| Paper submission deadline: | March 30th, 2007 |
| Notification of Acceptance: | May 14th, 2007 |
| Camera ready paper: | June 4th, 2007 |
OutGusee 的作者 Niels Provos 和他的指導教授 Peter Honeyman 在 2003 年 May/June 的 IEEE Security & Privacy 雜誌發表了一篇隱藏學的介紹性文章 "Hide and Seek: An Introduction to Steganography"。
Jessica Fridrich, Miroslav Goljan & Dorin Hogea
p2. left column本篇論文的核心觀念描述在底下這段文字:
The OutGuess steganographic algorithm was proposed by Neils Provos to counter the statistical chi-square attack. In the first pass, similar to J-Steg, OutGuess embeds message bits along a random walk into the LSBs of coefficients while skipping 0’s and 1’s. After embedding, the image is processed again using a second pass. This time, corrections are made to the coefficients to make the stego image histogram match the cover image histogram. Because the chi-square attack is based on analyzing first-order statistics of the stego image, it cannot detect messages embedded using OutGuess. Provos also reports that the corrections are made in such a manner to avoid detection using his generalized chi-square attack.
P.2 right column由於 OutGuess 隨機改變量化後 DCT 係數的 LSBs, 增加了還原後 8*8 區塊的不連續性。J. Fridrich用一個 blockiness formula 來估算區塊不連續性。使用 OutGuess 藏入100% 的資料量後, 檢驗區塊不連續性的增加量。如果這張影像是偽裝影像(stego image), 區塊不連續性增加量是比原始掩護影像 (cover image) 來得小。這個差距就是用來估算嵌入資料量的基礎。
Because OutGuess introduces random changes into the quantized coefficients, the spatial discontinuities at the boundaries of all 8×8 blocks will increase. We will measure the discontinuity using the blockiness measure. For detection, we will inspect the increase of this blockiness measure after embedding a 100% message again using OutGuess. This increase will be smaller for the stego image than for the cover image because of the partial cancellation of changes. This difference will form the basis of our message length estimation.
steganographysteganography 在 Merrian-Webster Online 的連結網址是 http://www.m-w.com/dictionary/steganography\steg-uh-NAH-gruh-fee\ noun
: the art or practice of concealing a message, image, or file within another message, image, or file
Example sentence:
No doubt, the Internet has enriched society, but it has a flip side; terrorists, for instance, can secretly network online using steganography.
Did you know?
"Steganography" is a word that was resurrected after being in disuse for almost 150 years! It was put to rest in the early 1800s, labeled an archaic synonym of "cryptography" by dictionary makers, but was brought back to life in the 1980s as a word for a type of digital cryptography. There is nothing cryptic about the word's origin; it is based on the Greek word "steganos," meaning "covered" or "reticent."
Main Entry: steg·a·nog·ra·phy相對於 cryptography 的 steganography, Merrian-Webster Online 已經有解釋了, 不過, 相對於cryptanalysis 的 steganalysis, 不曉得還要等多久, 字典的解釋才會補上來...
Pronunciation: "ste-g&-'nä-gr&-fE
Function: noun
Etymology: New Latin steganographia, from Greek steganos covered, reticent (from stegein to cover) + Latin -graphia -graphy -- more at THATCH
1 archaic : CRYPTOGRAPHY
2 : the art or practice of concealing a message, image, or file within another message, image, or file
- steg·a·no·graph·ic
PRESIDENT'S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT為求慎重, 又發了底下一段文字, 作為確認 (check) 之用:
IMMENSELY.
APPARENTLY NEUTRAL'S PROTEST IS THOROUGHLY DISCOUNTED AND IGNORED. ISMAN HARD HIT. BLOCKADE ISSUE AFFECTS PRETEXT FOR EMBARGO ON BYPRODUCTS, EJECTING SUETS AND VEGETABLE OILS.如果我們第一段訊息中, 每個字的第一個字母抽出, 或是將第二段訊息中, 每個字的第二個字母抽出, 都可以發現底下的句子:
Pershing sails from NY June 1.John J. Pershing 是一次大戰期間, 美國遠征軍 (American Expeditionary Force) 的指揮官, 也是二次大戰期間, 美國將領們的良師(mentor)。
 |
| From StegoRN |
JPHIDE and JPSEEK are programs which allow you to hide a file in a jpeg visual image. There are lots of versions of similar programs available on the internet but JPHIDE and JPSEEK are rather special. The design objective was not simply to hide a file but rather to do this in such a way that it is impossible to prove that the host file contains a hidden file. Given a typical visual image, a low insertion rate (under 5%) and the absence of the original file, it is not possible to conclude with any worthwhile certainty that the host file contains inserted data. As the insertion percentage increases the statistical nature of the jpeg coefficients differs from "normal" to the extent that it raises suspicion. Above 15% the effects begin to become visible to the naked eye. Of course some images are much better than others when used a host file - plenty of fine detail is good. A cloudless blue sky over a snow covered ski paradise is bad. A waterfall in a forest is probably ideal.其大意是這樣的:
JPHIDE and JPSEEK 是一個可以將檔案藏進 JPEG 影像的程式。在 Internet 上, 有許多類似程式及其各種版本, 然而, JPHIDE and JPSEEK 卻相當特別!JPHIDE and JPSEEK 的設計目的並不僅是簡單地隱藏檔案, 反而是進一步要表達: 要證明某張偽裝影像嵌有檔案是不可能的。給定一個嵌有低嵌入比例 (低於 5% ) 的影像, 在沒有原始影像的情況下, 並沒有辦法去判斷這張影像嵌有訊息的。當嵌入比例增加時, JPEG 係數的統計特性偏離了原來的正常範圍, 就會引起懷疑。超過 15% 的嵌入比例時, 對於影像品質的影響是肉眼可見的。當然, 擁有較多細節的影像是比較適合用來做掩護影像 ( host ) 的。例如: 一張藍天無雲的滑雪天堂的圖片, 就不太適合用來嵌入訊息; 在森林中瀑布拍攝的圖片就是一張理想的掩護影像。JPHIDE and JPSEEK 有兩個版本:
 |
| From StegoRN |
There are three popular steganographic systems available on the Internet that hide information in JPEG images:
• JSteg, JSteg-ShellAll of these systems use some form of leastsignificant bit embedding and are detectable by statistical analysis except the latest release of OutGuess. In the following, we describe the specific characteristics of these systems and show how to detect them.
Niels Provos and Peter Honeyman, "Detecting Steganographic Content on the Internet,"ISOC NDSS'02, San Diego, CA, February 2002.
這篇論文是根據 reviewers 的意見修改後,
這次的論文修改, 主要著重在加強實驗的測試影像與描述實驗結果上。根據第二位 reviewer 的意見, 我們原本的測試影像和依般論文常用的影像不同, 所以我特地從 USC-SIPI Image Database 的 Miscellaneous 中, 下載了 8 個大小為 512*512 的標準彩色影像做測試, 並將實驗結果用 Table 1 與 2 詳細地描述呈現。The numerical list below is a list of the reviewers' averaged score for the criteria of originality, contribution, references, presentation, and language for your paper. Please note that the final result of the paper is in no way solely dependent upon the numerical scores assigned by the reviewers. Other factors such as the total number of submissions, comments, and relevance to conference topic area also influence the final result. Also, please note that some reviewers may choose not to state any comments.第一個 reviewer 的 comments 如下:
(Key: 1=Excellent, 2=Good, 3=Satisfactory, 4=Unsatisfactory, 5=Poor)
Originality: 2.0
Contribution: 3.0
References: 3.0
Presentation: 3.0
Language: 3.0
Final Result: Accepted
Contribution:第二個 reviewer 的 comments 如下:
Describes the use of a statistical method based on color clipping to identify stego-images and to extract covert information from Jsteg stego-images.
Suggestions:
1. In the second page substitute "space than RGB space" by "space instead of RGB space".
2. In the fifth page substitute "should step 2 repeat" by "should step 2 be repeated".
3. It would be advantageous to adress more the low contrast images problem.
Contribution:
The paper presents a new approach in steganalysis detection for images modified using the Jsteg tool. The main contribution of the paper is that it makes the association between high number of color overflows and the presence of steganographic message. The authors then suggest that a test for hidden data can be performed by further embedding hidden data. The experimental results may or may not be illustrative. As the authrors acknowledge, the number of random message insertions may be hard to find. It is also unclear how large the message must be. The images used are not standard and have not been presented or described in detail.
Overall, I think the paper has real potential to spark a discussion at the conference. I believe however that the way the method is presented as well as the value of the experiments are working against the overall paper value. A sign of the experiment's solidity is the lack of comparison with any steganalysis tool.
Suggestions:
Clealry describe the data sets. Refine the algorithm details (how many rounds were really run for each image, what was the size of the embed message).
剛剛終於在最後一刻把論文投稿到 SIP 2006 了, 了結了近兩個月來, 心頭上最大的一件事!
Niels Provos & Peter Honeyman 在 2001 年CITI 的技術報告, 還有 2002年 ISOC NDSS'02 研討會論文 "Detecting Steganographic Content on the Internet" 中是這樣描述 OutGuess 的:[ P.5 ]
OutGuess is a steganographic system available as UNIX source code. There are two released versions: OutGuess 0.13b, which is vulnerable to statistical analysis, and OutGuess 0.2, which includes the ability to preserve statistical properties and can not be detected by the statistical tests used in this paper.
OutGuess is different from the systems described in the previous sections in that its chooses the DCT coefficients with a pseudo-random number generator. A user-supplied pass phrase initializes a stream cipher and a pseudo-random number generator, both based on RC4. The stream cipher is used to encrypt the content.
Because the modifications are distributed randomly over the DCT coefficients, the X²-test can not be applied on a continuously increasing sample of the image. Instead, we slide the position where we take the samples across the image.
For OutGuess 0.13b, we do not find any clear signatures. Figure 7 shows the probability of embedding for a sample image. The spikes indicate areas in the image where modifications to coefficients cause departures from the expected DCT coefficient frequency.
Niels Provos and Peter Honeyman, "Detecting Steganographic Content on the Internet,"ISOC NDSS'02, San Diego, CA, February 2002.
Andreas Westfeld & Andreas Phitzmann 在 IHW99 的論文 "Attacks on Steganographic System" 中, 曾經三次提到 Jsteg:Related to this work is Final Year Project of Tinsley on Steganography and JPEG Compression. He describes statistical attacks applied to Jsteg using a different statistical model.2. P.8 說明為什麼提出來的 Visual Attack 無法運用在破解 Jsteg。
Jsteg - embedding in a transformed domain. Jsteg embeds in JPEG images. In JPEG images, the image content is transformed into frequency coefficients to achieve storage as compact as possible. There is no visual attack in the sense presented here, because one steganographic bit influences up to 256 pixels.3. P.12 最後, 運用作者所提出來的 Chi-Square Attack, 就可以成功破解 Jsteg。
Jsteg - embedding in a transformed domain. As already noted in Sect. 3, visual attacks do not work concerning Jsteg. Since Jsteg (as EzStego) embeds bits continuously, we use the former presentation of Fig. 16 in Fig 17, Fig. 18 and Fig. 19. The show that our statistical test is quite effective concerning Jsteg as well.
This algorithm made by Derek Upham serves as a starting point for the contemplation here, because it is resistant against the visual attacks presented in [5], and nevertheless offers an admirable capacity for steganographic messages (e. g., 12.8 % of the steganogram’s size). After quantisation, Jsteg replaces the least significant bits (LSB) of the frequency coefficients by the secret message. The embedding mechanism skips all coefficients with the values 0 or 1. Fig. 4 shows Derek Upham’s embedding function of Jsteg in C source code.
However, the statistical attack [5] on Jsteg reliably discovers the existence of embedded messages, because Jsteg replaces bits and, thus, it introduces a dependency between the value’s frequency of occurrence, that only differ in this bit position (here: LSB). Jsteg influences pairs of the coefficient’s frequency of occurrence, as Fig. 5 shows.
Niels Provos & Peter Honeyman 在 2001 年的技術報告 "Detecting Steganographic Content on the Internet" 中是這樣描述 Jsteg 的:[ P.4 ]
JSteg is an addition by Derek Upham to the Independent JPEG Group's JPEG Software library. The DCT coefficients are modified continuously from the beginning of the image. JSteg does not support encryption and has no random bit selection.The message data is prepended with a variable size header. The first five bits of the header express the size of the length field in bits. The following bits contain the length field that expresses the size of the embedded content.
Derek Upham's JSteg was the first publicly available steganographic system for JPEG images. Its embedding algorithm sequentially replaces the least-significant bit of DCT coefficients with the message's data (see Figure 3). The algorithm does not require a shared secret; as a result, anyone who knows the steganographic system can retrieve the message hidden by JSteg.
[ P. 5, for Jsteg ]
In this example, 99% of the training set is correctly classified. In the testing set 98% of the steg images are correctly classified with 2% false positives (i.e., a no-steg image incorrectly classified as a steg image).
[ P. 7, for EZstego ]
On average, 86.6% of the testing set is correctly classified, with 13:2% false positives, and 51:5% detection can be achieved with 1% false positives, Table 1.
[ P. 7, for OutGuess ]
Without statistical correction, detection rates are 80.4% with 19.4% false positives, or 22.5% detection with 2%false positives. With statistical correction, detection rates are slightly worse at 77.7% with 23.8% false positives, or 17.5% detection with 1.0% false positives.
Other applications include unobtrusive military and intelligence communication, covert criminal communication, and the protection of civilian speech against repressive governments. Along with new and improved techniques for hiding information will come techniques for detecting (and possibly removing) such information.
Steganography is used to hide the occurrence of communication. Recent suggestions in US newspapers indicate that terrorists use steganography to communicate in secret with their accomplices. In particular, images on the Internet were mentioned as communication medium. While the newspaper articles sounded very dire, none substantiated these rumors.當年的新聞連結如下:
Jessica Fridrich 在她 2006 年 Fundamentals of Steganography 課程, Lecture 4 投影片 中, P. 7 談到 Jsteg 的作法, 從投影片中我們清楚的知道 Jsteg 並沒有考慮到四捨五入所造成的影響。完全是針對四捨五入後的 DCT 係數根據要藏入的訊息去修改係數。
The frequently used steganographic method in JPEG format is the JSteg-like algorithm, which is proposed by D. Upham [I]. It works by embedding message bits as the LSBs of the quantized DCT (Discrete Cosine Transform) coefficients. The embedding mechanism skips all coefficicnts with the values of '0' or '1'. There are two embedding ways according to the selection of coefficients. One is sequential embedding; the other is random embedding whose coefficients selection is usually determined by a secret stego key shared by the communicating parties.在這篇論文中, 還有一點我覺得很有趣!可以做實驗看看。作者引用 P. Sallee 的 IWDW03 論文 "Model based steganography" [ PDF ] 所發現的, 認為用 generalized Cauchy distribution 來描述量化後的 DCT 係數的分布會比用 generalized Laplacian/Gaussian distribution 還要來得精確。
Sallee used a specialized form of a generalized Cauchy distribution instead of the generalized Laplacian. When taking into account a more accurate estimation of the quantization effects, Sallee found this distribution appears to fit DCT coefficients better than the generalizcd Laplacian/Gaussian.
Guillermito Zone 的作者是 Guillaume Tena, 是法國資訊安全專家, 目前在美國 Harvard Medical School (HMS) 任職。The higher the values on this table, the more details you will eliminate. You're actually going to eliminate the high frequency coefficients: think about removing the small wavelets on top of a big wave.5. 在 Lossless compression 這段, 清楚地說明了三個壓縮技術 RLE (Run-Length Encoding), DPCM (Differential Pulse Code Modulation), Huffman coding 分別用在哪邊。之前, 我自己的報告中常忽略的 RLE 與 DPCM, 只是強調 Huffman coding 是不夠清楚的。
The tool Jpeg-Jsteg is a steganography tool that hides information by manipulating the rounding values of the JPEG DCT coefficients. Information is hidden in the JPEG image by modulating the rounding choices either up or down in the DCT coefficients. Detection of such an embedded message would seem to be quite difficult. (An advantage DCT has over other transforms is the ability to minimize the block-like appearance resulting when the boundaries between the 8*8 sub-images become visible (known as blocking artifact).)在 P. 283 中則指出使用 Jsteg 藏有資訊的 JPEG 影像, 對那些經過 IDCT 公式轉換回來的係數去重新繪圖, 會產生較多的不規則的古怪圖形, 這些現象都是因為藏資訊會擴大四捨五入造成的誤差所導致。
In plotting the coefficients using the IDCT formula of JPEG images, the expected result is a relatively smooth graph for values of not equal to zero. However, plotting the coefficients of images created with Jpeg-Jsteg produce more erratic graphs and show steps resulting from duplicate coefficient values due to exaggerated rounding errors caused by storing the hidden information. This distortion is more noticeable for coefficient values less than zero.對了, 2001/02/20 在 Wired News 有一則關於 Neil F. Johnson 的新聞 "Secret Messages Come in .Waves"。新聞中談到 Johnson 在 steganalysis 上的工作, 其中也提到 steganalysis 可以應用到 law enforcement 與 military 用途上。
Johnson's work on steganalysis may seem obscure, but it has important law enforcement and military applications. The National Security Agency and police agencies have underwritten his research -- his center's graduate program at GMU is even certified by the NSA.在新聞中, 還提到當年希臘與波斯帝國的戰爭...
The practice of steganography has a distinguished history: The Greek historian Herodotus describes how one of his countrymen sent a secret message warning of an invasion by scrawling it on the wood underneath a wax tablet. To casual observers, the tablet appeared blank.在我自己的國科會計畫書中, 則是這樣描述這段歷史的:
隱藏學的起源, 最早可回溯到兩千多年以前的古希臘時代, 在希臘歷史學家 Herodotus 的史著中, 記載著一個非常有名的故事: 西元前 491 年, 斯巴達國王 Demaratus 因故被放逐後, 被對希臘懷有侵略野心的東方帝國 - 波斯, 奉為上賓。波斯皇帝 Xerxes 在弭平埃及反抗叛亂後, 開始著手安排對希臘各城邦的侵略戰爭。Demaratus 獲知 Xerxes 的意圖後, 便將平時書寫用的小蠟板, 把上層蠟括除, 再將 Xerxes 的企圖刻在木板, 重新用蠟封起, 送回斯巴達皇宮。由於小蠟板的外觀看起來並無異狀, 因此能夠順利通過邊境檢查, 送到斯巴達國王 Leonidas 手中。然而, 並沒有人能夠馬上理會出小蠟板的用意, 最後是由 Leonidas 的妻子 Gorgo 猜出小蠟板的下方可能藏有訊息, 命人括去蠟層後, 使得波斯帝國即將大舉入侵的消息揭露出來。斯巴達皇后 Gorgo 可以說是歷史上所記載第一位成功破解隱藏技術的人, 圖 2 是我們使用 Google 在網路上搜尋到的當年波斯戰爭地圖。
