8. EzStego. ⢠GIF File. â a colour palette : up to 256 different colours out of. 224 possible. â the Lempel-Ziv-Welch compressed [3,6,8] matrix of palette indices.
Attacks on Steganographic Systems Breaking the Steganographic Utilities EzStego, Jsteg, Steganos, and S-Tools – and Some Lessons Learned
Andreas Westfeld and Andreas Pfitzmann Department of Computer Science, Dresden University of Technology D-01062 Dresden, Germany Information Hiding , Third International Workshop, IH’99 Dresden, Germany, September 29 – October 1, 1999 1
Outline • Introduction • EzStego • Visual Attacks • Statistical Attacks • Conclusions and Outlook
2
Introduction • Steganography – no routine means to protect confidentiality – embeds a confidential message into another, more extensive message which serves as a carrier – goal: to modify the carrier in an imperceptible way only, – it reveals nothing�neither the embedding of a message nor the embedded message itself
• Steganalysis – to defeat the goal of steganography 3
Introduction carrier medium extracting function embedding function ������������� ������������� ������������� ������������� ������������� �����������
steganogram
message to embed
������������� ������������� ������������� ������������� ������������� ����������� extracted message
Fig. 1. Steganographic system 4
Introduction • Multimedia data (audio, video) – digitization: quantization noise – lossy compression: introduce another kind of noise
• Steganogram – have same statistical characteristic as the carrier media, – a (potential) message can be read from both the steganogram and carrier medium. – the message must not be statistically different from each other. Otherwise, the steganographic system would be insecure. 5
Introduction • Secret keys – steganographic keys : control the embedding and the extracting process – cryptographic keys : used to encrypt the message before it is embedded – Kerckhoffs’ Principle
• In this paper: – image : the widespread carrier medium – Pseudo-random bit-strings : have all statistical properties of encrypted messages 6
Introduction • Related works – the Final Year Project of Tinsley on Steganography and JPEG Compression : statistical attacks applied to Jsteg using a different statistical model – Fravia: brute force attacks to Steganography – Neil Johnson: an introduction to Steganalysis, IH’98
• EzStego v 2.0b3, Jsteg v4, Steganos v1.5, STools v4.0 7
EzStego • GIF File – a colour palette : up to 256 different colours out of 224 possible – the Lempel-Ziv-Welch compressed [3,6,8] matrix of palette indices
• EzStego embeds messages into the pixels without any length information and leaves the colour palette unmodified.
8
EzStego
Fig. 2. Colour order in the palette (l.) and stored as used by EzStego (r.) 9
EzStego original palette
sorted index sorted palette bit to embed
Steganographic value: least significant bit of sorted index Fig. 3. Embedding function of EzStego
10
Visual Attacks • Several authors assumed that – Least significant bits of luminance value are completely random and be replaced – Contraband[9], EzStego[10], Hide & Seek [13], PGMStealth [15], Piilo [16], Scytale [17], Snow [18], Steganos [19], Stego [20], Stegodos [21], S-Tools [22], White Noise Storm [23].
• By the visual attack, we will reveal that this assumption is wrong. 11
Visual Attacks
Fig. 4. Windmill as carrier medium (l.) , and steganogram (r.) 12
Visual Attacks
Fig. 5. LSBs of the images in Fig. 4. Black for LSB=0, white for LSB=1. 13
Visual Attacks
Ideal of visual attacks
attacked carrier medium/ steganogram
extraction of the potential message bits
visual illustration of the bits on the position of their source pixels
14
Visual Attacks
An Embedding Filter
on EzStego original palette sort sorted palette colour according to steganographic value sort back replacement palette
Fig. 6. Assignment function of replacement colours; colours that have an even index in the sorted palette become black, the rest 15 become white.
Visual Attacks
Experiments - EzStego continuous embedding
Fig. 7. EzStego; filtered images of Fig. 4.: nothing embedded (l.), 50% capacity of the carrier used for embedding. 16
Visual Attacks
Experiments - EzStego
depends on the image content
Fig. 8. GIF image of a flooring tile as carrier medium, and its filtered image.
17
Visual Attacks
Experiments – S-Tools spread embedding
Fig. 9. True colour BMP image as carrier medium, and its filtered image. 18
Visual Attacks
Experiments – S-Tools spread embedding
Fig. 10. S-Tools; steganogram with maximum size of embedded text, and its filtered image. 19
Visual Attacks
Experiments – S-Tools spread embedding
Fig. 11. S-Tools; steganogram with 50%capacity of the carrier medium used, and its filtered image. 20
Visual Attacks
Experiments – Steganos continuous embedding with fill up
Fig. 12. True colour BMP image as carrier medium, and its filtered image. 21
Visual Attacks
Experiments – Steganos 1.5 continuous embedding with fill up
Fig. 13. Steganos; steganogram with only one byte of embedded text, and its filtered image. 22
Visual Attacks
Experiments – Steganos 2.0
True colour BMP image as carrier medium, and its filtered image.
23
Visual Attacks
Experiments – Steganos 2.0
(l) filtered steganogram with 18000 byte (50%) embedded, (r) filtered steganogram with 36000 byte (100%) embedded
24
Visual Attacks
Experiments – Jsteg embedding in a transformed domain • Jsteg embeds in JPEG images. • In JPEG images, the image content is transformed into frequency coefficients to achieve storage as compact as possible. • There is no visual attack in the sense presented here, because one steganographic bit influences up to 256 pixels. ??
25
Statistical Attacks
Idea of the Chi-square Attack
Fig. 14. Histogram of colour before and after embedding a message with EzStego . 26
Statistical Attacks Chi-square Attack •
The theoretically expected frequency in category i after embedding an equally distributed message is
� = � �
•
{������ ��� �� �� ������� � ∈ {����� + �}} �
The measured frequency of occurrence in our random sample is
�� = {������ ��� �� �� ������� � = ��}
27
Statistical Attacks Chi-square Attack •
The X2 statistic is given as
)
−� Χ = ∑ � =� � �� with k-1 degrees of freedom. p is the probability of our statistic under the condition that the distributions of ni and ni* are equal. It is calculated by integration of the density function: �
� � −�
•
(�
� � �
�
�
� = �− �
� −� �
� −� Γ �
∫
Χ �
� � −�
�
−
� �
�
� −� −� �
��
28
Statistical Attacks
Experiments - EzStego continuous embedding
Fig. 15. Flooring tile as steganogram of EzStego, and filtered; this visual attack cannot distinguish between the upper, steganographic half and the lower, original half.
29
Statistical Attacks
Experiments - EzStego continuous embedding
Fig. 16. Probability of embedding with EzStego in the flooring tile image (Fig. 15) 30
Statistical Attacks
Experiments – S-Tools spread embedding Size of embedded text
p-value ( ε < 10 –16 )
jungle.bmp
0
0+εε
bavarian.bmp
0
0+εε
soccer.bmp
0
0+εε
groenemeyer.bmp
0
0+εε
pudding.bmp
0
0+εε
jungle50.bmp
18090bytes/50%
0+εε
jungle100.bmp
36000bytes/99.5%
1-εε
bavarian100.bmp
36000bytes/99.5%
1-εε
soccer100.bmp
36000bytes/99.5%
1-εε
groenemeyer100.bmp
36000bytes/99.5%
1-εε
File
31
Statistical Attacks
Experiments – Steganos continuous embedding with fill up Size of embedded text
p-value ( ε < 10 –16 )
army.bmp
0
0.0095887
bavarian.bmp
0
0+εε
soccer.bmp
0
0+εε
groenemeyer.bmp
0
0+εε
pudding.bmp
0
0+εε
army100.bmp
12000bytes/99.5%
0+εε
bavarian1.bmp
1byte/0.008%
1-εε
soccer1.bmp
1byte/0.008%
1-εε
groenemeyer1.bmp
1byte/0.008%
1-εε
pudding1.bmp
1byte/0.008%
1-εε
File
32
Statistical Attacks
Experiments - Jsteg embedding in a transformed domain
Fig. 17. JPEG image as carrier medium; nothing is embedded, and the statistical test yields a very low probability of embedding 33
Statistical Attacks
Experiments - Jsteg embedding in a transformed domain
Fig. 18. Jsteg; steganogram with 50% embedded. 34
Statistical Attacks
Experiments - Jsteg embedding in a transformed domain
Fig. 19. Jsteg; steganogram with maximum size of embedded text 35
Conclusions and Outlook • LSBs overwriting: – LSBs are not complete random – Equals Frequencies of occurrence
• Statistical tests are superior to visual attacks: – Less dependent on the cover – Fully automated
• Overwrites only a fraction of LSBs by choosing these bits (pseudo) randomly – Error rate increases (both the visual and statistical attacks) – Throughput decreases 36
Conclusions and Outlook • Promising alternatives – Concentrate the embedding process exclusively on the randomness in the carrier medium. It is all but trivial to find out what is completely random within a carrier. [7]: Steganography in a video conferencing system.
– Replace the operation overwrite by other operations (e.q., by increment). • Not balanced, but circulate in the range of values. 37
Conclusions and Outlook • Iterative process – Designing and publishing cryptosystems – Analyzing and breaking them – Re-designing hopefully more secure ones – Exposing them once more to attacks. • Within the validation circle of steganographic systems, - this paper is – a step forward. • Our method … 38
