Alternatives for Multimedia Messaging System ... - CiteSeerX

5 downloads 0 Views 208KB Size Report
MMS has very quickly gained the popularity of SMS among mobile us- ... saging System (MMS) offers the ability to send and receive multimedia content using.
Alternatives for Multimedia Messaging System Steganography Konstantinos Papapanagiotou1, Emmanouel Kellinis2, Giannis F. Marias1, and Panagiotis Georgiadis1 1

Dept. of Informatics and Telecommunications, University of Athens, Panepistimiopolis, Ilissia, Greece, GR15784 [email protected], [email protected], [email protected] 2 KPMG LLP, One Canada Square, London E14 5AG, United Kingdom [email protected]

Abstract. The Multimedia Messaging System allows a user of a mobile phone to send messages containing multimedia objects, such as images, audio or video clips. MMS has very quickly gained the popularity of SMS among mobile users. Alongside, the need for a secure communication became more imperative. Hiding information, especially in images has been an attractive solution for secret communication. In this paper we examine the possibilities for the use of steganography within a multimedia message. The most widely known algorithms for steganography are presented and discussed. Their application in a mobile environment is analyzed and a theoretical evaluation is given.

1 Introduction One of the most popular uses of mobile phones has been the exchange of messages between users. The Short Messaging System (SMS) was introduced with GSM mobile phones and it very rapidly became popular among users. The Multimedia Messaging System (MMS) offers the ability to send and receive multimedia content using a mobile phone. Nowadays, most of the mobile phones not only are capable of sending and receiving Multimedia Messages (MM), but also contain an embedded camera and can run customized applications (e.g. using Java 2 Platform Micro Edition, J2ME). Most research regarding security in mobile environments with limited resources in terms of processing power, memory capacity and energy autonomy, is focused on the implementation of symmetric and asymmetric cryptographic algorithms. Steganography differs from cryptography in the sense that it tries to hide the message instead of transforming it so as to obscure its meaning [17]. In some cases, steganography may actually prove to be more effective. The combination of both may give the best results, as a message can be encrypted before it is hidden into another object. Cryptography has received most attention until now, leaving a great space for research on steganography. Steganography concerns itself with ways of embedding a secret message into a cover object, without altering the properties of the cover object evidently. The embedding procedure is typically related with a key, usually called a stego-key. Without knowledge of this key it will be difficult for a third party to extract the Y. Hao et al. (Eds.): CIS 2005, Part II, LNAI 3802, pp. 589 – 596, 2005. © Springer-Verlag Berlin Heidelberg 2005

590

K. Papapanagiotou et al.

message or even detect its existence. Once the cover object has data embedded in it, it is called a stego object. The amount of data that can be hidden in a cover object is often referred to as embedding capacity. The embedding capacity is directly related with the secrecy of the message. The distortions in the cover object caused by the steganographic algorithm become more obvious as a user tries to add more hidden data. Evidently, there is a point of balance when the embedded data do not alter the cover object significantly enough to arouse suspicion. In this paper we examine how steganography can be used in the context of MMS. To the best of our knowledge, there are only very few known implementations of steganographic algorithms for mobile devices [15]. We present some widely used algorithms for steganography and explain how they can be applied in MMS. Users can benefit from covert channels in MMS in order to secretly exchange hidden messages and keys, without arousing suspicion of their existence. It could also be used as a mean for hiding the exchange of one-time passwords between a corporate server and a mobile worker [25]. An evaluation of steganographic techniques is also required, as, to the best of our knowledge, there has not been any benchmarking of steganographic algorithms. We propose assessment metrics that can provide us with a sufficient view of their performance. The structure of this paper is as follows: first we examine the architecture of the MMS and the supported media formats. Subsequently, we present the steganographic algorithms that can be used in the MMS. These algorithms can be applied to image, audio or video files, but also to presentation information. In section 4 the presented steganographic techniques are evaluated and some examples of their applications are given. Finally, we provide our concluding remarks and give suggestions for future research.

2 MMS Technology MMS [5] is a technology that allows a user of a properly enabled mobile phone to create, send, receive and store messages that include text, images, audio and video clips. Figure 1 shows the architecture of the MMS network. A user interacts with an MMS Client which is usually an application in his mobile phone. The Client uses the MMSM interface in order to communicate with the MMS Proxy-Relay, which is responsible for communication with other messaging systems. Proxy-Relays use the MMSR interface to communicate among themselves. They also communicate with the MMS Server, which stores messages, through the MMSS interface. In a typical protocol run, a user will compose a MM and select the address of the receiver. The MMS Client will submit the message to the associated MMS Proxy-Relay, which will forward it to the target Proxy-Relay. The MM will be stored in the associated MMS Server and a notification will be sent to the target MMS Client. Finally, the receiver instructs its MMS Client to retrieve the MM from the Server. MMS supports a variety of media formats [7]. Concerning audio at least two codecs are supported: aacPlus (Advanced Audio Coding Plus) and AMR-WB (Adaptive Multi-Rate Wideband). Support for MP3, MIDI and WAV formats is also suggested [8]. For still images JPEG with JFIF should be supported by MMS Clients while for bitmap graphics the supported formats are: GIF87a, GIF89a and PNG. Finally, the supported media formats for video are: H.263 Profile 3 Level 45, MPEG-4 Visual

Alternatives for Multimedia Messaging System Steganography

591

Simple Profile Level 0b and H.264 (AVC) Baseline Profile Level 1b. Moreover, there are some constraints for the size of media [6]: text cannot exceed 30kB, an image must be below 100kB and a video must be smaller than 300kB.

Fig. 1. MMS network architecture

A single MM message may contain many different media elements. An MMS Client should be able to render the multimedia content in a meaningful, for the user, way. Various presentation languages are supported for this purpose, like the Wireless Markup Language (WML) and the Synchronized Multimedia Integration Language (SMIL) [5]. MMS presentation information is transferred along with the multimedia objects. SMIL is a simple XML-based language and currently the most widely used language for MMS presentation.

3 MMS Steganography MMS-capable devices can send and receive messages containing image, audio or video. Such multimedia objects may contain hidden information, embedded to them using steganographic techniques. To the best of our knowledge, currently there are no widely deployed tools that perform stego-functions. Bond Wireless has created a tool [14] for sending a secure SMS, which can also embed hidden messages inside an image within an MMS. However, only image steganography is supported, even though MMS also supports audio and video. In this section we will present algorithms that can be used for embedding hidden information in a MM. 3.1 Image Audio and Video Steganography Digital images are the most widely used cover-objects for steganography. Despite the use of compression in many image formats a high degree of redundancy characterizes a digital representation of an image. The most widely known algorithm for image steganography, the LSB algorithm, involves the modification of the LSB layer of images. In this technique, the message is stored in the LSB of the pixels which could be considered as random noise. Thus, altering them does not have any obvious effect to the image [1]. Variations of this algorithm include changing two or three LSBs [4], or adding a weak noise signal [2] in order to make detection harder. One of the first tools to implement the LSB algorithm is Steganos [12]. Masking techniques take advantage of the properties of the human visual system [11], as an observer cannot

592

K. Papapanagiotou et al.

detect a signal in the presence of another signal. Algorithms that use this technique analyze an image in order to detect regions in it where a message can be placed [11]. Most research in the category of transform domain embedding algorithms is focused on taking advantage of redundancies in Discrete Cosine Transform (DCT). DCT is mainly used in the JPEG format in order to compress images. Information can be embedded in a JPEG image by altering DCT coefficients, for example by changing their LSB. Even though changing a large number of coefficients does not produce any visible alterations, it has a significant effect in compression rate and it may also produce statistical anomalies. Thus, the embedding capacity of the DCT algorithm is much smaller than LSB’s [1]. An algorithms that use DCT is F5 [9], a successor to jsteg. Another transform domain which has been used for embedding information is the frequency domain. Alturki et al. [10] propose quantizing the coefficients in the frequency domain using Fourier transformation in order to embed information which will appear as Gaussian noise. Similarly, the wavelet domain is also suitable for embedding information. The signal is decomposed into a low-pass and a high-pass component using a Discrete Wavelet Transform (DWT) and data is embedded, for example, in the LSB of the wavelet coefficients [13]. Audio steganography can be applied to most audio formats and can be very effective on high compression audio algorithms such as MP3 [21]. The LSB algorithm for audio steganography uses a subset of available audio samples and alters their LSB. However, as the number of the adjusted LSBs increases the introduced noise becomes more audible [13]. Masking techniques can be used for audio steganography in the same concept as with image steganography. A faint sound becomes inaudible in the presence of a louder sound. Similarly, if two signals are close in the frequency domain, the weaker one will be inaudible [15]. A widely known method to hide information inside audio is echo hiding [16], which adds echo to a host audio. The delay between the original signal and the echo depends on the echo kernel that is being used [16]. Cox et al. [19] have proposed the spread spectrum method where the data is spread throughout the maximal range of frequencies so that it becomes very difficult for someone to find the hidden data unless they know the spreading algorithm. Mp3stego [21] is one of the most widely known tools for hiding text in MP3 audio files. In mp3stego the data to be hidden are embedded in the MP3 bit stream as parity during the encoding process. The properties of parity ensure that more data can be hidden if more values are selected as a cover message [17]. Similar methods can be used for other compressed audio formats such as AMR and AAC. However, to the best of our knowledge there are only few proposals for information hiding algorithms specifically designed for AAC-encoded audio [22]. The techniques used to hide information inside video files are not very different from the methods used in image steganography. There are some obvious differences though in the way that data is stored. Someone can store more information inside a video file than in an image file since video is a sequence of images (frames). Therefore in a 30 frames/sec video we can store 30 times the information we could store in a single picture. Moreover, someone can pick frames to store data in such a way that even if someone could detect the existence of modification, he would not be able to put the extracted information in sequence. A technique for embedding data in an MPEG compressed video clip is analyzed in [18].

Alternatives for Multimedia Messaging System Steganography

593

3.2 Markup Language Steganography Mark-up languages (ML) such as HTML, XML and SMIL contain presentation (i.e., markup) information which consists of tags. Tag attributes can be reordered freely without causing any visual change [24]. Additionally, if a parser does not recognize an attribute it ignores it. By exploiting these steganography opportunities, someone can hide information inside a document. For example, attribute reordering can be used to embed information into a document. In the following example of SMIL code we have the tag which has five attributes: By rearranging them we get 5! possible combinations of these five attributes, i.e. 120 different ways to display the same thing. Using this line alone we can hide a total of log2120=6.9 bits. Since we don’t want to arouse suspicion by changing all attributes’ position for each tag, we can split the number of permutations throughout the document in order to achieve increased robustness and a larger storage space. In addition we can introduce a white space after the tag name [24]. Using the same SMIL code we can create hidden binary information by doing the following for binary 0 and 1: Many tags such as , or can also include the end-tag inside the start tag or they can split into two separate tags [24]. For example for binary 0 and 1: Finally someone can hide information inside a SMIL document using simple text based steganography [24], by introducing extra spaces at the end and start of each line or by appending at the end of lines a TAB (binary 0) or SPACE (binary 1) character.

4 Evaluation and Applications of MMS Steganography Methods Most research concerning benchmarking steganographic algorithms is focused on techniques for steganalysis [23]. However, the time required to embed or extract a hidden message is critical in limited environments like mobile phones. Thus, we need to adopt a parameter, which we will call Speed, that will reflect the time required to embed a certain amount of information to a specific cover object using a steganographic algorithm. The embedding capacity for each algorithm should be examined along with the secrecy level offered, given the message size restrictions that each MMS message sets. We use two different parameters in order to express these aspects: Capacity for the embedding capacity and Secrecy for how easily suspicions are aroused for the given Capacity. We establish here a metric that would give a measurement for the performance of a steganographic algorithm as follows:

594

K. Papapanagiotou et al.

StegoPerfo rmance = f ( Speed , Capacity , Secrecy )

(1)

Regarding speed, LSB substitution techniques are considered to be the least complex. Methods involving transformations, such as DCT, FFT and DWT, or masking require increased processing power and produce an additional overhead. However, LSB can only be applied to uncompressed data. Practically, images in MMS are sent in JPEG format. Therefore the use of DCT or DWT-based methods for image steganography is suggested. Additional analysis is also required for echo hiding or spread spectrum techniques. Contrarily, SMIL and generally markup language steganography is considered to be very efficient as it only involves text manipulation. As far as embedding capacity and secrecy are concerned, LSB algorithms give the possibility of hiding a large amount of data. Nevertheless, as the number of the substituted LSBs increases, it becomes more and more apparent that steganography may have been used [4]. Conversely, transform embedding techniques are used in applications where robustness is required [11]. The fact that hidden data is inserted in the transform domain makes the message much harder to detect but also limits the embedding capacity of such algorithms. SMIL steganography provides very little room for embedding data. A SMIL file in a MM can be very small and thus, it can be hard to embed a large amount of data into it. Also, text-based steganography lacks secrecy as an observer may easily detect an abnormality in plain text. However, in our case a user will never see a SMIL file as it only provides information so that a mobile device can render a MM. Table 1 summarizes the advantages and disadvantages of each algorithm. Table 1. Evaluation of Steganographic Algorithms Algorithm LSB DCT-DWT LSB DCT-DWT LSB Echo Spread Spectrum Attribute Syntax White Space

Object Image Image Video Video Audio Audio Audio ML ML

Speed ☺

Capacity

Secrecy

Perform.

☺ ☺ ☺ ☺ ☺



☺ ☺ ☺

☺ ☺

A user could take advantage of the fact that SMIL steganography can be undetectable in order to embed a secret message in the presentation part of a MM. For example, one could embed hidden information in image, audio or video clips using a stego key and then hide this key in the presentation part of the MM using SMIL steganography. Even if a malicious user could realize that hidden information is contained in a multimedia clip contained in a MM, it would be hard to also find the key in order to retrieve this information. Thus, SMIL steganography can be used to hide information on how to extract data hidden in other parts of a MM. Steganography in MM can also be used for various other purposes. In terms of digital rights management, author and copyright information could be hidden in media that are transmitted by MMS (for example, ringtones, wallpapers, etc.). Origin authentication can also be enforced, by secretly embedding information regarding the identity of a sender in order to counter

Alternatives for Multimedia Messaging System Steganography

595

spoofing attempts. Nowadays, mobile message marketing is becoming more and more popular. For example, premium services are advertised using SMS or even MMS. A user has no way to know if such messages are legitimate and if the advertised cost is real. Steganography could aid in this direction by embedding data (for example a hash) that could verify the validity and integrity of such a message.

5 Conclusions In this paper we presented and discussed the possibility for using steganography in the MMS. We examined various, widely-used algorithms that could be applied in a mobile environment, in order to hide information in images, audio or video clips. We also suggested the use of SMIL steganography in order to embed a small message (e.g. the stego-key) in the presentation part of the MM. We evaluated the presented algorithms on a theoretical basis, taking into account the fact that they will be applied in a restricted environment, with limited processing power, memory and energy autonomy. For the evaluation of such algorithms, specific metrics were proposed, that can provide a complete view of their performance. Finally, we provided some suggestions for possible uses of steganography in MMS. Currently, we are experimenting with a practical implementation of steganographic algorithms. A real world application, written in J2ME, will enable us to perform thorough tests in order to provide further suggestions for the use of the presented algorithms in mobile devices. Combined use of steganography and cryptography is also examined for optimal results.

Acknowledgements Part of this work was performed in the context of the project entitled "PERAS: PERvasive and Ad hoc Security" funded by the Greek Ministry of Development, General Secretariat for Research and Technology, under the framework "PENED".

References 1. M. Kharrazi, H. T. Sencar, N. Memon: “Image Steganography: Concepts and Practice”, National University of Singapore (2004) 2. J. Fridrich and M. Goljan: “Digital image steganography using stochastic modulation" SPIE Symposium on Electronic Imaging, San Jose, CA (2003) 3. S. Katzenbeisser, F. A. P. Petitcolas: “Information Hiding Techniques for Steganography and Digital Watermarking”, Artech House (2000) 4. K. Curran, K. Bailey: “An evaluation of image-based steganography methods”. International Journal of Digital Evidence. (2003) 5. Open Mobile Alliance: “Multimedia Messaging Service Architecture Overview Approved Version 1.2”, OMA, March (2005) 6. Open Mobile Alliance: “MMS Conformance Document 1.2 Approved Version 1.2”, OMA, March (2005) 7. 3rd Generation Partnership Project, “Multimedia Messaging Service (MMS): Media formats and codecs (Release 6)”, 3GPP, March (2005)

596

K. Papapanagiotou et al.

8. 3rd Generation Partnership Project, “Multimedia Messaging Service (MMS): Functional description; Stage 2 (Release 1999)”, 3GPP, June (2002.) 9. A. Westfeld: “F5a steganographic algorithm: High capacity despite better steganalysis," 4th International Workshop on Information Hiding. (2001) 10. F. Alturki, R. Mersereau: “Secure blind image steganographic technique using discrete fourier transformation," IEEE Intl. Conference on Image Processing, Greece (2001) 11. E. T. Lin and E. J. Delp: "A Review of Data Hiding in Digital Images," Proc. of the Image Processing, Image Quality, Image Capture Systems Conference, Savannah (1999) 12. Steganos Software: http://www.demcom.com/english/steganos/index.htm 13. Cvejic N and Seppänen T: “A wavelet domain LSB insertion algorithm for high capacity audio steganography”. Proc.10th IEEE Digital Signal Processing Workshop, USA (2002) 14. Bond Wireless, SMS AV Software: http://www.bondwireless.com/bwproducts/ bwsmssecure.asp 15. T. Moerland: “Steganography and Steganalysis”, Universiteit Leiden, Rhone-Alpes (2003) 16. D Gruhl, A Lu, W Bender: “Echo Hiding", Information Hiding, Springer Lecture Notes in Computer Science v 1174, (1996) 295-315 17. R. J. Anderson and F. A. P. Petitcolas: “On the limits of steganography”, IEEE Journal of Selected Areas in Communications, 16(4):474-481,. Special Issue on Copyright & Privacy Protection, May (1998) 18. J. J. Chae and B. S. Manjunath: "Data hiding in Video" Proc. 6th IEEE International Conference on Image Processing (ICIP'99), Kobe, Japan (1999). 19. I. J. Cox, J. Killian, T. Leighton, and T. Shamoon: “A secure robust watermark for Multimedia,” IEEE Trans. Image Processing, Vol. 6. no. 12, Dec. (1997) 1673-1687 20. I. J. Cox, J. Kilian, T. Leighton and T. Shamoon: “Secure Spread Spectrum Watermarking for Multimedia", IEEE Trans. on Image Processing, 6, 12 (1997) 1673-1687 21. F. A. P. Petitcolas: “MP3Stego.” http://www.petitcolas.net/fabien/steganography/mp3stego, Aug. (1998) 22. Ryuki Tachibana: "Two-Dimensional Audio Watermark for MPEG AAC Audio," in Proc. Security, Steganography and Watermarking of Multimedia Contents VI, SPIE USA (2004) 23. M. Kharrazi, T. H. Sencar, N. Memon: “Benchmarking steganographic and steganalysis techniques”, EI SPIE San Jose, CA, January 16-20, (2005) 24. S. Inoue et al.: “A Proposal on Information Hiding Methods using XML”, 1st NLP and XML Workshop, Japan (2001) 25. T. Morkel, M.S. Olivier, J.H.P. Eloff, H.S. Venter: “One-time Passwords in a Mobile Environment Using Steganography”, Proc of IEEE SecPerU 2005, Greece, (2005)