Design of Secure Steganography

1
Design of Secure Steganography
University College Dublin Dublin, Ireland, March
2002
Joachim J. Eggers Univ. of Erlangen-Nuremberg egg
ers_at_LNT.de
2
Outline

• Basics of steganography
• ST-SCS watermarking for steganography
• Histogram preserving steganography
• Experimental results for image data

3
Basics of Steganography

• Channel model
• Design criteria
• Statistical models

4
Channel Model for Steganography
cover data x
Message u
steganogr. data r
Message u
Key K
Key K
Alice
Bob
Eve
5
General Considerations

• Image data is attractive cover data
• significant amount of data
• small modifications are invisible
• innocent (typical data to be communicated)
• Eve analyses the steganographic image
• size (e.g., bits per pixel)
• subjective quality
• statistical properties

requires lossy compressed images (e.g. JPEG
format)
tractable measurement MSE between cover
image and steganographic image
6
Statistical Steganalysis I
H0 common cover data
Hypothesis test
H1 contains hidden message
?
typical statistical property of given cover data
statistical properties of data at hand

• measured from many realizations
• different for images, audio, ...

• estimation accuracy depends on
• the model
• fine model ? large error

Successful steganography exploits the difference
between a random variable and the realization of
a random variable!
7
Statistical Steganalysis II

• Security measure (Cachin 98)
• relative entropy
• perfect security D(pxx, prx) 0
• here only 1-D PMFs prr and pxx

stego data
cover data
identical PMFs
8
ST-SCS Watermarking for Steganography

• Communication model
• Costas result
• Scalar Costa Scheme
• Spread Transform
• Capacity analysis
• Usage for steganography

9
Model for Blind Watermarking
Host signal x
Quality ?
Public signal s
Watermark message m
Encoder
Watermark signal w
Hostile channel
Quality ?
Estimated watermark message m
Pre-processing (e.g. sync.)
Decoder
Attacked signal r
y
10
IID Host Signals AWGN Attack
Host signal x
Distortion sw2
Public signal s
Watermark message m
Encoder U
Watermark signal w
Noise v
Distortion sw2sv2
Estimated watermark message m
Decoder U
Attacked signal r
y r
11
Spread-Spectrum Watermarking

• Side information about the host data is not
  exploited!
• Properties
• pseudo-noise sequence w secret key
• correlation detection is very reliable for long
  signals
• host signal is dominating interference source

12
Costas Scheme

• Costa, 83 Writing on Dirty Paper
• Specific case
• IID Gaussian noise
• IID Gaussian host signal
• Information theoric result
• Watermark capacity is independent of host signal!
• Costas Scheme
• is not practical
• gives insights into the problem of communication
  with side information

13
Scalar Costa Scheme (SCS)

• Codebook U uniform scalar Quantizer
• Message m ? d1d2dN embedded in x ?
  x1x2xN
• Example dn ? 0,1 (binary SCS)
• Embedding rule

xn
a
sn
xq,n
d 0
d 1
D
Trade off embedding distortion vs. robustness
sn xn a(xq,n xn)
14
PDF of Public Signal s
p(sd0)
p(sd1)
Binary SCS
p(sd1)
p(sd0)
Dither Modulation (DM) Chen Wornell (98)
15
PDF of Received Signal y
Decoder error for d0
p(yd)
y
-2
-1
0
1
2
Binary SCS (one period)
SCS p(yd0) and p(yd1) computed numerically
16
SCS with n-ary Signaling
2, 3, 4 or 5 shifted quantizers
Larger signaling alphabet becomes important
17
Spread-Transform Watermarking
x2

• Example spreading factor n2
• x - host signal
• s - public signal
• Noise orthogonal to the spreading direction does
  not affect the detection performance
• 3 dB gain for n2

s
spreading direction
x
watermark
xST
x1
18
Achievable Rate of ST-Watermarking

• ST-Watermarking is useful for WNRltWNRcrit
• WNRcrit,SCS 0.01dB
• SCS requires lower spread-transform length and
  achieves higher rates than comparable schemes at
  the same WNR!

Capacity
SCS
achievable rate R bit/element
ST-SCS
WNR dB
19
Capacity of Blind Watermarking Schemes
SCS SCCC pb ? 10-5
1.2
Ideal Costa Scheme (ICS)
1
SCS
0.8
SCS Turbo Codes pb ? 10-5
Capacity CAWGN bit/element
0.6
Blind Spread- Spectrum WM (Document-to-WM Rati
o 15 dB)
0.4
0.2
0
-10
-15
-5
0
5
10
15
WNR dB 20 log10(sw/sv)
20
Steganography Based onST-SCS Watermarking
x
Eve
u
u
w
r

• ST-SCS watermarking
• high watermark rate for low attack noise power
• x and w are statistically independent

pxx
pww
prr ? pxx
in general not identical
21
Histogram Preserving Steganography

• Histogram modifications
• Switched data mapping
• Histogram preserving data mapping (HPDM)

22
Perfect Histogram Modification
original histogram
target histogram

• Any target histogram can be achieved perfectly
• Mese, Vaidyanathan 01
• Determine mapping with minimum MSE distortion

23
Information Embedding Based on Switched Data
Mapping
mapping for message bit b 0
prob(b0)
steganographic data r
prob(x even) P0 prob(x odd) P1
prob(b1)
mapping for message bit b 1
24
Histogram Preserving Data Mapping (HPDM)

• perfect security D(pxx, prx) 0 requires
  prob(b1) P1
• embedding rate
• H(P1) P1log2(P1) (1-P1)log2(1-P1)
  bit/element

25
Image Steganography

• Embedding for JPEG
• Security evaluation
• Embedding rates

26
Image Steganography
message u
cover image
Information Embedding JPEG Quantization
JPEG Entropy Coding
JPEG stream
8x8 block DCT
steganographic data
64 channels
ST-SCS or HPDM
27
Security of HPDM and ST-SCS
Example Lenna, grayscale, 512x512 JPEG Quality
75 PSNR 36.42 dB
0.12
0.1
0.08
detectable ?
relative entropy
0.06
0.04
0.02
0
5
10
15
20
DCT channel number
28
Example Histogram
15th DCT-component
standard JPEG
HPDM
probability mass function
ST-SCS
visible spreading due to ST-SCS watermark
coefficient value
29
File Size Comparison
Example Lenna, grayscale, 512x512
PDF mismatch
subchannel dependencies
subchannel dependencies
Remaining security hole!
kBytes
Ideal schemes should compress the cover data and
the steganographic data to almost the same file
size!
30
Conclusions

• Basics
• Image Steganography requires lossy compression
• Steganography does not require robustness
• Security measured by relative entropy
• ST-SCS watermarking almost secure for flat cover
  PDFs
• Histogram Preserving Data Mapping (HPDM)
• high embedding rate
• perfectly secure within given model
• To do extension to higher dimensional PDFs