Steganography

Preeti Singh,
Sakshi Kushwaha,
Sudeep Srivastava,
Uttam Singh.
 Introduction
Steganography
(covered writing, covert channels)

Protection against detection Protection against removal

(data hiding) (document marking)

Watermarking Fingerprinting
(all objects are marked (identify all objects, every
in the same way) object is marked specific)

Source: Richard Popa.

 Why not Encryption?
Confidentiality

Steganography Encryption
(hide existence of the secret message, (encrypt the message,
but do not use encryption) but do not hide the message)

Source: Richard Popa.

• Ideally nobody can see both parties • Anybody can see both parties
are secretly communicating. are communicating in secret.

• Innocent. • Suspicious.
 History
• 440 B.C.
– Histiaeus shaved the head of his most trusted slave and tattooed it with a message
which disappeared after the hair had regrown. To instigate a revolt against Persians.

• 1st and 2nd World Wars

– German spies used invisible ink to print very small dots on letters.
– Microdots – Blocks of text or images scaled down to the size of a regular dot.

• Current
– Special inks are used to write a hidden messages on bank notes.
– Industry demands for digital watermarking and fingerprinting of audio and video.
 Etymology
The word steganography comes from the Greek
steganos (covered or secret) and -graphy (writing or
drawing) and thus means, literally, covered writing.
Steganography is usually given as a synonym for
cryptography but it is not normally used in that way
 Hiding Information Digitally

Requirements

• Secret data integrity must remain after being embedded in stego object.

• The stego object must remain unchanged or almost unchanged to naked eye.

• In watermarking, changes in stego object have no effect on watermark.

• We assume the attacker knows secret data is hidden inside the stego object.
Basic Principle in Steganography
Secret
Mess
Stego Object

Cover
Image
Encoder

Secret Decoder
Mess Communications
Channel

Original
Cover
Suitable Media for Steganography
• Text Files
– Hidden information destroyed as soon as object is modified.

– Protocols tend to be easy to implement.

– Useful in proving objects have not been manipulated and changed e.g.
evidence in a court of law.

• Audio files
– It should be infeasible to remove the hidden data without degrading the
perceived quality of the data.

– Protocols are more complex.

– One single protocol may not withstand all object manipulations.

 Steganography Techniques

• Binary Files
• Text
– Document
• Images
– LSB
• Audio
MP3
• Other Types
 Information Hiding in Documents
• One of three techniques are applied to hiding data:
– Line Shift Coding - Vertical shifting of lines
Shifts lines up slightly up or down h-i
Shifted up slightly h+i
Lines to be shifted decided by Codebook

– Word Shift Coding - Horizontal spacing between each word

Shift of words slightly left or right, decided by codebook

An Example of this “Example” is shifted to the left. “this” is shifted
An Example of this to the right

– Feature Coding - Analyse document, then pick features to change

e.g. text height
 Text Techniques
• Text being hidden: “I'm having
a great time learning about
computer security”.
Dear Friend , Especially for you - this red-hot
intelligence. We will comply with all removal requests .
This mail is being sent in compliance with Senate bill
2116 , Title 9 ; Section 303 ! THIS IS NOT A GET
RICH SCHEME.Why work for somebody else when
you can become rich inside 57 weeks . Have you ever
noticed most everyone has a cellphone & people love
convenience . Well, now is your chance to capitalize on
this . WE will help YOU SELL MORE and sell more !
You are guaranteed to succeed because we take all the
risk ! But don't believe us . Ms Simpson of Washington
tried us and says "My only problem now is where to
park all my cars" . This offer is 100% legal . You will
blame yourself forever if you don't order now ! Sign up
a friend and you'll get a discount of 50% . Thank-you for
your serious consideration of our offer . Dear Decision
maker ; Thank-you for your interest in our briefing . If
you are not interested in our publications and wish to . . .
 Image Techniques

• Simple Watermarking

– A simple way of watermarking images is to embed another image into them.

– This embedded image can be a company logo or name etc.

+ =
 Image Techniques
• Store host image and hidden image in memory.

• Pick the number of bits you wish to hide the hidden image in.

• Scan through the host image and alter its LSB’s with the hidden images MSB’s. So
when 4 bits are used to hide information…

Host Pixel: 10110001

Secret Pixel: 00111111
New Image Pixel: 10110011

• To extract the hidden image, you basically take out the LSB’s from the host image
and create a new image from them.
 Image Techniques

• LSB – Least Significant Bit

– A simple yet effective way of hiding data in an image for any purpose.

– The least significant bits of the host image are used to hide the most
significant bits of the hidden image (for image-in-image hiding).

– The least significant bits can always be used to hide other data types.

– The next example will show how image-in-image hiding works via this method.
Image Techniques

Original
Bit Level
Images
1
4
7
 Other Techniques

• Video

– A mixture of both image and sound techniques are used.

• DNA

– Use different DNA bases to code secret messages via some cipher key.

– DNA is so small it can be hidden in a dot like the microdot method.

 Platform Tools
• Tools:
JDK 6.x
Core java(API)
Servlet,JSP
Database
WebServer: tomcat 6.x

• Hardware
CPU 1.7GHz
RAM 1 GB
Hard Disk 1GB
 Design Pattern

We had used 2 types of Design Patterns

• Singleton Pattern :-According to this pattern only a single connection is
made with the database and it is used in multiple class files. So that the
Code become more proficient
Con = null
If(con==null)
{
…
}
Return Con;
 Design Patterns
• Factory Pattern:-
Factory pattern is about generating all the connection at
single place and then give that connection to all as required
so we made a class which create connection with the
database and each time we want to connect with the
database we call only the method of that class.

Advantages:-
Database is not driver specific.
Reduces the redundancy of code.
Complexity also reduces.
 Modules of project

We have designed 2 modules of our project

• User module
• Admin module
Some parts of
• Process module
• Data module
Are under construction.
 Modules

Admin User
module module

Process Module

Data Module

Database
 Product Module

Read/write messages Upload Files

Administrator
Users

Download image
User Management

Upload image
System

Fig. - Context Level

Diagram
 Level 1 -DFD
User
Edit profiles

ID/password
Message
services
Select
Services
Data store

User info Images services

Account options
Login

Data store
Data services
Data store
ID/password

Admin

Manage

Data store
 Level 2-DFD

Id,
Id, password Check password Validate Valid
Next
for Null user Process

Invalid

Login failed, try again Send

Message
 Validate User

Id, password Get User data Match data Result

Next Process
info

data

Get User
Store data

Data store
 Level 2-User registration

Register Open Form Submit

Registra
form
tion
form

Get User
Store
data

Data store
 Level 3-Submit Form

Check for Check

Form Form Available Save
Null User name
values availability Data

Not Available

Error Message Send

Data store
Error
 Limitations And Attacks
Categories of attacks:

- Basic attacks take advantage of weaknesses in embedding

technique.

- Robustness attacks attempt to diminish or remove the

watermark.

- Presentation attacks modify the content of the file to

prevent detection of mark.

- Implementation attacks take advantage of poorly

implemented software.
 Robustness Attacks - StirMark
• Performs a series of almost
unnoticeable distortions to
attempt to remove mark:

• Geometric distortion

• Low frequency deviation

• Transfer function

• Applying StirMark to (a) and (c)

produces (b) and (d).
 Implementation Attacks

• If software implementation is poor it can allow some attacks.

• Attacker broke into software and disabled password checks.

• Could then change the ID, affecting already marked images

and bypassing checks for existing marks to overwrite them.
 Comparison

Confidentiality Integrity Unremovability

Encryption Yes No Yes

Digital
No Yes No
Signatures

Steganography Yes/No Yes/No Yes

 Future Scope
• SSL security is essential for providing better security for user’s
data,this requirement can be implemented in future enhancement of
this project.
 Conclusion
• Steganography will become increasingly important as more copyrighted material
becomes available online.

• Many techniques are not robust enough to prevent detection and removal of
embedded data.

• For technique to be considered robust:

– The quality of the media should not noticeably degrade upon embedding data.
– Data should be undetectable without secret knowledge typically the key.
– If multiple marks are present they should not interfere with each other.
– The marks should survive attacks that don’t degrade the perceived quality of the work.

• Methods of embedding and detecting are likely to continue to improve.

Questions