2006; received in revised form 27 April 2007; accepted 3 March 2008
Abstract
A highperformance JPEG steganography should be secure enough to resist modern steganalysis. In this paper, we propose a highperformance JPEG steganographic method. The proposed method adopts the complementary embedding strategy to avoid the detections of several statistical attacks. To show the effectiveness of the proposed method, several statistical attacks are simulated and used to detect the stegoimages created by the proposed method. Several famous JPEG steganographic algorithms are also simulated for comparisons with the proposed method. Experimental results show that the proposed steganographic method has superior performance both in capacity and security, and is practical for the application of secret communication. 2008 Elsevier Ltd. All rights reserved.
Keywords: Image hiding; JPEG steganography; Chisquare family attack; S family attack; Statistical steganalysis; Complementary embedding
1. Introduction
The success of the Internet facilitates communications of people, but also enables illegal users to access data transmitted on the Internet. To protect the important data from being ille gally accessed, various modern cryptosystems [1] can be used to encrypt the content of these data prior to their transmissions. However, the encrypted data exists in a meaningless form and may attract the intention of the interceptors to break the secret codes. Steganographic methods can be used to make up this drawback. Steganographic methods [2–24] and various watermarking schemes[25–28] are applications of information hiding tech niques [29]. Steganographic methods hide the secret informa tion in the cover carrier so that the existence of the embedded information is undetectable. The cover carrier can be many kinds of digital media such as text, image, audio, and video. Because of the insensitivity of the human visual system, dig ital images have been widely used as cover carriers in most
^{∗} Corresponding author. Tel.: +886 3 3809991370; fax: +886 3 3801407. Email addresses: chianglung.liu@gmail.com (C.L. Liu), shiang.ron@msa.hinet.net (S.R. Liao).
00313203/$30.00 2008 Elsevier Ltd. All rights reserved.
doi:10.1016/j.patcog.2008.03.005
steganographic schemes, and are especially referred to as image hiding techniques [2,3,15]. Each image hiding system consists of an embedding process and an extraction process. An innocuouslooking original im age is used as the coverimage to conceal the secret data. The secret data are embedded into the coverimage by modifying the coverimage to form a stegoimage. According to Kerck hoffs’ principle [30], the embedding algorithm is supposed to be known to the public. Therefore, the embedding process may use an embedding key so that only the legal user can success fully extract the embedded data by using the corresponding ex traction key in the extraction process. The embedding key and the extraction key are referred to as stegokeys. If they are the same, the image hiding system is symmetric, otherwise asym metric [1]. Most image hiding systems use uncompressed images (e.g., BMP) or losslessly compressed images (e.g., GIF) as cover images. These images potentially contain much visual redun dancy so that they can provide large capacity to hide secret data. Many image hiding systems [2–24] have been proposed and several stegoproducts have been developed based on loss less image formats (e.g., EzStego [19]). For reducing transmis sion bandwidth and storing space, the JPEG image is currently the most common format used on the Internet. Several image
2946
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
hiding techniques for JPEG images have been proposed, such as JSteg [18], F5 [16], and OutGuess [17]. They are usually called the JPEG steganography or the JPEG steganographic methods which use the DCT coefﬁcients to embed the secret bits, and will be mentioned alternately in the rest of this paper. As we know, the JPEG compression is based on the discrete cosine transform (DCT), and reduces the visual redundancy to achieve good compression performance. Therefore, the embedding ca pacity provided by JPEG steganography is relatively smaller than those provided by the other steganographic methods. In this paper, our discussions focus on the JPEG steganography. Generally, there are potentially two basic requirements for a secure image hiding system. First, the secret data embedded in the stegoimage should be perceptually invisible. Secondly, the receiver can exactly recover the original data without the knowledge of the coverimage. These requirements can be eas ily achieved by LSB insertion methods that embed the secret data in the coverimage by directly replacing the least signiﬁ cant bit (LSB) in spatial domain or frequency domain. For ex ample, the JPEG steganographic tool JSteg embeds the secret data by sequentially ﬂipping the LSB of the quantized DCT coefﬁcients (except 0s and 1s) without causing detectable ar tiﬁcial distortion. Unfortunately, modern steganalysis tries to discover hidden data by examining the statistical properties of stegoimages. Therefore, many existing steganographic tech niques seem to be insecure when modern steganalysis is em ployed to test their security. Westfeld and Pﬁtzmann [31] proposed a steganalytic method based on statistical analysis of Pairs of Values (PoVs) that are exchanged during message embedding. They observed that the embedding function replacing LSBs transforms PoVs into each other which only differ in the LSB. If the secret bits used for replacing the LSBs are equally distributed, the frequencies of both values of each PoV become equal. Based on this obser vation, they proposed a statistical method to automatically cal culate the similarity of PoVs of the stegoimage. Their method is generally known as the chisquare attack and provides very reliable results when the LSB placement is known (e.g., the sequential embedding). Therefore, the data embedded by the JSteg can be detected by chisquare attack. Actually, the chi square attack can be slightly modiﬁed to successfully detect randomly scattered data by applying the same idea to smaller portions of the stegoimage [17]. The modiﬁed chisquare at tack is especially referred to as the extended chisquare attack in the rest of this paper. We also brieﬂy use the chisquare fam ily attack to represent both attacks together. To provide a secure and highcapacity JPEG steganography, Westfeld [16] proposed the F5 algorithm in 2001. Instead of replacing the LSBs of the quantized DCT coefﬁcients with the secret bits, the absolute value of the coefﬁcient is decreased by 1. Besides, the F5 algorithm randomly chooses DCT coefﬁ cients to embed the secret bits. Combining these two strategies, the F5 algorithm successfully defends both the chisquare and the extended chisquare attacks. In the same year, Provos [17] also proposed the OutGuess steganographic algorithm to counter the chisquare family at tack. The OutGuess uses two passes to achieve the embedding
mission. In the ﬁrst pass, the secret bits are embedded in the LSBs of the quantized DCT coefﬁcients (skipping 0s and 1s) along a random walk. In the second pass, the histogram of the stegoimage is adjusted to match that of the coverimage. Be cause the histogram of the ﬁnal stegoimage is similar to that of the coverimage, the stegoimage created by the OutGuess al gorithm can avoid the detection of the chisquare family attack. Although stegoimages created by the F5 algorithm or the OutGuess algorithm can survive the chisquare family attack, they can be detected by a special steganalytic method proposed by Fridrich et al. [32]. The most important part of their method is to obtain the approximation of the coverimage. This is done by decompressing the stegoimage, cropping by four pixels in each direction, and recompressing using the same quantiza tion table. The estimated coverimage possesses many statisti cal properties that approximately equal to those of the original coverimage. These statistical properties can be used to design the distinguishing statistic S that also predictably changes with the embedded message length. The unknown message length is therefore can be obtained by comparing the values of S for the stegoimage and the estimated coverimage. This kind of ste ganalysis has been successfully developed to detect the length of the secret bits embedded by the F5 and the OutGuess algo rithms. We refer to the method used to break the F5 as the S1 attack, and OutGuess, the S2 attack, in the rest of this paper. We also brieﬂy use the S family attack to represent both attacks together. In this paper, we propose a secure and highcapacity JPEG steganography. Instead of ﬂipping the LSBs of the DCT co efﬁcients, the secret bits are embedded in the coverimage by subtracting one from or adding one to the nonzero DCT coefﬁ cients. Therefore, the proposed steganographic method cannot be detected by both the chisquare and the extended chisquare attacks. Moreover, a complementary strategy is also included in the proposed method to defend the S1 and S2 attacks. To completely describe the proposed steganographic tech nique, the rest of this paper is organized as follows. In Section 2, the JPEG compression technique is brieﬂy reviewed. The proposed embedding and extraction processes are described in Section 3. Several experimental results are demonstrated in Section 4 to show the effectiveness of the proposed JPEG steganography. Section 5 justiﬁes the signiﬁcance that the pro posed method can resist both S1 and S2 attacks. Section 6 con cludes this work.
2. Review of JPEG compression
Because the proposed steganographic method is a JPEG based steganography, we brieﬂy describe the JPEG compression technique in this section.
Original
image
FDCT
Quantization
Entropy
encoding
Compressed
code
Fig. 1. The block diagram of the JPEG compression process.
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
Compressed
code

Entropy 




decoding 
Dequantization 
IDCT 
Reconstructed
image
2947
Fig. 2. The block diagram of the JPEG decompression process.
JPEG is an international standard for continuoustone still image compression which has been approved by International Standard Organization (ISO) under the denomination of Inter national Standard10918 (IS10918) [33]. The JPEG compres sion is based on the DCT and allows substantial compression to be achieved while producing a reconstructed image with high visual ﬁdelity. Fig. 1 shows the JPEG encoding process which comprises three major steps: forward DCT (FDCT), quantization, and en tropy encoding. The input image is ﬁrst divided into 8 × 8 nonoverlapping blocks, and each block is transformed by the FDCT into a set of 64 DCT coefﬁcients. These coefﬁcients are then quantized using a quantization table with 64 entries. The quantized results are all integers and deﬁned as the division of each DCT coefﬁcient by its corresponding quantization value, and rounding to the nearest integer. The quantization step is lossy because of the rounding error. The quantized coefﬁcients are then passed to the entropy en coding step to form the compressed code. One of two tables must be provided in this step according to different entropy coding schemes. If Huffman encoding is used, a Huffman table must be provided. If arithmetic encoding is used, an arithmetic coding conditioning table must be provided. It should be noted that the entropy encoding step is lossless. The JPEG decoding process is shown in Fig. 2, and also comprises three major steps: entropy decoding, dequantization, and inverse DCT (IDCT). Each step in decoding process per forms essentially the inverse of its corresponding step in en coding procedure. The entropy decoding step decodes the com pressed code to the quantized DCT coefﬁcients. The dequanti zation step then converts each quantized DCT coefﬁcient to its approximate value by multiplying with its quantization value. DCT is then used to convert the dequantized coefﬁcients to their spatial value. As mentioned above, the entropy encoding step in the JPEG encoding process is lossless. It means that if the secret bits are embedded in the quantized DCT coefﬁcients, they will not be destroyed by the followup encoding steps. Most of the JPEG steganographic methods (such as JSteg, F5, OutGuess, etc.) adopt this strategy. In the next section, we propose a stegano graphic method which also uses the quantized DCT coefﬁcients to embed the secret bits.
3. The proposed JPEG steganography
In this section, a secure and highcapacity JPEG steganogra phy is proposed. As mentioned previously, the S family attack obtains the approximate coverimage to break the F5 and Out Guess schemes. To counter the detection of such attack, the proposed JPEG steganographic method adopts a complemen
tary strategy to reduce the loss of statistical property of the coverimage. This purpose is achieved by dividing the quan tized DCT coefﬁcients and the secret bits into two parts ac cording to a predeﬁned partition ratio. The two parts of DCT coefﬁcients are used to embed the corresponding parts of se cret bits with different embedding algorithms. Speciﬁcally, the secret bits are embedded by subtracting one from one part of coefﬁcients, and adding one to the other part of coefﬁcients. Specially, we call our proposed embedding algorithm the com plementary embedding. Moreover, because the proposed em bedding algorithm is not an LSB insertion one, the proposed JPEG steganographic method can also resist the chisquare fam ily attack. The proposed stegnographic method comprises an embed ding process and an extraction process. The details of the em bedding and extraction process are described in the following subsections.
3.1. Embedding process
The proposed embedding process is integrated with JPEG encoding process. Fig. 3 shows the block diagram of the em bedding process. The raw data of the coverimage is ﬁrst trans formed by DCT. The DCT coefﬁcients are then quantized and rounded to the nearest integers. A stegokey, which provides the major security of the embedding algorithm, is then used to permute the DCT coefﬁcients. The permuted coefﬁcients are then divided into two parts according to a predeﬁned separa tion ratio which serves an important parameter to reduce the loss of statistical property of the coverimage resulted from the followup secretbits embedding process. On the other hand, the original message is encrypted to form the secret bits by using a cryptokey. The secret bits are also divided into two parts according to the same separation ratio. Each part of secret bits is embedded in its correspond ing part of the permuted nonzero DCT coefﬁcients by us ing the proposed complementary embedding algorithm. The two parts of the modiﬁed coefﬁcients are then combined, de permutated, and entropy encoded to generate a JPEG stego image. The details of the proposed embedding process are as follows.
Step 1: Transform the raw data of the coverimage (e.g., the luminance component) into DCT coefﬁcients. Step 2: Quantize the DCT coefﬁcients, and round the quan tized coefﬁcients to the nearest integers D. Step 3: Use a stegokey K _{1} to permute the quantized coefﬁ cients. That is,
Q = PERM _{K} _{1} (D),
(1)
2948
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
Stegokey


Cover 

Coefficient 

Coefficient 

Coefficient 

image 
FDCT 
quantization 
permutation 
separation 



Cryptokey 

Cryptographic 

Secretbits 

Secretbits 

Original 

encryption 
separation 
embedding 

message 


JPEG 

Entropy 
Coefficient 
Coefficient 

stegoimage 
encoding 
depermutation 
combination 
Fig. 3. The block diagram of the proposed embedding process.
where PERM(·) is a keydependent permutation function, and Q denotes the permuted coefﬁcient sequence. Step 4: Divide Q into two parts, Q _{1} and Q _{2} , according to a predeﬁned separation ratio . Step 5: Use a cryptokey K _{2} to encrypt the original message O, and obtain the secretbit sequence S. That is,
S
= ENC _{K} _{2} (O),
(2)
where ENC(·) is a cryptographic encryption function. Step 6: Divide S into two parts, S _{1} and S _{2} , according to the separation ratio . Step 7: Let L _{1} denote the length of S _{1} , concatenate L _{1} and S _{1} to form the secret message M _{1} . That is,
M _{1} = L _{1} S _{1} ,
(3)
where “ ” denotes the concatenation operation. Step 8: Let L _{2} denote the length of S _{2} , concatenate L _{2} and S _{2} to form the secret message M _{2} . That is,
M _{2} = L _{2} S _{2} .
(4)
Step 9: Embed M _{1} into the nonzero coefﬁcients of Q _{1} ac cording to the proposed E1 embedding algorithm given in Table 1. Note that, a secret parameter is also used in the embedding algorithm to make it more difﬁcult for a statistical attack to obtain the original statistical property of the coverimage from a stegoimage. Step 10: Embed M _{2} into the nonzero coefﬁcients ofQ _{2} ac cording to the proposed embedding E2 algorithm given in Table 2. Step 11: Combine the modiﬁed Q _{1} and Q _{2} to form a single coefﬁcient sequence Q ^{} . Step 12: Use the stegokey K _{1} to depermute the coefﬁcient sequence Q ^{} . That is,
D ^{} = DEPERM _{K} _{1} (Q ^{} ),
(5)
Table 1 The proposed E1 embedding algorithm
Algorithm: E1 embedding
Input:
B: the bit sequence to be embedded C: a coefﬁcient sequence : adjustment parameter Output:
C ^{} : the modiﬁed version of C
Begin /* E1 embedding */ for i = 1 to length(B)
if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 0 and C(i) − 1 = 0
C ^{} (i) = C(i) − 2
elseif B(i) = 0 and C(i) − 1 = 0
C ^{} (i) = C(i) − 1
elseif B(i) = 1
C ^{} (i) = C(i)
endif
elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 1
C ^{} (i) = C(i) − 1
elseif B(i) = 0
C ^{} (i) = C(i)
endif elseif C(i) < 0 and odd(C(i)) = 1
if B(i) = 1
C ^{} (i) = C(i) − 1
elseif B(i) = 0
C ^{} (i) = C(i)
endif elseif C(i) < 0 and odd(C(i)) = 0
if B(i) = 0
C ^{} (i) = C(i) − 1
elseif C(i) = 1
C ^{} (i) = C(i)
endif
endif
endfor for i = 1 to ^{∗} length(B) if C ^{} (i) = −2
C ^{} (i) = 1
endif endfor end /* E1 embedding */
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
2949
where DEPERM(·) is a keydependent depermutation function, and D ^{} denotes the depermuted DCT co efﬁcients. Step 13: Compress the D ^{} using entropy encoding to obtain the JPEG stegoimage.
Table 2 The proposed E2 embedding algorithm
Algorithm: E2 embedding
Input:
B: the bit sequence to be embedded C: a coefﬁcient sequence Output:
C ^{} : the modiﬁed version of C
Begin /* E2 embedding */ for i = 1 to length(B)
if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 1
C ^{} (i) = C(i) + 1
elseif B(i) = 0
C ^{} (i) = C(i)
endif
elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 0
C ^{} (i) = C(i) + 1
elseif B(i) = 1
C ^{} (i) = C(i)
endif
elseif C(i) < 0 and odd(C(i)) = 1 if B(i) = 0 and C(i) + 1 = 0
C ^{} (i) = C(i) + 2
elseif B(i) = 0 and C(i) + 1 = 0
C ^{} (i) = C(i) + 1
elseif B(i) = 1
C ^{} (i) = C(i)
endif
elseif C(i) < 0 and odd(C(i)) = 0 ifB(i) = 1
C ^{} (i) = C(i) + 1
elseif B(i) = 0
C ^{} (i) = C(i)
endif endif endfor end /* E2 embedding */
It should be noted that, in most cases, we do not use all the coefﬁcients of Q _{1} and Q _{2} to embed S _{1} and S _{2} . There fore, in Steps 7 and 8, L _{1} and L _{2} are embedded prior to the embedding of S _{1} and S _{2} so that they can be extracted ﬁrst to inform the extraction algorithm to extract the exact size of S _{1} and S _{2} .
3.2. Extraction process
The stegokey, cryptokey, and separation ratio used in the embedding process should be shared by both the sender and re ceiver so that the embedded message can be exactly extracted and decrypted by a legal receiver. Fig. 4 shows the block dia gram of the proposed extraction process. The extraction process is also integrated with the JPEG decoding process, and is much simpler than the embedding process. The JPEG stegoimage is ﬁrst entropy decoded to recover the quantized DCT coefﬁcients. The shared stegokey is used to permute these coefﬁcients which are then separated into two parts according to the shared separation ratio. Two parts of secret bits are extracted from their corresponding parts of coefﬁcients respectively, and then combined into a secretbit sequence. Finally, the shared cryptokey are used to decrypt the secretbit sequence to recover the original mes sage. The details of the proposed extraction process are as follows.
Step 1: Entropydecode the stegoimage to recover the quan tized DCT coefﬁcients D. Step 2: Use the shared stegokey K _{1} to permute D. That is,
(6)
where PERM(·) is a keydependent permutation function, and Q denotes the permuted coefﬁcient sequence. Step 3: Divide Q into two parts, Q _{1} and Q _{2} , according to a shared separation ratio . Step 4: Let l denote the bit length of L _{1} and L _{2} . For i = 1 to l, extract the ith bit of L _{1} from ith coefﬁcient of Q _{1}
Q = PERM _{K} _{1} (D),
JPEG
stegoimage
Original
message
Fig. 4. The block diagram of the proposed extraction process.
2950
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
according to the following equation:
L _{1} (i) =
⎧
⎪
⎨
⎪
⎩
_{0}
_{1}
_{i}_{f} ^{} Q _{1} (i) Q _{1} (i)
_{i}_{f} ^{} Q _{1} (i)
> 0 and odd (Q _{1} (i)) = 0,
and odd (Q _{1} (i)) = 1, and odd (Q _{1} (i)) = 1, and odd (Q _{1} (i)) = 0,
> 0
< 0
Q _{1} (i) < 0
(7)
where odd(x) determines the property of x. If x is odd, odd(x) returns the value 1, otherwise 0. Step 5: For i = 1 to L _{1} , extract the ith bit of the secretbit sequence S _{1} from (l+i)th coefﬁcient of Q _{1} according to the following equation:
S _{1} (i) =
⎧
⎪
⎨
⎩ ⎪
_{0}
_{1}
_{i}_{f} ^{} Q _{1} (k)
_{i}_{f} ^{} Q _{1} (k)
> 0 and odd (Q _{1} (k)) = 0,
0 and odd (Q _{1} (k)) = 1,
and odd (Q _{1} (k)) = 1,
and odd (Q _{1} (k)) = 0,
Q _{1} (k) < > 0
Q _{1} (k) < 0
(8)
where k = l + i. Step 6: For i = 1 to l, extract the ith bit of L _{2} from ith coef ﬁcient of Q _{2} according to the following equation:
L _{2} (i) =
⎧
⎪
⎨ _{0}
⎪
⎩
_{1}
_{i}_{f}
_{i}_{f}
^{} Q _{2} (i)
Q _{2} (i)
^{} Q _{2} (i)
> 0 and odd (Q _{2} (i)) = 1,
< 0 and odd (Q _{2} (i)) = 0,
> 0 and odd (Q _{2} (i)) = 0,
and odd (Q _{2} (i)) = 1.
Q _{2} (i) < 0
(9)
Step 7: For i = 1 to L _{2} , extract the ith bit of the secretbit sequence S _{2} from (l +i)th coefﬁcient of Q _{2} according to the following equation:
S _{2} (i) =
⎧
⎪
⎨
⎩ ⎪
_{0}
_{1}
_{i}_{f} ^{} Q _{2} (k)
Q _{2} (k) <
_{i}_{f} ^{} Q _{2} (k)
Q _{2} (k) < 0
> 0 and odd (Q _{2} (k)) = 1,
0 and odd (Q _{2} (k)) = 0,
> 0 and odd (Q _{2} (k)) = 0,
and odd (Q _{2} (k)) = 1,
(10)
where k = l + i. Step 8: Combine S _{1} and S _{2} to form a single secretbit se quence S. Step 9: Use a shared cryptokey K _{2} to decrypt S, and obtain the original message O. That is,
O
= DEC _{K} _{2} (S),
(11)
where DEC(·) is a cryptographic decryption function.
4. Experimental results
Several experiments have been done to examine the per formance of the proposed embedding method. Many standard 512 × 512 gray images with different textural properties were taken as the coverimages shown in Fig. 5. Our experiments are described in two major parts: capacity test and security test. The security test is further divided into three parts. They are im perceptibility test, the chisquarefamilyattack resistance test, and the Sfamilyattack resistance test.
4.1. Capacity test
Several standard 512 × 512 gray images with different textu ral properties were taken as the coverimages shown in Fig. 5. The capacities of the coverimages were evaluated by the pro posed embedding algorithm. The experimental results are given in Table 3. The separation ratio and the adjustment parame ter used in each embedding process were chosen carefully to resist the S family attack. It should be noted that both param eters and are independent of the embedding capacity. The details of choosing a proper separation ratio and an adjustment parameter will be further described in Section 4.4. To show the superiority of the proposed method over the other steganographic methods, we also used the math tool MAT LAB [34] to simulate JSteg, F5, and OutGuess algorithms,
Table 3 Comparison of capacity (in bits) for various embedding algorithms
Test image 
Embedding algorithm 

The proposed 
JSteg 
F5 
OutGuess 

Barb 
59 229 
45 363 
45 513 
22 699 
Boat 
50 042 
38 374 
38 506 
19 105 
F16 
46 079 
35 373 
35 295 
17 721 
Goldhill 
60 890 
45 196 
45 505 
22 639 
Lena 
44 131 
32 998 
33 026 
16 375 
Mandrill 
98 989 
75 751 
75 837 
37 867 
Peppers 
46 346 
34 295 
34 074 
17 016 
Tank 
61 220 
44 417 
44 329 
22 195 
Tiffany 
43 300 
31 674 
31 516 
15 729 
Zelda 
37 086 
27 557 
27 630 
13 724 
Fig. 5. The test images used in our experiments: (a) Barb, (b) Boat, (c) F16, (d) Goldhill, (e) Lena, (f) Mandrill, (g) Peppers, (h) Tank, (i) Tiffany, and (j) Zelda.
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
2951
and evaluate the capacity performance for these steganographic methods. Table 3 compares the capacity performance of various steganographic methods. It is clear that the capacity performance of the proposed method is superior to the other steganographic methods. To understand the superiority of the proposed method in Table 3, we can take the JSteg as the basis of comparison. The JSteg embeds the secret bits in DCT coefﬁcients (except 0s and 1s). Therefore, the capacity of the JSteg can be considered as the number of DCT coefﬁcients (except 0s and 1s). The Out Guess also embeds the secret bits in DCT coefﬁcients (except 0s and 1s). But to avoid the detection of the chisquare attack, the OutGuess only uses a half of the workable coefﬁcients to embed secret bits. This is why the capacity of the OutGuess is about a half of that of the JSteg. Unlike the JSteg and the OutGuess, the F5 uses the nonzero DCT coefﬁcients to embed the secret bits. Therefore, the capacity of the F5 is potentially larger than that of the JSteg. But to effectively extract the em bedded secret, if the embedding result of the current coefﬁcient is 0, the same secret bit should be embedded into the next co efﬁcient until nonzero result obtained. This is also known as shrinkage effect. This is why the capacity of the F5 is only slightly larger than that of the JSteg. The proposed method also uses nonzero DCT coefﬁcients to embed secret bits. Because the proposed method does not have the shrinkage problem, the capacity of the proposed method is higher than that of the F5.
4.2. Imperceptibility test
To test the imperceptibility performance, without loss of gen erality, we generated enough random bits with uniform distri bution to simulate the secretbit sequence instead of using a speciﬁc encrypted plaintext. The secret bits were embedded in the coverimages with medium capacity (under 55 000 bits) us ing different embedding rates. The separation ratio used in each embedding process was chosen as 4:1. Let x and y denote the coverimage and the stegoimage, respectively. The imper ceptibility is evaluated by the objective quality measurement PSNR (peak signal to noise ratio) [35]:
PSNR = 10 × log _{M}_{S}_{E} (dB),
255
2
(12)
where MSE represents the mean square error between the cover image x and the stegoimage y:
MSE =
512 × 512
1
512
512
i=1
j=1
(x _{i}_{j} − y _{i}_{j} ) ^{2} .
(13)
Table 4 presents the PSNR values of the stegoimages cre ated by the proposed method using various embedding rates. In Table 4, the embedding rate is deﬁned as
_{e}_{m}_{b}_{e}_{d}_{d}_{i}_{n}_{g} _{r}_{a}_{t}_{e} _{=} actual embedding bits
^{(}^{1}^{4}^{)}
embedding capacity ^{.}
It is clear that even the full capacities of the coverimages are used to embed the secret bits, the values of PSNRs are still
Table 4 The PSNR values (in dB) of the stegoimages created by the proposed method using various embedding rates
Test image 
Embedding rate 

20% 
40% 
60% 
80% 
100% 

Boat 
35.42 
35.02 
34.48 
33.58 
31.66 
F16 
36.70 
36.34 
35.81 
34.90 
33.02 
Lena 
36.46 
36.11 
35.69 
34.91 
33.13 
Peppers 
35.33 
35.09 
34.73 
34.06 
32.57 
Tiffany 
35.83 
35.53 
35.02 
34.17 
32.47 
Zelda 
38.26 
38.03 
37.67 
36.94 
35.32 
Table 5 Comparison of PSNR values (in dB) of the stegoimages created by various embedding algorithms
Test image 
Embedding algorithm 

The proposed 
JSteg 
F5 
OutGuess 

Boat 
34.53 
35.67 
36.23 
35.47 
F16 
35.89 
36.79 
37.33 
36.57 
Lena 
35.67 
36.36 
36.94 
36.37 
Peppers 
34.75 
35.45 
35.86 
35.32 
Tiffany 
35.07 
35.93 
36.36 
35.81 
Zelda 
37.64 
38.31 
38.82 
38.22 
higher than 30 dB. It means that the proposed steganographic method can provide good imperceptibility performance. To compare with the other steganographic methods, we em bedded the same amount of secret bits (the capacity of the Out Guess) in various coverimages using the JSteg, the F5, the OutGuess, and the proposed method. Table 5 presents the com parison of PSNR values of the stegoimages created by various steganographic methods. It is clear that although more compli cated embedding strategy is adopted in the proposed method, the PSNR values of the stegoimages created by the proposed method are only slightly lower than those created by the other steganographic methods.
4.3. Chisquarefamilyattack resistance test
The chisquare family attack explores the problem of PoV to detect the secret bits embedded in the LSB of the stegoimage. The detection of the chisquare attack is achieved by sequen tially accumulating the similarity of PoVs. That is, if the secret bits are embedded in the LSB of the stegoimage, they could be detected by the chisquare attack. Different from the chisquare attack, the extended chisquare attack divides the stegoimage into blocks, and detects the secret bits by calculating the simi larity of PoVs in each block. If the chisquare attack is a global method, the extended chisquare attack can be considered as a local method because it detects the secret bits in each block of the stegoimage independently. To avoid the detection of the chisquare and the extended chi square attacks, the proposed method does not adopt the LSB replacement strategy. To show that the proposed steganographic
2952
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
chisquare attack
size of sample (%)
Fig. 6. The detection results of the chisquare attack to the stegoimages created by the JSteg algorithm and the proposed steganographic method.
S1 attack for the proposed method
embedding rate
Fig. 8. The detection results of S1 attack for the stegoimages created by the proposed steganographic method.
extended chisquare attack
size of sample (%)
Fig. 7. The detection results of the extended chisquare attack to the stegoimages created by the JSteg algorithm and the proposed steganographic method.
method can resist both the chisquare and the extended chi square attacks, we used the math tool MATLAB to simulate both attacks. We used the proposed method to create the stego image of “Lena” with half embedding capacity, and used the chisquare and the extended chisquare attacks to detect the stegoimage. The same experiments were also performed on the stegoimage created by the JSteg method. Figs. 6 and 7 show the responses of the different stego images to the chisquare and the extended chisquare attacks, respectively. In Fig. 6, it can be found that the chisquare attack has successfully detected the existence of the embedded secret bits in the ﬁrst half of the DCT coefﬁcients of the stegoimage created by the JSteg method. In Fig. 7, the extended chisquare attack has also successfully detected the existence of the secret bits in the ﬁrst half of blocks of the stegoimage created by the JSteg method. It is clear that in both ﬁgures, the stegoimages
created by the proposed method have no responses to both the chisquare and the extended chisquare attacks. It means that the proposed method has excellent performance against the chi square family attack.
4.4. Sfamilyattack resistance test
The S family attack detects the length of the embedded se cret bits by estimating the approximate coverimage. In such a method, it has successfully broken the F5 and the OutGuess steganographic methods. The proposed method adopts the complementary embedding strategy to reduce the loss of sta tistical property of the coverimage in spatial domain. The proposed complementary embedding divides the secret bits and the DCT coefﬁcients into two parts, respectively, by a pre deﬁned separation ratio , and embeds each part of secret bits into the corresponding part of DCT coefﬁcients by comple mentary embedding algorithms. In our experiments, we found that the proposed method can confuse the S family attack by using ^{3} ^{5} together with an adjustment parameter . We
1
1
and = _{3} throughout the followup experiments if
no other values are explicitly assigned. To show that the proposed steganographic method can resist the S1 and the S2 attacks, we used the math tool MATLAB to simulate both attacks. We also used the proposed method to create the stegoimages for several standard images with different texture properties using various embedding capacities, and then used the S1 and the S2 attacks to detect these stego images. Figs. 8 and 9 show the detection results, respectively. For S1 attack, the same experiments were performed on the stegoimages created by the F5 algorithm. The detection results are shown in Fig. 10. For S2 attack, the same experiments were performed on the stegoimages created by the OutGuess algorithm. The detection results are shown in Fig. 11. Table
6 also provides the detection results of S1 and S2 attacks for
set = ^{4}
1
1
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
2953
S2 attack for the proposed method
embedding rate
Fig. 9. The detection results of S2 attack for the stegoimages created by the proposed steganographic method.
S1 attack for F5 algorithm
embedding rate
Fig. 10. The detection results of S1 attack for the stegoimages created by the F5 embedding algorithm.
S2 attack for OutGuess algorithm
embedding rate
Fig. 11. The detection results of S2 attack for the stegoimages created by the OutGuess embedding algorithm.
Table 6 The detection results of S1 and S2 attacks for the stegoimages created by the proposed embedding algorithm using embedding rate 50% and various
(embedding rate: 50%) 
Detection algorithm 

S1 attack (%) 
S2 attack (%) 

1 
3.86 
4.87 
_{2} 

1 
7.93 
24.70 
_{4} 

1 
10.26 
14.39 
_{6} 

1 
10.71 
20.16 
_{8} 

1 
11.67 
27.67 
_{1}_{0} 
the stegoimages created by the proposed embedding algorithm using embedding rate 50% and various values of . In Figs. 8–11, the dash lines represent the perfect detection result. The closer the detection result to the dash line, the weaker the resistance of the steganographic method to the S family attack. In Fig. 10, the detection results of the stegoimages created by the F5 algorithm are very close to the dash line. It means that the S1 attack has successfully broken the F5 algorithm. It is clear that in Fig. 8, for the proposed method, all the detection results are far beyond the dash line. It means that the proposed method can survive the S1 attack. On the other hand, in Fig. 11, for the OutGuess algorithm, the detection results of S2 attack are very close to the dash line. It means that the S2 attack has successfully broken the OutGuess algorithm. For the proposed method, in Fig. 9, all the detection results are unstable and have clear distances from the dash line. It implies that the proposed method can also survive the S2 attack. Further explanation of why the proposed steganographic method can resist both S1 and S2 attacks will be provided in Section 5. The readers may notice that some of the detection of embed ding rate is negative in Figs. 8–10. This phenomenon results from the assumption of the S family attack. In brief, the S fam ily attack uses a method to estimate the original image from the stegoimage and then uses an equation derived from the as sumptions of the estimated original image and the property of the stegoimage to calculate the embedding rate. Because the equation used to calculate the embedding rate is very image dependent, it may have different results when detecting differ ent stegoimages. Moreover, it may have negative results when the assumptions of the estimated original image and the prop erty of the stegoimage have bias. This is why there are some negative results appeared in Fig. 10 when embedding small amount secret bits in image “Goldhill.” Similarly, because the proposed method adopts quite different approach to embed se cret bits, it also destroys the assumptions of the S family attack and results in quite unstable detection results including nega tive values as shown in Figs. 8 and 9.
5. Discussions
The S1 and S2 attacks are good statistical attacks. Although they were originally designed for breaking F5 and OutGuess, they can also be used to break the other JPEG steganographic
2954
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
Table 7 The detection results of S1 attack for the stegoimages created by the Out Guess algorithm using various embedding rates
Table 8 The detection results of S2 attack for the stegoimages created by the JSteg algorithm using various embedding rates
Embedding rate (%) 
Test image 
Embedding rate (%) 
Test image 

Goldhill (%) 
Lena (%) 
Mandrill (%) 
Zelda (%) 
Goldhill (%) 
Lena (%) 
Mandrill (%) 
Zelda (%) 

10 
−19.91 
−1.84 
6.77 
−9.48 
10 
4.42 
10.49 
11.13 
17.58 
20 
−17.36 
−4.78 
1.29 
−7.14 
20 
20.48 
9.61 
26.33 
32.78 
30 
−16.71 
−0.80 
−1.75 
−1.71 
30 
17.87 
30.95 
43.37 
27.64 
40 
−22.08 
−0.97 
−6.39 
−10.82 
40 
47.31 
53.74 
47.80 
48.93 
50 
−20.87 
−2.24 
−7.08 
−8.47 
50 
58.75 
69.93 
62.79 
62.55 
60 
−17.11 
−0.07 
−4.62 
−5.98 
60 
72.06 
74.48 
64.70 
82.45 
70 
−21.66 
−4.13 
0.91 
−6.22 
70 
84.67 
84.27 
74.35 
88.92 
80 
−18.37 
2.05 
1.22 
−5.87 
80 
83.90 
90.53 
79.91 
86.78 
90 
−27.00 
5.20 
−8.87 
−7.72 
90 
90.89 
89.97 
92.18 
94.96 
100 
−21.15 
1.01 
−1.47 
−8.73 
100 
97.15 
107.17 
101.91 
111.96 
methods if the embedding strategy of any steganographic method matches the detection strategy of S1 or S2. In brief, the S1 attack uses a method to estimate the origi nal image from the stegoimage, and assumes that, after em bedding, the number of the 0 and the absolutevalue1 DCT coefﬁcients in the stegoimages created by F5 will be changed drastically. Based on this property, the S1 attack can measure the amount of the embedded secret bits using the relation be tween the stegoimages and the estimated original image. Be cause OutGuess preserves the property of the DCT coefﬁcients of the stegoimages, if we use S1 attack to detect the stego images created by the OutGuess algorithm, we will obtain in correct detection results as given in Table 7. Similarly, because the proposed method uses the strategy of complementary em bedding to maintain the property of DCT coefﬁcients, the S1 attack cannot correctly detect the number of the embedded se cret bits as shown in Fig. 8. This is why the proposed stegano graphic method can resist the S1 attack. On the other hand, in brief, the S2 attack also uses a method to estimate the original image from the stegoimage. To detect an image, the S2 attack ﬁrst embeds random bits in the stego image using the same embedding algorithm. If the stegoimage is created by an LSBbased method, the embedding effect of the stegoimage will be canceled out. Therefore, the reembedded image will be closer to the original image than the stegoimage. The S2 attack then uses the relation among the estimated orig inal image, stegoimage, and the reembedded image to mea sure the amount of the embedded secret bits. For example, as introduced previously, the JSteg is an LSBbased method. If we use S2 attack to detect the stegoimages created by JSteg, we will obtain stable detection results as given in Table 8. On the contrary, if a stegoimage is not created by an LSBbased method, the reembedding strategy adopted by the S2 attack will fail and result in unstable detection results. For example, if we use S2 attack to detect the stegoimages created by the F5 algorithm, we will obtain unstable detection results as given in Table 9. Because the proposed steganographic method is not an LSBbased method, if we use S2 attack to detect the stego images created by the proposed embedding algorithm, the de
Table 9 The detection results of S2 attack for the stegoimages created by the F5 algorithm using various embedding rates
Embedding rate (%) 
Detection algorithm 

Goldhill (%) 
Lena (%) 
Mandrill (%) 
Zelda (%) 

10 
20.92 
−30.68 
−15.74 
−54.53 
20 
8.05 
−18.79 
−23.07 
−54.90 
30 
6.60 
−43.01 
1.24 
−56.59 
40 
2.56 
−7.51 
−10.21 
−58.32 
50 
−0.11 
−44.82 
−15.23 
−45.17 
60 
20.36 
−11.43 
−1.27 
−6.14 
70 
18.50 
−58.72 
4.82 
−36.13 
80 
20.22 
8.96 
1.04 
−48.2 
90 
−5.08 
−1.86 
−10.62 
−8.31 
100 
20.48 
−0.17 
19.05 
−20.25 
tection results are also unstable as shown in Fig. 9. This is why the proposed steganographic method can resist the S2 attack.
6. Conclusions
In this paper, we have proposed a highperformance JPEG steganographic method. The proposed method adopts the com plementary embedding strategy to reduce the loss of statistical property of the stegoimage in spatial domain. In such a man ner, the proposed steganographic method can resist the S fam ily attack. Moreover, the proposed method does not adopt the LSB replacement strategy so that it can also avoid the detection of the chisquare family attack. To show the effectiveness of the proposed method, the chi square, extended chisquare, S1 and S2 attacks were simulated, and used to detect the stegoimages created by the proposed method. The JSteg, F5, and OutGuess steganographic algo rithms were also simulated and used to create the stegoimages in the same experimental conditions. Experimental results show that the proposed steganographic method has the following ad vantages:
(1) The capacity provided by the proposed method is larger than those provided by JSteg, F5, and OutGuess stegano graphic methods.
C.L. Liu, S.R. Liao / Pattern Recognition 41 (2008) 2945 – 2955
2955
(2) The proposed method has excellent performance against the chisquare family attack. (3) The proposed method can successfully confuse the detec tion of the S family attack.
With the abovementioned advantages, the proposed stegano graphic method is practical for the application of covert com munication.
References
[1] W. Stallings, Cryptography and Network Security: Principles and Practice, third ed., Pearson Education, New Jersey, 2003. [2] C.C. Chang, C.S. Chan, Y.H. Fan, Image hiding scheme with modulus function and dynamic programming strategy on partitioned pixels, Pattern Recognition 39 (6) (2006) 1155–1167. [3] S.L. Li, K.C. Leung, L.M. Cheng, C. K, Chan, A novel imagehiding scheme based on block difference, Pattern Recognition 39 (6) (2006)
1168–1176.
[4] H. Noda, M. Niimi, E. Kawaguchi, Highperformance JPEG steganography using quantization index modulation in DCT domain, Pattern Recognition Lett. 27 (5) (2006) 455–461. [5] Y.H. Yu, C.C. Chang, Y.C. Hu, Hiding secret data in images via predictive coding, Pattern Recognition 38 (5) (2005) 691–705. [6] C.C. Chang, H.W. Tseng, A steganographic method for digital images using side match, Pattern Recognition 25 (12) (2004) 1431–1437. [7] M.Y. Wu, Y.K. Ho, J.H. Lee, An iterative method of palette based image steganography, Pattern Recognition Lett. 25 (3) (2004)
301–309.
[8] C.K. Chan, L.M. Cheng, Hiding data in images by simple LSB substitution, Pattern Recognition 37 (3) (2004) 469–474. [9] C.C. Thien, J.C. Lin, A simple and highhiding capacity method for hiding digitbydigit data in images based on modulus function, Pattern Recognition 36 (12) (2003) 2875–2881. [10] D.C. Wu, W.H. Tsai, A steganographic method for images by pixel value differencing, Pattern Recognition Lett. 24 (9–10) (2003) 1613–
1626.
[11] D.C. Lou, J.L. Liu, Steganographic method for secure communications, Comput. Secur. 21 (5) (2002) 449–460.
[12] J. Spaulding, H. Noda, M.N. Shirazi, E. Kawaguchi, BPCS steganography using EZW lossy compressed images, Pattern Recognition Lett. 23 (13) (2002) 1579–1587. [13] J.J. Eggers, R. Bauml, B. Girod, A communications approach to image steganography, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 4675, 2002, pp. 26–37.
[14] C.C. Chang, T.S. Chen, L.Z. Chung, A steganographic method based upon JPEG and quantization table modiﬁcation, Inf. Sci. 141 (1–2) (2002) 123–138. [15] R.Z. Wang, C.F. Lin, J.C. Lin, Image hiding by optimal LSB substitution and genetic algorithm, Pattern Recognition 34 (3) (2001)
671–683.
[16] A. Westfeld, High capacity despite better steganalysis (F5—a steganographic algorithm), in: Proceedings of the Fourth International Workshop on Information Hiding, vol. 2137, 2001, pp. 289–302. [17] N. Provos, Defending against statistical steganalysis, in: Proceedings of the 10th USENIX Security Symposium, 2001, pp. 323–336. [18] JSteg http://www.ussrback.com/crypto/steanography/DOS/jsteg.txt . [19] EzStego http://www.securityfocus.com/tools/586 . [20] F5 http://wwwrn.inf.tudresden.de/%7Ewestfeld/f5.html . [21] Hide4PGP http://www.heinzrepp.onlinehome.de/Hide4PGP.htm . [22] JP Hide&Seek ftp://ftp.gwdg.de/pub/linux/misc/ppdd/jphs_05.zip . [23] STools ftp://ftp.ntua.gr/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/s tools4.zip . [24] Snow http://www.darkside.com.au/snow/index.html . [25] I.J. Cox, M. Miller, J. Bloom, Digital Watermarking, Morgan Kaufmann, San Francisco, 2002. [26] J.L. Liu, D.C. Lou, M.C. Chang, H.K. Tso, A robust watermarking scheme using selfreference image, Comput. Stand. Interfaces 28 (3) (2006) 356–367. [27] D.C. Lou, J.L. Liu, M.C. Chang, Digital watermarking using multiresolution wavelet transform, in: Proceedings of the IEEE 37th Annual International Carnahan Conference on Security Technology, 2003, pp. 370–377. [28] D.C. Lou, J.L. Liu, A robust watermarking scheme based on the just noticeabledistortion, J. Chung Cheng Inst. Technol. 31 (2) (2003) 11–
22.
[29] F.A.P. Petitcolas, R.J. Anderson, M.G. Kuhn, Information hiding—a survey, Proc. IEEE 87 (7) (1999) 35–43. [30] J. Seberry, J. Pieprzyk, CRYPTOGRAPHY: An Introduction to Computer Security, PrenticeHall, New York, 1989. [31] A. Westfeld, A. Pﬁtzmann, Attacks on steganographic systems, in:
Proceedings of the Third International Workshop on Information Hiding, 2000, pp. 61–76. [32] J. Fridrich, M. Goljan, D. Hogea, New methodology for breaking steganographic techniques for JPEGs, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 5020, 2003, pp.
143–155.
[33] ISO/IEC, IS 10918, ITUT, Rec. T.81, Information technology—digital compression and coding of continuoustone still images, part 1:
requirements and guidelines, 1992. [34] The MathWorks http://www.mathworks.com/index.shtml . [35] A.K. Jain, Fundamentals of Digital Image Processing, PrenticeHall, New Jersey, 1989.
About the Author—CHIANGLUNG LIU received his Ph.D. degree in Electronic Engineering from Chung Cheng Institute of Technology (CCIT), National Defense University, Taiwan, ROC, in 2002. Since 2003, he has been with the Department of Electrical Engineering at CCIT, where he is currently an Associate Professor in the Department of Electrical and Electronic Engineering. His research interests include information security, information hiding, multimedia security, and image processing.
About the Author—SHIANGRONG LIAO received his M.S. degree in Electronic Engineering from Chung Cheng Institute of Technology, National Defense University, Taiwan, ROC, in 2006. His research interests include information hiding and image processing.
Lebih dari sekadar dokumen.
Temukan segala yang ditawarkan Scribd, termasuk buku dan buku audio dari penerbitpenerbit terkemuka.
Batalkan kapan saja.