AMLAN CHAKRABORTY 0440954

[email protected]. !"

#t ganog$a%h& an! 'igital (at $ma$)ing ** A%%lications+ Attac)s an! Co"nt $m as"$ s
,nt$o!"ction
Steganography is the science of hiding information in data. Normally steganography is done intelligently such that it is difficult for an adversary to detect the existence of a hidden message in the otherwise innocuous data. The piece of data that has the message embedded in it is visible to the world in the clear and appears as harmless and normal. This is in stark contrast with cryptography where the message is scrambled to make it extremely difficult or impossible for an adversary to put together. A message in ciphertext arouses some sort of suspicion whereas invisible message embedded in clear text does not. This is the advantage of steganography. Generally, a steganographic message will appear to be something else a picture, an audio file, a video file or a message in clear text ! the co- $t .t. "istorically, messages were written using hidden invisible ink between the visible lines of innocuous documents, or even written onto clothing. #ther techni$ues used were writing messages in %orse code in knitting yarn, or marking particular words or letters in the message, using invisible ink or pin prick that form the secret message. &uring ''(( Germans used the microdot technology, where an image the si)e of a period had the clarity of typewritten pages. (n this case the period was the covertext and the image is the message. Though smart hiding and innocuous hiding techni$ues are used to hide the st got .t, the algorithm itself is secure and only known to the communicating parties and not to the world. This is in slight contrast to classical cryptography where the algorithm is well known and only the key*s+ are secret. Though data is not encrypted in steganography, authenticity of a message is normally established by using a %A, or a signature. Steganography can be used to code messages in any transport layer - an image *G(./0%1/213G+, a %14 file, a communications protocol like 5&1 etc. Steganogrpahic information can also be added to richer multimedia content like &6&s. There are normally two motivations - to send a secret message or to establish authenticity of a piece of information - usually a multimedia file. The later is a ma7or application of modern steganography and known as 'igital (at $ma$)ing and /ing $%$inting. 'atermarks establish ownership of an artifact while fingerprints or labels help to identify intellectual property violators. They are different protocol implementation of the same basic idea.

,n0o$mation th o$& an! h"man s nso$& % $c %tion

Steganography is possible for the same reasons that compression is - a combination of information theory and human perception of vision and audio. &igital signal contains redundancy which manifests itself as noise. "umans cannot detect all levels of noise8 in other words, humans often cannot tell an image or an audio clip from another with slight difference in levels of noise. The larger the cover message is *in data content terms 9 number of bits+ relative to the hidden message, the easier it is to hide the latter. .or example, a :; bit bitmap image has < bits representing three colors - =ed, green and blue at each pixel :>? shades of each basic color. So changing the least significant bit of any of these basic colors would make an extremely negligible change on that pixel - and possibly less on the image. So the least significant bit can be easily used to store the steganographic message. So, if we change the @S0 of each basic color of three ad7acent pixels, we get A bits !! enough space to store an AS,(( character. This is called L#B mani%"lation and a very conventional and simple steganographic implementation. (t can also be noted that the actual message itself can be compressed using some compression coding methodologies like run length coding. "istorically, a lot of invisible ink steganographic messages were encoded using 1olybius s$uares or similar text to integer mapping schemes. Stated somewhat more formally, the ob7ective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier/container *the original signal+ due to the in7ection of the payload *the signal to covertly embed+ are visually and ideally, statistically negligible8 that is to say, the changes are indistinguishable from the Gaussian noise of the carrier. .rom an information theoretical point of view, this means that the channel must have more capacity than the BsurfaceB signal re$uires *entropy+, i.e., there is

redundancy. .or a digital image, this may be noise from the imaging element8 for digital audio, it may be noise from recording techni$ues - amplitude or fre$uency modulation. Any system with an analog *signal+ amplification stage will also introduce thermal noise, which can be exploited as a noise cover. Steganographic channel is a co- $t chann l in (nformation theory terms since it transfers some kind of information using a method originally not intended to transfer this kind of information. Steganography also supports both storage and timing covert channels. This report primarily discusses storage covert channels where a covert message is communicated by manipulating a stored ob7ect like an image. =on =ivestCs D,haffing and 'innowingE protocol discussed later can be argued as an example of timing covert channel. (t is fairly obvious that more the data content of the cover message, the easier it is to hide the message. (n case of images, bitmaps are better fits that G(.s and 213Gs because G(. is < bits per pixel and 213G is a lossy compression techni$ue. 0ut on the flipside, bigger images will attract more attention than smaller images as suspect stego!images. Subtlety in changes is a very important feature and stego!images should only have subtle changes. An image with large areas of solid colors would be a bad fit since large variances created by the embedded message would cause drastic differences easily spotted by the human eye. The spatial fre$uency distribution of the image *spatio! temporal in case of audio or video content+ is also a determining factor in the efficiency of the hiding process. As we will see later, we have techni$ues for both Gaussian and @a1lacian distribution using maximum likelihood estimators for the stego!messages. #ften the embedded message is itself encrypted using a key that may or may not be known to the adversary. Since steganography re$uires that communicating parties have some prior shared information, symmetric key is a natural fit. "owever, public steganography with steganographic key exchanges is also possible.

1$ison $2s %$o3l m an! s"3liminal chann l

The study of steganography in machine cryptography was first stated in the prisonerCs problem by Simmons. Two inmates Alice and 0ob are accomplices in a crime and are sent to the prison. They need to communicate with each other but they have to use a public channel which is monitored by the 'arden of the 7ail. The warden will only forward the messages if they are intelligible. The prisoners accept this condition and find a way to communicate secretly in exchanges !!! establishing a s"3liminal chann l even though the messages themselves are not encrypted. The warden will also try to deceive them, so they will authenticate each otherCs messages before accepting them - a"th ntication witho"t s c$ c&. Thethe situation is paradoxical because the warden demands access and the prisonerCs need to authenticate each other. Authentication without secrecy channels achieve that by placing a pre arranged condition on all messages. (t is this capability that creates a subliminal channel for the prisoners. (f FmC redundant bits are allowed to establish authenticity, then these redundant bits create a bit by bit subliminal channel which can be used to transmit extra information. N"ll ci%h $s an! 4Cha00ing an! (innowing5 A null cipher is a form of encryption where the plaintext is mixed with a large amount of non!cipher material. Null ciphers are used to hide the actual ciphertext by introducing nulls to confuse the cryptanalyst. ,lassical steganography can also be thought of as an extension of this concept where the carrier / container data are actually the null ciphers - data that create confusion and diffuse the actual payload. =on =ivest extended this concept to an idea of D,haffing and 'innowingE to create steganographic communication channels. The concept is analogous to separating *winnowing+ wheat from chaff where wheat is the actual payload and chaff is the null ciphers. (n a two step process, the transmitter introduces chaff to the wheat i.e. intersperse the actual payload with meaningless data. The receiver DwinnowsE the actual payload from the non!interesting data. As with most steganographic transfers, the transmitters add a %A, to establish authenticity of the communication to any message that is sent. %A,s are calculated over the entire message and a serial number of the message using a secret symmetric authentication key. The transmitter attaches bogus %A,s for the chaff packets instead of calculating it. This is what distinguishes the DchaffE from the DwheatE. The receiver now doesnCt have to do anything special since the normal protocol of a receiver is to discard packets that do not have correct %A,s. Though the adversary can see the entire communication, it cannot tell chaff from wheat as the %A, will look like a random function.

"owever, weak %A, functions can potentially leak information in this protocol. (t is also important to note that it is not possible to use digital signatures here since anyone will be then able to compare the signatures and tell DchaffE from DwheatE. "owever, Ddesignated verifier signatureE schemes where only signature designates can verify a signature would work fine. The other key idea is that since the creation of DchaffE involves generation of a bad %A, and not the knowledge of a secret key, any entity can play the role of a DchafferE.

'igital (at $ma$)ing an! /ing $%$inting

&igital watermarking is the techni$ue of adding identifying information to digital artifacts using steganographic principles i.e. hiding the information cleverly so that extraction is difficult by any adversary. 'atermarks can be visible or invisible in the context of images. There are various techni$ues of placing digital watermarks on images but they can conceptually be divided into two categories G. #%atial t chni6" s. These methods are based on hiding the messages on geometric characteristics of the image. These are highly susceptible to signal alteration algorithms. 3ven simple signal manipulation like )ooming, cropping, smoothing would obliterate watermarks. :. /$ 6" nc& 'omain t chni6" s. These methods are used to hide messages along the fre$uency distribution of hues, intensities, luminance etc of the images. These are comparatively robust to simple image manipulations but can fall prey to statistical steganalysis. (n strict terms, visible digital watermarks are really not steganographic ob7ect - they enhance information instead of hiding. /ing $%$inting is a slight different implementation of digital watermarks. 'hen an artifact is sold to an entity, information about that entity is hidden in the artifact. (f illegitimate copies of the artifact are sold, the watermark information would reveal the violator. A slight modification of this would be using the cana$& t$a% protocol where uni$ue alterations are made to each copy of artifact sold. The illegitimate copy has a tell!a!tale that traces back to the violator.

#om !igital wat $ma$)ing algo$ithms

(t is not too difficult to formulate algorithms that can cleverly hide information in images. The key idea to avoid detection is to hide the message in such a way that statistically it comes across like normal distribution making pattern detection very difficult. Mas)ing an! 0ilt $ing These are some basic techni$ues to create visible watermarks by altering the luminance or colors of certain regions in the image. These can be detected very easily by simple statistical analysis but these are fairly resistant to lossy compression and image cropping. (t doesnCt hide the data in noise but embed it in significant areas - 7ust the reverse of @S0 manipulation. L#B Mani%"lation This is the manipulation described in the (ntroduction that is susceptible to even slight image modification. (t is very efficient in hiding a G(. or 0%1 image in another but a linear analysis is enough to figure this out. (t is fairly easy to hide an image in 4 or even ; least significant bits of another image without causing ma7or noticeable change. The motivation for steganography is important here. (f the intention is to covertly pass messages, this can still work unless all artifacts are sniffed for steganographic information. 0ut if this is meant for digital watermarks, it is very easy to extract and /or get rid of the info. #%$ a! #% ct$"m m tho!s (n spread spectrum methods, the message is scattered across the image making it harder for cropping, rotation and other basic image manipulation techni$ues to obliterate the watermark. This is also somewhat resistant to statistical steganalysis because it gives it the impression of noise in an image. 1atchwo$) is a tool from (0% uses this techni$ue to scatter hidden information based on statistical distribution of luminance in the image. (t iteratively selects two patches on the image, brightens one and darkens one. (t then calculates the standard deviation, S between light and dark patches over the sample patches. To encode, it picks up two patches up in random and then brightens one by S and darkens one by S. This

process is iterated and the whole image palette is laid in a mosaic of bright and dark patches one of which is used to hide data. This patch information is vital to decode the hidden message later. This is clearly a fre$uency distribution method. 1atchwork makes the assumption that the image has a Gaussian distribution. T .t"$ Bloc) co!ing (n this method, pairs of areas of similar texture are found and one area is copied over the other. Thus we have identical blocks of texture in the image. (terating a few times, we can get two large blocks of identical textures. These two blocks would get altered identically for all non!geometric alterations of the image. These two blocks can then contain information about these images. M*# 6" nc s "sing lin a$ shi0t $ gist $s %!se$uences are based on starting vectors of a .ibonacci recursion relation which form a Galois field of finite cardinality. %athematically and statistically these numbers are known to have desirable autocorrelation functions8 the distribution of Galois field numbers is known to be of normal distribution thus resembling Gaussian noise in an image. So images encoded using m!se$uences are statistically impossible to distinguish from the original as they are similar to noise in a normal distribution. (f the stego message is encoded using m!se$uences, it can easily be embedded in the image by a @S0 substitution. A more secure implementation would be to use @S0 addition instead to embed the watermark. So it will re$uire the examination of the complete bit pattern and the current linear shift register implementation. This is more secure because to crack this, the adversary would have to do the same computations without any apriori knowledge. /$ 6" nc& ho%%ing (n this method scattering of the message is done on the basis of rules that change cumulatively. The idea is similar to &3S block encryption8 bits are swapped according to rules that are dictated by the stego!key and random data from the previous round. (hit nois sto$m+ an implementation of this methodology, creates a message space of < channels where each channel has a window of ' bytes, where ' is a random number. 3ach channel however carry only one bit of the message and a lot of unused bits. The bits inside a window permutate and rotate according to an algorithm that is regulated by the previous windowCs operations and the stego!key. .inally this encoded message is embedded in the image using @S0 substitution. The idea again is to simulate a distribution that is similar to a Gaussian distribution.

#t ganal&sis an! 'igital (at $ma$)ing Attac)s

Steganalysis is analogous to cryptanalysis in the context of steganography. Steganalysis is composed of three steps ! G. &etection of hidden message *1assive Steganalysis+ :. 3xtracting of hidden message *Active Steganalysis+ 4. &isabling/ &estruction of hidden message. (t is important to note here that it is not necessary to extract a message to disable or destruct a message. (t is often very difficult to extract a hidden message and at times even to detect one because they are scattered and show up as noise. The case of visible watermarks is obviously different. 0ut the problem lies in the fact - detection is also not important if we have a Dsuspicious attitudeE. 'e can run algorithms that are known to destruct digital watermarks in messages. #n top of that there are algorithms that instead of disabling watermarks, either overwrite watermarks or create exact replicas - rendering the watermark useless either way. @uis 6on Ahn et al formulates and proposed Duniversal robustnessE for steganographic information. They prove that Drobust steganographyE is as secure as the underlying crypto used to encrypt the message that is hidden in the clear. 0ut this 7ust ensures extraction is hard and likens it to cryptography. 0ut their algorithm doesnCt prove that obliteration of the steganographic secret is not possible. Some common types of attacks on &igital 'atermarking are 7. R mo-al attac)s 8 ' noising+ R mo!"lation+ Loss& Com%$ ssion

These attacks attempt at completely removing watermark from the data. Since a lot of steganography algorithms try to hide data as noise, removal of noise should obliterate the watermark. These algorithms they try to estimate the cover data using a given statistic for the noise in it. (t assumes the noise to be the watermark. @angelaar et al proposes a se$uence of filtering operations* median filtering, highpass filtering+ on the image to denoise the image that will likely get rid of the digital watermark. There are several other watermark estimator algorithms that uses either Ma.im"m A%ost $io$i 1$o3a3ilit& 9MA1: if we know the image statistics or Ma.im"m li) lihoo! 9ML: ,lassifier algorithms if we do not know anything about the images, to find an estimate of the digital watermark. 6oloshoynovisky proposed an algorithm where he used the %A1 estimator and then remodulates the image to find the least favorable noise distribution. This is guessed to be the watermark. #ften lossy compression of uncompressed image data like 213G, would completely wipe out the watermark since the raw data would be replaced by &irect ,osine Transforms of the data. "owever, this is mitigated by algorithms that can hide information directly in compressed data. ;. < om t$ic Attac)s 8 (a$%ing+ t$ans0o$ming+ =itt $ing tc. These attacks are the easiest to implement and often very effective. (nstead of removing the watermark, these stress on distortion of embedded data by spatial or temporal alterations *in case of audio and video data+. The result of these attacks is to scatter and alter the way the watermark is laid out in the image. .or a simple attack, if an image is rotated by a slight angle, say G degree and the edges filled by the texture of the average of ad7acent pixels, there is a high likelihood that the watermark would fall out of sync with the watermark detector. The key idea here is though the digital watermark data exists in the artifact, it has moved in such a way that the watermark detector can no longer detect the data. >itt $ing is another effective attack that works extremely well for audio data. An audio signal is chunked up into DnE chunks and then either one chunk is deleted or a copy is made and then assembled back together ending up in either *n !G+ or *n HG+ samples. This introduces a 7itter in the signal that is not detectable by humans. &igital watermarks would totally get destroyed in this attack. ?n@ign implements a pixel 7ittering algorithm that works well on spatial domain watermarks. Another important observation is that though some algorithms survive basic geometric attacks like rotation, shearing, resi)ing etc., they succumb to a combination of different attacks. #ti$Ma$) is an implementation based on these principles that simulates an iterative resampling process where the image is slightly resi)ed, sheared and rotated by a random small amount. "owever, repeated iterations of Stir%ark degrade the image to the point that humans can detect the difference between the original and the processed. C$&%to attac)s 8 B.ha"sti- ) & s a$ch+ Coll"sion+ A- $aging+ O$acl attac) These are similar to normal cryptographic attacks where the steganographic key is searched exhaustively. Statistical averaging attacks involve taking the same data set with different instances of watermarks and then averaging them to find the attacked data set. A modification of the averaging algorithm is the collusion attack where smaller portions of the data set are taken and attacked data set found using averaging algorithms. These smaller datasets are then combined to get a new attacked data set. 1$otocol attac)s 8 (at $ma$) in- $sion+ Co%& Attac). These attacks do not aim to detect, destroy or disable the watermark, but to attack the basic tenets of watermarking e.g. watermarks cannot be extracted from non watermarked data. The (at $ma$) in- $sion attac) uses the feature of o- $ma$)ing that is the ability to mark an image more than once. 0ob gets an image from Alice that has her watermark. 0ob subse$uently generates his own watermark and subtracts his watermark from the image he got from Alice. &ue to overmarking, AliceCs signature would still be readable from this image making it almost identical to the image Alice circulated. 0ob can now argue that Alice has removed his signature and added hers to generate this image. This will establish that 0ob was the actual owner of the image.

A.

;.

The Co%& Attac) gets an estimate of the watermark using a %A1 or a %@ estimator. (t then processes this watermark using the least favorable noise function *mentioned in replacement attacks+ to smoothen the watermark. (t then adds the watermark to a new document. ,opy attack allows anyone to identify his own document as being watermarked by a well known entity by placing a watermark copied from a document published by that entity on it. This is a very serious attack that Iutter et al experimentally succeeded to accomplish.

' 0 ns s against #t ganal&sis

'e noticed that most steganographic algorithms pretty cleverly hide data to avoid detection by !!! blending in as Gaussian noise, embedding in significant areas, scattering across the fre$uency spectrum etc. (t has also been seen that it is often not easy to extract a digital watermark. @uis von Ahn et al propose robust steganographic algorithms as well as new advances to public key steganography etc. 0ut this often doesnCt safeguard against attacks to destroy or replace watermarks on images, audio files etc. 'e have also notices that watermarks are particularly susceptible to attacks that are combination of more than one attack. There have been mitigations suggested to particular types of attacks e.g. error correction of coding theory using hamming distance *or some other distance measuring algorithm like 3uclidean algorithm + for statistical steganalysis. 0ut the problem is that attacks are preceding mitigations. 0arr et al from &igi%arc are suggesting the concept of image signature to mitigate the copy attack where perpetually similar images would produce the same signature whereas perpetually different image would produce very different signatures. 'hile this would successfully mitigate the copy attack, one can still launch a geometric attack and obliterate the watermark. Since the image would be perpetually similar the signature would be the same, and image signature would not mitigate the attack. Additionally the problem here is that there is an additional burden on the watermark detector to verify the signature of the image. This is double verification and needs additional security. The key idea is to make the digital watermark such that destruction of the watermark would destroy the image itself. #ne idea proposed by Neil 2ohnson is to use a gradual mask instead of a sharp mask for the visible watermark, so that the watermark is not visible until the luminance of the image is significantly increased. This makes it more robust against changes of lower bits. Though extensive image processing and spatially selective alteration of luminance based on the luminance distribution may make the digital watermark vulnerable, the image would also be distorted enough by so much processing.

Concl"sion
The challenges in digital watermarking stem from the fact that the attacks derive from the same phenomenon as the watermarking technology itself !! small noise insertion doesnCt create humanly noticeable changes to an artifact. ,learly right now the watermarking technology is not robust enough to mitigate combination of attacks. (ntroduction of new authentication schemes as proposed by public key steganography would attach another layer of security but does not in itself guarantee universal absolute robustness of watermarks. ( think the solution may very well lie in better statistical models based on information theory. 'e can mitigate some attacks using authentication and authori)ation - but pattern detection and obfuscation should be mitigated by better scattering algorithms.

R 0 $ nc s
G. :. 4. ;. >. ?. J. <. A. GK. GG. G:. G4. G;. G>. Neil 2ohnson and Sushil 2a7odia, 3xploring Steganography Seeing the 5nseen. Gustavus 2 Simmons, The 1risonerCs 1roblem and the Sublimimal channel =onald @. =ivest, ,haffing and 'innowing ,onfidentiality without 3ncryption .abien A 1etitcolas, =oss 2 Anderson and %arkus Iuhn, (nformation "iding a Survey. 1ierre %oulin and 2oseph #C Sullivan, (nformation!Theoritic Analysis of information "iding Nicholas 2 "opper, 2ohn @angford and @uis 6on Ahn, 1rovably Secure Steganography Neil 2ohnson and Sushil 2a7odia, Steganalysis The investigation of hidden information 0ender, Gruhl, %orimoto and @u, Techni$ues for data hiding. Neil . 2ohnson, An (ntroduction to 'atermark recovery from (mages .abien A 1etitcolas, =oss 2 Anderson and %arkus Iuhn, Attacks on copyright marking systems. %artin Iutter and Sviatoslav 6oloshynoviskiy, The 'atermark ,opy attack Niels 1rovos, &efending against Statistical Steganlysis 0arr, 0radley and "annigan, 5sing &igital watermarks to mitigate the threat of copy attacks. Iaren Su, &eepa Iundur and &mitrios "at)inakoa, A novel approach to collusion resistant 6ideo watermarking. Stefan Iat)enbeiser and "elmut 0eith, Securing symmetric watermarking schemes against protocol attacks.