Anda di halaman 1dari 11
Pattern Recognition 41 (2008) 2945 – 2955 www.elsevier.com/locate/pr High-performance JPEG steganography using
Pattern Recognition 41 (2008) 2945 – 2955 www.elsevier.com/locate/pr High-performance JPEG steganography using

Pattern Recognition 41 (2008) 2945 – 2955

Pattern Recognition 41 (2008) 2945 – 2955 www.elsevier.com/locate/pr High-performance JPEG steganography using

High-performance JPEG steganography using complementary embedding strategy

Chiang-Lung Liu , Shiang-Rong Liao

Department of Electrical and Electronic Engineering, Chung Cheng Institute of Technology, National Defense University, Tahsi, Taoyuan 33509, Taiwan, ROC

Received 12 June 2006; received in revised form 27 April 2007; accepted 3 March 2008

Abstract

A high-performance JPEG steganography should be secure enough to resist modern steganalysis. In this paper, we propose a high-performance JPEG steganographic method. The proposed method adopts the complementary embedding strategy to avoid the detections of several statistical attacks. To show the effectiveness of the proposed method, several statistical attacks are simulated and used to detect the stego-images created by the proposed method. Several famous JPEG steganographic algorithms are also simulated for comparisons with the proposed method. Experimental results show that the proposed steganographic method has superior performance both in capacity and security, and is practical for the application of secret communication. 2008 Elsevier Ltd. All rights reserved.

Keywords: Image hiding; JPEG steganography; Chi-square family attack; S family attack; Statistical steganalysis; Complementary embedding

1. Introduction

The success of the Internet facilitates communications of people, but also enables illegal users to access data transmitted on the Internet. To protect the important data from being ille- gally accessed, various modern cryptosystems [1] can be used to encrypt the content of these data prior to their transmissions. However, the encrypted data exists in a meaningless form and may attract the intention of the interceptors to break the secret codes. Steganographic methods can be used to make up this drawback. Steganographic methods [2–24] and various watermarking schemes[25–28] are applications of information hiding tech- niques [29]. Steganographic methods hide the secret informa- tion in the cover carrier so that the existence of the embedded information is undetectable. The cover carrier can be many kinds of digital media such as text, image, audio, and video. Because of the insensitivity of the human visual system, dig- ital images have been widely used as cover carriers in most

Corresponding author. Tel.: +886 3 3809991-370; fax: +886 3 3801407. E-mail addresses: chianglung.liu@gmail.com (C.-L. Liu), shiang.ron@msa.hinet.net (S.-R. Liao).

0031-3203/$30.00 2008 Elsevier Ltd. All rights reserved.

doi:10.1016/j.patcog.2008.03.005

steganographic schemes, and are especially referred to as image hiding techniques [2,3,15]. Each image hiding system consists of an embedding process and an extraction process. An innocuous-looking original im- age is used as the cover-image to conceal the secret data. The secret data are embedded into the cover-image by modifying the cover-image to form a stego-image. According to Kerck- hoffs’ principle [30], the embedding algorithm is supposed to be known to the public. Therefore, the embedding process may use an embedding key so that only the legal user can success- fully extract the embedded data by using the corresponding ex- traction key in the extraction process. The embedding key and the extraction key are referred to as stego-keys. If they are the same, the image hiding system is symmetric, otherwise asym- metric [1]. Most image hiding systems use uncompressed images (e.g., BMP) or losslessly compressed images (e.g., GIF) as cover- images. These images potentially contain much visual redun- dancy so that they can provide large capacity to hide secret data. Many image hiding systems [2–24] have been proposed and several stego-products have been developed based on loss- less image formats (e.g., EzStego [19]). For reducing transmis- sion bandwidth and storing space, the JPEG image is currently the most common format used on the Internet. Several image

2946

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

hiding techniques for JPEG images have been proposed, such as J-Steg [18], F5 [16], and OutGuess [17]. They are usually called the JPEG steganography or the JPEG steganographic methods which use the DCT coefficients to embed the secret bits, and will be mentioned alternately in the rest of this paper. As we know, the JPEG compression is based on the discrete cosine transform (DCT), and reduces the visual redundancy to achieve good compression performance. Therefore, the embedding ca- pacity provided by JPEG steganography is relatively smaller than those provided by the other steganographic methods. In this paper, our discussions focus on the JPEG steganography. Generally, there are potentially two basic requirements for a secure image hiding system. First, the secret data embedded in the stego-image should be perceptually invisible. Secondly, the receiver can exactly recover the original data without the knowledge of the cover-image. These requirements can be eas- ily achieved by LSB insertion methods that embed the secret data in the cover-image by directly replacing the least signifi- cant bit (LSB) in spatial domain or frequency domain. For ex- ample, the JPEG steganographic tool J-Steg embeds the secret data by sequentially flipping the LSB of the quantized DCT coefficients (except 0s and 1s) without causing detectable ar- tificial distortion. Unfortunately, modern steganalysis tries to discover hidden data by examining the statistical properties of stego-images. Therefore, many existing steganographic tech- niques seem to be insecure when modern steganalysis is em- ployed to test their security. Westfeld and Pfitzmann [31] proposed a steganalytic method based on statistical analysis of Pairs of Values (PoVs) that are exchanged during message embedding. They observed that the embedding function replacing LSBs transforms PoVs into each other which only differ in the LSB. If the secret bits used for replacing the LSBs are equally distributed, the frequencies of both values of each PoV become equal. Based on this obser- vation, they proposed a statistical method to automatically cal- culate the similarity of PoVs of the stego-image. Their method is generally known as the chi-square attack and provides very reliable results when the LSB placement is known (e.g., the sequential embedding). Therefore, the data embedded by the J-Steg can be detected by chi-square attack. Actually, the chi- square attack can be slightly modified to successfully detect randomly scattered data by applying the same idea to smaller portions of the stego-image [17]. The modified chi-square at- tack is especially referred to as the extended chi-square attack in the rest of this paper. We also briefly use the chi-square fam- ily attack to represent both attacks together. To provide a secure and high-capacity JPEG steganography, Westfeld [16] proposed the F5 algorithm in 2001. Instead of replacing the LSBs of the quantized DCT coefficients with the secret bits, the absolute value of the coefficient is decreased by 1. Besides, the F5 algorithm randomly chooses DCT coeffi- cients to embed the secret bits. Combining these two strategies, the F5 algorithm successfully defends both the chi-square and the extended chi-square attacks. In the same year, Provos [17] also proposed the OutGuess steganographic algorithm to counter the chi-square family at- tack. The OutGuess uses two passes to achieve the embedding

mission. In the first pass, the secret bits are embedded in the LSBs of the quantized DCT coefficients (skipping 0s and 1s) along a random walk. In the second pass, the histogram of the stego-image is adjusted to match that of the cover-image. Be- cause the histogram of the final stego-image is similar to that of the cover-image, the stego-image created by the OutGuess al- gorithm can avoid the detection of the chi-square family attack. Although stego-images created by the F5 algorithm or the OutGuess algorithm can survive the chi-square family attack, they can be detected by a special steganalytic method proposed by Fridrich et al. [32]. The most important part of their method is to obtain the approximation of the cover-image. This is done by decompressing the stego-image, cropping by four pixels in each direction, and recompressing using the same quantiza- tion table. The estimated cover-image possesses many statisti- cal properties that approximately equal to those of the original cover-image. These statistical properties can be used to design the distinguishing statistic S that also predictably changes with the embedded message length. The unknown message length is therefore can be obtained by comparing the values of S for the stego-image and the estimated cover-image. This kind of ste- ganalysis has been successfully developed to detect the length of the secret bits embedded by the F5 and the OutGuess algo- rithms. We refer to the method used to break the F5 as the S1 attack, and OutGuess, the S2 attack, in the rest of this paper. We also briefly use the S family attack to represent both attacks together. In this paper, we propose a secure and high-capacity JPEG steganography. Instead of flipping the LSBs of the DCT co- efficients, the secret bits are embedded in the cover-image by subtracting one from or adding one to the non-zero DCT coeffi- cients. Therefore, the proposed steganographic method cannot be detected by both the chi-square and the extended chi-square attacks. Moreover, a complementary strategy is also included in the proposed method to defend the S1 and S2 attacks. To completely describe the proposed steganographic tech- nique, the rest of this paper is organized as follows. In Section 2, the JPEG compression technique is briefly reviewed. The proposed embedding and extraction processes are described in Section 3. Several experimental results are demonstrated in Section 4 to show the effectiveness of the proposed JPEG steganography. Section 5 justifies the significance that the pro- posed method can resist both S1 and S2 attacks. Section 6 con- cludes this work.

2. Review of JPEG compression

Because the proposed steganographic method is a JPEG- based steganography, we briefly describe the JPEG compression technique in this section.

Original

image

FDCT

Quantization

Entropy

encoding

section. Original image FDCT Quantization Entropy encoding Compressed code Fig. 1. The block diagram of the
section. Original image FDCT Quantization Entropy encoding Compressed code Fig. 1. The block diagram of the
section. Original image FDCT Quantization Entropy encoding Compressed code Fig. 1. The block diagram of the
section. Original image FDCT Quantization Entropy encoding Compressed code Fig. 1. The block diagram of the

Compressed

code

Fig. 1. The block diagram of the JPEG compression process.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

Compressed

code

Entropy    

Entropy

Entropy    
 
Entropy    
 
Entropy    

decoding

Dequantization

IDCT

Reconstructed

image

2947

Fig. 2. The block diagram of the JPEG decompression process.

JPEG is an international standard for continuous-tone still image compression which has been approved by International Standard Organization (ISO) under the denomination of Inter- national Standard-10918 (IS-10918) [33]. The JPEG compres- sion is based on the DCT and allows substantial compression to be achieved while producing a reconstructed image with high visual fidelity. Fig. 1 shows the JPEG encoding process which comprises three major steps: forward DCT (FDCT), quantization, and en- tropy encoding. The input image is first divided into 8 × 8 non-overlapping blocks, and each block is transformed by the FDCT into a set of 64 DCT coefficients. These coefficients are then quantized using a quantization table with 64 entries. The quantized results are all integers and defined as the division of each DCT coefficient by its corresponding quantization value, and rounding to the nearest integer. The quantization step is lossy because of the rounding error. The quantized coefficients are then passed to the entropy en- coding step to form the compressed code. One of two tables must be provided in this step according to different entropy coding schemes. If Huffman encoding is used, a Huffman table must be provided. If arithmetic encoding is used, an arithmetic coding conditioning table must be provided. It should be noted that the entropy encoding step is lossless. The JPEG decoding process is shown in Fig. 2, and also comprises three major steps: entropy decoding, dequantization, and inverse DCT (IDCT). Each step in decoding process per- forms essentially the inverse of its corresponding step in en- coding procedure. The entropy decoding step decodes the com- pressed code to the quantized DCT coefficients. The dequanti- zation step then converts each quantized DCT coefficient to its approximate value by multiplying with its quantization value. DCT is then used to convert the dequantized coefficients to their spatial value. As mentioned above, the entropy encoding step in the JPEG encoding process is lossless. It means that if the secret bits are embedded in the quantized DCT coefficients, they will not be destroyed by the follow-up encoding steps. Most of the JPEG steganographic methods (such as J-Steg, F5, OutGuess, etc.) adopt this strategy. In the next section, we propose a stegano- graphic method which also uses the quantized DCT coefficients to embed the secret bits.

3. The proposed JPEG steganography

In this section, a secure and high-capacity JPEG steganogra- phy is proposed. As mentioned previously, the S family attack obtains the approximate cover-image to break the F5 and Out- Guess schemes. To counter the detection of such attack, the proposed JPEG steganographic method adopts a complemen-

tary strategy to reduce the loss of statistical property of the cover-image. This purpose is achieved by dividing the quan- tized DCT coefficients and the secret bits into two parts ac- cording to a predefined partition ratio. The two parts of DCT coefficients are used to embed the corresponding parts of se- cret bits with different embedding algorithms. Specifically, the secret bits are embedded by subtracting one from one part of coefficients, and adding one to the other part of coefficients. Specially, we call our proposed embedding algorithm the com- plementary embedding. Moreover, because the proposed em- bedding algorithm is not an LSB insertion one, the proposed JPEG steganographic method can also resist the chi-square fam- ily attack. The proposed stegnographic method comprises an embed- ding process and an extraction process. The details of the em- bedding and extraction process are described in the following subsections.

3.1. Embedding process

The proposed embedding process is integrated with JPEG encoding process. Fig. 3 shows the block diagram of the em- bedding process. The raw data of the cover-image is first trans- formed by DCT. The DCT coefficients are then quantized and rounded to the nearest integers. A stego-key, which provides the major security of the embedding algorithm, is then used to permute the DCT coefficients. The permuted coefficients are then divided into two parts according to a predefined separa- tion ratio which serves an important parameter to reduce the loss of statistical property of the cover-image resulted from the follow-up secret-bits embedding process. On the other hand, the original message is encrypted to form the secret bits by using a crypto-key. The secret bits are also divided into two parts according to the same separation ratio. Each part of secret bits is embedded in its correspond- ing part of the permuted non-zero DCT coefficients by us- ing the proposed complementary embedding algorithm. The two parts of the modified coefficients are then combined, de- permutated, and entropy encoded to generate a JPEG stego- image. The details of the proposed embedding process are as follows.

Step 1: Transform the raw data of the cover-image (e.g., the luminance component) into DCT coefficients. Step 2: Quantize the DCT coefficients, and round the quan- tized coefficients to the nearest integers D. Step 3: Use a stego-key K 1 to permute the quantized coeffi- cients. That is,

Q = PERM K 1 (D),

(1)

2948

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

Stego-key

 
 

Cover

Cover
 
Cover   Coefficient Coefficient Coefficient

Coefficient

Cover   Coefficient Coefficient Coefficient

Coefficient

Cover   Coefficient Coefficient Coefficient

Coefficient

image

FDCT

quantization

permutation

separation

 
 

Crypto-key

Crypto-key Cryptographic Secret-bits Secret-bits

Cryptographic

Crypto-key Cryptographic Secret-bits Secret-bits

Secret-bits

Crypto-key Cryptographic Secret-bits Secret-bits

Secret-bits

 

Original

  Original   encryption separation embedding
 

encryption

separation

embedding

message

message

JPEG

JPEG   Entropy     Coefficient   Coefficient
 

Entropy

Entropy
   

Coefficient

Coefficient
 

Coefficient

stego-image

encoding

de-permutation

combination

Fig. 3. The block diagram of the proposed embedding process.

where PERM(·) is a key-dependent permutation function, and Q denotes the permuted coefficient sequence. Step 4: Divide Q into two parts, Q 1 and Q 2 , according to a predefined separation ratio . Step 5: Use a crypto-key K 2 to encrypt the original message O, and obtain the secret-bit sequence S. That is,

S

= ENC K 2 (O),

(2)

where ENC(·) is a cryptographic encryption function. Step 6: Divide S into two parts, S 1 and S 2 , according to the separation ratio . Step 7: Let L 1 denote the length of S 1 , concatenate L 1 and S 1 to form the secret message M 1 . That is,

M 1 = L 1 S 1 ,

(3)

where “ ” denotes the concatenation operation. Step 8: Let L 2 denote the length of S 2 , concatenate L 2 and S 2 to form the secret message M 2 . That is,

M 2 = L 2 S 2 .

(4)

Step 9: Embed M 1 into the non-zero coefficients of Q 1 ac- cording to the proposed E1 embedding algorithm given in Table 1. Note that, a secret parameter is also used in the embedding algorithm to make it more difficult for a statistical attack to obtain the original statistical property of the cover-image from a stego-image. Step 10: Embed M 2 into the non-zero coefficients ofQ 2 ac- cording to the proposed embedding E2 algorithm given in Table 2. Step 11: Combine the modified Q 1 and Q 2 to form a single coefficient sequence Q . Step 12: Use the stego-key K 1 to de-permute the coefficient sequence Q . That is,

D = DEPERM K 1 (Q ),

(5)

Table 1 The proposed E1 embedding algorithm

Algorithm: E1 embedding

Input:

B: the bit sequence to be embedded C: a coefficient sequence : adjustment parameter Output:

C : the modified version of C

Begin /* E1 embedding */ for i = 1 to length(B)

if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 0 and C(i) 1 = 0

C (i) = C(i) 2

elseif B(i) = 0 and C(i) 1 = 0

C (i) = C(i) 1

elseif B(i) = 1

C (i) = C(i)

endif

elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 1

C (i) = C(i) 1

elseif B(i) = 0

C (i) = C(i)

endif elseif C(i) < 0 and odd(C(i)) = 1

if B(i) = 1

C (i) = C(i) 1

elseif B(i) = 0

C (i) = C(i)

endif elseif C(i) < 0 and odd(C(i)) = 0

if B(i) = 0

C (i) = C(i) 1

elseif C(i) = 1

C (i) = C(i)

endif

endif

endfor for i = 1 to length(B) if C (i) = −2

C (i) = 1

endif endfor end /* E1 embedding */

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

2949

where DEPERM(·) is a key-dependent de-permutation function, and D denotes the de-permuted DCT co- efficients. Step 13: Compress the D using entropy encoding to obtain the JPEG stego-image.

Table 2 The proposed E2 embedding algorithm

Algorithm: E2 embedding

Input:

B: the bit sequence to be embedded C: a coefficient sequence Output:

C : the modified version of C

Begin /* E2 embedding */ for i = 1 to length(B)

if C(i) > 0 and odd(C(i)) = 1 /* C(i) is odd */ if B(i) = 1

C (i) = C(i) + 1

elseif B(i) = 0

C (i) = C(i)

endif

elseif C(i) > 0 and odd(C(i)) = 0 /* C(i) is even */ if B(i) = 0

C (i) = C(i) + 1

elseif B(i) = 1

C (i) = C(i)

endif

elseif C(i) < 0 and odd(C(i)) = 1 if B(i) = 0 and C(i) + 1 = 0

C (i) = C(i) + 2

elseif B(i) = 0 and C(i) + 1 = 0

C (i) = C(i) + 1

elseif B(i) = 1

C (i) = C(i)

endif

elseif C(i) < 0 and odd(C(i)) = 0 ifB(i) = 1

C (i) = C(i) + 1

elseif B(i) = 0

C (i) = C(i)

endif endif endfor end /* E2 embedding */

It should be noted that, in most cases, we do not use all the coefficients of Q 1 and Q 2 to embed S 1 and S 2 . There- fore, in Steps 7 and 8, L 1 and L 2 are embedded prior to the embedding of S 1 and S 2 so that they can be extracted first to inform the extraction algorithm to extract the exact size of S 1 and S 2 .

3.2. Extraction process

The stego-key, crypto-key, and separation ratio used in the embedding process should be shared by both the sender and re- ceiver so that the embedded message can be exactly extracted and decrypted by a legal receiver. Fig. 4 shows the block dia- gram of the proposed extraction process. The extraction process is also integrated with the JPEG decoding process, and is much simpler than the embedding process. The JPEG stego-image is first entropy decoded to recover the quantized DCT coefficients. The shared stego-key is used to permute these coefficients which are then separated into two parts according to the shared separation ratio. Two parts of secret bits are extracted from their corresponding parts of coefficients respectively, and then combined into a secret-bit sequence. Finally, the shared crypto-key are used to decrypt the secret-bit sequence to recover the original mes- sage. The details of the proposed extraction process are as follows.

Step 1: Entropy-decode the stego-image to recover the quan- tized DCT coefficients D. Step 2: Use the shared stego-key K 1 to permute D. That is,

(6)

where PERM(·) is a key-dependent permutation function, and Q denotes the permuted coefficient sequence. Step 3: Divide Q into two parts, Q 1 and Q 2 , according to a shared separation ratio . Step 4: Let l denote the bit length of L 1 and L 2 . For i = 1 to l, extract the ith bit of L 1 from ith coefficient of Q 1

Q = PERM K 1 (D),

JPEG

stego-image

Original

message

Entropy Coefficient Coefficient decoding permutation separation Crypto-key Stego-key Cryptographic Secret-bits
Entropy
Coefficient
Coefficient
decoding
permutation
separation
Crypto-key
Stego-key
Cryptographic
Secret-bits
Secret-bits
decryption
combination
extraction

Fig. 4. The block diagram of the proposed extraction process.

2950

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

according to the following equation:

L 1 (i) =

0

1

if Q 1 (i) Q 1 (i)

if Q 1 (i)

> 0 and odd (Q 1 (i)) = 0,

and odd (Q 1 (i)) = 1, and odd (Q 1 (i)) = 1, and odd (Q 1 (i)) = 0,

> 0

< 0

Q 1 (i) < 0

(7)

where odd(x) determines the property of x. If x is odd, odd(x) returns the value 1, otherwise 0. Step 5: For i = 1 to L 1 , extract the ith bit of the secret-bit sequence S 1 from (l+i)th coefficient of Q 1 according to the following equation:

S 1 (i) =


⎩ ⎪

0

1

if Q 1 (k)

if Q 1 (k)

> 0 and odd (Q 1 (k)) = 0,

0 and odd (Q 1 (k)) = 1,

and odd (Q 1 (k)) = 1,

and odd (Q 1 (k)) = 0,

Q 1 (k) < > 0

Q 1 (k) < 0

(8)

where k = l + i. Step 6: For i = 1 to l, extract the ith bit of L 2 from ith coef- ficient of Q 2 according to the following equation:

L 2 (i) =

0

1

if

if

Q 2 (i)

Q 2 (i)

Q 2 (i)

> 0 and odd (Q 2 (i)) = 1,

< 0 and odd (Q 2 (i)) = 0,

> 0 and odd (Q 2 (i)) = 0,

and odd (Q 2 (i)) = 1.

Q 2 (i) < 0

(9)

Step 7: For i = 1 to L 2 , extract the ith bit of the secret-bit sequence S 2 from (l +i)th coefficient of Q 2 according to the following equation:

S 2 (i) =


⎩ ⎪

0

1

if Q 2 (k)

Q 2 (k) <

if Q 2 (k)

Q 2 (k) < 0

> 0 and odd (Q 2 (k)) = 1,

0 and odd (Q 2 (k)) = 0,

> 0 and odd (Q 2 (k)) = 0,

and odd (Q 2 (k)) = 1,

(10)

where k = l + i. Step 8: Combine S 1 and S 2 to form a single secret-bit se- quence S. Step 9: Use a shared crypto-key K 2 to decrypt S, and obtain the original message O. That is,

O

= DEC K 2 (S),

(11)

where DEC(·) is a cryptographic decryption function.

4. Experimental results

Several experiments have been done to examine the per- formance of the proposed embedding method. Many standard 512 × 512 gray images with different textural properties were taken as the cover-images shown in Fig. 5. Our experiments are described in two major parts: capacity test and security test. The security test is further divided into three parts. They are im- perceptibility test, the chi-square-family-attack resistance test, and the S-family-attack resistance test.

4.1. Capacity test

Several standard 512 × 512 gray images with different textu- ral properties were taken as the cover-images shown in Fig. 5. The capacities of the cover-images were evaluated by the pro- posed embedding algorithm. The experimental results are given in Table 3. The separation ratio and the adjustment parame- ter used in each embedding process were chosen carefully to resist the S family attack. It should be noted that both param- eters and are independent of the embedding capacity. The details of choosing a proper separation ratio and an adjustment parameter will be further described in Section 4.4. To show the superiority of the proposed method over the other steganographic methods, we also used the math tool MAT- LAB [34] to simulate J-Steg, F5, and OutGuess algorithms,

Table 3 Comparison of capacity (in bits) for various embedding algorithms

Test image

Embedding algorithm

The proposed

J-Steg

F5

OutGuess

Barb

59 229

45 363

45 513

22 699

Boat

50 042

38 374

38 506

19 105

F16

46 079

35 373

35 295

17 721

Goldhill

60 890

45 196

45 505

22 639

Lena

44 131

32 998

33 026

16 375

Mandrill

98 989

75 751

75 837

37 867

Peppers

46 346

34 295

34 074

17 016

Tank

61 220

44 417

44 329

22 195

Tiffany

43 300

31 674

31 516

15 729

Zelda

37 086

27 557

27 630

13 724

15 729 Zelda 37 086 27 557 27 630 13 724 Fig. 5. The test images

Fig. 5. The test images used in our experiments: (a) Barb, (b) Boat, (c) F16, (d) Goldhill, (e) Lena, (f) Mandrill, (g) Peppers, (h) Tank, (i) Tiffany, and (j) Zelda.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

2951

and evaluate the capacity performance for these steganographic methods. Table 3 compares the capacity performance of various steganographic methods. It is clear that the capacity performance of the proposed method is superior to the other steganographic methods. To understand the superiority of the proposed method in Table 3, we can take the J-Steg as the basis of comparison. The J-Steg embeds the secret bits in DCT coefficients (except 0s and 1s). Therefore, the capacity of the J-Steg can be considered as the number of DCT coefficients (except 0s and 1s). The Out- Guess also embeds the secret bits in DCT coefficients (except 0s and 1s). But to avoid the detection of the chi-square attack, the OutGuess only uses a half of the workable coefficients to embed secret bits. This is why the capacity of the OutGuess is about a half of that of the J-Steg. Unlike the J-Steg and the OutGuess, the F5 uses the non-zero DCT coefficients to embed the secret bits. Therefore, the capacity of the F5 is potentially larger than that of the J-Steg. But to effectively extract the em- bedded secret, if the embedding result of the current coefficient is 0, the same secret bit should be embedded into the next co- efficient until non-zero result obtained. This is also known as shrinkage effect. This is why the capacity of the F5 is only slightly larger than that of the J-Steg. The proposed method also uses non-zero DCT coefficients to embed secret bits. Because the proposed method does not have the shrinkage problem, the capacity of the proposed method is higher than that of the F5.

4.2. Imperceptibility test

To test the imperceptibility performance, without loss of gen- erality, we generated enough random bits with uniform distri- bution to simulate the secret-bit sequence instead of using a specific encrypted plaintext. The secret bits were embedded in the cover-images with medium capacity (under 55 000 bits) us- ing different embedding rates. The separation ratio used in each embedding process was chosen as 4:1. Let x and y denote the cover-image and the stego-image, respectively. The imper- ceptibility is evaluated by the objective quality measurement PSNR (peak signal to noise ratio) [35]:

PSNR = 10 × log MSE (dB),

255

2

(12)

where MSE represents the mean square error between the cover- image x and the stego-image y:

MSE =

512 × 512

1

512

512

i=1

j=1

(x ij y ij ) 2 .

(13)

Table 4 presents the PSNR values of the stego-images cre- ated by the proposed method using various embedding rates. In Table 4, the embedding rate is defined as

embedding rate = actual embedding bits

(14)

embedding capacity .

It is clear that even the full capacities of the cover-images are used to embed the secret bits, the values of PSNRs are still

Table 4 The PSNR values (in dB) of the stego-images created by the proposed method using various embedding rates

Test image

Embedding rate

 

20%

40%

60%

80%

100%

Boat

35.42

35.02

34.48

33.58

31.66

F16

36.70

36.34

35.81

34.90

33.02

Lena

36.46

36.11

35.69

34.91

33.13

Peppers

35.33

35.09

34.73

34.06

32.57

Tiffany

35.83

35.53

35.02

34.17

32.47

Zelda

38.26

38.03

37.67

36.94

35.32

Table 5 Comparison of PSNR values (in dB) of the stego-images created by various embedding algorithms

Test image

Embedding algorithm

The proposed

J-Steg

F5

OutGuess

Boat

34.53

35.67

36.23

35.47

F16

35.89

36.79

37.33

36.57

Lena

35.67

36.36

36.94

36.37

Peppers

34.75

35.45

35.86

35.32

Tiffany

35.07

35.93

36.36

35.81

Zelda

37.64

38.31

38.82

38.22

higher than 30 dB. It means that the proposed steganographic method can provide good imperceptibility performance. To compare with the other steganographic methods, we em- bedded the same amount of secret bits (the capacity of the Out- Guess) in various cover-images using the J-Steg, the F5, the OutGuess, and the proposed method. Table 5 presents the com- parison of PSNR values of the stego-images created by various steganographic methods. It is clear that although more compli- cated embedding strategy is adopted in the proposed method, the PSNR values of the stego-images created by the proposed method are only slightly lower than those created by the other steganographic methods.

4.3. Chi-square-family-attack resistance test

The chi-square family attack explores the problem of PoV to detect the secret bits embedded in the LSB of the stego-image. The detection of the chi-square attack is achieved by sequen- tially accumulating the similarity of PoVs. That is, if the secret bits are embedded in the LSB of the stego-image, they could be detected by the chi-square attack. Different from the chi-square attack, the extended chi-square attack divides the stego-image into blocks, and detects the secret bits by calculating the simi- larity of PoVs in each block. If the chi-square attack is a global method, the extended chi-square attack can be considered as a local method because it detects the secret bits in each block of the stego-image independently. To avoid the detection of the chi-square and the extended chi- square attacks, the proposed method does not adopt the LSB replacement strategy. To show that the proposed steganographic

2952

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

chi-square attack

100 original J-Steg's ours 80 60 40 20 0 0 20 40 60 80 100
100
original
J-Steg's
ours
80
60
40
20
0
0
20
40
60
80
100
probability of embedding

size of sample (%)

Fig. 6. The detection results of the chi-square attack to the stego-images created by the J-Steg algorithm and the proposed steganographic method.

S1 attack for the proposed method

100 perfect 80 Goldhill Lena 60 Mandrill Zelda 40 20 0 -20 -40 10 20
100
perfect
80
Goldhill
Lena
60
Mandrill
Zelda
40
20
0
-20
-40
10
20
30
40
50
60
70
80
90
100
detection of embedding rate

embedding rate

Fig. 8. The detection results of S1 attack for the stego-images created by the proposed steganographic method.

extended chi-square attack

100 original J-Steg's ours 80 60 40 20 0 0 20 40 60 80 100
100
original
J-Steg's
ours
80
60
40
20
0
0
20
40
60
80
100
probability of embedding

size of sample (%)

Fig. 7. The detection results of the extended chi-square attack to the stego-images created by the J-Steg algorithm and the proposed steganographic method.

method can resist both the chi-square and the extended chi- square attacks, we used the math tool MATLAB to simulate both attacks. We used the proposed method to create the stego- image of “Lena” with half embedding capacity, and used the chi-square and the extended chi-square attacks to detect the stego-image. The same experiments were also performed on the stego-image created by the J-Steg method. Figs. 6 and 7 show the responses of the different stego- images to the chi-square and the extended chi-square attacks, respectively. In Fig. 6, it can be found that the chi-square attack has successfully detected the existence of the embedded secret bits in the first half of the DCT coefficients of the stego-image created by the J-Steg method. In Fig. 7, the extended chi-square attack has also successfully detected the existence of the secret bits in the first half of blocks of the stego-image created by the J-Steg method. It is clear that in both figures, the stego-images

created by the proposed method have no responses to both the chi-square and the extended chi-square attacks. It means that the proposed method has excellent performance against the chi- square family attack.

4.4. S-family-attack resistance test

The S family attack detects the length of the embedded se- cret bits by estimating the approximate cover-image. In such a method, it has successfully broken the F5 and the OutGuess steganographic methods. The proposed method adopts the complementary embedding strategy to reduce the loss of sta- tistical property of the cover-image in spatial domain. The proposed complementary embedding divides the secret bits and the DCT coefficients into two parts, respectively, by a pre- defined separation ratio , and embeds each part of secret bits into the corresponding part of DCT coefficients by comple- mentary embedding algorithms. In our experiments, we found that the proposed method can confuse the S family attack by using 3 5 together with an adjustment parameter . We

1

1

and = 3 throughout the follow-up experiments if

no other values are explicitly assigned. To show that the proposed steganographic method can resist the S1 and the S2 attacks, we used the math tool MATLAB to simulate both attacks. We also used the proposed method to create the stego-images for several standard images with different texture properties using various embedding capacities, and then used the S1 and the S2 attacks to detect these stego- images. Figs. 8 and 9 show the detection results, respectively. For S1 attack, the same experiments were performed on the stego-images created by the F5 algorithm. The detection results are shown in Fig. 10. For S2 attack, the same experiments were performed on the stego-images created by the OutGuess algorithm. The detection results are shown in Fig. 11. Table

6 also provides the detection results of S1 and S2 attacks for

set = 4

1

1

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

2953

S2 attack for the proposed method

100 perfect 80 Goldhill Lena 60 Mandrill Zelda 40 20 0 -20 -40 -60 10
100
perfect
80
Goldhill
Lena
60
Mandrill
Zelda
40
20
0
-20
-40
-60
10
20
30
40
50
60
70
80
90
100
detection of embedding rate

embedding rate

Fig. 9. The detection results of S2 attack for the stego-images created by the proposed steganographic method.

S1 attack for F5 algorithm

120 perfect 100 Goldhill Lena Mandrill 80 Zelda 60 40 20 0 -20 10 20
120
perfect
100
Goldhill
Lena
Mandrill
80
Zelda
60
40
20
0
-20
10
20
30
40
50
60
70
80
90
100
detection of embedding rate

embedding rate

Fig. 10. The detection results of S1 attack for the stego-images created by the F5 embedding algorithm.

S2 attack for OutGuess algorithm

120 perfect 100 Goldhill Lena Mandrill 80 Zelda 60 40 20 0 10 20 30
120
perfect
100
Goldhill
Lena
Mandrill
80
Zelda
60
40
20
0
10
20
30
40
50
60
70
80
90
100
detection of embedding rate

embedding rate

Fig. 11. The detection results of S2 attack for the stego-images created by the OutGuess embedding algorithm.

Table 6 The detection results of S1 and S2 attacks for the stego-images created by the proposed embedding algorithm using embedding rate 50% and various

(embedding rate: 50%)

Detection algorithm

S1 attack (%)

S2 attack (%)

1

3.86

4.87

2

1

7.93

24.70

4

1

10.26

14.39

6

1

10.71

20.16

8

1

11.67

27.67

10

the stego-images created by the proposed embedding algorithm using embedding rate 50% and various values of . In Figs. 8–11, the dash lines represent the perfect detection result. The closer the detection result to the dash line, the weaker the resistance of the steganographic method to the S family attack. In Fig. 10, the detection results of the stego-images created by the F5 algorithm are very close to the dash line. It means that the S1 attack has successfully broken the F5 algorithm. It is clear that in Fig. 8, for the proposed method, all the detection results are far beyond the dash line. It means that the proposed method can survive the S1 attack. On the other hand, in Fig. 11, for the OutGuess algorithm, the detection results of S2 attack are very close to the dash line. It means that the S2 attack has successfully broken the OutGuess algorithm. For the proposed method, in Fig. 9, all the detection results are unstable and have clear distances from the dash line. It implies that the proposed method can also survive the S2 attack. Further explanation of why the proposed steganographic method can resist both S1 and S2 attacks will be provided in Section 5. The readers may notice that some of the detection of embed- ding rate is negative in Figs. 8–10. This phenomenon results from the assumption of the S family attack. In brief, the S fam- ily attack uses a method to estimate the original image from the stego-image and then uses an equation derived from the as- sumptions of the estimated original image and the property of the stego-image to calculate the embedding rate. Because the equation used to calculate the embedding rate is very image- dependent, it may have different results when detecting differ- ent stego-images. Moreover, it may have negative results when the assumptions of the estimated original image and the prop- erty of the stego-image have bias. This is why there are some negative results appeared in Fig. 10 when embedding small amount secret bits in image “Goldhill.” Similarly, because the proposed method adopts quite different approach to embed se- cret bits, it also destroys the assumptions of the S family attack and results in quite unstable detection results including nega- tive values as shown in Figs. 8 and 9.

5. Discussions

The S1 and S2 attacks are good statistical attacks. Although they were originally designed for breaking F5 and OutGuess, they can also be used to break the other JPEG steganographic

2954

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

Table 7 The detection results of S1 attack for the stego-images created by the Out- Guess algorithm using various embedding rates

Table 8 The detection results of S2 attack for the stego-images created by the J-Steg algorithm using various embedding rates

Embedding rate (%)

Test image

Embedding rate (%)

Test image

Goldhill (%)

Lena (%)

Mandrill (%)

Zelda (%)

Goldhill (%)

Lena (%)

Mandrill (%)

Zelda (%)

10

19.91

1.84

6.77

9.48

10

4.42

10.49

11.13

17.58

20

17.36

4.78

1.29

7.14

20

20.48

9.61

26.33

32.78

30

16.71

0.80

1.75

1.71

30

17.87

30.95

43.37

27.64

40

22.08

0.97

6.39

10.82

40

47.31

53.74

47.80

48.93

50

20.87

2.24

7.08

8.47

50

58.75

69.93

62.79

62.55

60

17.11

0.07

4.62

5.98

60

72.06

74.48

64.70

82.45

70

21.66

4.13

0.91

6.22

70

84.67

84.27

74.35

88.92

80

18.37

2.05

1.22

5.87

80

83.90

90.53

79.91

86.78

90

27.00

5.20

8.87

7.72

90

90.89

89.97

92.18

94.96

100

21.15

1.01

1.47

8.73

100

97.15

107.17

101.91

111.96

methods if the embedding strategy of any steganographic method matches the detection strategy of S1 or S2. In brief, the S1 attack uses a method to estimate the origi- nal image from the stego-image, and assumes that, after em- bedding, the number of the 0 and the absolute-value-1 DCT coefficients in the stego-images created by F5 will be changed drastically. Based on this property, the S1 attack can measure the amount of the embedded secret bits using the relation be- tween the stego-images and the estimated original image. Be- cause OutGuess preserves the property of the DCT coefficients of the stego-images, if we use S1 attack to detect the stego- images created by the OutGuess algorithm, we will obtain in- correct detection results as given in Table 7. Similarly, because the proposed method uses the strategy of complementary em- bedding to maintain the property of DCT coefficients, the S1 attack cannot correctly detect the number of the embedded se- cret bits as shown in Fig. 8. This is why the proposed stegano- graphic method can resist the S1 attack. On the other hand, in brief, the S2 attack also uses a method to estimate the original image from the stego-image. To detect an image, the S2 attack first embeds random bits in the stego- image using the same embedding algorithm. If the stego-image is created by an LSB-based method, the embedding effect of the stego-image will be canceled out. Therefore, the re-embedded image will be closer to the original image than the stego-image. The S2 attack then uses the relation among the estimated orig- inal image, stego-image, and the re-embedded image to mea- sure the amount of the embedded secret bits. For example, as introduced previously, the J-Steg is an LSB-based method. If we use S2 attack to detect the stego-images created by J-Steg, we will obtain stable detection results as given in Table 8. On the contrary, if a stego-image is not created by an LSB-based method, the re-embedding strategy adopted by the S2 attack will fail and result in unstable detection results. For example, if we use S2 attack to detect the stego-images created by the F5 algorithm, we will obtain unstable detection results as given in Table 9. Because the proposed steganographic method is not an LSB-based method, if we use S2 attack to detect the stego- images created by the proposed embedding algorithm, the de-

Table 9 The detection results of S2 attack for the stego-images created by the F5 algorithm using various embedding rates

Embedding rate (%)

Detection algorithm

 

Goldhill (%)

Lena (%)

Mandrill (%)

Zelda (%)

10

20.92

30.68

15.74

54.53

20

8.05

18.79

23.07

54.90

30

6.60

43.01

1.24

56.59

40

2.56

7.51

10.21

58.32

50

0.11

44.82

15.23

45.17

60

20.36

11.43

1.27

6.14

70

18.50

58.72

4.82

36.13

80

20.22

8.96

1.04

48.2

90

5.08

1.86

10.62

8.31

100

20.48

0.17

19.05

20.25

tection results are also unstable as shown in Fig. 9. This is why the proposed steganographic method can resist the S2 attack.

6. Conclusions

In this paper, we have proposed a high-performance JPEG steganographic method. The proposed method adopts the com- plementary embedding strategy to reduce the loss of statistical property of the stego-image in spatial domain. In such a man- ner, the proposed steganographic method can resist the S fam- ily attack. Moreover, the proposed method does not adopt the LSB replacement strategy so that it can also avoid the detection of the chi-square family attack. To show the effectiveness of the proposed method, the chi- square, extended chi-square, S1 and S2 attacks were simulated, and used to detect the stego-images created by the proposed method. The J-Steg, F5, and OutGuess steganographic algo- rithms were also simulated and used to create the stego-images in the same experimental conditions. Experimental results show that the proposed steganographic method has the following ad- vantages:

(1) The capacity provided by the proposed method is larger than those provided by J-Steg, F5, and OutGuess stegano- graphic methods.

C.-L. Liu, S.-R. Liao / Pattern Recognition 41 (2008) 2945 – 2955

2955

(2) The proposed method has excellent performance against the chi-square family attack. (3) The proposed method can successfully confuse the detec- tion of the S family attack.

With the above-mentioned advantages, the proposed stegano- graphic method is practical for the application of covert com- munication.

References

[1] W. Stallings, Cryptography and Network Security: Principles and Practice, third ed., Pearson Education, New Jersey, 2003. [2] C.-C. Chang, C.-S. Chan, Y.-H. Fan, Image hiding scheme with modulus function and dynamic programming strategy on partitioned pixels, Pattern Recognition 39 (6) (2006) 1155–1167. [3] S.-L. Li, K.-C. Leung, L.M. Cheng, C. -K, Chan, A novel image-hiding scheme based on block difference, Pattern Recognition 39 (6) (2006)

1168–1176.

[4] H. Noda, M. Niimi, E. Kawaguchi, High-performance JPEG steganography using quantization index modulation in DCT domain, Pattern Recognition Lett. 27 (5) (2006) 455–461. [5] Y.-H. Yu, C.-C. Chang, Y.-C. Hu, Hiding secret data in images via predictive coding, Pattern Recognition 38 (5) (2005) 691–705. [6] C.-C. Chang, H.-W. Tseng, A steganographic method for digital images using side match, Pattern Recognition 25 (12) (2004) 1431–1437. [7] M.-Y. Wu, Y.-K. Ho, J.-H. Lee, An iterative method of palette- based image steganography, Pattern Recognition Lett. 25 (3) (2004)

301–309.

[8] C.-K. Chan, L.M. Cheng, Hiding data in images by simple LSB substitution, Pattern Recognition 37 (3) (2004) 469–474. [9] C.-C. Thien, J.-C. Lin, A simple and high-hiding capacity method for hiding digit-by-digit data in images based on modulus function, Pattern Recognition 36 (12) (2003) 2875–2881. [10] D.-C. Wu, W.-H. Tsai, A steganographic method for images by pixel- value differencing, Pattern Recognition Lett. 24 (9–10) (2003) 1613–

1626.

[11] D.-C. Lou, J.-L. Liu, Steganographic method for secure communications, Comput. Secur. 21 (5) (2002) 449–460.

[12] J. Spaulding, H. Noda, M.N. Shirazi, E. Kawaguchi, BPCS steganography using EZW lossy compressed images, Pattern Recognition Lett. 23 (13) (2002) 1579–1587. [13] J.J. Eggers, R. Bauml, B. Girod, A communications approach to image steganography, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 4675, 2002, pp. 26–37.

[14] C.-C. Chang, T.-S. Chen, L.-Z. Chung, A steganographic method based upon JPEG and quantization table modification, Inf. Sci. 141 (1–2) (2002) 123–138. [15] R.-Z. Wang, C.-F. Lin, J.-C. Lin, Image hiding by optimal LSB substitution and genetic algorithm, Pattern Recognition 34 (3) (2001)

671–683.

[16] A. Westfeld, High capacity despite better steganalysis (F5—a steganographic algorithm), in: Proceedings of the Fourth International Workshop on Information Hiding, vol. 2137, 2001, pp. 289–302. [17] N. Provos, Defending against statistical steganalysis, in: Proceedings of the 10th USENIX Security Symposium, 2001, pp. 323–336. [18] J-Steg http://www.ussrback.com/crypto/steanography/DOS/jsteg.txt . [19] EzStego http://www.securityfocus.com/tools/586 . [20] F5 http://wwwrn.inf.tu-dresden.de/%7Ewestfeld/f5.html . [21] Hide4PGP http://www.heinz-repp.onlinehome.de/Hide4PGP.htm . [22] JP Hide&Seek ftp://ftp.gwdg.de/pub/linux/misc/ppdd/jphs_05.zip . [23] S-Tools ftp://ftp.ntua.gr/pub/crypt/mirrors/idea.sec.dsi.unimi.it/code/s- tools4.zip . [24] Snow http://www.darkside.com.au/snow/index.html . [25] I.J. Cox, M. Miller, J. Bloom, Digital Watermarking, Morgan Kaufmann, San Francisco, 2002. [26] J.-L. Liu, D.-C. Lou, M.-C. Chang, H.-K. Tso, A robust watermarking scheme using self-reference image, Comput. Stand. Interfaces 28 (3) (2006) 356–367. [27] D.-C. Lou, J.-L. Liu, M.-C. Chang, Digital watermarking using multiresolution wavelet transform, in: Proceedings of the IEEE 37th Annual International Carnahan Conference on Security Technology, 2003, pp. 370–377. [28] D.-C. Lou, J.-L. Liu, A robust watermarking scheme based on the just- noticeable-distortion, J. Chung Cheng Inst. Technol. 31 (2) (2003) 11–

22.

[29] F.A.P. Petitcolas, R.J. Anderson, M.G. Kuhn, Information hiding—a survey, Proc. IEEE 87 (7) (1999) 35–43. [30] J. Seberry, J. Pieprzyk, CRYPTOGRAPHY: An Introduction to Computer Security, Prentice-Hall, New York, 1989. [31] A. Westfeld, A. Pfitzmann, Attacks on steganographic systems, in:

Proceedings of the Third International Workshop on Information Hiding, 2000, pp. 61–76. [32] J. Fridrich, M. Goljan, D. Hogea, New methodology for breaking steganographic techniques for JPEGs, in: Proceedings of SPIE: Security and Watermarking of Multimedia Contents, vol. 5020, 2003, pp.

143–155.

[33] ISO/IEC, IS 10918, ITU-T, Rec. T.81, Information technology—digital compression and coding of continuous-tone still images, part 1:

requirements and guidelines, 1992. [34] The MathWorks http://www.mathworks.com/index.shtml . [35] A.K. Jain, Fundamentals of Digital Image Processing, Prentice-Hall, New Jersey, 1989.

About the Author—CHIANG-LUNG LIU received his Ph.D. degree in Electronic Engineering from Chung Cheng Institute of Technology (CCIT), National Defense University, Taiwan, ROC, in 2002. Since 2003, he has been with the Department of Electrical Engineering at CCIT, where he is currently an Associate Professor in the Department of Electrical and Electronic Engineering. His research interests include information security, information hiding, multimedia security, and image processing.

About the Author—SHIANG-RONG LIAO received his M.S. degree in Electronic Engineering from Chung Cheng Institute of Technology, National Defense University, Taiwan, ROC, in 2006. His research interests include information hiding and image processing.