california state university, northridge applications of steganography … · 2016. 12. 31. ·...
TRANSCRIPT
CALIFORNIA STATE UNIVERSITY, NORTHRIDGE
APPLICATIONS OF STEGANOGRAPHY
A thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in
Software Engineering
By
Alireza Behrouzi Shad
December 2011
The thesis of Alireza Behrouzi Shad is approved:
Professor Richard Covington Date
Date
Date
California State University, Northridge
ll
ACKNOWLEDGEMENT
I would like to thank Dr. Mcilhenny for his support and guidelines
throughout this work. I would also like to thank Dr. Covington and Dr.
Gabrovsky for their efforts as committee members. Finally, I would like to
express my gratitude to the members of my family, especially my wife, for
their tremendous support and encouragement.
111
TABLE OF CONTENTS
S. .. 1~2Lt11re IJ2ll5e •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 11
Acknowledgement ••••••••.•.••••••.•.•.••••••.•••••••••••••••••••.••••••.••••••••••••••..•.•..•• iii Table of Contents ••••••.••.....•.....•.•....•........•..................•...••...•...••••........ IV
Al>straLct ••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• vi Chapter 1: Introduction ..............................•.•.•....••........•.••....•..•.••.•.......... 1 Chapter 2: Overview ••••••••••••••••••••••••••••.•.••••••••••••••.••.••••••••••••.•••••.••••••••• 5
2.1. Steganography vs. Cryptography .••••••.••••••••••••••••.•••..••.••••••••..•••.• 5 2.2. Types of Media Carriers .•••••••.••••••••••.••••••••••••••••••••••••••••.••.•••••••• 8 2.3. Storage Formats •••••••••••••••••••••••••••••.••••••••••••.•.••••••••••.•••.••••••••• 10
2.3.1. Imaging Storage Formats .••••••••.•.••.••.•.•••••••••••••••••••••.••••••••• 10 2.3.2. AudioNideo Storage Formats .••••.••••••.••..••••••••••••••••••••.••••.•• 12 2.3.3. Text Storage Formats •••••.••.•.•••••.•••••••••••••••••••.•••.•••••.••••••••• 13 2.3.4. TCPIIP Storage Formats •••.••••••••.••••••••••••••••••••••.•.••••••••••.••• 14
2.4. Processing •••••••••.•••••••••••••••••.••••••••••.••••••••••••••••••••••••••.•.••••.••••• 14 2.4.1. Image Processing ••••••••••.•••••••••.••••••••••••••••.••••••••••.••••••••••••• 15 2.4.2. Audio Processing ..••.•.•••••.•.•••••..••••••••...••.••.•••••.•••.••••••••.••••• 19 2.4.3. Text Processing •••.•........••.••••••••••••••••••••••••••••.•.•••••••••••.••••• 21 2.4.4. TCPIIP Processing ••••••••••••••.•••••••••••••••••••••••••••••••••••••••••••••• 21
Chapter 3: Algorithms •••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 23 3.1. Imaging Algorithms ••••••••••••••••••••••••••••••••••••••••••••••••••••••••.••••••• 23
3.1.1. LSB Steganography •....•...••.•••••••••••••.••••••••••••••••••••••••••••••••• 24 29 3.1.2.
3.3.3. Color Cycle Steganography •••••••••••••••••••.•••.•••••••••••••.••••••••••• Random Bits Steganography •••••••.••..••••••••.••••••••••••••••.••••••••• 29
3.3.4. Fridrich Method •••••••••••••.••••••••••.•••••.••••••••.•••••••••.••••.••••••••• 30 3.2. Audio Algorithms •••••••••••••••••••••••••.•••••••••••••••••••••..••••.•••••••••••••• 31
3.2.1. LSB Coding •••••••••••••••••••.••••••••••.••••••••••.•••••••••••••••••••••••••••• 32 3.2.2. EAS •••••••••••••••••••••••••••••.••••••••.••••••••••••••••••••...•••.•••..••••••••• 34 3.2.3. Parity Coding •••••••••••••••••••••••••.•••••••••••••••••••••••••••••••.••••••••• 36 3.2.4. Phase Coding ..•••••..•....•.•.••••••••••.•.•.•.••••••••.•••••..•••••••.••••••••• 37 3.2.5. Spread Spectrum •••.• ._ •••..••.••••••••••••••••••••.•••.••••••••••••.•••••.••••• 39 3.2.6. Tone Insertion •••••••••••••••••••.•••••••.••••••••.•••.••••••••••••••••••••.•••• 40 3.2. 7. Echo Hiding ••••••••••••••.••••••••.••••••.••••.•••••••.•••••••.•••.••••••••.•••• 42
3.3. Texting Algorithms ..•..........••.......•.....•...................................... 45 3.3.1. Particular Characters in Words •••••.•••.•.•.••.•.•.••••••••.••••••••••••• 45 3.3.2. HTML Documents ••••••••.•.•••••••••••••••••••••••.••••••••••••••••.••••••••• 46 3.3.3. Line and Word Shifting •••.••••••••••••.•••••••••••••••.•...•••••••••••.••••• 4 7
IV
3.3.4. Abbreviations and Spaces .•••.••••••••••••••••.•••••.•••••.••••.•••••••••••• 4 7 3.3.5. Semantic and Character Feature Methods .•.....•••..........•....•.. 49 3.3.6. Arabic and Persian Letter Method •...............•...................•.• 50 3.3. 7. Font-Size Change Method •.•••...•••••••••.•.•••••..••.••••••••.•..•.•..•••• 50 3.3.8. Color Change Method •••••.•••.•••••••••..•.•••••.••••.•••••••••••.•.•••••••• 51
3.4. TCPIIP .Algorithms .••••..••••••.••.•.•••••••.••••••••••••••••••••••.••••••••••••••••• 52 3.4.1. TCPIIP Header Fields •••••.•••••.••••.•••••••••••••••••••••.••••••••••••••••• 53 3.4.2. Linux OS .•••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••• 57
3.5. Evaluation •••••••••••••••••.•••••••••.•.•••••••••••••••••.••.•••.••••••••••.•.•.•••••••• 59 3.5.1. General Comparisons ••••••.•.••••••••.•••••••••••.••••••••.••.••.•.•••••••••• 61 3.5.2. Preferred Stego-.Algorithm ••••••••••••••••.•.•.•••••••••••.••••••••••••••••• 65
Chapter 4: Steganalysis •••••••••••••••••.•••••••.••.•••••••••••.•••••••••••••••••.••••••••••• 67 Chapter 5: Proposed Method •.•••••••••••.•.••••••.•.•••••••••.•.•••••••••••..•••••••••••••• 7 4 Chapter 6: Conclusion •••••••••••••••••••.••.•••.••••••••••••.•••.••••••••••••••••••••••••••••• 91 References •.•••..•••.•••••••••••••••••••••••••••.••••••••••••••••••••••••.•.•.••••••••••••••••••••• 92
v
ABSTRACT
APPLICATIONS OF STEGANOGRAPHY
By
Alireza Behrouzi Shad Master of Science in Software Engineering
Steganography is an ancient science and the art of hiding information. Its
counterpart, steganalysis, on the other hand, is the skill of detecting the
hidden information. The growth of the Internet in recent decades created a
battle field for both stego-counterparts, which resulted in profound influence
on information security. In both sides of the battle, different and stronger
tools have been developed to better meet the needs for the information
security. The enhancement of these tools would benefit not only the national
security and intelligence community, but also provide a wide range of
services and applications used for peaceful purposes. The flexible process and
the simple implementation of some of the steganographic methods offer
various options for the users of this technology, and they can select the one
that fits their needs.
There is, however, a great difference between steganography and
cryptography, as the former tries to hide the very existence of the secret
message, while the latter only scrambles the information without hiding it.
VI
Secure communication and transmission of vital information are the essential
needs of today's business environment, as well as the national security and
intelligence community. This might be one of the important reasons for
increasing significance of steganography m applications like bank
transactions and battlefield communications, as conveying crucial
information to intended recipients, while preventing access to others.
Vll
CHAPTER 1 INTRODUCTION
Steganography is the art and the science of concealing the presence of secret
information with no risk of detection. Using stranographic methods, the
message is written in a way that its existence is obscured. This technology
provides information-secrecy in such way that no one can even suspect the
existence of the message except the sender and the intended recipient.
The word "steganography" means "covered writing". It has a Greek origin
taken from the terms "steganos", which means "covered", and "graphein", "to
write". The history of hiding messages, "steganography", goes back to around
500 BC [1] [20]. The ancient Persians and Greeks used to tattoo important
messages on the heads of the messengers, who were dispatched when their
hair grew back. Masking and invisible inks were also used to write or draw
secret text or drawings within letters (Figure 1). The term "steganography",
however, was first used in 1499, in a book on magic, called "Steganographia"
by Johannes Trithemius [1]. This technique had also many implications
during WWII, when it was used by the spies of different countries to send and
receive hidden messages. Using invisible inks and Morse code to write
messages are examples of this technique that was used during WWII [1].
With the growth of the Internet and rising multimedia techniques since
1990s however, this ancient technique has gained esteem resulting in more
computer based data-hiding using various digital media formats. Text, image,
1
video, audio, and other digital media formats may be used in order to convey
information under cover, and conceal the very existence of data being
exchanged in today's digital world. Digital watermarking is one of the most
common applications of steganography [21]. It is a replication of a sign, text
or an image authenticating the source, and embedding signatures proving
copyright or ownership of a document.
Steganalysis, on the other hand, is the skill of detecting and breaking
steganography through various examinations. Steganography_ and its
counterpart steganalysis encompass a vital rule in the 21st century. The
tremendous growth of the Internet during the recent decades, along with its
availability for almost anyone around the world, has created a battle field for
both stego-counterparts to profoundly influence information security [14].
The challenge of one side is transmitting higher capacity information secretly
with the use of better technology and media, while the attempt of the other is
to better prepare for detecting malicious secret data. In both sides of the
battle, different tools have been developed to better meet the needs of a
widely open environment like the Internet. Stronger countermeasures on
both sides have been emerging as many simple methods were defeated. The
enhancement of these tools would benefit not only the national security and
intelligence community, but also provide a wide range of services and
applications used for peaceful purposes, such as multimedia integration,
2
reliable storage and data-transmission, as well as copyright and digital
property protection. [14].
The main objectives of steganography, however, include efficient data
transmission and information security, along with sufficient capacity for
data-hiding. Usually, one is achieved by compromising the other. The
attempt of increasing the capacity for hiding information results in tumbling
the level of data-security. On the other hand, the increased data-secrecy
results in lower capacity for information-hiding. So the fundamental search
for a way to convey higher capacity data without being detected is an ongoing
process, as one side attempts to overcome the other.
In addition to capacity and data-security, robustness and transparency are
also among the most important characteristics of steganography. These are
the essential attributes of all steganographic algorithms, which must be
analyzed vigorously for a stego-system in order to be able to transmit secret
information from one point to another. Capacity, as the first attribute, refers
to the amount of data that can be inserted into a carrier medium without
producing perceptible distortion [23]. The second characteristic, security,
relates to the capabilities of a stego-algorithm to prevent an intruder from
easily finding the secret information. The third characteristic, robustness,
evaluates the capability of the stego-file to resist against an intentional or
unintentional attack. And finally, transparency measures the amount of
perceptible distortion of a carrier medium after embedding secret information
3
[25]. Transparency is measured in particular with audio steganography,
where the visible and transparent existence of a digital watermark or digital
signature might help to increase the protection of the property and copyright
[8].
Nevertheless, this study attempts to compare a few recently developed
algorithms, along with various tools and digital media used for information
hiding, in order to provide an in-depth understanding about steganography.
It will also analyze the existing steganographic algorithms in terms of their
attributes (i.e. capacity, security, robustness, and transparency) to propose
the most secure way of transmitting high capacity of hidden information with
lowest risk of detection.
Figure 1: Ancient use of Invisible Ink and Masking
4
CHAPTER2 OVERVIEW
2.1. Steganography vs. Cryptography
Despite the differences between cryptography and steganography, however,
each of these techniques is being used, separately or together, to increase the
level of information security. One of the major distinctions between these two
techniques is that cryptography allows for scrambling the information in a
way that if intercepted or exposed by an intruder, it will be difficult or
impossible to understand or decode. Yet, it will draw suspicion. On the other
hand, steganography conceals the existence of the secret information entirely,
and unlike cryptography, the conveyed information draws no suspicion at all
[2][21]. This in fact, is one of the core benefits of steganography as opposed to
cryptography, in which steganographic information will never draw any
attention, while cryptographic messages arise suspicion, no matter how
scrambled or unbreakable they are (Figure 2). "The intent of steganography
is to conceal the presence of a message. The intent of encryption is to
scramble a message so that it is indecipherable to all but the intended
recipients." [3]
5
Figure 2: Steganography vs. Cryptography Bob
Allee's private key Vessellinago
http://www.google.com/search?q=image+steganography&hl=en&biw=1280&bih=709&prmd=imvns&tbm=isch&tbo=u&source=univ &sa=X&ei=Kj ATr rKYLiiAL-
x WiAw&sqi=2&ved=OCCUQsAQ#hl=en&tbm=isch&sa=l&q=image+steganography&pbx=l&oq=image+steganography&aq=f&aqi=& aql-&gs sm-e&gs upi=OIOIOI10254IOIOIOIOIOIOIOIOIIOIO&bav=on.2,or.r gc.r pw .. cf.osb&fp=c3ab5dld87a308a2&biw=1280&bih=709
For double protection, however, steganography and cryptography are used in
conjunction, forming a hybrid technique, "Stego-Cryptography", to secure the
information even further. "Both Steganography and Cryptography are
excellent means by which to accomplish [information security] but neither
technology alone is perfect and both can be broken. It is for this reason that
most experts would suggest using both to add multiple layers of security." [4].
With the stego-cryptography method, first the message is encrypted and then
hidden within a carrier, like an image file, so that if discovered the
interceptor has to first find the suspicious file or information, which is a
difficult task per se, and then decrypt it. Using cryptography and
steganography together, as a hybrid stego-cryptographic system, the
compressing of an image file will take much less space and reduce the size of
the transmitting data. Applying compression and encryption in conjunction
will also make the package look casual and far less suspicious than a normal
steganographic message [ 4].
6
In general, steganography is used for information security. It makes
messages to appear as something else and impossible to detect with naked
eye (Figure 3). Hidden images or covered text using invisible inks between
the visible lines are just few examples among many steganographic
applications. "Modern information hiding technology is an important branch
of information security. The redundancy of digital media, as well as the
characteristic of human visual system, makes it possible to hide messages."
[5]. Hiding messages and conveying information securely over the Internet is
one of the major intents of utilizing and optimizing the steganographic and
cryptographic techniques.
With the current technology trend and the growth of the World Wide Web,
the main concern is to be able to communicate securely, conduct secure e
commerce, as well as to prevent software piracy. To achieve such secrecy and
efficiency in an open environment like the Internet, using cryptography alone
may not be sufficient. Applying cryptography alone does not provide the
7
strong data secrecy that may be necessary for an open environment.
Therefore steganography is employed- alone or in most cases in conjunction
' with cryptography- due to the lack of strengths in cryptography.
2.2. Types of Media Carriers
In general, earners or cover-media used for steganography can be broken
down to graphics, sound, text, and executables. Computer based
steganography allows information to be concealed in digital media like digital
images, video/audio files, texts, and transmission protocols (i.e. TCPIIP).
Making some insignificant changes to some digital carriers allows for data
hiding and secure transmission of information. Digital steganography may
utilize any type of electronic interaction including coding inside a transport
layer, digital text or image, vides/audio file, and programs. The hidden data
can be embedded within these types of digital carriers by replacing them with
the 'noise' or extra spaces that exist in these carriers. This so called 'noise'
can be the very insignificant bits of colors in an image file that are not visible
to human eyes, or very small echoes and sound delays within a audio file not
detectable by human ears [6]. The process of hiding information adds some
extra noise to the medium, which could draw attention. Therefore, the
redundancy and randomness of data, and the amount of original existing
noise in a digital media would help to prevent detection of the file containing
8
a hidden message. Moreover, the same medium or carrier can not be used
repeatedly, because it may raise suspicions. Even using a similar cover
medium may draw attention. So the carrier used for data hiding purposes
must be selected cautiously. The ideal digital media files used for
steganography are the large size containers, which contain a great amount of
noise. For example, a black and white image with gray scale or a 24-bit
scanned photograph is the best form of a carrier used for steganography. A
sender may start by adjusting the color of each pixel that represents an
image to match with selected alphabet-letters, which will later be decoded to
a hidden message. Such subtle change prevents an interceptor to possibly
notice the existence of the message.
A digital text file is another type of digital carriers used for steganographic
applications. This method is referred to as null cipher allowing a digital text
file to be changed to include hidden information. Changing the space between
lines and words within a text file allows hidden messages to be written and
conveyed securely without attracting any suspicions. Web browsers usually
ignore spaces, tabs, line breaks, or other characters written in HTML files.
These ignored locations may be used to conceal secret information. Unused
spaces on the hard-drive are also turned into locations for hiding secret data.
The file-storage process of all operating systems usually results in extra
space that might be reserved for the files, which in fact may or may not be
used by the files. These free spaces may as well be utilized for data-hiding.
9
Transport protocols, like TCPIIP, are also used for conveying secret
information. TCP/IP packets include headers with unused space, which might
be manipulated to hide data. Changing the physical arrangement of a carrier
itself will also provide a way to hide and convey information. The layout of
the source code of a program, or an electronic circuit board may be
rearranged and manipulated to hide secret messages [6].
2.3. Storage Formats
Storage formats relate to different ways of digital data being stored within
various media formats. Different types of digital data are stored in different
media formats. For instance, images are stored differently than audio signals.
There are also several forms of storage formats within each category of
digital data (e.g. image, audio, text, etc.) that are widely used for specific
digital data types, like GIF format for storing images. They all provide
certain advantages and disadvantages when used for steganography.
2.3.1. Imaging Storage Formats
Many steganographic tools used for information hiding through digital
images manipulate files with different storage formats like GIF, PNG, and
JPEG. A GIF storage format (Graphics Interchange Format) can be used to
10
store images like Clip Art and drawings with very small color variations. This
storage format allows for only 256 different color variations to be stored with
.gif extension. This format is a bitmap describing digital images as binary
bits indicating the color of each pixel. The images stored in this format are
widely spread throughout the web without drawing any suspicious attention,
and are generally recognized by every browser. The primary advantage of the
GIF format is that it has a lossless compression. When decompressing a GIF
image, the original digital image will be retrieved, as it was before
compression. Such characteristics make the GIF storage format suitable for
steganographic applications. S-Tools, GifShuffle, EzStego, Hide and Seek,
and many other steganograhic applications use GIF images [2].
In contrast to the GIF storage format, JPEG (Joint Photographic Experts
Group) allows for a variation of over 16 million different colors to be arranged
with extensions .jpeg, .jpe and .jpg. A digital camera for example stores
images as JPEG format. It is crucial however, that the file containing the
hidden information is stored with the appropriate format. Because the hidden
message may be lost during the decoding process using storage formats like
JPEG. JPEG compression is a lossy process, and what is normally lost is the
visually insignificant bit/s of the hidden message [2].
The PNG compression, on the other hand, is lossless and might be a safer
choice for these purposes. A PNG ("ping"), stands for Portable Network
Graphics, and is a more flexible type of a storage format used for information
11
hiding applications. From the application programming aspect, however, the
formatting details and variations are not significant. Generating code in Java
versions 1.4 and up for example allows for reading JPEGs, PNGs, and GIFs
using the same objects, methods, and procedures [3].
2.3.2. AudioNideo Storage Formats
The process of storing secret information using audio/video files tends to be
somewhat different compared to other media formats. Audio and video files
are normally larger than image or other digital files. The process of encoding
data in videos is very similar to the process of encoding data in images. The
only difference between the video and image steganography, is the size of the
media. Due to the fact that video files have larger amount of pixels
representing a picture, it can contain greater amount of secret data bits.
Although many steganographic applications take advantage of the number of
colors stored in video/audio files, the size of these carriers make them
inappropriate for certain type of media-distribution. BMP files, for instance,
contain a huge range of colors, which in fact, is an astonishing advantage for
information hiding in large amounts. But because of the large size of these
files,. they are not suitable for distribution over some types of web media.
From the steganographic standpoint, however, the compression and
decompression process of these files may cause problems as well.
12
Audio signals, however, can also be stored separately as a sound file. There
are various storage formats that can be used for audio signals, some of which
provide lossless compression, as some others offer lossy. The difference
between the lossless and lossy compressions is that once the audio file is
decompressed some amount of data may be corrupted or lost. In case of
steganography, the lost data may be the secret message bits. The more
advanced lossless compression forms of audio storage formats include MPEG-
4 SLS, MPEG-4 ALS, and MPEG-4 DST. MP3, Vorbis, Musepack, AAC, and
ATRAC are among the lossy types of compressions for audio files [17].
2.3.3. Text Storage Formats
A text message can not be presented with different appearance other than a
text. Almost all algorithms for text steganography use a simple text file as
the primary storage format for embedding secret information [11].
In addition to the simple text-formats, HTML documents can also be used as
another storage format for transmitting secret information on the internet.
The HTML tags are not case sensitive. This might be used to hide secret
data-bits within a HTML file. Steganography takes advantage of the HTML
case insensitivity to transmit secret messages by using different case sizes
when generating HTML tags [11].
13
2.3.4. TCPIIP Storage Formats
There is, in fact, no storage formats for the network steganography other
than the TCP/IP header fields that may be used as a carrier for hidden data.
Not all TCP/IP header fields, though, can serve as a covert channel. In fact,
only a few of them may be used for steganographic applications depending on
the network, as well as on the operating systems used on the machines
within a network [13]. In a passive network, for instance, a warden can not
possibly distinguish between an unchanged TCP/IP header and a stego
header field that contains secret data. These header fields can easily be
detected in an actively secured network-environment.
In addition, not all operating systems allow for TCP/IP header-field
modifications. A few older versions of Linux operating systems include
network policies that might be manipulated in order to modify certain
TCP/IP header fields into stego-channels for secret messages [13].
2.4. Processing
There are different forms of digital data-processing depending on the type of
the digital data. Although some of the widely used algorithms may seem
similar, in some cases, the processing of various digital data-bits is different.
Images are processed in different ways than audio signals and texts.
Understanding various data-processing is, in particular, important for
implementation of steganographic algorithms, because it provides the way of
14
how to manipulate vanous digital data 1n order to transmit secret
information.
2.4.1. Image Processing
The objective of using steganographic techniques is to convey a hidden
message using a digital medium, known as a carrier or cover, without raising
any suspicions. This technique allows for transmitting hidden information
from one point to another using a simple digital image as a cover, like a
camera picture or scanner image. Using a digital image as a cover or carrier
is the most common type of medium used for steganographic applications.
Computer based steganography allows information to be hidden inside an
image, by making some insignificant changes to that image. These changes
can be the actual hidden message being sent without any noticeable changes
to the carrier or the original image. The hidden messages may be information
about the carrier, like a digital watermark or fingerprint, or it can be a secret
message sent for other purposes [6].
From the software engineering standpoint, however, a digital image is
defined as an array of integers. This array represents the intensities of light
at a specific point on a screen or image. Thus, the system of producing a
digital image is based on a two dimensional coordinate-system with its origin
at the upper-left corner of the digital image. The function of this coordinate
15
system can be defined as f(x,y) with its point of origin at f(O, 0). Assessing the
value of this function for various points on an image is called sampling. Each
sample represents the intensity of light at a single point on an image and is
known as pixel. Every individual spot or pixel is addressable by calculating
the value of the function f(x,y) on the coordinate system. The degree of
resolution of an image, though, depends on the amount of pixels representing
the image [2]. The more pixels representing an image, the better and higher
resolution the image could have. This is called Dense Sampling. In contrast,
Coarse Sampling is when there are fewer pixels representing an image,
which results in low image-resolution (Figure 4). It is also important to note
that the rate of change in the function f(x,y), referred to as spatial frequency,
has a significant rule when speaking about image-resolution. Spatial
frequency describes the ratio of the amount and location of pixels
representing an image. Faster change in f(x,y) means fewer pixels
representing an image, while slower change corresponds to more pixels that
in turn provide higher resolution image [2].
a. b.
16
In addition to the indexing and addressing of each pixel, every pixel is also
composed of a red, a green and a blue sub-pixel, known as RGB. The degree of
the brightness of each sub-pixel (RGB) ranges from 0 to 255, which
determines the color of each pixel on a display screen. When the sub-pixels of
a RGB color model are set to 0, the color of the corresponding pixel will be
black, and when they are set to 255, the corresponding pixel will be white. In
between, a wide range of intensities can be assigned to each sub-pixel in
order to set each pixel on a display screen to a different color. This wide range
of colors is obtained by combining the RGB colors (the red, green and blue
lights) in various amounts. The color gray for example is produced by setting
the intensities of the RGB to equal values, like {120, 120, 120} for {red, green,
blue}. Every sub-pixel in the RGB model requires eight bits (a byte) for its
binary representation in order to determine the color of a screen-pixel [3].
The binary representation for colors ranging from 0 to 255 will be 00000000
to 11111111.
Steganographic applications usually use the "least significant bit/s" LSB to
hide secret informat~on. Using LSB, the color-change of resulting image (i.e.
stego-image) is so insignificant and unnoticeable with human eyes. For
instance, the RGB set consisting of {167, 248, 215} would never be
distinguishable by human eyes from the set containing {165, 246, 213}.
Steganographic applications take advantage of such human visual limitations
to convey secret messages without being intercepted or detected (Figure 5).
17
The LSB method allows for changing the lowest bits of each sub-pixel in a
RGB set to represent the ASCII value of a character. For instance, the ASCII
value of the letter 'A' is 65, which has a binary representation of {01000001}.
In order to convey the letter 'A' using the LSB method, each bit respectively
is replaced with the lowest-bit of the eight successive sub-pixels. This would
form unnoticeable color changes of the three successive screen pixels
containing the secret letter 'A' [3].
Figure 5: An image steganography system [3].
" 111101{)l.l.i0~1 ·. ~· .· 1001:1;1){)100:1:00
extracted· Ol,OCHJ.l.:.tOO 000 . .. . , massage :to:t:tol.:io:t:t. ,
In general, each pixel is stored as either 8-bit (one byte) or 24-bit (three
bytes) depending on the storage format of the image it represents [22]. A GIF
file is based on an 8-bit storage format, which has a variation of only 256
different colors, ranging from 0 to 255. On the other hand, a JPEG has a 24-
bit pixel pattern and provide 2A24 color combinations. That is over 16 million
different color combinations. For example a pixel consists of three bytes
11111111, 00000000, 00000000, with each byte representing the sub-pixels
red, green and blue respectively (the RGB). In some other patterns though, a
32-bit pixel pattern is used instead of 24-bit model, forming a so called RGBA
18
model with 'A' standing for Alpha channel. The extra byte representing the
level of transparency is also ranging from 0 to 255, from complete
transparency to complete opaque [3].
2.4.2. Audio Processing
Using a digital sound recording as a cover to hide messages is also common in
steganography. Digital based steganography allows information to be hidden
inside audio files by making small changes to the bits that store a digital
audio. Similar to the digital images, audio files can also be processed with
various steganographic techniques to convey secret information. Like images,
digital audio are stored as an array of integers. But this time, the array
represents the bits of a digital sound captured by a microphone. A sound file
consists of set of binary bits (eight bits form one byte). A lOsec. audio
contains more than 60k bytes of data [6] [8].
Sound is a form of waves. It is produced by repetitive variations measured in
time, which are caused by pressures or vibrations passing through air, water
or any object, but not in a vacuum. Sound is also composed of a wide range of
frequencies with different perceptions among different species. These
frequencies for humans are in the range of 20 Hz to 20 kHz. Both the lower
and the upper limits, though, may vary by age. Beyond these frequencies are
infrasound, acoustic and ultrasound, which can not be perceived by humans
19
(Figure 6). Taking advantage of these human hearing limitations, audio
steganographic applications hide and transmit secret information from one
end to another.
Figure 6
11111111:111 ... 0 7
lawl --- I ·1 a=-llllllrii: ... IIE
.. a;zl ~-''·-~10, -=~-, .. rnrrasaood Acouslc
http://en.wikipedia.org/wiki/File:Uitrasound range diagram.svg
However, the data capacity of an audio file for embedding secret information
is much lower than the capacity of other digital media, like a two-
dimensional video files. Therefore, it may only be used for brief secret
messages such as digital watermarking. Digital watermarking is an
alternative method used for protection of intellectual property rights. It is a
process of inserting information into an audio signal used as a signature
proving the ownership of a work or an artifact. The digital watermark, also
known as digital signature, contains information used in different areas, like
digital rights and broadcast monitoring. While watermarking does not
necessarily attempt to conceal the existence of the secret data from a third
party, it requires further robustness against malicious removal of the
encoded message from the carrier medium. In addition, the rate of malicious
attacks against audio watermarking is much less than those against the
image watermarking methods.
20
2.4.3. Text Processing
Unlike other types of carrier media, a text file has a structure similar to its
look. A text message cannot be presented with different appearance other
than a text, while other media types have structures much different than
their perceptions, which in fact, make the entire process of hiding
information much easier than text files. "Text steganography is the most
difficult kind of steganography because there is no redundant information in
a text file as compared with a picture or a sound file." [9]
The preference of using text documents for steganographic applications,
though, is due to the fact that they have much smaller size compared to other
carrier media. This attribute, along with the simplicity of text documents
make them more attractive for steganographic applications over the Internet.
2.4.4. TCPIIP Processing
Network steganography includes communication protocols like TCPIIP, UDP,
ICMP and other protocols. TCPIIP, as another form of steganography,
provides a way for transmitting secret messages from one end to another.
Using this type of steganography allows for large amounts of secret
information to be transmitted within a network or from one network to
another. A capacity of 60 bits per package is provided by manipulating
TCPIIP header fields to embed secret information. In a network with heavy
21
traffic, this can be a great capacity for transmitting secret data. This form of
steganography, however, can be used depending on the structure or the type
of a network [13].
There are usually two types of security measures against suspicious files or
packages within a certain network; passive and active. The passive form is
implemented to detect suspicious files or packages within the network, but
there is no attempt for removing the suspicious packages in this model. In an
active model, on the other hand, the entire traffic might be modified
regardless of any existing suspicious packages within the network. This
traffic-modification is performed through a filtering process that may vary
from one network to another. It might be performed periodically, on a
random-package base, or through other approaches. The active model might
not be feasible for some networks, however, despite its optimized security
measures against steganographic TCPIIP-packages. This is due to the fact
that an active model adds extra filtering process into the network in order to
find and remove the suspicious TCPIIP-packages, which can cause system
latency and may slow down the entire traffic within the network [12][13].
Thus, a TCPIIP steganography model can not easily transmit secret
information without being detected, unless the type of the network along
with its security measures are taken to account and analyzed.
22
3.1. Imaging Algorithms
CHAPTERS ALGORITHMS
There can be three important characteristics describing the imaging
steganographic algorithms. The first characteristic is capacity, which refers
to the amount of data that can be inserted into a carrier medium without
producing perceptible distortion. The second characteristic is security that
relates to capabilities of a stego-algorithm preventing an intruder to easily
find the secret information. And finally the third characteristic is robustness,
which evaluates the capability of the stego-file to stand against a deliberate
or accidental attack.
There are, however, different algorithms and methods to accomplish the
process of image steganography. One way is to replace the bits of a character
with eight successive sub-pixels and leave the remaining sub-pixel
unchanged. In other words, conveying one character per three pixels, with
three RGB sub-pixels for each pixel in a digital image. A different algorithm
inserts the first bit of a character right after the last bit of the previous
character. It uses the remaining sub-pixels to insert the first bit/s of the next
character. A more complex algorithm allows for inserting the bit/s anywhere
within a cover image, and not necessarily starting at the pixels in the first
row and' column of the cover image. Although this may not be a simple task,
it could reduce the perceptible distortion of the original image. Such methods
23
are used for the purpose of minimizing the changes to the cover image and
attempt to store the message in a way that makes it hard to detect. They
store information either randomly or use only one bit (the lowest bit) of each
sub-pixel. A different method, though, is to replace more than one bit
allowing for more hidden information to be conveyed. There are also methods
involving use of private keys in order to increase the level of secrecy. Among
various algorithms used for image steganography, the LSB method is the
most common method and very easy to implement. Other methods like Color
Cycle, Random bits, and Fredrich method might be more complex and
difficult to implement, but they provide higher level of secrecy or capacity for
transmitting secret information [2]. These algorithms can be used either
separately or in conjunction with other methods to render an optimal solution
for image steganography.
3.1.1. LSB Steganography
This method works in a way that a cover image is changed by replacing one
bit of each sub-pixel that forming up the pixels representing the Image. For
this method in a RGB model, usually the least significant bit, LSB, is used to
be replaced. Hide and Seek, for example, uses GIF files and replaces the LSB
of every pixel representing the image. But other tools use the LSB of each
sub-pixel in every pixel of images with 24-bit storage formats [2]. Using this
24
method the integer value of the sub-pixel is changed only by one. This will
change the original color of the sub-pixel very insignificantly and
unnoticeable, and has no effects on the appearance of the original image. One
of the limitations for using this method, however, is the number of pixels
representing the image that is used as a cover. The smaller the image and
the fewer pixels representing the image, the less amount of information can
be hidden inside the carrier without causing any perceptible distortions to
the original image. Another limitation is that the cover image used in this
process should have a maximum of a 128 color palette, since for each existing
color presented within the color-palette of an image one new color will be
formed for hiding the information. The existing and newly formed colors will
together result in 256 color combinations, which is the maximum for an 8-bit
storage format.
As a simplest illustration of the one-bit LSB method using a 24-bit storage
format, supposing that three adjacent pixels have RGB sub-pixels:
10010101 10010110 10011111
00001101 00001111 00010000
11001001 11001010 11001011
In order to hide 8 bits of data (10110110) would look like:
10010101 10010111 10011111
0000110Q 0000111Q 00010000
11001001 11001011 11001011
Note that the hidden 8 bits only changed four of the RGB sub-pixels. This
means that less than 50% of the colors being changed with the last sub-pixel
25
(ninth byte) left unused [24].
Figure 7 shows a simple LSB plane. The left picture indicates a grayscale
image with the most significant bits, MSB, on the top, and the least
significant bits, LSB, on the bottom. The dark boxes represent Os and the.
light boxes represent the ls, which together represent the binary values of
the pixels. The top-right figure is the LSB plane of the cover image that is
replaced with the hidden data-bits; the middle plane, which generates the
LSB plane of the stego-image. The bottom-right map represents the
differences between the LSB of the cover image and the stego-image. The
circles on the map represent the modified bits. In average, 50 percent of the
bits in the LSB plane need to be flipped in order to hide the secret bits within
the LSB plane, and creating a stego-image that is visually identical to the
cover image [25].
Figure 7: A simple LSB plane [25].
Most significant bit (MSB) plane
Least significant bit (LSB) plane
26
There are, however, other methods using more than one bit of the LSBs when
conveying hidden information. A two-bit method for instance, also works like
the previous process, but this time the two LSBs of each RGB sub-pixel will
be changed. Although, more information can be conveyed using this method,
the limitations will be narrowed down to prevent noticeable alterations to the
original image. That is the cover image used for this method should have a
color palette of only 64 or less, which allows the formation of three new colors
for each existing one inside the color-palette [2]; a maximum of 192 new
colors that together will make up to 256 color combinations.
For a three bits steganography method, three LSBs of each RGB sub-pixels
are used to replace hidden messages. The images used here, though, should
only have 32 color palette allowing 224 new colors to be formed for the
message. Much more information can be conveyed using this method, but the
level of image distortion would be higher than the previous two methods. The
limit of using bit insertion methods will actually reach its maximum when
using four bits of each RGB sub-pixel. A four bits insertion method would
allow for the smallest possible color palette of an image (i.e. 16 colors) [2].
While this method allows for high amount of data being conveyed secretly, it
makes the distortion level of the image to reach its capacity. The four bit
insertion method (Stego-4bits) is vulnerable to all form of inspection or
steganalytic method [2]. Table 1 summarizes some of the vulnerability
ratings in LSB encoding.
27
Pattern Analysis of the Bits
Visual Inspection of the Image
Detailed Visual Inspection of the Image Pixels
Table 1
Summary of the Ratings [2]
28
3.1.2. Color Cycle Steganography
Using color cycle method can make the detection of the concealed information
far more difficult. Instead of using the LSB of each RGB sub-pixel
respectively, the hidden bits can be inserted cycling the RGB sub-pixels. The
order of the RGB bits, as its name suggests, is red bits, green bits and blue
bits. Now, instead of inserting the hidden bits in this order, the RGB colors
can be cycled. The first bit of the secret message, for instance, is replaced
with the LSB of the blue sub-pixel, the second bit with the LSB of the red,
and the third bit with the LSB of the green. The next message bits start
again using the LSB of the blue and so on [2]. The alpha bits are usually
skipped, because changing them will make the file suspicious. In general, the
value of the alpha byte is 255 (complete opaque). Any changes to this value
will draw suspicions, despite the fact that some images may use different
level of transparency [2].
3.1.3. Random Bits Steganography
Using this method, the message bits can be inserted into random RGB sub
pixels anywhere inside an image. This is accomplished by the using a random
number generator specifYing which pixel should store the secret bits. This
method uses the discrete cosine transform, DCT, coefficients in order to
randomly locate pixels within an image. The least significant bits (LSBs) of
29
the located DCT coefficient (independent pixel) are then replaced with the
secret message bits. Conveying secret messages this way adds a great
amount of security and makes the messages very hard to detect. A PRNG
distributes the message bits all over an image. Hide and Seek also works in a
way that the message bits are stored randomly detached from one another,
resulting the noise to be randomly distributed throughout the image as well
[2]. Generally, using this method, the message bits are not stored in order by
replacing the LSB of each RGB sub-pixel. Therefore, even if the image file is
detected, the hidden message can not possibly be restored, as the attacker
has no idea of where the bits are inserted. The intended receiver of the
message, in this case though, should have a private key specifying the
locations of the hidden bits among all sub-pixels in the cover image. Without
this private key the hidden message can never be retrieved [2] [3].
3.1.4. Fridrich Method
This method works in a way that the message bits are inserted by first
comparing and then replacing them with the closest existing colors in the
color palette of an image. In order to insert a message bit, the entire color
palette is searched until it finds the desired parity bit. That will be the
closest color bits to the message bits. Using this method, EZStego, allows
avoiding significant changes to the color palette of an image, like the previous
30
methods, which could signal for a hidden message. Some would also argue
that using EzStego could reduce the level of distortion to the original image
about four times [2].
3.2. Audio Algorithms
Like the image steganography, there are three important characteristics
describing the audio steganographic algorithms: transparency, capacity and
robustness. Transparency measures the amount of perceptible distortion of
an audio signal after embedding secret information. One of the major tasks of
an audio algorithm is to preserve the similarity between the original signal
and the stego-audio signal. Therefore the audible distortion produced by the
embedding data in an audio file must be within the outer limits of the human
hearing system.
Capacity refers to the amount of data that can be inserted into a earner
medium without producing perceptible distortion. With regards to audio
signals, capacity usually measures the bit-rate in time of the embedding
message. For instance, a digital broadcasting watermark that should be
represented at the beginning of the signal has a bit rate of around 15 bps.
Using the LSB method with only one bit substitution in an audio signal
provides 44.1 kbps of capacity [6][7].
Robustness evaluates the capability of the stego-file to stand against a
31
deliberate or accidental attack. Deliberate attacks by an intruder may
include rescaling, resizing, filtering, etc. and accidental attacks include lossy
compression, re-sampling, and so on. There are also different forms of
attacks. Attacks to reveal the secret data and attacks to destroy the
information. A good example of a robust method, though, is the spread
spectrum method in audio steganography, although its capacity is much
lower (in the 4 bps range) than the LSB technique [7].
As for the image processing, however, there are various algorithms used for
audio processing. Other than the least significant bit (LSB) and the spread
spectrum methods mentioned above, they include parity coding, phase
coding, tone insertion, and echo hiding. Some of these methods offer higher
capacity as others provide better robustness. They all offer advantages and
disadvantages. For instance, the formats of the audio file can be restricted in
some of these techniques, as others limit the message-length to 500
characters. Some have lack of encryption/decryption key, as others have time
consuming process of encoding/decoding.
3.2.1. LSB Coding
Like the image processing method, the least significant bit (LSB) is one of the
simplest ways of embedding secret data-bits into an audio file. The simplest
way of using LSB coding is to start at the first sample-bits (first 16 bits) of
32
the audio file and proceed to next samples respectively, inserting the secret
message bits until it is completed and leave the rest of the file without any
change. The only problem with this method is that the modified part and the
unchanged part of the audio file would have a different statistical property,
which in fact, can draw attention. A more efficient way of processing audio
files with LSB coding is that the secret message can be randomly inserted
into the samples and be spread all over the audio file. In this approach, the
receiver should have a secret key indicating the samples used for the secret
message [2].
Two or more LSBs can also be used in order to hide more amount of secret
information in a 16 bit CD. But, as more original bits are replaced with the
secret message-bits, more noise will be added to the audio file. Thus, as this
method helps to increase the amount of information being hidden, it will also
increase the amount of noise in the file. In general, one of the disadvantages
of using the LSB methods is the amount of noise produced by these
techniques. The sensitivity of the human ear may often cause to the detection
of the slightest noise within an audio file, which is normally produced by
using the LSB methods. Another disadvantage of this method is that when
the cover sound file is re-sampled the secret message may be lost [2]. Figure 8
demonstrates the message 'HEY' being embedded using a 16-bit sample CD
with the simple LSB method.
33
Figure 8: message HEY being embedded.
"HEY"' In
Sample~ Audia Stream f:16-blt:) binary Audio stream w/ rne.saage encoded
1 a o i o 1 a o o 1 o o • 1 o o n a 1 o 1 a 1 o 1 1 1 i :1. 1 1
1 Q Q B 0 0 0 0 0 D 0 ~ 1 0 1
"' 1 i 1 1 1 1 i ~ 0 1 0 1 0 1 0 o a o o o o 1 :1. :1. o 1 o :1. 1 o 1
D 1 1 1 0 1 0 ~ 0 1
0 1 I ~ 1 0 0 1 • 0
o o o o o 1 a 1 o 1
1 1 • i n 1 o ~ 1 n o 1 1 1 o a 1 i o o 1 o i o 1 a 1 o 1 1
0 l 1 • 1 1 0 ~ 0 1
Ot.l1llJ101.0
0 1 0 i 0 0 0 i 0 1
0 0 0 0 0 0 0 0 0 1
0 1. I) 1 0 1 1 0 1. 0 1 (I
.l () 1- 0 1
0 1 i) 1 1
1 0 i () 1 0
0 0 0 1 1 1
0 1. I) 1 0 1
1 0 1 " "' Q (J :t 0! 1 0 0
ll 1. 0 j_ 0 0
11-11111 .. 1111'1010
D 1 Q tl 1 4l
G 1 Q 1 (): 1
1 1 1 1- 1
0 1 i i. 1
D 1 0 :1. 0: 1
1 0 i 0 1 0 i 0 1 0
0 ~ 0 ~ 1 Q 0 0 1 Q
1 i :1. 1 1 :1. 1 1 0 1 1 i 1 1 1 0 0 0 0 1
0 i 0 0 Q 1. 0 1 0 1
0 1 0 1 0 1 1 ~ • 1 1 • 1 0 0 1
G 1 I 1 1 0 1 0 1 U 1 0 1 0 1 a G 0 ~ ~ G 1 0 • 0 1 0 0 1 0 1 ~
LSB column
1. 0 0 1 0 i 0 0 0 1 0 0 1 1 0
0 0 1 ~ 1 ~ 1 ~ 1 1 1. 1 1 • 1
1 0 0 0 0 ~ 0 ~ 0 0 ~ 1 1 0 1
i) 1 1 1 1 1 1 1 0 0 i 0 1 0 1 0 0 0 0 0 0 1 1 1. 0 i 0 1 1 0
0 1 1 1 0 i 0 1 0 i 0 1 0 1 ~
0111.1.00
Q 0 0 tJ 0 1. 0
:[ 1 i 1 0 :1. 0
11.010101
o·t11u1.0 1 0 1 {) 1 0 1
() 1 1 1 0 () 1 1 Q 0 1 0 1 0 1 1. 0 1 0 1. () 1 0 1. 1. 0 0 0 • 1
0 1 1 1 1 1 0 1 0 1 0 1 Q 1 ~
i) 1 1 1 1 i) 1 0 i 0 l 0 1 0 i)
i) 1 0 1 0 i) 0 1 0 i i) 1 Q 1 0
0 0 0 0 0 0 0 0 0 1 0 1 0 i ~
~ 1 1 1 ~ ~- 1 1 1 1 ~ 1 1 0 I
o 1 o n 1. o 1 a t. o 1 o 1 o 1
0 1- 0 1 0 1 0 0 Q 1 c 0 0 1
1 1 1 1 .l 1 1 ~ ~ j_ 1 1 1 0
0 1 1 1 1. 1 1 1 1. 1 I 0 0 0 B
0 1 0 1 0 i 0 1 0 0 0 1 Q i ~
o 1 o 1 a 1 1 1 1 1 J 1 1 o o 0 i i 1 i i) 1 0 1 0 1 0 1 0 1 0 G i 0 0 1 ~ 1 0 i ~ 0 1 0 1
http://www.snotmonkey.com/work/school/405/methods.html#lsb
3.2.2. EAS
As mentioned earlier, not all audio file formats can be used for audio
steganography. A recently proposed method, however, called Enhanced Audio
Steganography (EAS), claims that is able to hide information in an audio file
of any format. This method adds four extra layers to the encoding and
decoding process of the audio steganography; Encoding, Decoding,
Encryption, Decryption. The encoding process includes the hiding of the
secret data-bits within an audio file. The process first checks for the validity
of the data received before inserting the secret bits into every consecutive
LSB. It also encrypts the message with a public key. The encoded file then
34
goes through decoding and decryption process in order to retrieve the hidden
message (Figure 9).
Figure 9
Decoding:
http://www.jatit.org/volumes/research-papersNol5No6/15Vol5No6.pdf
The encryption process generates a key containing a set of characters. Every
character is then converted to its ASCII value. With use of the XOR logical
operation on the sum of these values, a bit pattern is formed, which will be
added to each character of the message. In the decryption process, though,
the key is applied to the consecutive bytes to retrieve each character.
35
3.2.3. Parity Coding
The parity coding approach splits the sound bits into separate regions. These
regions contain the samples or bits of the original audio signals. Using this
method, the secret bits of a message will be inserted into a region of samples
based on their parity bits. If there is no match between the message bits and
the sample-region, the LSB of one of the samples within that region will be
changed. Figure 10 illustrates the first three bits of the message 'HEY' being
embedded with parity coding approach [19].
Message bill: n.:l: 0
Region's parity bit p1: :1.
1. Flip t:he LSS of one of' I: he ,,,., m pies In the reg ion.
2. p1 - n>.!
Figure 10
Original Signal
1. p3 ~ rn3
Message biiO n>2: 1.
Region's parlt:y bit p2: :1
1. p2 - m2
http://www.snotmonkey.com/worklschool/405/methods.html#lsb
For extracting the secret message, again, the receiver should have a secret key
in order to line up the parity bits of the same regions used for encoding the
36
message bits. Despite the attempts of reducing the perceptible nmse,
however, the parity coding approach, like the LSB method, also produces some
amount of noise within the sound file, which may be detectable by human ear.
Both techniques also share the same disadvantage of being lossy when the
audio file containing the secret message is re-sampled.
3.2.4. Phase Coding
Unlike the prevwus two methods (i.e. LSB and parity coding), the phase
coding technique resolves the noise producing issue in the audio files. In fact,
the phase components of an audio file are not as audible as its noise. This
method uses the phase spectrum in a digital sound-signal to embed the secret
data bits, instead of using the original signal bits (Figure 11). This allows for
encoding inaudible secret messages.
Figure 11
t:
Original signal Encoded sl gna I
http;//www.snotmonkey.com/worklschoo1/405/methods.html#lsb
37
Normally, the original signal is divided into small portions that equal the
lengths of the encoding information. A matrix is created by applying a
Discrete Fourier Transform (DFT) to every signal-portion. This matrix
represents the phases and the DFT magnitudes. The phase-variations
between the neighboring signal-portions are evaluated. Any phase shift
between two successive signal segments may be easily noticed. Thus, a
segment's phase may only be changed relative to the phase of its adjacent
segment. In this method, a secret message is only encoded in the first signal
portion:
{:Jr/2
phase new= - -:Jr/2
if message bit= 0
if message bit = 1
Another matrix is formed by the new phase and the original phase differences.
Using both matrices and applying reverse DFT, the audio signal will be
reconstructed and put back together. The receiver, however, should know the
length of the segments, as well as use the DFT to retrieve the message.
The only disadvantage of using this method is the amount of secret
information being allowed to convey. The amount of information transmitted
is restricted to a certain length, because of the fact that the transmitting
information can only be hidden in the first segment of the audio ·signals. Thus,
only a very small amount of data that can contain brief information, like
38
watermarking or digital signature, may be concealed and conveyed through
this method. Although, this may be resolved by increasing the length of the
first segment, a drastic change between phases may result in easier detection
of the file.
3.2.5. Spread Spectrum
This method is used to spread secret information all over the signal spectrum
of an audio file. Unlike the LSB method that spreads the bits of a secret
message across the audio file, the spread spectrum method uses the frequency
spectrum of an audio file, and attempts to spread a secret message all over the
frequency spectrum. This method, normally, substitutes a code for the actual
audio signal resulting to excess bandwidth, which can be used for conveying
secret inform,ation. Like the previous methods, this method also produces
noise within an audio file.
There are two different versions of this method. The direct-sequence, in which
a constant rate is used to spread and modulate the secret information, and the
frequency-hopping scheme, in which the frequency spectrum is manipulated
in order to hop rapidly from one frequency to another. The following system
(Figure 12) is the direct-sequence version of the spread spectrum method used
for digital watermarking.
39
Figure 12: direct-se ectrum method
1
En cry ptl on
4
5
1. .. The secret message Is encrypted using a symmetr1c key,. k.1 ..
2.. The encrypted messa-ge Is encoded usJng a low-rate error-ccrrec1:Jing coda. This st:ep Increases t:he overall robustness of" t:he system ...
3 ... The encoded n1essage Is then rnodulat:e:.d with a pseudorandom signal t:hat: w·as: gen.erat:ed using a second syll'lmetrtc key, k2# as a seed ..
4.. The resulting random :slg nal t:hat cantajns the message is Interleaved wilt:h t:he cover-signa 1 ..
5. The final signal Is qua nt:lzed ta create a new d lg Ita I audio file that: contains the message.
6 .. ·This process Is reversed "for message ex-t::ractlon ..
http://www.snotmonkey.com/work/school/405/methods.html#lsb
3.2.6. Tone Insertion
Similar to the spread spectrum method, which uses different frequencies to
hide secret messages, the tone insertion method uses the spectrogram of an
audio signal to obscure secret information by putting different tones together.
This method provides the secure embedding mechanism in the stego-signal of
an audio file, and makes the detection of the transmitting information very
difficult. Human auditory system suffers from a so called psychoacoustical-
masking phenomenon. This phenomenon causes the weak tones of an audio
40
signal to be imperceptible by the human ear when accompanying a strong tone
[8]. In other words, a low-frequency signal can not be perceived by a human
ear if it is located at the same neighborhood of a high-frequency signal. In fact,
pure low-frequency tones are not perceptible on their own. They are normally
masked by other noise if they occur within the vital areas of a signal. Taking
advantage of the psychoacoustical-masking phenomenon, audio
steganographic applications may use various accompanying tones in the same
temporal area of an audio signal to conceal and transmit secret information
[8].
An experiment indicates that two different tones with frequencies ro and f1
are created in order to insert the secret bits of 0 and 1. The original audio will
be broken into 16ms portions. For each frame in the original audio, the
frequency level of a frame is computed with only one secret data-bit inserted
into that frame. When the secret bit is 1, the f1 is set to 0.25% of the frequency
level, and ill is set to 0.001 for the fl. If the secret bit is 0, the ill is set to
0.25% for that frame and f1 is set to 0.001 for the ill. In other words, this
experiment indicates that the concurrent positioning of the low and high
frequency tones prevent one or both of them from hearing detection [8].
In order to further increase the data transmission capacity, another
experiment used four tones to insert two secret bits in every audio frame with
50 percent of successive frame overlap. The imperceptibility and the data
41
regeneration from the stego-file was a success, and made this method being
utilized in a secret battlefield communication [8]. " ... the utterance, "seven
one" spoken by a male speaker, was used as the covert message. This
utterance was represented in the Global System for Mobile communication
half-rate (GSM 06.20) coding scheme resulting in a compact form of 2800 bits.
Two TIMIT utterances- "Thus technical efficiency is achieved at the expense
of actual experience" and "His captain was thin and haggard and his beautiful
boots were worn and shabby" - each with 16 bit samples and 16,000
samples/s) were concatenated to accommodate the large covert information
size. With two bits inserted in each host frame of 256 samples, only the first
1400 overlapped frames out of a total of 1542 were used for embedding all the
covert message bits. This gives an embedding capacity of 2800 bits in 11.208 s,
or 249.82 bits/s." [8]. Using tone insertion method, along with use of a 4-bit
data insertion into each audio frame to set the tones would protect the secret
information from malicious intruders.
3.2. 7. Echo Hiding
Using the echo hiding method, the secret information can be inserted into an
audio file by producing echoes in the original signals. This method uses the
three parameters of a signal's echo including amplitude, decay rate, and delay
time. This algorithm sets the echo parameters below the human hearing
42
threshold to prevent detection. The delay time (i.e. the offset) is used to set the
binary value of the secret message. Each echo of the original signal can only
contain one bit of information (Figure 13).
Figure 13
Sample ~~
Sample echo
I
binary zero offset
t binary one offset
http://v.·ww.snotmonkey.com/work/school/405/methods.html#lsb
The process of encoding the message 'HEY' with use of the echo hiding method
is shown below (Figure 14). First the original signal will be broken into blocks.
Each block then is set to 1 or 0 to represent the secret message. An algorithm
is used to embed each block. Those blocks will later be put back together to
produce the stego-audio signal as the final audio file [8].
Figure 14
0 1 0 0 1 0 0 0 0 1 0 0 0 1 0 1 0 1 0 1 1 0 0 1
http://www.snotmonkey.com/work/school/405/methods.html#lsb
43
This method, however, may result in signals with noticeable mix of echoes
that can be detected. To address this issue, two sets of signals are created
from the original signal blocks. One set is created for the binary zero of the
offset containing only the zeros, and another is created for the binary one of
the offset that contains only the ones. Both echoes are then combined by using
two mixer signals for ones and zeros that are later multiplied by their mixers
to create the final signals. Due to the fact that both mixer echoes are
complements of each other, they produce smoother transitions between
echoes. The message 'HEY', would have the following mixer signals (Figure
15).
Figure 15
0 i 0 0 i 0 0 0 0 t 0 0 0 1 0 1 0 1 0 t 1 0 0 1
:1--v--v···· .. ······· ...... v ~zeroN mixer signal
~·one" mixer signal
http://www.snotmonkey.com/worklschoo1/405/methods.html#lsb
The receiver should break up the signal into the same blocks, as well as apply
the function used for encoding the echoes in order to retrieve the message.
44
3.3. Texting Algorithms
Almost all the algorithms used for the text steganography hide the secret
information without changing the appearance of the actual text. They
basically try to change the invisible characteristics of the text. Text files have
many characteristics and attributes imperceptible by naked eye, which can be
used for steganographic purposes. These attributes can be used separately or
together in a particular algorithm. The number of these attributes and
characteristics used in various methods is so large, that there is almost no
chance of keeping track of every single one of them. The attempt of tracking
every single steganographic algorithm on the web is an impossible task, and
waste of resources for uncertain results. The most popular and efficient
algorithms used in text steganography include Particular Characters in
Words, HTML Documents, Line and Word Shifting, Abbreviations and
Spaces, Semantic and Character Feature, and Font and Color change
methods.
3.3.1. Particular Characters in Words
This method uses certain characters or words within a text document in order
to hide secret information. There is a range of simple and complex algorithms
for implementing this method. The simplest algorithm selects the first word
of each paragraph within the text file to hide the secret information. These
45
words are put together by the recipient to reconstruct the hidden message.
Another simple algorithm works in a way that the first character of the first
word of each paragraph is selected for hiding the information. The recipient
has to place all of these characters together in order to retrieve the hidden
message. An advanced algorithm selects the first character of each word
within the text document, and yet a more complex method uses the first
character of the first word, the second character of the second word, the third
character of the third word, etc. to hide the secret message [10].
3.3.2. HTML Documents
This method uses the HTML tags to hide secret messages. Because of the fact
that the HTML tags are case insensitive, the secret bits can be hidden in
these files with various case sizes. For instance, <p align="center">, <p
ALIGN ="CENTER">, <p align="CEnter"> and <p AliGn="center">, are all
the same in a HTML file. The secret message is hidden in the differential of
these tags and their default cases in a HTML file. So to retrieve the secret
information, the recipient must compare all of these tags with their normal
case words. In order to increase the security of this method, however, letters
covering the hidden data-bits can be selected in way to minimize detection
risk. Like selecting a letter that is arbitrarily altered in most HTML tags
[10].
46
3.3.3. Line and Word Shifting
This method hides the secret information m the vertical and horizontal
spaces between lines and words within a text file. By increasing the vertical
distance between lines and horizontal distance among words some free space
are created that can be used for hiding secret messages. One of the problems
with this method, however, is that the hidden secret message can be lost, if
the document is electronically revised or rewritten [10].
3.3.4. Abbreviations and Spaces
These methods are used when only a relatively small amount of information
needs to be hidden. They do not support high capacity data hiding. A text file
with several kilobytes can only contain few bits of secret data. Space
steganography adds extra white space among the words or lines in a text
document to cover a secret message. It provides high security for the hidden
data, and prevents an intruder from easily accessing the hidden information.
However, in addition to its low capacity, this method has also a low
robustness. Some electronic text editors can be used to remove the extra
white space within the carrier text-file [10].
In the traditional abbreviation method, using a carrier text, all words with
abbreviated forms within the English language are listed. Then, for hiding bit
0, the non-abbreviated form of the word is used, and for hiding bit 1, the
47
abbreviated form of the word is used within the text. To extract the covert
message, the recipient must list all abbreviated and non-abbreviated to form
the Os and ls that make up the secret message. Like the space steganography
method, the data capacity of this method is pretty low. Only few bits of secret
data can be hidden in a text containing several kilobytes of data.
The use of SMS communications in recent years has led to the development of
a new abbreviation method of staganography. The short message service
(SMS) provided by many recent cell-phone applications allows for exchange of
information and brief communication via cell-phones. But, because of the fact
that the SlVIS provides a very limited size of information-exchange, and
insufficient typing speed on a cell-phone, a new abbreviation method and
language has been developed and advanced, which is widely used as a new
language, SMS-texting, among individuals of any age. For Instance, typing
"lOQ" means "Thank You" in SMS language or "218" stands for "Too Late",
"ZZZZZ" for "Sleepy", and so on. Taking advantage of the recent trends in
communication development, the new abbreviation method has created a new
way of hiding and transmitting secret information using the SMS-texting
language. This method uses the abbreviation of the words, which already
exist in the English language, in conjunction with the newly developed SMS
abbreviation language to hide and transmit secret information. Using this
technique draws no attention, due to the fact that SMS abbreviation
language is used currently by a large number of people world-wide, and that
48
the cost of communication v1a SMS is extremely low [9]. This method,
however, can not contain large quantities of secret data, because SMS, in
general, was created for only short information exchange. " ... the length of the
[SMS] exchanged message is 160 characters at most, which are saved in 140
bytes depending on how information is saved ... " [9].
3.3.5. Semantic and Character Feature Methods
The semantic technique replaces certain words with their synonyms to hide
secret messages. Although, this approach may change the meaning of the
original text, but unlike the previous methods, it protects the secret data
from being lost or untraceable by electronic rewriting and revisions. [2].
Character Feature method changes the features of a letter or character. By
manipulating the most significant bits (MSB) of a character a secret data-bit
can be inserted into a text document. For instance, stretching the end part of
a letter can allocate a tiny space for hiding secret bits within a text file. This
method allows for high capacity data-hiding. A large amount of secret
information can be hidden within a text file without raising any attention
[10].
49
3.3.6. Arabic & Persian Letter Method
This is a special character method recently developed based on the Arabic
and Persian alphabet-letters. This system uses the letters that inherently
contain points within the Arabic or Persian alphabet. English alphabet
contains only two letters with points, lowercase "i" and "j", while Arabic
alphabet has 15 letters with points: w ~ c:;: t c:;: j j c.}l ~ ~ t u J 0 '-?· Using
these Arabic pointed letters provide a new scheme for steganography and
information security as Shirali Shahreza claims in his paper "New approach
to Persian/Arabic text steganography" [9].
3.3.7. Font-Size Change Method
This method changes the font size of each character within a text document
to build a phony message to contain a real one. This scheme works based on
the selected font-size and a differential factor. "[Assume that] X1 is the
selected font size and X2 is the selected font size plus the differential factor.
Bit 0 is represented by the occurrence of the character whose size is XL Bit 1
is represented by the occurrence of the character whose size is X2. Mter we
hide the real message in the fake message, the rest of the fake message
characters will be sized as Xl."[11].
This method uses 4 bytes (32 bits) for storing the font s1ze, which are
embedded as the first 32 letters of the fake message (Figure 16). So the first
50
32 bits of the message are particularly significant, even if invisible letters,
like white-spaces, are used to represent the font size.
Figure 16
Plain Te.xt [REAL MESSAGE]
abc d ...
KEY [Generated By Passwoni]
abc d ...
l 100010101 __. ... l __ x_o_R_ ....... I +-- moof.no1
l Encrypted Text
liide one bit 1 0 1 o 0 1 1 0 0
~~~~di~;o !! !! !! . . . _j t~~~~5!·:gle attribute Fake Text [SuiJPiied By User]
"Ltsteganogn'IJlhyic: Mode I http://www.codeproject.com/KB/vb/Text 2Text Steganography2.aspx
It is necessary, however, to decrypt the message before transmission to
assure that the calculated size (i.e. the X2 size) applies to the font, because of
the fact that different fonts support different sizes, and same size does not
apply to all fonts. For retrieving the secret information, the recipient must
have the font size used in the encryption process.
3.3.8. Color Change Method
This is a safer method to use compare to the. previous technique. This method
changes the color of the characters in the fake text. "[Assume that] Xl is the
selected color and X2 is the program's calculated color. The program will
51
search to find the nearest color for which it is impossible to recognize the
difference with naked eye. Bit 0 is represented by the occurrence of the
character whose color is Xl. Bit 1 is represented by the occurrence of the
character whose color is X2. The recipient must know which color you have
chosen for decryption. Mter we hide the real message in the fake message,
the rest of the fake message characters will be colored as Xl."[ll].
Certain letters, however, can not be used for these formulas, because some
letters are used to stop the generation of the message. For instance, 'I 'can be
used as a sign of end of message. Now, a messages like "I\ \I\ \ \I\ I\ \ \
\ \ I \ /'',which can also be converted to bits and bytes may be used to add
extra layer of steganography, making a "doubled steganography"[ll].
3.4. TCP/IP Algorithms
TCPIIP staganography techniques can be used to create a secret channel.
Some methods can be easily implemented to convey secret data within a
network or form one network to another. There are algorithms using TCPIIP
headers to embed secret information, which may be easy to implement, but
also easily detected. Using TCP/IP header fields for steganography may draw
attention in most networks, especially in a secure and active-warden
network, although, some may believe that TCPIIP header fields are randomly
filled and can be easily used to embed secret data-bits. TCPIIP heard fields,
52
such as IP identifier, TCP initial sequence number (ISN), or TCP timestamp
are structured with no uniformity, which are efficiently and reliably used to
control the flow of the traffic within a network. These fields are not filled
randomly and can not be discreetly modified. They are very different from a
meaningless cipher-text that can be modified without drawing any attention.
Some previous TCPIIP algorithms do not take this into account. On the other
hand, there are some sophisticated algorithms implemented based on an
operating system that can transmit hidden data with the use of a secret key.
Each operating system, however, contains its own well defined attributes and
algorithms for generating TCPIIP header fields, which can be used to detect
irregularities caused by steganography.
3.4.1. TCPIIP Header Fields
Using the IP checksum to transmit secret information is one of the common
ways of network steganography. In fact, this method may be applied to any
protocol like TCP, IP, UDP, ICMP that are normally using the internet
checksum. Using the IP checksum is the most common, because of the fact
that once a package passes through each gateway or router on its path, the
TTL will be decremented and its checksum is recalculated. To reconstruct the
message, the receiver should insert the original TTL back, and then calculate
the sum in the normal way [12].
53
IP Identification field, as one of the IP header fields, takes 16 bits to identify
the value set by the sender. This value is uniquely assigned to fragments of
different packages and varies from one packet to another. This ID field helps
to collect the distinguished fragments of the transmitting data, and it is
unique within a certain time interval in order to prevent the fragments of
different packages being reassembled into one package at the receiving host.
It also has unpredictability to prevent idle scanning, so that an intruder can
not easily scan the port of a host without sending a package directly. One of
the limitations of using the IP identification field is its uniqueness. This field
is assigned with a source-destination pair for the period of having a live
datagram online (on the Internet). Even though the ID field is used for
steganography by generating a pseudorandom sequence to modify it
randomly, it may be easily detected, due to the fact that this field is not filled
randomly [13].
Type of Service (ToS) is also one of the header fields in the TCPIIP header
structure. This field takes eight bits to represent the quality of service on a
packet's path to the routers. These bits can be used for steganography,
because they are rarely used, especially by non-active model networks. In an
active model network, however, they can easily be detected and removed.
This is due fact that the value of this field is zero by default in most operating
system configurations [13].
54
IP Flags field can also be used to insert secret data bits. This field represents
two flags each with one bit. Do Not Fragment (DF) and More Fragments
(MF). The DF flag indicate that if a package does not have fragmentation, it
should be discarded without being transmitted. The MF flag indicates that
the traveling fragment is the last fragment of the package or that the
package has not been fragmented. This is done by setting the MF bit to zero.
The DF bit can be used for steganography if it does not affect the package
context, like when the package is smaller than its maximum size. Otherwise,
it may be detected, especially in an active model network [13].
Figure 17
3 4 7 g 15 16 18 19 23 24 31
Version I IHL I Type of Service Total Length
Identification Flays I Pmyment Offset
IP Time to Live I Protocol Header Checksum
Source Address
Destination Address Opt-ions I Padding
http:/ I arxiv. orq/ftp/cs/papers/0602/0602042. pdf
IP Fragment Offset is the value of each fragment of a certain package,
allowing the receiving host to rebuild the package in the correct order (Figure
17). Like the previous methods, this method of steganography to embed
secret data can easily be detected. Other TCPIIP header fields like IP
Options, TCP Sequence Number (TSN), TCP Timestamp, TCP initial
sequence number (ISN), and Packet Order can also be used to hide secret bits
of information. But like the previous TCPIIP header fields, they all can easily
55
be detected, especially within an active model network. In addition to their
easy perceptibility, some of these fields also face different problems. The IP
Option header field, for instance, has a far-traveling issue. It can only travel
20 hops within a wide open network such as the Internet. In most cases, this
does not allow the information to travel far enough to reach its destination.
As another example, even in a passive model network, secret data within the
IP ID and TCP ISN fields can be detected by using Support Vector Machine
(SVM). SVM can detect simple features. It is a machine technique designed to
automatically detect unknown simple features. Using IP IDs and TCP ISNs
for covert information can generate inconsistency with the original
algorithms of the TCPIIP fields and their interdependencies defined by the
operating systems. SVM is designed to identify such covert TCPs, even in a
passive model network. Thus, almost all TCPIIP header fields provide
inadequate and unsecure methods that can not be efficiently useful for
steganography. However, some of these header fields like TCP ISN and IP
ID can be more efficiently used for steganography depending on the operating
systems, because each operating system may have different TCPIIP
generating process or algorithm [12] [13].
56
3.4.2. Linux OS
The most commonly used TCPIIP header fields for steganography are IP ID
and TCP ISN. They have a structure that must be unpredictable. This can be
accomplished by random generated secrets through cryptography. Linux 2.0
has a TCP ISN generator based on a standard hash algorithm (SHA-1),
hashing a block of 16 words each with 32-bits. Words 9 toll (three words) are
assigned for the IP addresses and ports of the source and destination hosts.
The remaining 13 words are initialized with a random cryptography secret on
reboot. At the initialization state, the first 5 original words of the block are
used, instead of using the values of the hash function. However, the time, in
microseconds, is added to the second hashed word from the standard hash
function in order to obtain the value of the TCP ISN. Due to the fact that the
hashing calculation is a time-consuming process, it can result to significant
delays for establishing TCP connection.
This algorithm was modified however, to reduce the delays of generating each
TCP ISN in Linux 2.2. Instead of using the hash function (SHA-1), the
number of blocks was cut in half to reduce the time of generating ISNs.
Rather than reading 16 word-blocks, this model, MD4, reads blocks of 8
words each with 32 bits, per iteration. Despite its similarity to the previous
algorithm used in Linux 2.0, this algorithm limits the reusing of random
hashed values. This random value is rekeyed every 5 minutes to increase the
security ofMD4. This may generate repetitive TCP ISNs. Therefore, once the
57
hash value is generated, an incrementing counter for rekeying process is
replaced with the most significant byte, and then the current time
(microseconds) will be added to generate the ISN s. Linux 2.4 also has the
same TCP ISN generating algorithm. Once again, this algorithm was slightly
changed in Linux 2.6 to improve performance on multiprocessor systems.
This modification from the steganography and detection standpoint, means
that the counter of rekeying is set to zero on reboot. Packages that are not
fragmented will be set with predictable IP IDs. This is an incremental socket
counter, for the TCP, set to sequence number XORed with a timer. Same
applies for UDP, but initialized with a timer. In other protocols, though, it is
initialized with zero [13].
Even, though, some operating systems like Linux contain TCPIIP algorithms
that can be manipulated for steganography, there are some obstacles that
should be taken into account. For instance, in a Linux OS, the data
distribution within the TCP ISN should follow a uniform pattern. This
uniformity can be disarrayed if the process of embedding secret data into the
TCP ISN is incorrect, which results to detection of the secret data. In general,
the stego-data inserted into the ISN can be detected, once a warden finds the
un-uniformity within the ISN after subtracting the time. Therefore, the
stego-ISN (i.e. TCP ISN filled with secret data) should have a correct
insertion set into the least significant bits of the TCP ISN [13].
58
3.5. Evaluation
The most important characteristics of digital steganography should be taken
to account once comparing and evaluating each media format. As noted
earlier, these characteristics include capacity, security and robustness. In
general, these are the most essential attributes of every digital media-format
used for steganography. Some of the most popular steganographic tools that
are currently used for information security purposes include EzStego, F5,
Hide and Seek v4.1, Hide and Seek for Win95, Hide4PGP, Jpeg-Jsteg,
Mandelsteg, MP3Stego, OutGuess, Steganos, S-Tools v4, and White Noice
Storm [25]. Table 2 also includes additional steganographic tools and
methods that are currently used to embed secret information with the use of
different digital media, particularly image files.
59
Table 2
Steganographic tools and methods that are currently used to embed secret information
60
3.5.1. General Comparisons
Currently, the most common form of stego-systems IS the image
steganography. This is due to the fact that image transmission over the
Internet is a common procedure for individuals. People send and receive
images and pictures of their family members and friends over the Internet
every day. An image file per se does not raise a flag, unless someone is
specifically looking for suspicious signatures left on the file. The preference of
using images over audio, however, is due to the fact that image files provide a
much larger capacity for data hiding. Audio files can not contain large
amount of secret information other than digital watermarks or digital
signatures, while images may contain a great amount of hidden messages
without drawing any attention. Taking advantage of human visual limits,
almost any text, image or other forms of data that can be transferred into bits
can be hidden in a digital image. Thus, using large capacity containers as
carrier media, like image files, for embedding secret messages is by far the
most common way of steganography today. The simple implementation of
some of the algorithms used in image steganography provides a broad range
of options for the users of this technology. The LSB methods have the
simplest implementations, but the insertion of the lease significant bits in
sequential pixels may cause distortion and make the stego-image easily
detectable by a stego-analyst [15]. This, in fact, is one of the drawbacks of
using the LSB algorithms. On the other hand, the random bits algorithm
61
spreads the secret bits all over the image in a random order, which makes the
detection of the stego-image far more difficult. Even if the stego-image is
detected, it is impossible for the attacker to reconstruct the secret message
[2]. Although the capacity, security, and robustness may vary from one
method to another, the users of this technology can select the method that
fits their needs.
Audio steganography, on the other hand, provides a way of secure
broadcasting scheme, as well as property and copyright protections. Although
they have limited capacity and can not be used for transmitting large amount
of secret information, they are widely implemented for applications that only
need to encode brief secret information into audio files, like digital
watermarking and digital signature.
The flexible process and the simple implementation of some of the methods
used in audio steganography offer a variety of choices to the users of this
technology. Factors like robustness, bandwidth, security and noise audibility
might vary among the stego-audio methods. Users can select the one that
suits them best. A company with intellectual property and high level of
information secrecy may consider methods like phase coding, spread
spectrum or echo hiding, while individuals with only occasional secret
message transmissions may use a simpler method like the LSB coding.
62
Embedding secret information in text, however, can be a very challenging
and compromising process, once compared to other media formats, in
particular the image steganography. This is due to the fact that a text file has
a very small amount of data-redundancy, there would be not much capacity
left for embedding the secret data bits. Another drawback is that a simple
reformatting of the stego-text, like from .txt to .pdf or to other formats, may
result into loss of the hidden message, which could be a great vulnerability
when it comes to the security and robustness of the hidden information.
Although some stego-text algorithms may provide greater capacity for the
secret information, the majority of them lack sufficient data-security while
transmitting secret messages. The only preference of using text
steganography in oppose to other digital media, like digital images in
particular, is due to the fact that they have much smaller size and very
simple structure that make them suitable for data-transmission over the
internet. Thus, compared to other media formats, especially the image media
formats, image steganography has far more to offer when it comes to
capacity, security and robustness of the secret information.
Digital images are also preferred for steganography over video files,
although, they can contain a large amount of data that might be suitable for
information hiding. An audio/video file, as discussed earlier, has a two
dimensional data capacity. This media format allows for storing digital data
bits both as audio and image bits. The data-security of this media format can
63
also be at same level as a regular digital image format. However, despite
these advantages that allows for a large number of secret data to be stored in
video/audio files, the size of these carriers make them inappropriate for
certain type of media-distribution. An audio/video file can not be transmitted
to every website on the Internet. This makes them less preferable for
steganography compared to digital images.
The use of network steganography (TCPIIP header fields) also has few
drawbacks compared to digital images. Lack of efficient data-security makes
TCPIIP header fields unsuitable for steganography. The stego-data can be
simply detected or destroyed when using TCPIIP header fields, because of the
network policies in placed in majority of the networked environments today.
In an active model network, the use of TCPIIP header fields for
steganography can easily be detected. Moreover, use of some of the IP header
fields for secret data transmission may be futile, due to the fact that they do
not travel far enough within a wide area network, like the Internet. The IP
Option header field, for instance, can only travel20 hops within the Internet,
which in most cases, is not far enough for the information to reach its
destination. Another important drawback of using TCPIIP steganography is
that not all operating systems allow for simple modifications of all TCPIIP
header fields. Each operating system may have different TCPIIP generating
process or algorithm. Even in those operating systems, not all TCP!IP header
fields can be secure enough for steganography. Depending on these
64
algorithms or policies enforce on certain operating systems, TCP ISN and IP
ID are the only fields, which might be slightly modified' in order to efficiently
convey secret information. Thus, compared to digital images, TCPIIP
steganography is far less secure and much more challenging.
3.5.2. Preferred Stego-Algorithm
Image steganography has a great amount of advantages compared to other
forms of media used for steganography. The capacity, security and robustness
for the secret information provided by the image media format are far more
advanced than any other media format.
Among all the algorithms that are using image media formats for
steganography, the random bits method offers the most security, as well as
the largest capacity for storing secret data bits, depending on number of LSB
replacements, like LSB 3-bits or 4-bits [2]. The random bits method uses
discrete cosine transform, DCT, coefficient in order to randomly specify pixels
to store the secret bits. This is accomplished based on the image's (x, y)
coordinate system. This method uses a random number generator to specify
the DCT coefficients (the pixels), where the LSBs are to be replaced with the
secret message bits [2][15]. Using this method, the message bits are inserted
into random pixels anywhere within a digital image. The amount of data
security added to a regular LSB method through the random bits stego-
65
system makes the detection of the hidden messages extremely difficult. As
noted earlier, with this approach the secret message bits are not stored by
replacing the LSB of each RGB sub-pixel in a sequential order. Therefore,
even if the stego-file draws attention and is detected, because of the existing
stego-fingerprints on the file, the attacker can not possibly reconstruct the
hidden message that was encoded by this stego-system. The recipient,
though, can retrieve the hidden data with the use of a private key that
indicates the positions of the pixels holding the secret bits. Without this
private key the hidden message may never be retrieved.
66
CHAPTER4 STEGANAL YSIS
Stegnoanalysis, in general, can be defined as the art of discovering and/or
destroying secret information. Regardless of the algorithm and the carrier
media used for steganography, every electronic modification leaves a
fingerprint in the carrier file, which helps alerting a stego-analyst about the
existence of hidden information. The simplest fingerprint left on a stego-file
can be an increased file size compared to its original file size. Other
approaches can also help an analyst 1n discovering suspicious files.
Generally, there are only few types of stego-software available for
transmitting secret information. Simpler ones are easily cracked and
defeated, and those with more complex algorithms may just take more
detailed analysis to break. Using a tool repeatedly can also help cracking the
stego-system. Large amount of similar stego-objects in the hands of an
analyst can facilitate for eventual cracking of the system [14]. The claim that
some steganographic methods are undetectable can not possibly be true.
" ... claiming that it has "military grade" and is of "world-class strength",
"unbreakable even by the NSA" [16]. Table 3 includes a few popular
steganalytic tools and methods used against various stego-systems [25].
67
Table 3
Steganalytic tools and methods used against various stego-systems [25]
68
There are no universal attacks against steganography, however. If there is a
suspicious file with hidden information, the stego-analyst must do some
research, compare the fingerprints with the existing detected files, test the
stego-file, and probably generate some executable code for detecting
particular suspicious files. There are, however, two types of attacks in
general, when it comes to image steganalysis; visual attacks and statistical
attacks [16].
Visual attacks are performed by simply looking at suspicious image files. By
looking at a stego-image and comparing it to the original one, the analyst
might be able to find some tiny differences indicating that the image has been
used as stego-cover for hidden data. On the other hand, statistical attacks
include use of tools to compare randomness of the bits or vanous
distributions of the bits that form the pixels in an image [16].
The discovery of a stego-file, however, is the first step in stegoanalysis. The
next step includes either discovering the content of the secret message or
simply destroying it. These are all considered as attacks against
steganography. There are different types of attacks based on different
information available to a stego-analyst. Table 4 summarizes some of the
attacks and the types of available information to an analyst.
Pattern recognition is an important skill in steganalysis. Most stego-files may
not reveal any perceptible clues once compared to their original files. Thus,
detail analysis along with pattern recognition becomes very handy. In a
69
known message attack, for instance, where the analyst has access to the
secret message and the stego-file, the analyst must be able to determine the
patterns used to encode the message. This pattern can be used for future
analysis of other suspicious and similar files.
70
Table 4
Types of attacks and the types of available information to an analyst
Attacks Type
71
In image steganalysis, when a stego-image is discovered, the stego-analyst
must take some steps in order to recover or destroy the hidden information.
The first step is to discover the tool or the format used for creating the stego
file. If an image-domain tool has been used to create the stego-image, the
secret information can not be recovered by converting the image, for example,
to JPEG. In majority of steganalysis cases, using a single approach or tool
may not be sufficient to recover or break the hidden message. Normally,
multiple tools and approaches are used in steganalyzing suspicious files.
Some of these approaches may include cropping, image rotating, image
blurring, re-sampling, removing portions of the image, sharpening, increasing
or decreasing contrast among pixels, adding or removing noise, converting
from digital to analog and back to digital again, and many more.
In February 2001 a few articles in USA TODAY indicated the use of
steganography by Al-Qaeda and other terrorist groups in order to implement
terrorist acts inside U.S. There were also indications of existing stego-images
on e-Bay, Amazon and some pornographic websites, as well as many
references to few recovered encrypted e-mails and files.
In August 2001, University of Michigan launched a research project to
determine the fact of these allegations. More than 2 million JPEG images on
the e-Bay site were analyzed through an automated, statistical analysis.
Some of the tools used for this analysis include Stegdetect, Stegbreak, Crawl
and Disconcert. Only one stego-image was discovered, sovereigntime.jpg
72
(Figure 18). It contained an encoded image of the "B-52 graveyard" at Davis-
Monthan Air Force Base. The report concluded that " ... there is a small
chance that they have not yet detected the stego-images that the terrorists
are using. They believe it is more likely that as August 2001, there are no
stego-images on the Internet."[14].
Figure 18 B-52 graveyard" at Davis-Monthan Air Force Base covered in sovereigntime.jpg
http://www.citi.umich.edu/u/provos/stego/abc.html
73
CHAPTER5 PROPOSED METHOD
The proposed algorithm provides a way of increasing the data-secrecy for the
hidden information using an image media format. In other words, by
optimizing the second characteristic (e.g. security of the hidden message) this
algorithm increases the security capabilities of the stego-message, so that
unintended recipients can not possibly be able to reconstruct or retrieve the
encoded secret information.
This method uses a random number generator to replace the original image
bits with the secret data-bits in a random mode. This random insertion of the
secret data-bits will increase the security of the message, as an attacker has
no clue of where the message bits are stored within the image. A basic and
simple LSB method usually replaces the original image bits with the secret
bits in a sequential order. This means that every adjacent sub-pixel (RGB)
stores one or more bits of the secret message in a sequential order. If the file
is detected, an intruder may place each last bit/s of a RGB system in a
sequential order to reconstruct the secret message. The proposed method, on
the other hand, inserts the secret bits into an image randomly, so that if even
the file is detected, the message can not be recovered without the key.
This method might be used as a stand-alone method, or as ari added security
feature to another algorithm. With the use of this method, secret data-bits
can be embedded within almost all digital image formats that can be broken
74
into binary bits. However, the use of JPEG and PNG could add to the security
of the hidden data, due to the fact that they contain greater number of color
combinations for each pixel representing an image, compared to GIF storage
format images.
Despite the great amount of security added to a stego-message vm this
algorithm in terms of time-consumption though, this method could add extra
amount of process time for encoding the secret data. This is due to the fact
that this algorithm uses a time-consuming loop in order to assign the random
values to each secret-bit specifying their indexed positions among the original
image-bits of each sub-pixel. This creates a time-consuming encoding process
when using this method.
In terms of capacity, however, as mentioned earlier, the maximum capacity
for secret data-bit insertion, using a simple LSB method, is 4 bits per sub
pixel of a RGB system. This is the limit for LSB replacement method, and is
considered as an image distortion threshold (before an image is perceptibly
distorted). Although this method does not include any specifications for a
certain LSB replacement, but in order to maximize the capacity for secret
data insertion and transmission, the LSB 4-bits can be considered.
The robustness of the stego-file, however, using the proposed method,
entirely depends on the storage format used for the image. The use of certain
storage formats, like JPEG, may cause the loss of secret data once the file is
75
decompressed, or the use of some steganalysis methods might corrupt or
destroy the information. Using the proposed method has a tremendous effect
on the security of the stego-message, rather than affecting the robustness of a
stego-file. This algorithm includes the existing robustness implemented for a
regular LSB method.
Since the proposed method is using the LSB insertion in a random order, a
detailed comparison between the proposed algorithm, as well as various LSB
methods (i.e. LSB 1-bit, LSB 2-bits and LSB 3-bits) will be provided.
A simple and basic LSB method that replaces the original binary bits of an
image with the secret data-bits may have a great impact on the stego-image.
This is due to the fact that a sequential LSB insertion will increase the
perceptible distortion of the stego-image, which may draw attention and
result in detection of the stego-file. Figure 19 indicates the impact of a simple
LSB insertion in a sequential order of the sub-pixels. a) The original image.
b) The LSB-plane of the stego-image results from sequential embedding. Only
the red and part of the green components are filled with data, while the
others are padded with Os. [25]. In this scenario, the LSB insertion has been
taken to extreme, due to the fact that the secret bits are replaced with the red
and part of the green sub-pixels, and the rest of the image bits have been
filled with zeros, instead of the original remaining bits. But the level of image
distortion is sufficiently high to raise suspicion and result in easily detection
of the stego-image.
76
Figure 19: The effects of a simple LSB encoding [25]:
a. b.
The use of different storage format can also have a great impact on a stgo
image. The use of an 8-bit image, like a GIF image format with only 256 color
combinations can result in adverse information hiding outcome. Figure 20
represents the impact of embedding secret data-bits with the use of a
steganographic method that changes the LSBs of an 8-bit image [2].
Figure 20
OriginalS-bit Cover Image The 8-bit Stego-Image
A 24-bit image format, however, can produce a far less noisy or distorted
stego-image. The size of a 24-bit image, on the other hand, will be much
77
larger than an 8-bit image, which makes the stego-image not suitable for
transmission [2].
Two black and white images at magnification x3 are shown below (figure 21).
On the left is the original 256 grey-level image, and on the right is the same
image reduced to 128 grey-level that is stegoed via stego-1bit insertion
method. There are some insignificant shading differences between the two
images. These slight differences are impossible to be detected, however,
without comparing the stego-image to the original one [2].
Figure 21
Original Black and white Tree [2] StegolBit Black and White Tree [2]
Images below are the color versions of the same images magnified x3 (figure
22). Again, the original 256 color image is reduced to 128 colors and stegoed
via same stego-method, stego-1bit. Like the black and white images, there
are slight shading differences between the two images, but unless the
original and the stego-image are placed side-by-side and compared with each
other, no one can note the difference between the two images [2].
78
Figure 22
Original color image of trees [2] Stego-lbit color image of trees [2]
There is a compromising relationship between the quality of the stego-image
and the capacity of data-hiding. As the number of LSBs increases, the
capacity of data-hiding will also increase, which allows for more secret bits to
be embedded within the file. But, on the other hand, the quality of the stego
image will decrease, which results in visual distortion of the stego-image.
This, in particular, applies to the sequential LSB insertion methods, in which
the adjacent and neighboring original bits are replaced with the secret data
bits. Figure 23 illustrates the impact of various LSB insertion methods (LSB
3-bits, LSB 5bits, and LSB 7 -bits) on the image of Lena.
79
Figure 23
(a) Original image (b) LSB 3-bits stegoed
(c) LSB 5-bits stegoed (d) LSB 7-bits stegoed http://www2.ulg.ac.be/telecom/publi/publications/mvd/acivs2002mvd/index.html
It also important to note that the use of most significant bits, MSB, for
embedding secret information could have far greater effect on the original
image, when compared to the replacement of the least significant bits, LSB.
Figure 24 shows the picture of Lena with embedding data via MSB method.
80
Figure 24
Lena and her bit-planes (i7, ... ,io) starting from the most significant bit.
http://www2.ulg.ac.be/telecom/publi/publications/mvd/acivs2002mvd/index.html
The proposed method, however, as mentioned earlier, uses a random number
generator to replace the original image bits with the secret data-bits in a
81
random mode. This random insertion of the secret data-bits increases the
security of the message, as an attacker has no idea of where the message bits
are stored, and therefore can not recover the secret message. Unlike in other
LSB insertion methods, there is a direct relationship between the security of
the message and the capacity for data-hiding in the proposed method. As the
capacity for data-hiding increases the security of the secret message will also
increase. In fact, as the number of LSBs grow larger (i.e. 1-bit, 2-bits, 3-bits,
etc.), the security level of the secret embedded message will exponentially
increase. But on the other hand, like the other LSB methods, the quality of
the original image will be decreased, as both the security and the capacity
increase (table 5).
The proposed algorithm starts by reading the secret message bits, as binary
bits, into an array (array1). Another array (array2) stores the original bits of
the cover image. A random number generator (RNG) specifies the indexed
position of the original image-bit within array2 that will be replaced by the
secret bit from arrayl. The RNG randomize numbers from the set
{4,5,6,7,12,13,14,15,20,21,22,23}, non-repeatable, which can randomly
correspond to the second 4-bits of the red, green, and the blue colors of the
RGB sub-pixels in a 24-bits image format. In a 32-bits image format, the
alpha bits (transparency byte) will be skipped, and the secret data-bits will be
inserted into the next RGB sub-pixels respectively, until the secret message
is completely encoded. The values generated randomly by the RNG are
82
assigned to secret bits respectively, as the array1 reaches the Null value.
Once the secret message bits are completely replaced (array1==Null and the
secret message completed), the remaining bits within array2 stay unchanged
with the original image-bits. The values generated by the RNG are also
stored in a third array (array3), which will be used as a private key for the
intended recipient to reconstruct the secret message.
The following is a simple illustration of the proposed method in theory, based
on 24-bits image format:
Assuming that the proposed method is using the maximum capacity (LSB 4-
bits) steganography, when the RNG value is 5, the original GLSB1 (green 1st
least significant bit) will be replaced by the first bit of the secret bit. Once the
RNG value is 1, the RLSB1 (red 1st least significant bit) will be replaced with
corresponding secret bit, and when the RNG value is 10, the BLSB2 (blue 2nd
least significant bit) is replaced, and so on.
Array1 (secret bits)= [0101,0111,0101. ... ] Array2 (original bits)= [11001110,11101011,10011010,10110010 .... ]
Red Green Blue Alpha 1100,1110 1110,1011 1001,1010 1011,0010
The use of commas between the bits is for visual aid and simplifications.
RNG = 5; GLSB1 is replaced with the first secret bit. Array1 (secret bits)= [!!101,0111,0101 .... ]
Array2 (original bits)= [11001110,1110101.Q,10011010,10110010 .... ] Red Green Blue Alpha
1100,1110 1110,101!! 1001,1010 1011,0010
83
RNG = 1; RLSB1 is replaced with the next secret bit. Array1 (secret bits)= [0101,0111,0101. ... ]
Array2 (original bits)= [11001111,11101011,10011010,10110010 .... ] Red Green Blue Alpha
1100,1111 1110,1011 1001,1010 1011,0010
RNG = 10; BLSB2 is replaced with the third secret bit. Array1 (secret bits)= [01.(!1,0111,0101. ... ]
Array2 (original bits)= [11001110,11101011,100110.Q0,10110010 .... ] Red Green Blue Alpha
1100,1110 1110,1011 1001,10!!0 1011,0010
The random replacement of secret bits continues with the same mode until
the end of array1 (array1 == Null). That is when the secret message has
completely been embedded into the cover image. The remaining original bits
stay unmodified within array2.
A brief pseudocode of the proposed method, based on a 24-bits image format
and the LSB 4-bits insertion, may be as the following:
openFile( originallmage ); array1 = readFile(originallmage); //reading and storing the image bit by bit
openFile(secertMessage); array2 = readFile(secertMessage); //reading and storing the secret message
int count1 = count2 =0; inti =j = 0;
while (!EndofFile(seceretMessage)) {//until the data is completely embedded for (i = 0; i = 12; i ++) {
j = rng(); //randomly from {4,5,6,7,12,13,14,15,20,21,22,23}, non-repeatable
if (array1[j+countl] != array2[i+count2]) //comparing the bits array1[j+count1] = array2[i+count2]; //replacing of the bits
84
}
count1 =+24; count2 =+ 12; }
This algorithm will add a great amount of security if used as a stand-alone
method of image steganography. The message encoded within a cover image
by this algorithm will have a decoding permutation of 2A12 * N, where N =
the number of pixels representing the image. It is important to note that the
permutation of the secret key in this method depends on the number of LSBs
used for inserting the secret bits. In this example, LSB 4-bits of each sub-
pixel are replaced with the secret bits in order to provide the maximum
capacity for data-hiding (table 5).
The concentration on three components of a pixel, RGB sub-pixels, results
higher image quality, and lower perceptibility [18]. Using the three RGB sub-
pixels along with LSB 4-bits will provide a somewhat imperceptible distortion
of the stego-image. That in fact, is the distortion threshold of a stego-image.
Four bits (LSB 4-bits) are the maximum LSBs that can be used for a LSB
insertion system before the image is visually distorted and easily detected [2].
As mentioned earlier, the insertion of the lease significant bits, LSBs, in a
sequential order of the pixels may cause distortions that are easily detected
by a stego-analyst [15]. This may be the most important drawbacks of using
LSB methods. Despite the amount of security added by the proposed
algorithm, this approach may suffer from the same drawback, due to the fact
85
that it uses almost the same model (i.e. LSB) for the secret-data insertion. In
order to avoid such occurrence (image distortion, due to sequential pixel
manipulation), the proposed algorithm can be used in conjunction with
another algorithm, instead of using it as a stand-alone method; a proposed
hybrid stego-system that includes the use of the proposed algorithm In
conjunction with the random bit method.
The proposed algorithm may be used as an added security feature to the
random bits method, which randomly spreads the secret data-bits all over the
image, and prevents image distortions. The random bits method is using
discrete cosine transform, DCT, coefficient in order to randomly specify a
pixel to store the secret bits. This random positioning of the pixels within an
image is based on the image's (x, y) coordinate system. With the use of a
random number generator, the DCT coefficients (the pixels) are specified,
where the LSBs are replaced with the secret message bits [2] [15].
This hybrid stego-system would use two private keys in order to encode secret
messages. One key indicates the positions of the pixels holding the secret
bits, based on the (x, y) coordinate system, while the other key represents the
index position of the bit among the LSBs of each RGB sub-pixel. The intended
recipients must have both private keys in order to be able to retrieve the
secret message.
86
The models below illustrates the stego-process, as well as the decoding
process of using the hybrid method, where C is the cover image, M is the
message that needs to be encoded, Kl (first private key) indicates the random
(x, y) position of the pixel storing the secret bits, K2 (second private key)
represents the random indices of the replaced bits, E is the embedding
mechanism or algorithm, and finally SM is the generated stego-image.
Modell: Stego-Process The hybrid model of the stego-system
E
Model 2: Decoding Process The reconstruction of the secret message
The random bits method, as a stand-alone stego-system, provides a great
amount of data-security, with a permutation of N!, where N is the number of
pixels representing a digital image. This makes a stego-message extremely
difficult to crack. The use of this method, however, in conjunction with the
proposed algorithm could even make the secret data far more protected.
87
With the use of two private keys, this hybrid system makes the stego
message far more unbreakable. Without the two private keys, it would be
entirely impossible to retrieve the secret information. This is due to the fact
that the hybrid stego-system renders a secret-bit permutation of 2A 12 * N!,
where N = number of pixels representing the image. In other words, for every
single secret bit hidden into an image via this method, an attacker should
test all the permutations (2A 12 * N!), in order to find the hidden bits that
makes the secret message. This might be very close to impossible, even with
strongest steganlysis tools. So, even if the stego-image is detected, the secret
data can not possibly be recovered. Table 5 includes a summary of the
permutations among various methods. These numbers (i.e. permutations)
represents the amount of bit-combinations that an intruder should calculate
and place together in order to recover the secret message.
This hybrid stego-system provides the most secure way of transmitting secret
information from one end to another, without any possible detection. This
method uses the combination of the two algorithms; the random bits
algorithm in conjunction with the proposed algorithm. Therefore, like the
proposed method, when the secret message has completely been embedded
into the cover image, the remaining original bits stay unmodified.
In addition to the increased security of the stego-message, the proposed
hybrid method may produce a higher quality stego-image as well. This is due
to the fact that the secret bits are randomly spread all over an image through
88
this method, rather than being replaced with the original bits of the adjacent
and neighboring sub-pixels in a sequential order, like in any simple LSB
method. In fact, the random insertion of the secret bits causes the slight
color-changes of the sub-pixels to be randomly spread all over an image,
rather than being concentrated in one particular area of the image. This may
result in a higher quality stego-image with far lower risk of being visually
perceptible and detected.
89
Table 5
The permutation of the stego-message-bits in various methods
N =Number of pixels representing an image.
90
CHAPTER6 CONCLUSION
Secure communication and transmission of vital information are the essential
needs of today's business environment, as well as national security and
intelligence community. This is the reason for increasing significance of
steganography in applications like bank-transactions and battlefield
communications, as conveying crucial information to intended recipients,
while preventing access to others. The proposed hybrid stego-system provides
such security for transmitting secret information from one end to another,
without any possible cracking of the secret message.
The recent growth of the internet created a 21st century battle field between
steganography and steganalysis. They both have contributed great amounts
of influence on information security. In both sides of the battle, different tools
have been developed to better meet the needs of a widely open environment
like the internet. Stronger countermeasures on both sides have been
emerging. The enhancement of these tools would benefit not only the national
security and intelligence community, but also provide a wide range of
services and applications used for peaceful purposes. As more emphasis is
placed on the areas of copyright protection, privacy protection, and
surveillance, steganography will continue to grow in importance as a
protection mechanism.
91
REFERENCES
1. Wikipedia. Retrieved March 03, 2011, from: http:/ /en. wikipedia.org/wiki!Steganography
2. Curran, K. and Bailey, K., "An Evelution of Image BasedSteganography Methods", International Journal of Digital Evidence Fall2003, Volume 2, Issue 2.
3. Courtney, M. and Stix, A., "Building a Steganography Program Including How to Load, Process, and Save JPEG and PNG Files in Java", Mathematics and Computer Education 40 no1 19-35, 2006. Retrieved March 09, 2011, from: http://vnweb.hwwilsonweb.eom.libproxy.csun.edu/hww/results/results_sin gle.jhtml;hwwilsonid=BOCEOVKLGGAOLQA3DIOSFGOADUNGIIVO
4. Dunbar, B., "A detailed look at Steganographic Techniques and their use in an Open-Systems Environment", 2002.
5. Zhang, L. Wang, H. and Wu, R., "A High-Capacity Steganography Scheme for JPEG2000 Baseline System", Vol.18, 2009. Retrieved June 21, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edulstamp/stamp.jsp?tp=&arnum ber=4840534
6. Johnson, F.N~, Durie, Z., Jajodia, S. and Meinori:, N., "Information Hiding:: Steganography and Watermarking,-Attacks and Countermeasures7',
2001. Retrieved March 03, 2011, from: http:/ I spiedigitallibrary. org/j ei/resource/1/j eime5/v 1 O/i3/p825 _s 1 ?isAu thor ized=no
7. Zamani, M., Manaf, A.A., Ahmad, R.B., Zeki, A., and Abdullah, S. "A Genetic-Algorithm-Based Approach for Audio Steganography", 2009. Retrieved June 21, 2011, from: http://www.waset.org/journals/waset/v54/v54-63.pdf
8. Gopalan, K. and Wenndt, S. "AUDIO STEGANOGRAPHY FOR COVERT DATA TRANSMISSION BY IMPERCEPTIBLE TONE INSERTION". Retrieved June 20, 2011, from: http://www.purduecal.edu/engr/docs/GopalanKali 422 049.pdf
9. Shirali-Shahreza, M. and Shirali-Shahreza, H., "Text Steganography in SMS", 2007. Retrieved July 13, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edu/stamp/stamp.isp?tp=&arnum ber=4420590
92
10. Gutub A.A. and Fattani M.M. "A Novel Arabic Text Steganography Method Using Letter Points and Extensions", 2007. Retrieved July 13, 2011, from: http://www.waset.org/journals/waset/v27 /v27 -5.pdf
11. Jebran, A., "Text 2Text Steganography- Part 2", 2007. Retrieved August 25, 2011, from: http://www.codeproject.com/KB/vb/Text 2Text Steganography2.aspx
12. DhobaJe, D.D., Ghorpade, V.R., Patjj, B.S., and PatiJ, S.B., "STEGANOGRAPHY BY HIDING DATA IN TCPIIP HEADERS", 2010. Retrieved August 25, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edu/stamp/stamp.jsp?tp=&arnum ber=5579643
13. Murdoch, S. J. and Lewis, S., "Embedding Covert Channels into TCP!IP", 2005. Retrieved May 10, 2011, from: http://www .cl.cam. ac. uk/ -sjm217/papers/ih05coverttcp.pdf
14. Silman, J., "Steganography and Steganalysis: An Overview", 2001. Retrieved August 25, 2011, from: http://www .sans.org/reading room/whitepapers/stenganography/steganog raphy-steganalysis-overview 553
15. Provos, N. and Honeyman, P., "Hide and Seek: An Introduction to Steganography", 2003. Retrieved August 25, 2011, from: http://niels.xtdnet.nl/papers/practical.pdf
16. Guillermito, "A few tools to discover hidden data", 2004. Retrieved July 13, 2011, from: http://www.guillermito2.net/stegano/tools/index.html
17. Wikipedia. Retrieved August 25, 2011, from: http://en.wikipedia.org/wiki!Audio file format
18. Singh, T. and Jindal, S., "IMAGE STEGANOGRAPHY USING MIXED CHANNELREPLACEMENT", 2011. Retrieved September 27,2011, from: http://www.scribd.com/doc/70850147/IMAGE-STEGANOGRAPHYUSING-MIXED-CHANNEL-REPLACEMENT
19. Al-Othmani, A. Z. M., "Prototype development ofVOIP Steganography", 2009. Retrieved September 27, 2011, from: http://eprints. utm.my/11240/1/AbdulaleemZaidMohammedMFSKSM20 10 .pdf? &lang=en us&ou tput=json
20. Bandyopadhyay, S.K., Bhattacharyya, D., Ganguly,D., Mukherjee, S., and Poulami, D., "A Tutorial Review on Steganography", 2008. Retrieved August 25, 2011, from: http://www.jiit.ac.in/jiit/ic3/IC3 2008/IC3-2008/APP2 2l.pdf?&lang=en us&output=json
93
21. Amin, M.M., Salleh, M., Ibrahim, S., Katmin, M.R., and Shamsuddin, M.Z.I. "Information Hiding using Steganography", 2003. Retrieved May 10, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edu/stamp/stamp.jsp?tp=&arnum ber=1188294
22. Qin, Y., "The Realization of Information Hiding in BMP Images", 2009. Retrieved September 27, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edu/stamp/stamp.jsp?tp=&arnum ber=5403376
23. Harmsen, J. and Pearlman, W., "Capacity ofSteganographic Channels", 2009. Retrieved October 18, 2011, from: http://ieeexplore.ieee.org.libproxy.csun.edu/stamp/stamp.jsp?tp=&arnum ber=4802306
24. Kessler, C. G., "Steganography: Hiding Data Within Data", 2001. Retrieved May 10, 2011, from: http://www.garykessler.net/library/steganography.html
25. WANG, H. AND WANG, S., "Cyber Warfare: Steganography vs. Steganalysis", 2004. Retrieved October 18,2011, from: http://delivery.acm.org.libproxy.csun.edu/10.1145/1030000/1022597/p76-wang[1]. pdf?key1=1022597 &key2=7360716921&coll=DL&dl=ACM&CFI D=77 41685&CFTOKEN =33770365
94