300 likes | 630 Views
Information Hiding in Digital Data. Dr. Jennifer Davidson Dept. of Electrical & Computer Engineering Department of Mathematics. Overview. What is information hiding? General model for hiding & extraction Example of steganography applied to an image Motivation for research in data hiding
E N D
Information Hiding in Digital Data Dr. Jennifer Davidson Dept. of Electrical & Computer Engineering Department of Mathematics
Overview • What is information hiding? • General model for hiding & extraction • Example of steganography applied to an image • Motivation for research in data hiding • Trade-off between model characteristics • Mathematical concepts used in information hiding • Current research • Open problems
What is Information Hiding? • Embedding information in digital data so that it cannot be visually or audibly perceived • Steganography • “covered writing” – Greek • Secret communications that conceal the very existence of the message • Cryptography • Encode message using encryption or coding techniques • Know a message is there but cannot understand it
What is Information Hiding? • Watermarking • Hide information that is directly related to the item in which it is embedded, such as ownership information • Historical examples of information hiding • Shaved head of messenger • Invisible ink • Microdots
Encryption key, other keys Cover work Embedding algorithm Stego work (Images, Audio files, Network packets, Circuitry/software, Text) Information to hide Digital Information Hiding Model Main idea: to use redundancy of data (visible, audio) to insert “extra” information
Digital Information Extraction Model Must know key information and extraction algorithm to extract hidden message reliably Encryption key, perhaps original cover media, other keys Stego work Extraction algorithm Extracted message
Places to Hide Information:Steganography • Images • Audio files • Text • Disk space • Hidden partition • Network Packets • Software • Circuitry
EXAMPLESteganography: Bit plane Methods • Image: replace lowest 3 or 4 least significant bits (LSB) of cover (original) image with message bits or other image data (assume 8 bit values for cover image) • Data is hidden in “noise” of image • Can hide surprisingly large amounts of data this way • Very fragile to any image manipulation such as compression, D/A – A/D, format change
Lowest 3 of the 8 bit planes . . 1 1 0 Example of Steganography: Bit Plane Methods . Gray scale value of 78 represented by 8 bits . 0 1 0 0 1 1 1 0 78 = Pixel location
Example: Hiding an Image Example is courtesy of Neil Johnson and S. Jajodia’s paper, Exploring Steganography: Seeing the Unseen, Computer, pp. 26-34, 1998. Soviet strategic bomber base gathered by EROS (satellite data) Embedded image has 4 bits of gray scale values
Capacity: number of bits of hidden data per pixel Capacity = 4 bits per pixel (high) Original Image White Noise Storm, spread spectrum S-Tools, LSB
Motivation for Research in Data Hiding • Industrial and military applications are driving the field • Military applications – covert communications for: • CIA, FBI, other law enforcement • Battlefield scenarios • Steganalysis (US Government) • Industry: Record Industry Association of America (RIAA) looking for ways to protect copyrights of works that music producing companies own (Digital Millennium Copyright Act) • Illegal copying of songs onto CDs • Peer to peer networks allow distribution and easy access to lots of music • Movie industry has billions of $$ invested in DVDs – movies; in the future, entirely digital movie theaters • Want to prevent illegal copying and selling of DVDs • Want to prevent illegal copying of movies in the theater
Designing a System: Trade-offs between Model Characteristics • Perceptibility: does embedding information “distort” cover medium to a visually or audibly unacceptable level (somewhat subjective) • Capacity: how much information can be hidden (relative to the change in perceptibility) • Robustness to attacks: can embedded data survive manipulation of the stego medium in an effort to destroy, remove, or change the embedded data • Trade-offs between the three: • More robust => lower capacity • Higher capacity => perceptual quality decreases
Designing an Information-Hiding System • Goals of system define level of model characteristics • Covert communication requires higher capacity and lower robustness (steganography) • Content authentication: verify if received data is exactly what was sent; need “fragile” watermark (authentication) • Show ownership of digital data: need robust and noninvertible waterproof (proof of ownership using a watermark) • Trace illegal copies or trace electronic transactions: high robustness (fingerprinting or traitor tracing) • Copy protection and playback control • Make watermark detector in devices required by law? Can’t do easily. • Copy Protection Technical Working Group – CPTWG (for DVDs), and Secure Digital Music Initiative – SDMI (for CDs) – place requirement for watermark detectors in patent licenses • Video watermark detector requirement is incorporated into the patent license for CSS (Content Scrambling System) • Manufacturers are forced to include watermark detectors in devices if they want to sell DVD players that can play CSS-encrypted disks
Steganography • Intent: transmit secret message hidden in innocuous-looking cover medium so that its existence is undetectable • Robustness (ability for someone else to destroy/alter hidden data) not an issue • Capacity desired for message is large • Always invisible; undetectibility important • Typically dependent on file format
Watermarking • Intent: data embedding conveys some information about the cover medium such as owner, copyright, or other information • Watermark can be considered to be an extended attribute of the data • Robustness of watermark is a main issue • Large capacity is not important • Everyone knows watermark may be there • Typically invisible
Classification of Data Embedding Algorithms • Spatial and time domain methods • LSB methods • Color palette methods • Minimax algebra decomposition • Spatial delay (echoing in audio signals) • Transform domain methods • Unitary transforms (discrete Fourier transform, discrete cosine transform) • Wavelet transform • Mellin-Fourier transform • Other methods • Singular value decomposition • Use of edge and shape characteristics in images • Fractal encoding in image data
The SVD for Steganography Original image Stegoimage 9x9 blocks, with the first column of each block preserved and message embedded in the other columns in the sign
The SVD for Steganography Original image Stegoimage 9x9 blocks, with the first 4 columns of each block preserved and message embedded in the other 5 columns in the sign
Open Problems • Watermark invertibility problem: under what conditions can a watermark not be removed or destroyed and original owner identified? (Craver et al 1998) • Collusion attack: putting several different watermarks in different images can allow an attacker to inspect the different images and determine where the watermark is located and how to remove or alter it to give a “fake” watermark. Under what conditions can this be overcome? • Is there a theoretical basis by which one can prove or disprove that watermarking alone cannot solve digital rights management problems (e.g. Shannon’s theorem in information theory) • Can it be proved or disproved that encryption with watermarking guarantees a certain level of security?
Discrete Cosine Transform • The forward equation, for image A, is • The inverse equation, for image B, is • Here
Discrete Cosine Transform • Many different approaches to use DCT to hide information • Studies on visual distortions conducted by source coding community can be used to predict the visible impact of the hidden data in the cover image • If want message/watermark to survive JPEG compression, then embed message in signal, not noise • Signal is typically in low and middle frequency components • JPEG uses DCT to compress an image
Discrete Cosine Transform Basic idea of JPEG: • Convert image to YIQ color space (luminance-hue-saturation model used for TV transmission) • Each color plane is partitioned into 8x8 blocks • Apply DCT to each block • Values are quantized by dividing with preset quantization values (in a table) • Values are then rounded to nearest integer
JPEG Compression Interface COMPRESSED IMAGE 8 X 8 BLOCK ENTROPY ENCODER DCT QUANTIZER (0,0) QUANTIZERTABLE
Steganography: One Approach using DCT • The sender and receiver agree ahead of time on location for two DCT coefficients in the 8 x 8 block • Choose middle frequencies with same quantization value: Location 1 is (4,1) & Location 2 is (3,2)
Steganography: DCT • Each block encodes a single bit – 0 or 1 • The DCT is applied to each 8 x 8 block in the image producing a block Bi • If the message bit is a 1 then the larger of the two values Bi(4,1) and Bi(3,2) is put in location (4,1), otherwise the smaller of the two values is put in location (4,1), indicating the message bit is a 0 • The block in inversed transformed; after all blocks are used, image is transmitted.
DCT Steganography • If the image is compressed using JPEG then the relative values of the two coefficients will stay the same • To extract the data, the DCT is performed on each block, and the coefficient values at locations (4,1) and (3,2) are compared • If Bi(4,1) > Bi(3,2) then the message bit is a 1, otherwise it is a 0 • Problems occur when |Bi(4,1) - Bi(3,2)| is “small”
DCT Steganography • If the difference |Bi(4,1) - Bi(3,2)| < µ, then the values Bi(4,1) and Bi(3,2) are adjusted so that |Bi(4,1) - Bi(3,2)| > µ • This assures that the relative difference will not be lost when the compression is done • However, this last step can introduce distortion into image • Other modifications to this algorithm have been researched that overcome some of these limitations
Invertibility Problem • Denote the original image by A. The owner of A uses the watermark (denoted by W ) to make a watermarked image AW. Thus AW = E(A,W), where E is the embedding function. • Suppose that an attacker gets the published AW without knowing A or W, and can create a counterfeit watermark WF and a counterfeit image AF that satisfy AW = E(AF, WF). (1) • Then the attacker can use AF as her “original” to claim the ownership of AW . • If (1) holds, the watermarking scheme is called invertible. • Otherwise, it is called noninvertible • Craver et al showed that this is possible for several very robust watermarking schemes