Steganography is the art and science of sending covert messages such that the existence and nature of such a message is only known by the sender and intended recipient.
Steganography has been practised for thousands of years, but in the last two decades steganography has been introduced to digital media. Digital steganography techniques typically focus on hiding messages inside image and audio files; in comparison, the amount of research into other digital media formats (such as video) is substantially limited.
In this talk we will discuss the history of steganography and the categories of steganographic technique before briefly discussing image and audio steganography and how to build such tools. The main body of our talk will focus on how video files are coded and the steganographic techniques that can be used to hide messages inside video files.
The principles discussed in this talk will be illustrated with live demos.
2. Overview
• Introduction
• History and literature
• Steganographic techniques
• Audio steganography
• Image steganography
• Video coding
• Video steganography
Copyright James Ridgway 2013
4. Steganography
The art and science of writing covert messages such that
the presence of the message is only known to the sender
and recipient.
Derived from Greek words:
• Steganos
Meaning: “covered or protected”
• Graphia
Definition: “writing”
First appears in the literature in Steganographia by
Johannes Trithemius, published 1606.
Copyright James Ridgway 2013
5. Steganography vs. Cryptography
Cryptography is the practice and study of secure
communication.
Steganography is the art and science of covert
communication.
There are some transferrable concepts such as
Kerckhoffs' principle.
Copyright James Ridgway 2013
6. Origin
• Message tattooed on the scalp
persuading Aristagoras to revolt against
the Persian King.
• Demeratus used a wax tablet to warn
Sparta of the invasion of Greece by the
Persians.
• Aeneas the Tactician
– Women's earings
– Pigeons
Herodotus. The Histories. Penguin Books, 1996.
D. Whitehead. How to survive under siege. Clarendon ancient history series. Clarendon Press, 1990.
Herodotus
484 – 425 BC
Master: Histiaeus.
Copyright James Ridgway 2013
7. Linguistic Steganography
• Giovanni Boccaccio
– 14th Century
– 1500 letters embedded in his poem, Amorosa
Visione.
• Francis Bacon
– Normal or italic font.
• Brewster, 1857
– Photographic technique.
Copyright James Ridgway 2013
8. Linguistic Steganography
World War II telegram sent by a German spy:
Copyright James Ridgway 2013
Apparently neutral's protest is thoroughly discounted and
ignored. Isman hard hit. Blockade issue affects pretext for
embargo on by-products, ejecting suets and vegetable oils.
9. Apparently neutral's protest is thoroughly discounted and
ignored. Isman hard hit. Blockade issue affects pretext for
embargo on by-products, ejecting suets and vegetable oils.
Linguistic Steganography
World War II telegram sent by a German spy:
Pershing sails from NY June 1
This is an example of a null cipher.
Copyright James Ridgway 2013
10. Linguistic Steganography
• Invisible ink
– Milk, vinegar, diluted honey, sugar solution.
• Hiding information in document images (J.
Brassil et al.)
– Shift lines of text up or down by 1/300th of an
inch.
Copyright James Ridgway 2013
11. Watermarking
• Information about the buyer and seller is
embedded in the file.
• Watermarks can be easy to detect, but they
should be difficult to remove.
• Traceability and public knowledge acts as a
piracy deterrent.
Copyright James Ridgway 2013
12. Printer Steganography
• Brother
• Canon
• Dell
• Epson
• HP
• IBM
• Konica Minolta
• Kyocera
• Lanier
• Lexmark
• Ricoh
• Toshiba
• Xerox
These brands have been
known to include watermarks
of the printer serial number
and timestamps.
Embedding technique takes
the form of small printed
dots.
Copyright James Ridgway 2013
13. Steganalysis
The process of detecting the presence of a
message that has been hidden using
steganography.
Approaches:
• Targeted Steganalysis
• Blind Steganalysis
Copyright James Ridgway 2013
14. Prisoners’ Problem
Copyright James Ridgway 2013
G. J. Simmons. The Prisoners' Problem and the Subliminal Channel. In CRYPTO, pages 51-67, 1983.
Alice Bob
Warden
15. Wardens
• Passive Warden
Observation only
• Active Warden
Determine the presence of the message and
prevent the exchange
• Malicious Warden
Attempt to catch the prisoners communicating.
Sometimes involves impersonating parties and
fabricating entire messages.
Copyright James Ridgway 2013
16. Wardens
During World War II the U.S Post Office censored
telegrams to prevent the exchange of hidden
messages.
Post Office changed “father is dead” to “father is
deceased”
Recipient replied: “is father dead or deceased?”
This is an example of an active warden.
Copyright James Ridgway 2013
19. Injection
• Inject data into redundant parts of a file.
• Files suitable for injection techniques:
– EXE files
– WAV files
• Injection is generally deemed to be less secure
than substitution or generation techniques.
Copyright James Ridgway 2013
20. Substitution
• Modifies pre-existing data of the container
file.
• The file size of the container object is
preserved.
• Limits the steganographic capacity of the
container file.
Copyright James Ridgway 2013
22. Least Significant Bit (LSB) Manipulation
Copyright James Ridgway 2013
11010110
01110100 01100101 01110011 01110100
23. Least Significant Bit (LSB) Manipulation
11010110
01110100 01100101 01110011 01110100
Copyright James Ridgway 2013
11010110
01110100 01100101 01110011 01110100
01110101
24. Least Significant Bit (LSB) Manipulation
11010110
01110100 01100101 01110011 01110100
01110101
Copyright James Ridgway 2013
11010110
01110100 01100101 01110011 01110100
01110101 01100101
25. Least Significant Bit (LSB) Manipulation
11010110
01110100 01100101 01110011 01110100
01110101 01100101
Copyright James Ridgway 2013
11010110
01110100 01100101 01110011 01110100
01110101 01100101 01110010
26. Least Significant Bit (LSB) Manipulation
11010110
01110100 01100101 01110011 01110100
01110101 01100101 01110010
Copyright James Ridgway 2013
11010110
01110100 01100101 01110011 01110100
01110101 01100101 01110010 01110101
27. Generation
• Generates a container file based on the covert
data.
• There is no original container file.
• Considerations:
– Relevance to those communicating
– Complex and time consuming to develop
Copyright James Ridgway 2013
31. Audio Steganography
Position Description Example Value
01-04 Indicate that the file is a RIFF file “RIFF”
05-08 Size of the entire file. Integer
09-12 File Type “WAVE”
13-16 Format chunk marker, includes trailing null character “fmt “
17-20 Size of format chunk 16
21-22 Type of format 1
23-24 Number of channels 2
25-28 Sample rate 44100
29-32 Byte rate = (SampleRate * NoChannels * BitsPerSample) / 8 176400
33-34 Block alignment = (NoChannels * BitsPerSample) / 8 4
35-36 Bits per sample 16
37-40 Data section indicator “data”
41-44 Size of the data section Integer
Copyright James Ridgway 2013
33. WAV Audio Steganography
Java implementation:
1. Requirements: java.io.*
2. Read bits per sample from the header
3. Convert to bytes
4. Move to the beginning of the data portion
5. Embed in the LSB of every sample (size of
sample is known from step 3).
Copyright James Ridgway 2013
36. JPEG
• Transformation from RGB into Y’CBCR.
• Downsampling
• Block splitting
• Discrete cosine transform
• Quantisation
• Entropy Coding
Copyright James Ridgway 2013
37. RGB to Y’CBCR
• Y’
– Luma component
• CBCR
– Croma components
– Scalar difference from Y’
• Receptors of the human
eyes:
– Can see more fine detail
in brighter images
(higher Y’)
– Less sensitive to:
• Hue (CB)
• Saturation (CR)
Copyright James Ridgway 2013
39. Downsampling/Chroma Subsampling
• 4:4:4
No downsampling, full resolution
• 4:2:2
1/2 horizontal, full vertical resolution
• 4:2:0
½ horizontal, ½ vertical resolution
Copyright James Ridgway 2013
+ =
+ =
+ =
Y’(CR, CB) Y’CrCb
40. Block Splitting
• Splitting process is based on downsampling ratio:
– 4:4:4
16x8
– 4:2:2
16x8
– 4:2:0
16x16
• (Y, CB, CR) values are shift from [0, 255] to [-128,
127] and then transformed to the frequency
domain.
Copyright James Ridgway 2013
41. Discrete Cosine Transform
The 2-dimensional DCT, F (m, n), of an M x N pixel
image is defined as follows:
where:
And f(x, y) is the intensity of the pixel at the xth row
and yth.
Copyright James Ridgway 2013
42. Quantization and Entropy Coding
• Human eye is not very
sensitive to changes in
high frequency
brightness.
• Quantization process:
– Divide DCT coefficients
by a constant
– Round the DCT
coefficients (lossy!)
• Entropy coding is a
lossless form of data
compression.
• Encoding occurs in a
zigzag
Copyright James Ridgway 2013
http://en.wikipedia.org/wiki/File:JPEG_ZigZag.svg
43. Image Steganography
• Lossy compression techniques
– Embed data in the quantised DCT coefficients of
JPEG images.
• Lossless compression techniques
– PNG palette based (24-bit RGB, 32-bit ARGB).
– GIF fixed 256 colour palette
Copyright James Ridgway 2013
44. PNG Image Steganography
• Modify the LSB each pixel of a PNG
– 3-bytes for 24-bit palette (RGB)
– 4-bytes for 32-bit palette (ARGB)
Copyright James Ridgway 2013
Original ModifiedOriginal
A B C
46. PNG Image Steganography
• Built in Java (Encoding Process):
1. Read image into a BufferedImage.
2. Raster BufferedImage.
3. Cast DataBuffer from the raster image to a
DataBufferByte
4. Get the data (byte) array from
DataBufferByte.
5. Manipulate the byte array
6. Use ImageIO to write the modified byte array
of colour values to a PNG file.
Copyright James Ridgway 2013
56. Frame Types
• Intra Frame
Encoded using the same principles of lossy
JPEG compression.
• Predicted Frame
Coded with reference to a previous frame.
• Bidirectional Frame
Predicted from past and future reference
frames.
Copyright James Ridgway 2013
59. Streaming and Real Time
• A. J. Mozo and M. E. Obien and C. J. Rigor and D. F. Rayel and
K. Chua and G. Tangonan. (2009). Video Steganography using
Flash Video (FLV).
Copyright James Ridgway 2013
A A V A V V A V A V A V V A
A A A A A A A V V V V V V V
A V A V A V A V A V A V A V
60. MPEG and DCT
• I-frames are coded similarly to JPEG images,
therefore have DCT coefficients.
• Can use LSB manipulation to hide information
in the DCT coefficients.
– T. Shanableh. (2012). Matrix encoding for data hiding using multilayer
video coding and transcoding solutions.
Copyright James Ridgway 2013
61. LSB techniques
• S. Singh and G. Agarwal. (2010). Hiding image
to video: A new approach of LSB replacement.
– Discuss hiding an image in video by modifying the
LSB of each pixel.
– Implemented in Matlab 7a.
– No mention of video format/codecs used
Copyright James Ridgway 2013
62. TPVD
• A. P. Sherly and P. P. A. Amritha (2010).
Compressed Video Steganography using TPVD.
– Tri-way pixel-value differencing
– Data is hidden in the I-frame.
– Uses motion vectors to determine maximum
scene change.
Copyright James Ridgway 2013
63. Macro Block Techniques
• S.K. Kapotas, E.E. Patras Varsaki, A.N. Skodras
(2007). Data Hiding in H. 264 Encoded Video
Sequences
– Discussion of a technique for hiding information in the
type of macro block used.
• 16x16 = 00
• 8 x 16 = 01
• 8x16 = 10
• 8x8 = 11
• 8x4
• 4x8
• 4x4
Copyright James Ridgway 2013
65. Software Solution
• Command line tool
– Written in C
– Uses FFmpeg
• Java GUI
– Interfaces with the command line tool
– Uses Xuggler
• Capable of embedding in MPEG4/H.264 using
motion vector techniques.
Copyright James Ridgway 2013
66. In the beginning…
1. Attempted to write our solution entirely in
Java using Xuggler.
2. Investigated Java Media Framework (JMF).
3. Could have used Java Native Interface (JNI).
4. Attempted to use FFmpeg and modify a
video file by linking to the libraries (avcodec,
avformat, …)
Copyright James Ridgway 2013
67. Findings
• Modify FFmpeg source code and incorporate
this in our solution.
• Modify the motion vectors (but after the
quantization process).
• Avoid macro blocks based on macro block
type.
Copyright James Ridgway 2013
68. Techniques Implemented
All techniques use 256-bit FIPS-197 compliant
CBC AES encryption:
1. Encode in the X-component of the first
macroblock motion vector.
2. Encode in the Y-component of the first
macroblock motion vector.
Copyright James Ridgway 2013
69. AES Cryptography
• Derived from Rijndael.
Developed by Belgian
cryptographers:
– Joan Daemen
– Vincent Rijmen
• AES later defined in FIPS-
197
http://csrc.nist.gov/publications/fips/fips1
97/fips-197.pdf
• Key Expansion/Key
Schedule
• Initial Round
– AddRoundKey
• Rounds
– SubBytes
– ShiftRows
– MixColumns
– AddRoundKey
• Final Round
– SubBytes
– ShiftRows
– AddRoundKey
Copyright James Ridgway 2013
http://en.wikipedia.org/wiki/File:AES-SubBytes.svg
72. Steganalysis Tools
1. Visual comparison of frames.
2. Comparison of motion vectors of frames.
3. Video stream frame type overview
Copyright James Ridgway 2013