Upload
dinhdiep
View
224
Download
0
Embed Size (px)
Citation preview
TECHNISCHE UNIVERSITÄT DRESDEN1Andreas Westfeld
F5—A Steganographic Algorithm
High Capacity Despite Better Steganalysis
Andreas Westfeld
TECHNISCHE UNIVERSITÄT DRESDEN2Andreas Westfeld
Outline
Benefits of F5Properties of existing toolsFrom Jsteg to F5How secure is F5?My challenge to you
TECHNISCHE UNIVERSITÄT DRESDEN3Andreas Westfeld
Benefits of F5
• High steganographic capacity• High efficiency via matrix encoding• Prevents visual attacks• Resistant to statistical attacks (chi square)• Uses JPEG as carrier (common in e-mails)• Source code publicly available
TECHNISCHE UNIVERSITÄT DRESDEN4Andreas Westfeld
Existing Steganographic Tools
• Their properties:
– High capacity
– Weak against visual and statistical attacks
– Remove significant image content
– Overwrite LSBs
• Way out?
– Dilute the changes ➽ less capacity
– Different embedding operation
– Different carrier medium
TECHNISCHE UNIVERSITÄT DRESDEN5Andreas Westfeld
From Jsteg to F5
• Jsteg– Easily detected by statistical attacks– JPEG compression– Embedding function of Jsteg
• F4 (improved embedding operation)• F5 (advanced efficiency)
– Permutative straddling– Matrix encoding
TECHNISCHE UNIVERSITÄT DRESDEN6Andreas Westfeld
Statistical Attack on JstegJsteg is safely detected by statistical attack.
Steganogram
M/uogOCSn21OTx0c…
Message
0 10 20 30 40 50 60 70 80 90 1000
Size of sample (%)
Probability of embedding1
0.8
0.6
0.4
0.2
TECHNISCHE UNIVERSITÄT DRESDEN7Andreas Westfeld
.
8 x 8-
Bild= c1· + c2· + … + c64·
JPEG Coefficients
TECHNISCHE UNIVERSITÄT DRESDEN8Andreas Westfeld
Discrete Cosine Transformation
64 brightness values➽ 19 nonzero JPEG coefficients
TECHNISCHE UNIVERSITÄT DRESDEN9Andreas Westfeld
Algorithm Jsteg
bit valueto embed
JPEG coefficientin steganogramsteganographicvalue
. . . . . .
JPEG coefficientin carrier medium 0 1 2 3 4 5
0 1 2 3 4 5skip 0 1 0 1
1 10 0
0 1 0 1 skip
1 0 01 10011 10 0−4 −3 −2 −1
−1−2−3−4
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
TECHNISCHE UNIVERSITÄT DRESDEN10Andreas Westfeld
bit valueto embed
steganographicvalue
. . .
JPEG coefficient
JPEG coefficientin steganogram
in carrier medium 0 1 2 3 4
0 1 2 3 4skip 1 0 1 0
1 0 11 0 1shrinkage shrin
kage
0
. . .
00 1 1 0 0 1 1 0
0 1 0 1
−4 −3 −2 −1
−4 −3 −1−2
Algorithm F3
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
TECHNISCHE UNIVERSITÄT DRESDEN11Andreas Westfeld
Algorithm F4
bit valueto embed
steganographicvalue
. . .
1
JPEG coefficient
JPEG coefficientin steganogram
in carrier medium 0 1 2 3 4
0 1 2 3 41 0 1 0 skip 1 0 1 0
0 0 1 1 0 0 1 1 0 11 0 1shrinkage shrin
kage
0
. . .
0
−4 −3 −2 −1
−1−2−3−4
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
steganographic 0steganographic 1
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
TECHNISCHE UNIVERSITÄT DRESDEN12Andreas Westfeld
How F4 Embeds “01110”• Steganographic interpretation
– Positive coefficients: LSB– Negative coefficients: inverted LSB
• Skip 0, adjust coefficients to message bit– Decrement positive coefficients– Increment negative coefficients– Repeat if shrinkage occurs
0 1 1 1 0
0 1 1 1 01 0
000031004 −3−2
5 0 0 2 3 0 0 1−1 −3 −3
TECHNISCHE UNIVERSITÄT DRESDEN13Andreas Westfeld
Continuous Embedding
• Changes reside packed at the start of the file(marked with pink)
• Attacks profit from the high change density
TECHNISCHE UNIVERSITÄT DRESDEN14Andreas Westfeld
Algorithm F5: Straddling
• Permutation equalises the change density• Scatters the message more uniformly than
– Key-driven distance schemes– Parity block schemes
• Independent of message length
TECHNISCHE UNIVERSITÄT DRESDEN15Andreas Westfeld
F5 Uses Matrix EncodingEmbed k bits by changing one of n = 2k–1 places:
change embedding embeddingk n density rate efficiency1 1 50 % 100 % 22 3 25 % 66.7 % 2.73 7 12.5 % 42.9 % 3.44 15 6.25 % 26.7 % 4.3k n > k
TECHNISCHE UNIVERSITÄT DRESDEN16Andreas Westfeld
Implementation of F5
DCT Q P E P–1 H JPEG file(Steganogram)
Bitmap
Secret message
PRGPassword
• Password-driven permutation• Pseudo one time pad for uniformly distributed message• Matrix encoding with minimal embedding rate• Core embedding operation like F4
Quality
DCT Discrete cosine transformationQ QuantisationP PermutationE Embedding functionH Huffman coder
PRG Pseudo random number generator
TECHNISCHE UNIVERSITÄT DRESDEN17Andreas Westfeld
Capacity and Efficiency of F5• Large carrier medium expo.bmp (1526 KB)
• Clean JPEG (80 % Quality) expo80.jpg (127 KB)
• Maximum embedded maxisteg.jpg (113 KB)– Size: 16 KB, i. e. 13 %– Efficiency: 1.5 bits per change (incl. shrinkage)
• Short message embedded ministeg.jpg (127 KB) – Size: 0.2 KB
– Efficiency: 3.7 bits per change (incl. shrinkage)– Without matrix encoding twice as much changes
• Clean JPEG (75 % Quality) expo75.jpg (113 KB)
TECHNISCHE UNIVERSITÄT DRESDEN18Andreas Westfeld
Characteristic Properties
P(X=1) > P(X=2) > P(X=3) > P(X=4)P(X=1)–P(X =2) > P(X =2)–P(X=3) > P(X=3)–P(X=4)
0
JPEG coefficient
Frequency of occurrence
−8 −7 −6 −5 −4 −3 −2 −1 0 1 2 3 4 5 6 7 8
10,000
20,000
30,000
40,000
50,000
TECHNISCHE UNIVERSITÄT DRESDEN19Andreas Westfeld
Conclusion
• High steganographic capacity still possible• High efficiency (embed more bits per change)• Resistant against statistical attack (chi square)• Uses a common carrier medium (JPEG)• Publicly available source code
TECHNISCHE UNIVERSITÄT DRESDEN20Andreas Westfeld
Further Work
• High steganographic capacity (13 % of a JPEG)➽ stronger attacks possible?
• Finer gradation of embedding efficiency by (dmax, n, k) matrix encoding with dmax > 1➽ too complex (too slow)?