Get documents about "Statistical models for Secure Steganography Systems
Document Sample
Statistical models for
Secure Steganography
Systems
N.Muthiyalu Jothir
Media Informatics
9/6/2010 DRM Seminar 1
Agenda
Introduction
Steganography
Information theory
Security Model
Limitations
Conclusion
9/6/2010 DRM Seminar 2
Introduction
“Steganography is the art and science of
writing hidden messages in such a way
that no one apart from the intended
recipient knows of the existence of the
message”
“Covered or Hidden Writing”
9/6/2010 DRM Seminar 3
Steganography Vs Cryptography
Steganography is the dark cousin of
cryptography, the use of codes.
Cryptography Privacy
Steganography Secrecy
9/6/2010 DRM Seminar 4
Digital Still Images
Larger the cover message – Easier to hide
message
For example: a 24-bit bitmap image will have 8
bits representing each of the three color values
(R,G,B)
Watermarking, Fingerprinting etc.
9/6/2010 DRM Seminar 5
Information Theory
“The fundamental problem of
communication is that of reproducing at
one point either exactly or approximately a
message selected at another point.”
-C.E. Shannon, 1948
9/6/2010 DRM Seminar 6
Information Theory …cont
According to Shannon, the entropy of a random variable X with
probability distribution PX and alphabet אis defined as
indicates the amount of information contained in x, i.e., the number of
bits needed to code x.
For example, in an image with uniform distribution of gray-level
intensity, i.e. Px = 1/256, then the number of bits needed to code each
gray level is 8 bits. The entropy of this image is 8.
9/6/2010 DRM Seminar 7
…cont
Information "only infrmatn esentil fo
understandn mst b tranmitd."
The amount of information, or uncertainty, output
by an information source is a measure of its
entropy.
In turn, a source's entropy determines the
amount of bits per symbol required to encode
the source's information.
9/6/2010 DRM Seminar 8
Relative Entropy
Let p and q be two probability distributions on a
common alphabet X. Relative entropy / Kullback
Leibler “distance” between p and q is defined as
D(p || q) is a measure of the inefficiency of assuming
that the distribution is q when the true distribution is p.
9/6/2010 DRM Seminar 9
Security Model : Proposed
An information-theoretic model
Presence of passive adversaries
“Simmons' Prisoners„ Problem"
“Hypothesis” testing problem
9/6/2010 DRM Seminar 10
Active adversaries
Presence of hidden message is known
Publicly
E.g., Watermarking and Fingerprinting.
9/6/2010 DRM Seminar 11
Scenario with Passive Adversaries
Players Alice and Bob
Passive Adversary Eve
“Cover Text, C” Original, unaltered message
“Stegotext, S” Transformed message using
Secret Key.
9/6/2010 DRM Seminar 12
Hypothesis testing
Eve, the decision maker
9/6/2010 DRM Seminar 13
Model
The security of a steganographic system is
quantified in terms of the relative entropy
D(PC | PS) (or discrimination) between PC
and PS.
D(PC | PS) = 0 stego system is perfectly
secure
9/6/2010 DRM Seminar 14
Security System
9/6/2010 DRM Seminar 15
Observations
H(S / CEKR) = 0 Certainty
H(E) > 0 Uncertainty
H(E / SK) = 0 Certainty
9/6/2010 DRM Seminar 16
…cont
Alice is inactive she sends cover text C
Active S is a concatenation of multiple
messages from Alice
The probability distributions of cover text
(Pc) are assumed to be known to all
parties
9/6/2010 DRM Seminar 17
Security Definition
Definition 1 :
A stegosystem as defined previously with cover
text C and stegotext S is called Є – secure
against passive adversaries if
D(PC|PS) ≤ Є
If Є = 0, the stegosystem is called perfectly
secure.
9/6/2010 DRM Seminar 18
Eve's decision process
Binary partition (C0, C1) of the set C of
possible cover texts
Alice is active if and only if the observed
message „c‟ is contained in C1.
Type II error Eve fails to detect
Probability β
Type I error Eve accuses Alice when
she is inactive.
Probabilty ά. Assumed to be zero.
9/6/2010 DRM Seminar 19
Theorem
The stegosystem that is Є-secure against
passive adversaries, satisfy
d(ά, β) ≤ Є
In particular, if ά = 0, then
β = 2-Є
9/6/2010 DRM Seminar 20
…cont
In a perfectly secure system,
D(PC|PS) = 0 PC = PS;
Thus, Eve can obtain no information about
whether Alice is active by observing the
message.
9/6/2010 DRM Seminar 21
External Information Influence
The modified stegosystem with external
information Y , cover text C, and stegotext
S is called Є - secure against passive
adversaries if
D(PC|Y |PS|Y ) ≤ Є
9/6/2010 DRM Seminar 22
One-time pad
Security The stegotext distribution is close to the
cover text distribution without knowledge of the key.
Cover text C is a uniformly distributed n-bit string
The key generator chooses the n-bit key K
S=e K and Bob can decode by computing e = S K
9/6/2010 DRM Seminar 23
Security of One Time Pad
Uniformly distributed in the set of n-bit strings and
therefore D(PC|PS) = 0.
Perfect steganographic security
One-time pad system is equivalent to the basic scheme
of visual cryptography
But,
Wardens never allow random messages Drawback
9/6/2010 DRM Seminar 24
Universal Data Compression
Traditional data compression techniques
Huffman coding
require a priori knowledge about the distribution of the
data
Universal data compression algorithms
Lempel and Ziv
source statistics are unknown a priori or vary with time
9/6/2010 DRM Seminar 25
Willems' Repetition algorithm
Parameters block length L and delay D
Binary source X producing {Xt} = X1, X2,…
with values in {0,1}.
Source output is divided into blocks Y1,
Y2… of length L
Encoding of a block Yt operates by
considering
Repetition time, the length of the interval since its last
occurrence.
9/6/2010 DRM Seminar 26
…cont
Repetition time is encoded using the following
code
where || denotes the concatenation of the bit
strings.
9/6/2010 DRM Seminar 27
The Modification for Information
Hiding
Information hiding takes place if the encoder
or the decoder encounters a block y such that
ty ≥ 1/ρ
If this is the case, bit j of the message m is
embedded in y‟ according to
9/6/2010 DRM Seminar 28
Limitations
Embedding distortion DEmb can be large for
the same secure statistics
Future work by Joachim and Bernd,
address the above issue.
9/6/2010 DRM Seminar 29
Conclusion
A security model has been proposed
Forms the basis for the hypothetical
testing scenario
Security of the Steganography system
depends on the relative entropy between
C and S.
9/6/2010 DRM Seminar 30
References
1. Christian Cachin, “An Information - Theoretic Model for
Steganography”, Cambridge, 1998.
2. Joachim, Bernd, “A Communications Approach to
Image Steganography”, Proceedings of SPIE, Jan
2002.
9/6/2010 DRM Seminar 31
Thank You…
9/6/2010 DRM Seminar 32
Related docs
