Presentation is loading. Please wait.

Presentation is loading. Please wait.

Steganography detection Roland Cmorik, Martin Šumák.

Similar presentations


Presentation on theme: "Steganography detection Roland Cmorik, Martin Šumák."— Presentation transcript:

1 Steganography detection Roland Cmorik, Martin Šumák

2 Introduction cryptography and steganography are used for exchanging a secret information, cryptography and steganography are used for exchanging a secret information, the difference - steganography is a method how to communicate invisibly, the difference - steganography is a method how to communicate invisibly, the cover medium is a message in which the secret message can be hidden, the cover medium is a message in which the secret message can be hidden,

3 Introduction hidden message can be also encrypted before embedding hidden message can be also encrypted before embedding cover medium should contain enough amount of redundancy and ucertainty, cover medium should contain enough amount of redundancy and ucertainty, the data such as images, videos and sounds contain huge amount of uncertainty (ex. the least significant bits of pictures) the data such as images, videos and sounds contain huge amount of uncertainty (ex. the least significant bits of pictures)

4 Watermarks Strong watermarks - keep indentity of author of some file (book, video, photography,...). They would be found even after the file undergoes a great deal of distortion. Strong watermarks - keep indentity of author of some file (book, video, photography,...). They would be found even after the file undergoes a great deal of distortion. Weak watermarks – are made as fragile as possible. They have to disappear even if a minimal change of the file would occur. Weak watermarks – are made as fragile as possible. They have to disappear even if a minimal change of the file would occur. The combination is a good protection before tampering the file. The combination is a good protection before tampering the file.

5 Steganography techniques replace the noise in an image, replace the noise in an image, eight bits for each color component (RGB) so colors of pixels are expressed with extra precision, eight bits for each color component (RGB) so colors of pixels are expressed with extra precision, the secret message can be stored in least significant bits of color components, the secret message can be stored in least significant bits of color components, changed image is for human eye identical with original image changed image is for human eye identical with original image disadvantage - easy to detect by visual or statistical attacks, disadvantage - easy to detect by visual or statistical attacks, more sophisticated way is to spread the information between many files (needs larger cover medium ). more sophisticated way is to spread the information between many files (needs larger cover medium ).

6 Steganography techniques Mimic data - this technique doesn’t try to change a cover medium, it tries to create a message only from the secret message. Mimic data - this technique doesn’t try to change a cover medium, it tries to create a message only from the secret message. Example - create a chess game notation, that represents a random chess game. The bits of secret message can be hidden as order of black or white squares of moves in the game. Example - create a chess game notation, that represents a random chess game. The bits of secret message can be hidden as order of black or white squares of moves in the game.

7 Attacks on steganography Attacking staganographic algorithms is very similar to attacking cryptographic algorithms. Attacking staganographic algorithms is very similar to attacking cryptographic algorithms. Some possible attacks: File only - determine if there is a hidden message. File and original Copy - destroy hidden information, extract the information, replace... Some possible attacks: File only - determine if there is a hidden message. File and original Copy - destroy hidden information, extract the information, replace...

8 Attacks on steganography Compression Attack: One of the simplest attacks is to compress the file. Compression algorithms try to remove the extraneous information from a file, and “hidden” is often equivalent to “extraneous”. Compression Attack: One of the simplest attacks is to compress the file. Compression algorithms try to remove the extraneous information from a file, and “hidden” is often equivalent to “extraneous”. Random Tweaking Attack: An attacker could simply add small, random tweaks. Random Tweaking Attack: An attacker could simply add small, random tweaks. Reformat Attack: One possible attack is to change the format of the file. Different file formats don’t store data in exactly same way (BMP, GIF, JPEG) Reformat Attack: One possible attack is to change the format of the file. Different file formats don’t store data in exactly same way (BMP, GIF, JPEG)

9 Staganalysis Deals with identifying the existence of a message (File Only Attack). Deals with identifying the existence of a message (File Only Attack). Many of the basic tests in steganalysis will just identify the possible existence of a message. In some cases, hidden bits are spread throughout the file. Many of the basic tests in steganalysis will just identify the possible existence of a message. In some cases, hidden bits are spread throughout the file. Some of these algorithms can’t tell you where they are, but they can tell that the hidden bits are probably there. Some of these algorithms can’t tell you where they are, but they can tell that the hidden bits are probably there.

10 Staganalysis The basic approaches can be divided into these categories: Structural Attacks Structural Attacks Visual or Aural Attacks Visual or Aural Attacks Statistical Attacks Statistical Attacks

11 Structural Attacks Steganographic algorithms often leave behind a characteristic structure to the data. Steganographic algorithms often leave behind a characteristic structure to the data. Hiding information in the least significant bit is simple when each pixel is represented by 24 bits such as BMP. Hiding information in the least significant bit is simple when each pixel is represented by 24 bits such as BMP. But, file formats such as GIF allocate 8 bits or fewer by building a palette of selected colors. Each pixel of image is represented by index of color in the palette. Hiding information in GIF format by tweaking the least significant bit can fail because the palette entries are often not close enough. But, file formats such as GIF allocate 8 bits or fewer by building a palette of selected colors. Each pixel of image is represented by index of color in the palette. Hiding information in GIF format by tweaking the least significant bit can fail because the palette entries are often not close enough.

12 Structural Attacks An effective way how to avoid this problem is to sort the palette An effective way how to avoid this problem is to sort the palette EzStego uses this technique EzStego uses this technique

13 Structural Attacks After hiding procedure the palette must be unsorted to the original form – attacker will not see that steganographic program was used. After hiding procedure the palette must be unsorted to the original form – attacker will not see that steganographic program was used. But if the attacker knows the sorting algorithm (it is deterministic) then he can access to hiden bits. But if the attacker knows the sorting algorithm (it is deterministic) then he can access to hiden bits.

14 Visual Attacks Human is trying to search for visual anomalies. Human is trying to search for visual anomalies. One common test displays the least significant bits of an image. One common test displays the least significant bits of an image. Completely random noise often reveals the existance of a hidden message because imperfect digitalizers leave echoes of the large structure in the least significant bits. Completely random noise often reveals the existance of a hidden message because imperfect digitalizers leave echoes of the large structure in the least significant bits.

15 Visual Attacks On the left is the original picture, on the right one is hiden message embedded in upper half of image (EzStego used). On the left is the original picture, on the right one is hiden message embedded in upper half of image (EzStego used). Least significant bits of pixels (after ordering the palette), it is easy to recognize that there was a hiden message embedded in the right picture. Least significant bits of pixels (after ordering the palette), it is easy to recognize that there was a hiden message embedded in the right picture.

16 Visual Attacks Disadvantages (for attacker): If there are no objects on the picture with clear shapes – it causes random noise on the least significant bits of the original image – can’t see the difference. If there are no objects on the picture with clear shapes – it causes random noise on the least significant bits of the original image – can’t see the difference. It is hard to automatize the visual attacks. It is hard to automatize the visual attacks.

17 Statistical Attacks Visual attacks show that the value of last significant bits of pixels is not as random as it seems. Visual attacks show that the value of last significant bits of pixels is not as random as it seems. Standard embedded message that has to be hidden is more random than the replaced bits. Standard embedded message that has to be hidden is more random than the replaced bits. This property is the main weakness explioted by statistical attacks on steganography. This property is the main weakness explioted by statistical attacks on steganography.

18 Statistical Attacks The simplest statistical test for detecting randomness is the χ2 (chi-squared) test. The simplest statistical test for detecting randomness is the χ2 (chi-squared) test. It is based on differences between expected number of some event occurrences and number of its real occurrences. It is based on differences between expected number of some event occurrences and number of its real occurrences.

19 Statistical Attacks Events e0,..., ek would occur with uniform probability (as bits in a message to hide). If there is n events in a sample sequence at all, the expected number of each ei event occurrences is then n/k. Let ci be the number of real occurrences of ei event. The amount of randomness in the sample sequence of n events is measured with this equation: Events e0,..., ek would occur with uniform probability (as bits in a message to hide). If there is n events in a sample sequence at all, the expected number of each ei event occurrences is then n/k. Let ci be the number of real occurrences of ei event. The amount of randomness in the sample sequence of n events is measured with this equation:

20 Statistical Attacks High scores indicate an unrandom condition and it is typical for any part of original picture. High scores indicate an unrandom condition and it is typical for any part of original picture. Low scores indicate high degree of randomness and it is typical for files with embedded hidden message. Low scores indicate high degree of randomness and it is typical for files with embedded hidden message.

21 Statistical Attacks In χ2 test of some image file the events can be the values of least significant bits (e1 = 0, e2 = 1, n is the number of least significant bits). In χ2 test of some image file the events can be the values of least significant bits (e1 = 0, e2 = 1, n is the number of least significant bits). Or we can also evaluate the randomness of pairs (triplets,…) of coterminously bits or the randomness of squares of p × p pixels in image. Or we can also evaluate the randomness of pairs (triplets,…) of coterminously bits or the randomness of squares of p × p pixels in image.


Download ppt "Steganography detection Roland Cmorik, Martin Šumák."

Similar presentations


Ads by Google