Articles‎ > ‎Network Security‎ > ‎

Digital Steganography

Digital Steganography

 

Chintan I. Patel

 

1. Introduction

In a world where confidentiality and integrity of an individual’s work and belongings are very important, certain attacks or copyright violations exist which take the advantage of accrediting other’s work as theirs. The world of Internet has become an integral part of our lives where an individual’s personal information or works by him/her are stored in the database as references. This calls for protection of the information present on the Internet as it may be accessed by anyone and the data’s integrity and confidentiality is an important aspect that must be taken into consideration.

Therefore, a technique is needed that may provide the needed integrity and confidentiality so that nobody can accredit an individual’s work as theirs and hence the copyright law is not violated as well. Digital Steganography is such technique that provides protection of digital information uploaded by the user on the Internet by performing techniques which allow the protection of data.

Digital Steganography is defined as the art of hiding data into another data by embedding into each other [1]. Corporations use this method to protect their copyright so that it can prevent any illegal use by others and also help in making a good reputation for the firm.

 

2. General issues addressed

Following issues are addressed in this paper:

  1. Requirements of Digital Steganography
  2. Generic encoding and decoding process
  3. Digital Steganography techniques
  4. Types of Attacks

 

3. Requirements of Digital Steganography [2]

Stego object is the data into which the hidden information is embedded which cannot be detected easily and if detected there is a complex process to recover the same. Following are the requirements to smoothen the process of hiding data into another message:

  1. When the stego object is embedded into a data that is represented by an image or an audio file, the secret message must remain unchanged after it is embedded into the stego object
  2. The stego object should not be recognizable to the naked eye so as to covertly exchange the information without an attacker’s notice
  3. Assume that the attacker knows about the presence of hidden data
  4. Considering that the user has watermarked a document, any changes made to the stego object should not affect the watermark embedded by the user on the document

If these requirements are kept in mind before exchanging any digital information over the public Internet, then it is possible to fool the pirate (attacker) and pass the data to the intended recipient successfully without any attack incurred on it.

 

4. Digital Steganography techniques


4.1 Simple Watermarking

Watermarking is done to embed an image over the existing image to be exchanged on the Internet. As long as the watermark is known, it is possible to retrieve the image by reversing the process and deleting the original one. This is only possible in Watermarking as the original image can be separated from the watermark by using a specific application with some skills and effort [2].


4.2 Least Significant Bit (LSB) hiding

LSB is the easiest and the most effective way of hiding image into another. In this technique, the LSB of each pixel in one image is hidden into the most significant bit of the other. The LSBs can be used to store audio or text files as well. This technique is widely used due to its simplicity and great performance.

 

4.3 Direct Cosine Transformation (DCT)

Using this technique, the hidden image is spread over the cells and it becomes difficult for the attacker to notice any hidden data. But this technique may be affected by noise even though simplicity and robustness are advantages of using it.

 

4.4 Wavelet Transformation

Wavelet Transformation is a technique that provides greater robustness and higher compression levels than the DCT scheme. It is known that the low frequency components are more vulnerable to compression due to which they are separated from the high frequency components during the compression process. In order to maintain the robust characteristic, compression is done further by the Quantization method [2]. 

 

5. Security issues

 

5.1 Types of Attacks

 

  5.1.1 Basic Attacks

   These type of attacks generally take place due to loop holes in designing techniques. For example, audio files which require synchronization may lose data by adjusting parameters that are bound to achieve synchronization. This may be done by changing the length of audio without altering the pitch of audio quality which proves effective against attacks.


  5.1.2 Robustness attacks

    These attacks target the watermarking technique. The watermark may be diminished by this attack. “If a series of minor distortions are applied the watermark can be lost while the image remains largely unchanged” [2]. These attacks can be tackled by creating multiple copies of the mark using Inverse transformations which helps in increasing the resistance against robust attacks.

 

  5.1.3 Presentation attacks

   Presentation attacks prevent the detection of the watermark on the digital image. The original file must have a minimum value of cells that formed by splitting the image into a matrix. If the size of cells have a minimum value, then the attackers cannot reduce the size any further which may prevent the diminishing of the watermark and hence its detection is possible. The watermark could be lost if the size of the cells of the image matrix are very small.

 

  5.1.4 Interpretation attacks

    If a user creates a digital image and embeds it with a watermark, then that watermark belongs to that particular user only. Now, if a second user (attacker) adds a watermark to the same image, he/she would suggest that the image belongs to them. Therefore, it becomes difficult to come to a decision who owns the document actually. These types of attacks can be prevented by using powerful watermarking embedding techniques by which an attacker may not be able to add a fake watermark of his own.

 

  5.1.5 Implementation attacks

   These attacks are targeted at the marks which exist in the data. In simple words, if the mark detection software consists of loop holes or faults, then it is very easy for the attackers to generate information from the secret image. Example: Digimarc, one of the widest used softwares for picture marking schemes was attacked due to weakness in the implementation of the software. The attacker may break into the software and change the user ID and password, or may also be able to retrieve information and attack in a different manner by changing or removing the marks in the digital image or data [2]. 

 

5.2 Detection in Digital Steganography

The art of detecting and decoding hidden data is known as Steganalysis [1]. Detecting a secret message is possible but its extraction is a tedious process. Presently, there are two techniques by which the extraction of hidden information may be possible, namely, information theory and statistical analysis [1].

Detection must also be given priority as it is known that even terrorists use these techniques to communicate with each other, which could prove to be very dangerous and a threat to National Security. Therefore, detection is as important as its application in the real world.

  

6. Generic encoding and decoding process



The encoding and decoding process of digital data is the heart of the system. The secret image needs to be embedded into the original (cover) cover image inside the encoder in order to pass the data to the intended recipient making sure the information is exchanged with utmost security. The encoder consists of one or more protocols which are implemented to hide the secret information into the cover image. The output generated is the stego object which is a combination of the secret and cover images.

A key is needed to decode the information as set at the encoder. This key is either private or public depending upon type of application used. For example, if the secret message is encoded using a private key, then the user can decode the message via the public key. This reduces the chances of an attack and the message can be exchanged covertly. The embedding process inserts a mark that is produced by a randomly generated number. This mark signifies the originality of the data exchanged. The stego object should look almost identical to the original image [2].

At the decoder, the recipient requires a public key to view the data. The stego object is decoded and in some cases, the original image is required to be a part of the decoding process to make the confidentiality process more powerful. The secret image can be obtained with the presence of the original image only (in some cases). Also, at the decoder, the mark is checked and retrieved which signifies the originality of the information [2].

 

7. Comparison between secret communication techniques

There has always been ambiguity between encryption and steganography. “Encryption encodes data such that an unintended recipient cannot determine its intended meaning. Steganography, in contrast, does not alter data to make it unusable to an unintended recipient. Instead, a steganographer attempts to prevent an unintended recipient from suspecting that the data is there” [1]. Therefore, Steganography is used to prevent the visibility of data from the attacker, whereas encryption is used to encode the data in order to maintain privacy and security of data in its own way.

Unremovability is a key concept because it determines whether the originality of the information can be affected or not. The following table depicts all of the above in brief:

 

Technique

Confidentiality

Integrity

Unremovabiltity

Encryption

Yes

No

Yes

Digital Signatures

No

Yes

No

Steganography

Yes/No

Yes/No

Yes


 

8. Applications of Digital Steganography

  1. Corporate world
  2. Personal applications, for example, uploading images on Facebook
  3. Governments and National Defense offices

 

9. Future scope of the technique presented

Steganalysis is an area of further research. This may prove to be a beneficial for the Government of different countries in order to maintain National Security and a powerful tool against the terrorists, who according to sources are using the steganography techniques to exchange information within themselves.

If applied correctly and smartly, digital steganography can do wonders in the vast field of Internet where trillions of gigabits digital information exists that can be protected from attackers, provided the right type of prevention techniques are used.


10. Conclusion

With tremendous growth of Internet, digital steganography may prove to be an effective technique against attackers who intend to either steal or use copyrighted information illegally. Current techniques today are not robust enough to avoid complex attacks and hence require better detection techniques so as to prevent such attacks efficiently [2].

The marks present in the information exchanged must not diminish and multiple marks present in the same data should not interfere with each other. Furthermore, the quality of the digital data should not degrade while performing these techniques, which is a major point that must be considered during the encoding and decoding process [2].

 

Summary

 

  Ø      Art of hiding data into another data by embedding into each other is termed as Digital Steganography [1].

Ø      Minimum requirements for digital steganography must be satisfied in order to get enhanced and efficient results by applying appropriate techniques. More resistance against the attacker can be provided if the requirements are met.

Ø      Simple Watermarking, Least Significant Bit (LSB) Hiding, Discrete Cosine Transformation (DCT) and Wavelet Transformation are techniques which help in embedding the secret information covertly into the stego object. LSB hiding is the popular technique used for steganography due to its simplicity and efficient results.

Ø      Basic, robust, implementation, interpretation and presentation are kinds of attacks performed over the digital information to deprive the same of integrity and confidentiality.

Ø      Art of detecting and decoding hidden information is termed as steganalysis.

Ø      Steganography prevents visibility of data from the attacker, whereas encryption encodes the data in order to maintain privacy and security of information.

 


References


     [1] Digital steganography: hiding data within data, Artz, D.;
       Internet Computing, IEEE
      Volume: 5 , Issue: 3
      Digital Object Identifier: 10.1109/4236.935180
      Publication Year: 2001

[2]Steganography and digital watermarking”, Jonathan Cummins, Patrick Diskin, Samuel Lau and Robert Parlett;

      School of Computer Science, The University of Birmingham;

      Copyright © 2004

http://www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS5/Steganography.pdf

 

Comments