; Embedded Devices in ehealth applications
Learning Center
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

Embedded Devices in ehealth applications


  • pg 1
									            Security and Error
         Hide and Seek: An
    Correction/Detection in 802.1x and
   Introduction to Steganography
             Niels Provos and Peter Honeyman,
                        University of Michigan
    IEEE Security and Privacy Journal, May-June 2003 (Vol. 1, No. 3)

                          Sweety Chauhan
                        Sweety Chauhan
                          22 February 2010

                           October 24, 2005

 CMSC 691I
CMSC 691I                                     Clandestine Channels
                                              Clandestine Channels

 New and Significant

 What is Steganography?

 Previous Work

 Steganographic systems for JPEG images

 Steganography Detection on the Internet

 Results

 CMSC 691I                             Clandestine Channels   2
                   New and Significant

 Detection of Steganographic systems via statistical

 Practical application of detection algorithms

 CMSC 691I                               Clandestine Channels   3
                 What is Steganography?

 Art and Science of hiding communication

 A steganographic system embeds hidden content in
  unremarkable cover media

 A steganographic system consists of :
    Identifying cover’s medium redundant bits
    Embedding process which creates a stego medium by replacing the
     redundant bits with hidden message data

 CMSC 691I                                   Clandestine Channels      4
                   Statistical Steganalysis

 Modern Steganography’s goal is to keep its mere presence

 But steganographic systems – leave behind detectable
  traces in the cover medium

 Though secret content is not revealed but its existence can
  be detected
   1. Modifying the cover medium changes its statistical properties
   2. Eavesdroppers can detect the distortions in the resulting stego
      medium’s statistical properties
          The process of finding these distortions is called
                      statistical steganalysis
 CMSC 691I                                      Clandestine Channels    5
                Information Hiding Systems

 Three different aspects in information-hiding systems
  contend with each other:
    Capacity – amount of information that can be hidden in the cover medium
    Security – eavesdropper inability to detect hidden information
    Robustness – amount of modification the stego medium can withstand
     before an adversary can destroy hidden information

 Watermarking system – high level of robustness

 Steganography – high security and capacity
    Hidden information is fragile

 CMSC 691I                                        Clandestine Channels         6
                Steganographic Systems

 Classical Steganography system
   Security relies on the encoding system’s secrecy
   e.g. – Roman General shaving slave’s head and tattooing a message
    on it. After the hair grew back, the slave was sent to deliver the
    hidden message

 Modern Steganography
   Attempts to be detectable only if secret information is known (secret
   Similar to Kerckhoffs’ Principle of cryptography which holds that
    “a cryptographic system’s security should rely solely on the key

CMSC 691I                                      Clandestine Channels         7
                 Modern Steganography

 Steganographic communication senders and receivers
  agree on a :
   steganographic system
   a shared secret key – determines how message is encoded in the
    cover medium

CMSC 691I                                    Clandestine Channels    8
                  Overview of Encoding Step

 To send a hidden message, for example,
   1. Alice creates a new image with digital camera
   2. Alice supplies the steganographic system with her shared secret and message
   3. The steganographic systems uses the shared secret to determine how the hidden
      message should be encoded in the redundant bits
   4. The result is the stego image that Alice sends to Bob
   5. When Bob receives the image, he uses the shared secret and the agreed
      steganographic system to retrieve the hidden message

 CMSC 691I                                              Clandestine Channels          9
            Hide and Seek in JPEG images

 Why steganographic systems for JPEG format?
   System operate in a transform space
   Not affected by visual attacks (as in BMP images)
      Modifications are in the frequency domain instead of the spatial domain

 Neil F. Johnson and Sushil Jajodia showed steganographic
  systems for palette-based images leave easily detected

CMSC 691I                                             Clandestine Channels       10
          Discrete Cosine Transform (DCT)

  For each color component, the JPEG image format uses a Discrete
   Cosine Transform (DCT) to transform successive 8x8 pixel block of
   the image into 64 DCT coefficients each

  The DCT coefficients F(u, v) of an 8 x 8 block of image pixels f(x, y)
   are given by

  The following operation quantizes the coefficients:

                where Q(u,v) is a 64-element quantization table

CMSC 691I                                                   Clandestine Channels   11
               Steganographic Systems

 Sequential – for example: JSteg

 Pseudo Random – for example: Outguess 0.1

 Subtraction – for example: F5

 Statistics aware embedding

 CMSC 691I                           Clandestine Channels   12
                  Sequential Embedding (I)

 Derek Upham’s JSteg Algorithm - does not require a shared
    Input: message, cover image
    Output: stego image
    while data left to embed do                     Least-significant bits of the
      get next DCT coefficient from cover image     quantized DCT coefficients
                                                    is used as redundant bits to
      if DCT ≠ 0 and DCT ≠1 then                    embed the hidden message
                get next LSB from message
                replace DCT LSB with message LSB
      end if
      insert DCT into stego image
    end while

 As a result anyone who knows the steganographic system
  can retrieve the message hidden by JSteg

CMSC 691I                                          Clandestine Channels             13
       Sequential Embedding Steganalysis (I)

 Andreas Westfeld and Andreas Pfitzmann noticed that
    steganographic systems that change least-significant bits sequentially
     cause distortions detectable by steganalysis
    for a given image, the embedding of high-entropy data (often due to
     encryption) changed the histogram of color frequencies in a predictable way.

 Embedding uniformly distributed message bits reduces the
  frequency difference between adjacent DCT coefficients’

 By observing differences in the DCT coefficients’ frequency,
  embedding can be detected

 CMSC 691I                                          Clandestine Channels            14
                       Frequency Histograms
       Histogram before (a) and after (b) a hidden message is
                    embedded in a JPEG image
Sequential changes to the

(a) original and

(b) modified image’s least-
    sequential bit of discrete
    cosine transform
    coefficients tend to
    equalize the frequency of
    adjacent DCT
    coefficients in the

CMSC 691I                                 Clandestine Channels   15
      Sequential Embedding Steganalysis (II)

 Westfeld and Pfitzmann χ2-test
    determine whether the observed frequency distribution in an image
     matches a distribution that shows distortion from embedding hidden

 The probability of embedding is determined by calculating p
  for a sample from the DCT coefficients

 The samples start at the beginning of the image and for each
  measurement the sample size is increased

 CMSC 691I                                    Clandestine Channels        16
     Sequential Embedding Steganalysis (III)

 A high probability of embedding indicates that the image
  contains steganographic content

 Hidden message’s length can also be determined by JSteg

 CMSC 691I                              Clandestine Channels   17
             Pseudo Random Embedding

 Niels Provos’s Outguess 0.1 steganographic system

 Improves the encoding step by using a pseudo-random
  generator to select DCT coefficients at random

 The LSB of a selected DCT coefficient is replaced with
  encrypted message data

 CMSC 691I                              Clandestine Channels   18
                    Outguess 0.1 Algorithm

 The OutGuess 0.1 algorithm :
                                                             The algorithm replaces the
     Input: message, shared secret, cover image              least-significant bit of
     Output: stego image                                     pseudo-randomly selected
                                                             discrete cosine transform
     initialize PRNG with shared secret                      (DCT) coefficients with
     while data left to embed do                             message data
        get pseudo-random DCT coefficient from cover image
        If DCT ≠ 0 and DCT ≠1 then
               get next LSB from message
               replace DCT LSB with message LSB
        end if
        insert DCT into stego image
     end while

CMSC 691I                                                Clandestine Channels             19
            Embedded Message Detection (I)

 χ2 -test can be extended to detect the local distortions in an

 Two identical distributions produce about the same χ2
  values in any part of the distribution

 Instead of increasing the sample size and applying the test
  at a constant position,
    a constant sample size is used and the sample position is increased

 CMSC 691I                                        Clandestine Channels     20
            Embedded Message Detection (II)
 The graph shows the detection rates for three different false-
                        positive rates

 The extended χ2-test detects
  pseudo-randomly embedded
  messages in JPEG images

 The detection rate depends on
    hidden message’s size
    number of DCT coefficients in
     an image
    can be improved by applying
     a heuristic that eliminates
     coefficients likely to lead to
     false negatives
                                      The change rate refers to the fraction of discrete cosine
                                      transform (DCT) coefficients available for embedding a
                                      hidden message that have been modified

CMSC 691I                                               Clandestine Channels                      21

 Andreas Westfeld’s steganographic system, F5

 Instead of replacing the least-significant bit of DCT
  coefficient with message data
    F5 decrements its absolute value in a process called matrix encoding

 There is no coupling of any fixed pair of DCT coefficients
    χ2-test cannot detect F5

 CMSC 691I                                     Clandestine Channels         22
                         Matrix Encoding

 Matrix encoding computes an appropriate (1, (2k – 1), k)
  Hamming code by calculating the message block size k
    the message length and
    the number of nonzero non-DC coefficients

 The Hamming code (1, 2k – 1, k) encodes a k-bit message
  word m into an n-bit code word a with n = 2k – 1

 can recover from a single bit error in the code word

 CMSC 691I                                       Clandestine Channels   23
                           The F5 algorithm
    Input: message, shared secret, cover image
    Output: stego image
    initialize PRNG with shared secret
    permutate DCT coefficients with PRNG
    determine k from image capacity
    calculate code word length n←2k – 1
    while data left to embed do
       get next k-bit message block
                G←{n non-zero AC coefficients}
                s←k-bit hash f of LSB in G
                s←s      k-bit message block
                if s ≠0 then
                   decrement absolute value of DCT coefficient Gs
                   insert Gs into stego image
                end if
       until s = 0 or Gs ≠ 0
       insert DCT coefficients from Ginto stego image
    end while

CMSC 691I                                                   Clandestine Channels   24
                    F5 Detection Algorithm

 Embedding information with F5 leads to double
    Most of the images are stored already in the JPEG format which could
     confuse this detection algorithm.

 Fridrich and her group proposed a method for eliminating
  the effects of double compression by estimating the quality
  factor used to compress the cover image

 CMSC 691I                                         Clandestine Channels     25
                Statistics-aware embedding

 Previous discussed algorithms overwrite image data
  without directly considering the distortions that the
  embedding will cause

 To embed a single bit,
    a DCT coefficient’s value can either increment or decrement which allows
     change of DCT coefficient’s least-significant bit in two different ways
    Creating groups of DCT coefficients and using the parity of their least-
     significant bits as message bits

 For every DCT block, the space of all possible changes is
  searched to find a configuration that minimizes the change
  to image statistics

 CMSC 691I                                          Clandestine Channels        26
                        Detection Algorithms

 Two Different classes of algorithms:
    Based on inherent statistical properties
       no need to find a representative training set
       estimate an embedded message’s length

    Based on class discrimination
       Creating a representative training set is often difficult
       Do not provide an estimate of the hidden message’s length

 CMSC 691I                                                   Clandestine Channels   27
    Steganography Detection on the Internet

 How previous discussed steganalytic methods can be used
  in real world setting?

 Created a steganography detection framework that
   gets JPEG images off the Internet and
   uses steganalysis to identify subsets of the images likely to contain
    steganographic content

CMSC 691I                                           Clandestine Channels    28
             Steganography Systems in use

 JSteg
    supports content encryption and compression before JSteg embeds the data
    uses the RC4 stream cipher for encryption

 JPHide
    uses Blowfish as a PRNG Version 0.5 supports additional compression of
     the hidden message
    uses slightly different headers to store embedding information
    Before the content is embedded, the content is Blowfish-encrypted with a
     user-supplied pass phrase

 OutGuess
 All use some form of least-significant bit embedding and are detectable
  with statistical analysis

 CMSC 691I                                          Clandestine Channels        29
                         Detection Framework

 Stegdetect is an automated utility that can analyze JPEG images that
  have content hidden with JSteg, JPHide, and OutGuess 0.13b

 Stegdetect’s output lists
    the steganographic systems it finds in each image or
    writes “negative” if it couldn’t detect any

 Stegdetect’s false-negative rate depends on:
    The steganographic system and the embedded message’s size
    The smaller the message, the harder it is to detect by statistical means.

 Stegdetect is very reliable in finding images that have content
  embedded with JSteg

 For JPHide, detection depends also on the size and the compression
  quality of the JPEG images

 CMSC 691I                                                  Clandestine Channels   30
                      Detection Results

  Using Stegdetect over the Internet. (a) JPHide and (b) JSteg produce
  different detection results for different test images and message sizes

CMSC 691I                                      Clandestine Channels         31
                             Finding Images

 Images from eBay auctions and discussion groups in the Usenet
  archive for analysis.

 Developed Crawl, a simple, efficient Web crawler that makes a local
  copy of any JPEG images it encounters on a Web page

 Crawl performs a depth-first search and has two key features:
    Images and Web pages can be matched against regular expressions
        Hence, include or exclude Web pages in the search
    Minimum and maximum image size can be specified
        Hence exclude images that are too small to contain hidden messages

 Calculation of true positive rate – the probability that an image detected
  by Stegdetect really has steganographic content

 CMSC 691I                                              Clandestine Channels   32
  Percentages of positives for analyzed images

 After processing 2 million ebay images with Stagdetect
    Over 1% of all the images seemed to contain hidden content
    JPHide was detected most often

             Percentages of (false) positives for analyzed images

                       Test          EBAY        USENET
                       JSteg         0.003         0.007

                      JPHide           1            2.1

                     OutGuess         0.1           0.14

 CMSC 691I                                         Clandestine Channels   33
                  Verifying Hidden Content

 Stegdetect cannot guarantee a hidden message’s existence

 To verify the hidden content, Stegbreak must launch a
  dictionary attack against the JPEG files
    JSteg-Shell, JPHide, or Outguess all hide content based on a user-supplied
    an attacker can try to guess the password by taking a large dictionary and
     trying to use every single word in it to retrieve the hidden message
    embedded header information, so attackers can verify a guessed password
     using header information

 CMSC 691I                                          Clandestine Channels          34
              Stegbreak Performance

       Stegbreak Performance on a 1,200- MHz Pentium III

             System       ONE IMAGE     FIFTY IMAGES
                        (words/second) (words/second)

              JPHide        4,500          8,700

             OutGuess       18,000         34,000

              JSteg         36,000         47,000

CMSC 691I                                   Clandestine Channels   35
  Results: Steganography Detection on the Internet

 From eBay and Usenet research
    No single hidden message was found

 Explanations for inability to find steganographic content on
  the Internet:
    All steganographic system users carefully choose passwords that are not
     susceptible to dictionary attacks
    Maybe images from sources that were not analyze carry steganographic content
    Nobody uses steganographic systems that researchers could find
    All messages are too small for analysis to detect

   Either they are looking in the wrong place or there is no widespread
                     use of steganography on the Internet

 CMSC 691I                                               Clandestine Channels       36

 Today, computer and network technologies provide easy-to-
  use communication channels for steganography

 Research work
   Provides an overview of existing steganographic systems
   presents methods for detecting them via statistical steganalysis

CMSC 691I                                      Clandestine Channels    37
                           Future Work

 Research new algorithms to
   Hide information
   Improve Steganalysis

CMSC 691I                                Clandestine Channels   38

1. Hide and Seek: An Introduction to Steganography, Niels Provos, Peter
   Honeyman, IEEE Security and Privacy Journal, May-June 2003

2. Cyber warfare: steganography vs. steganalysis , Huaiqing Wang,
   Shuozhong Wang , Communications of the ACM, Volume 47, Issue 10,
   October 2004

3. http://www.outguess.org/detection.php

4. http://www.jjtc.com/Security/stegtools.htm

5. http://www.stack.nl/~galactus/remailers/index-stego.html

 CMSC 691I                                      Clandestine Channels      39
            Thanks a lot …

               For Your


CMSC 691I                 Clandestine Channels   40
            Any Questions

CMSC 691I              Clandestine Channels   41

Presentation Slides and Research Papers are available at :


CMSC 691I                             Clandestine Channels   42

To top