Install, spread or control malware on compromised systems ... Dynamically (easy, needs native env.) â Hybrid ... http://theworldsoldestintern.wordpress.com/.
WAVELET TRANSFORM WITH ENHANCED. SECURITY. Deepthi S. 1 .... Embedding the secret data is done during low bit-rate speech encoding. Drawback of.
respect to object-relational databases, they can be applied to any type of database. .... The database level is the final level where data hiding techniques can.
This is to certify that I have examined the above PhD Thesis and have found that
it is ... Department of Electrical and Electronic Engineering. 20 August 2003 ...
Towards Enhanced Compression Techniques for. Efficient ... Most of the proposed indexing techniques can be classified as clustering approaches. That.
Abstract. In this paper, we introduce a new efficient compression .... normalized d-simplex which an edge length of l comprises the following vertices4 vi: vi = (0,...
Moat widely used data hiding techniques are digital signature, cryptography and steganography. The word steganography comes from Greek word âsteganosâ which means covered or secret and the âgraphyâs means writing or drawing.
3,5Electronics and Telecommunication Department. 3,5Jadavpur University, Kolkata 700032, India. 4Ramakrishna Mission Residential College (Autonomous),.
[15] Abbas Cheddad, Joan Condell, Kevin Curran and Paul Mc. Kevitt, Digital image Steganography: Survey and analysis of current methods, Review Article, ...
Mar 28, 2017 - first decrypt it using the encryption key, and then extract the embedded data and recover the original image from the decrypted image using the ...
9.2.1 The New Rules on Conflict of Laws in Torts in the U.K.. 200 ...... Presentation attacks exploit watermark detector failure: rather than unmarking a marked ...
in sum of prime numbers, while the second one is based on decomposition in ...... converges to limit αp â +, αp satisfies the equation xp+1 â xp â 1 = 0, âp â âµ.
template-based structured codebooks in which a specially designed template ... security and information-theoretical analysis of geometrically robust data-hiding.
Hiding (ARH) techniques in Privacy Preserving Data Mining. (PPDM). This research work on Association Rule Hiding technique in data mining performs the ...
A covert channel is a type of computer security attack [6] that provides a channel for ... of Steganography, digital image Steganographic procedures are more ...
techniques used for data hiding vary depending on the quantity of data being
hidden and the required invari- ance of those data to manipulation. Since no one.
OF ENGLISH TEXT USING DES AND ATTACKS ... multimedia applications network security remains an ... is defined as it is a large system consisting of many ... carried out over these cookies in order to compromise ... firewall in front of web servers can
manner. The illustration in this paper refers to ..... the binary SFR logo (just for illustration see. Fig. 6.a). .... MPEG-4 BIFS features for creating multimedia games,.
To increase the secrecy or security of the hidden message there may some keys ... Information hiding techniques are broadly classified into four categories such as, ... of Steganography, digital image Steganographic procedures are more ...
Jan 13, 2010 - wireless networks, and the ease of delivery over the ubiq- ... In the latter part, possible extensions the applications pointed out in this paper are ...
Rola I. Al-Khalid, c. Samah A. Massadeh d a Department of Computer Engineering, Faculty of Engineering Technology, Al-Balqa. Applied University, Amman ...
Efficient Data Hiding System using Cryptography and. Steganography ... hiding system that is based on audio steganography and ..... Hide and Seek: An.
reversible data hiding scheme for binary images is proposed. JPEG2000 compressed data ...... [18] Hamid, A. M., M. L. M. Kiah, et al. (2009). "Novel Approach for ...
Efficient Data Hiding Techniques with Enhanced Capacity
By Mehdi Hussain Dr. Mureed Hussain
I
Dedication This book is dedicated to my parents who have given me the opportunity of education from the best institutions and support throughout my life.
Acknowledgments I would like to thank my supervisor, Dr. Mureed Hussain for his supervision and support throughout this work. I am indebted to my family and especially my parents (Mukhtar Hussain and Kausar Mukhtar) for their unforgettable support in my career. I would like to thank my fellows especially Shumaila Hameed, Faisal Imran and Asif Khan for their help and patience. I would also like to thank the network and administrative staff of SZABIST for providing me the lab to complete my research work. Special thank to SZABIST and HEC library for providing me access to the academic resources that were required to complete my literature review. I finally would like to thank the academia research community for their creating a strong foundation for information hiding domain, which have allowed me to evaluate and refine my ideas.
Embedding Data in Edge Boundaries with High PSNR ………………………….…47 5.1.1 Proposed Method…………………………………………………….….…...47
5.2
5.1.2
Experimental Results ……………………………………..……………...….52
5.1.3
Conclusion…………………………………………………………………...56
Information Hiding using Edge Boundaries of Objects ………………………….... 57
Chapter 6: Network Covert Channel Achieved through Message Length 6.1
Proposed Model……………………………………………………………………..59
6.2
Packet Loss Scenarios…………………………………………………………….....61
6.3
Experimental Results……………………………………………………………..…62
6.4
Conclusion……………………………………………………………..…………... 69
Chapter 7: Conclusion and Future Works …………………………………………………….…... 70 Bibliography.......................................................................................................................................71 IV
List of Figure 1: Information Security Diagram …………………………………………………….…………..…4 2: Basic Cryptography Diagram…………………………………………………………………….5 3: Asymmetric-Key Cryptography Diagram……………………………………………….……… 6 4: Information Hiding Classification …….…………………………………………………………7 5: Basic Steganography Diagram……………………………………………………………………8 6: Digital Medium to Achieve Steganography………………………………………………………9 7: Basic Image Steganography Diagram…………………………………………………..……….12 8: Image Pixels with its Binary Values…………………………………………………..………...13 9: Classification of Network Steganography…………………………………………….……..….19 10: Flow Diagram .....…………………… ……………………………………………………....30 11: Cases of Retransmission ….…………………………………………………………….……. .31 12: The TCP Initial Sequence Number Bounce Channel ………………………………….……... 33 13: Modulating the Least Significant Bit of the TCP Timestamp Field …………………………...34 14: One Channel with Extreme Modified 4 LSB’s……………………………………………….. 39 15: Three Channels with Extreme Modified 4 LSB’s…………………………………………….. 39 16: Shows the Some Hidden Area around Edge Boundaries………………………………….…...51 17: Shows the Pixel values and Difference value……………………………………………….....52 18: Stego-image edge pixel values………………………………………………………………...52 19: Image Data Set for Experiments………………………………………………………….……58 20: Packet Loss……………………………………………………………………………….……62 21: Acknowledgment Loss…………………………………………………………….…………..62 22: Simulation Scenario…………………………………………………………………………... 63 23: Average Traffic Variations………………………………………………………………........ 63 24: Capacity Graph……………………………………………………………………………….. 64 25: Throughput Graph…………………………………………………………………………….. 64 26: Congestion Window…………………………………………………………………………... 64 27: Round Turn Trip Time (RTT)…… ……………………………………………………………65
V
List of Tables 1: Image Steganography Algorithm Measures…………………………………………….……….. 14 2: OSI Seven Layer Model with its Protocols………………………………………………..…….. 15 3: TCP Header Format in RFC 793 ………………………………………………………………... 16 4: IP Header Format in RFC 791 …………………………………………………………………....17 5: Pixel Mapping Table …..…………………………………………………………………….……24 6: Data Embedding Based on Pixel Bits ………………………………………………………….....38 7: Proposed Data Embedding Based On Pixel Bits………………………………..………….…..…42 8: 100 % Pixel Used to Embed Data, Value of MSE, RMSE, PSNR, Percentage of Used Pixel In Image, Percentage of Used Bytes Changed, Average No of
Bits Changed Per Pixel And
Percentage of Used Pixel of Cover Image To Store Data…………….………………………… 44 9: Value of MSE, RMSE, PSNR, Percentage of Used Pixel In Image, Percentage of Used Bytes Changed, Average No of Bits Changed Per Pixel And Percentage of Used Pixel of Cover Image to Store Data …………………………………………………………………………………….44 10: Embedding Capacity Obtained ………………………………………………….……….…….. 45 11: Edge Boundary Embedding Cases…………………………………………….………….......... 48 12: Results of Proposed Scheme with MSE, PSNR ……………………………………………...…54 13: Proposed Method with Different Edge Length Threshold…………………………………… . 55 14: Sobel Edge Results With Proposed Method …………………………………….……….…….56 15: Canny Edge Results With Proposed Method ……………………………………..……….…..57 16: One Hour Traffic (2)…………… ………………………………….……………………..….... 65 17: Five Hour Traffic (2)………………………………………………….…………………………66 18: Two and Half Hour Traffic (2)……………………………………………….…….………....…67 19: One Hour Traffic With W-Bits (3)…………………………………………….…..……..…..... 67 20: One Hour Traffic With W-Bits (4)………………………………………………..………….... 68 21: Total Covert Data Bytes Achieved…………………………………………………………….. 69
VI
List of Publications Following is the list of papers produced by presented book.
Mehdi Hussain, Hussain, M, “Pixel intensity based high capacity data embedding method”, IEEE International Conference Information and Emerging Technologies (ICIET), Pakistan, June 2010. (Published)
Mehdi Hussain, Mureed Hussain, “Embedding Data in Edge Boundaries with High PSNR”, IEEE 2011 7th International Conference on Emerging Technologies 2011 (ICET 2011), September 5 - 6, 2011, Islamabad, Pakistan. (Published)
Mehdi Hussain, Mureed Hussain, “A High Bandwidth Covert Channel in Network Protocol”, International Journal of Advanced Science and Technology. (IJAST) ISSN: 2005-4238, Vol.30 April 2011. (Published)
Mehdi Hussain, Mureed Hussain, “Information Hiding using Edge Boundaries of Objects”, International Journal of Security and Its Applications. (IJSIA) ISSN: 1738-9976, Vol.5 No. 3 2011. (Published)
VII
Abstract Digital communication has become more popular due to tremendous growth of internet. The digital communication has many advantages as it has brought new challenges and new opportunities for innovations. Information security is one of the most significant challenges. Information is exchanged between parties within few seconds. Generally information is transferred by different applications such as web browsing, streaming of audio, videos, bank transaction software or etc. That’s why security of such information is very important for that application or communication aspects and it has been a major concern nowadays. Mostly countermeasures of information security are achieved through encryption and data hiding techniques. This book discusses the available data hiding methods for digital information with respect to images and network communication protocols. It addresses both theoretical and practical aspects of information hiding methods for both types of digital media, and also proposes new data hiding methods. In first part, we briefly discuss the literature review of existing best available method of data hiding with respect to communication and image domains. Various embedding methods target different aspects like perceptual transparency, capacity and robustness or etc. Our focused is based on two major aspects: transparency and capacity aspects based on available methods. We have proposed different comprehensive solutions to achieve data hiding in images and as well as network communication protocol. For targeting perceptual transparency, we have proposed an edge base data embedding with high (peak signal to noise ration) PSNR method, where stego-image (carrying hidden data) has very high resemblance to cover-image (original image). For high capacity aspect, we have proposed pixel intensity based high capacity data embedding method. In communication protocol context, we have explored the utilization of the packet length and also the packet payload to achieve high rate of hidden data. The experimental results of proposed methods confirm our theoretical calculations and high capacity of data hiding in our proposed techniques.
VIII
Chapter 1:
Introduction
Internet is the most popular medium that exchange information between parties. Information is transferred by different web, streaming of audio, videos and other authentication purpose based applications such as hotmail, yahoo for mailing and skype for conferencing or etc. The security of such information has become a major concern nowadays. There are number of methods which have been proposed so far to secure this type of information transmission or communication. Generally, data encryption and data hiding methods are most popular and used to secure information.
1.1
Motivation
One of the major objectives of information security is to secure information, which can be achieved through encryption as well as information hiding. In Information security, information hiding has received a significant attention both in industry and academia. Due to the internet, it has become very common into digital media, such as images, videos, audios, communication etc. Cryptography is used to protect the content of messages and steganography conceal the message existence [1]. Cryptography and steganography are well known and widely used techniques to secure information utilized for authentication, bank transactions, credit cards codes, multimedia content copyrights, digital rights management, feature tagging (timestamp or control information of application), or important messages passing dependent on applications. Due to property of concealness in steganography, it is more effective because:Military and intelligence agencies required unobtrusive communication mode [2]. Criminals can also take advantage of unobtrusive communication, so law enforcement agencies are interested in understanding these techniques to overcome their weakness and trace out hidden messages [2]. To reduce storage medium, e.g. in patient record management application, (x-ray) images can store relevant patient data itself in it, instead to maintain a huge data records and save the storage medium. Steganalysis algorithms can be further strengthen to uncover or explores latest proposed steganography methods. The above modern applications increase research depth of information hiding and it can be explored in many useful aspects to increase hidden capacity and reduce computational complexity based on different application context.
1
1.2
Problem Formulation
Steganography has major role in information hiding perspective. In image steganography mostly two popular parameters undetectablilty and embedding capacity have significance in information hiding. After achieving/embedding image steganography, cover object has to sacrifice its originality, because currently available data hiding techniques do not pay much attention on stego-object (hidden information in original object) with respect to its originality with cover (original) object. Both cover and stego-objects are drifted in some context quality measure in image, like peak signal to noise ratio (PSNR) and mean square error (MSE) aspects. Another aspect of cover and stegoobjects drifting is image objects itself characteristics such as objects edges has been modified in stego image and not able to use it instead of an original image etc. The distortion due to data hiding is not affordable in some applications like medical systems, object recognition systems, feature extraction and segmentation or etc. So, we need an image steganographic algorithm that should be secure and produce a stego-image with high resemblance with the cover image or with higher (peak signal to noise ratio) PSNR, and 100% retaining the objects edges in images. Another aspect of image steganography is to improve the capacity of hidden data into hosted carrier without causing any statistically significant modification. Many novel data hiding methods are based on Least Significant Bits (LSB), Pixel Value Differencing (PVD) and Modified Kekre’s Algorithm (MKA) [25, 26 and 31] to increase the hiding capacity have also been proposed with imperceptible quality. So, still we are greedy for gaining further high capacity at least retaining the same statistical (significant modifications) results of above techniques. Always high-bandwidth network covert channels pose the significant risk of detection over network. Although the existing technique utilize the reserved bits of header, timestamp, initial sequence number, packet length, retransmission of packets [6, 49 and 61] or etc for network covert channel, to some extent these techniques have good temper resistance. But when there is increase in their covert data capacity, they fail to retain their original characteristics and become vulnerable to network analysis attacks. So, we are motivated to design a high bandwidth covert channel which is temper resistant and time efficient as compared to available techniques, based upon network protocols characteristics.
2
1.3
Book Contribution
The contribution of this book is threefold. First, major current available data hiding techniques in image and network communication are explored and analyzed. Second contribution is that we have proposed two information hiding techniques in image domain with high capacity and high (peak signal to noise) PSNR. First proposed technique has targeted to achieve a very high data embedding capacity with marginal distortion in image. While second technique designed to consider maximum resemblances to original image in visual and as well as statistical aspects. Third contribution consists of presenting information hiding techniques in network communication protocols, where high capacity information hiding technique is proposed. It is utilizing the protocol packet size with its payload to hide and recover the information. We feel there are very significant contributions for steganalysis algorithms that can be further strengthened or improved its steganalysis methods to recover or explore currently proposed algorithms.
1.4 Book Organization The chapters in this book are organized as follows: Chapter 1 Provides an overview of the information hiding. In this chapter we have discussed the motivation and aim of this research. We have also discussed the basics of information security, cryptography (its classifications), and major difference between cryptography and steganography, information hiding and how it is achieved through digital media. Chapter 2 Briefly discussed about the steganography in image and network protocol domain, their types, terminologies, examples and their classifications. Chapter 3 provides current existing work of image and network protocol based information hiding. Recent and important information hiding methods are critically analyzed and their reviews are discussed. Regarding image steganography, we have discussed 11 different major methods of image steganography, including Adaptive LSB, Pixel Value Difference, and Edge Based Embedding etc. In context of network protocol steganography, we have discussed almost 10 different major methods like. Unused bits, Packet Length, Retransmission Covert Channels etc. Chapter 4 contains the book contribution and proposed a method for information hiding in image steganography. The chapter is focused on image based high capacity data embedding methods. Chapter 5 contains the second contribution of book in image based steganography where it focused on high perceptual transparency aspects with its detail design, experimental results and etc.
3
Chapter 6 contains the third contribution of book this part has proposed a method for data hiding in network domain, also with its detailed design and experimental results. Chapter 7 provides the concluding remarks and the directions for the future work.
1.5 Information Security Generally information security means to protect information from unauthorized access, interference, modification or simply illegal use. Information security has grown and evolved significantly in recent years due to tremendous growth of internet. In a digital world, cryptography and steganography are both intended to protect information for security. Information security covers administrative and technical level security as shown in (see figure-1). Technical security covers both information technology and physical security. Physical security prevents illegal access (with door lock or etc) of physical media. Computer and communication security comes under information technology security. On the other hand administrative security is concerned about management polices [3]. Since last two decades, information security is based on three core principles confidentiality, integrity and availability (known as CIA) of information security. Further improved principles have been added as authentication and non-repudiation in recent research. I) Confidentiality, “Data is confidential if it stays obscure to all but those authorized to use it” [4]. This means to prevent the disclosure of information or data to unauthorized individuals or systems.
Figure-1: Information security diagram [3] 4
II) Integrity: “Data has integrity as long as it remains identical to its state when the last authorized user finished with it” [4]. It means any modification of the data by an unauthorized user or process that compromise its integrity. III) Availability: “Data is available when it is accessible by authorized users in a convenient format and within a reasonable time” [4]. That mean a legitimate user can easily access the data when it is required.
1.5.1 Cryptography Generally protection of sensitive information is achieved through encryption. Cryptography is a science of secret writing. It is an ancient art. The word cryptography derives from the ancient Greek (kryptos and graphein) word that means hidden writing [4]. It transforms the appearance of original message without changing its information content. Cryptography terminologies are as follows. Plaintext:
Message, actual data or representation of data.
Ciphertext:
Comes to different representation of plaintext, unintelligible form of plain text.
Encryption:
Algorithm, which convert the plaintext to ciphertext.
Decryption:
It transforms the ciphertext to the plaintext format.
Key:
Secret key (numerical value or alpha numeric or alpha only) is used in encryption and decryption of data.
Therefore, cryptography is used to encrypt and decrypt data. It conceals and retrieves information with a given secret key. Figure-2 shows the basic diagram of cryptography model.
Figure-2: Basic Cryptography Diagram.
5
Generally cryptography is divided into two main types: 1.5.1.1 Private or Symmetric-Key Cryptography It is also known as symmetric key cryptography. In symmetric key cryptography, both the sender and the receiver have the same secret key. Single key is used for encryption and decryption by sender and receiver end. Figure-2 shows the Secret key cryptography.
Figure-3: Asymmetric-Key Cryptography Diagram
1.5.1.2 Asymmetric-Key Cryptography It is also known as asymmetric encryption; it uses two keys one for encryption and second for decryption. In public key cryptography, both keys work in pairs of public and private keys. Sender uses the public or known key of receiver to encrypt the message and receiver decrypt the message with his/her private or secret key. Figure-3 shows the public key cryptography.
1.6
Information Hiding
One of the aspects of information security is information hiding. Cryptography was created as a technique to retain the privacy of communication. There have been different methods developed so far, to encrypt and decrypt messages in order to keep the message secret. Unfortunately, sometimes we don’t need to keep the contents of a message secret; it may also be considered necessary to keep the existence of the message secret. So at this stage information hiding comes in loop. Generally information hiding is known as steganography. Unfortunately, information hiding techniques were at very low priority both in academia and industry in last years as compared with cryptography. First academic conference (First International
6
Conference on Information Hiding held in Cambridge (United Kingdom) [5]) on this topic was organized in 1996, which boosted its research demand and situation comes rapidly changed. The basic motive is to protect media content regarding content copyrights in image video, audio, traffic transmission, military seemingly digital communication or etc. Information hiding can be used alternatively instead of cryptography where there is restriction of encryption in communication.
Figure-4: Information hiding classification [5] In [5] information hiding is presented with its four subcategories (see in figure-4). Due to our book scope, our focus is on first two subcategories; Steganography and Covert Channels. The classification of information hiding with respect to steganography and covert channels is as follows.
1.6.1
Steganography
Steganography word is originated from Greek words Steganós (Covered), and Graptos (Writing) which literally means “cover writing” [5]. Generally steganography is known as “invisible” communication. Steganography means to conceal messages existence in another medium (audio, video, image, communication). Today’s steganography systems use multimedia objects like image, audio, video etc as cover media because people often transmit digital images over email or share them through other internet communication application. It is different from protecting the actual content of a message. In simple words it would be like that, hiding information into other information. Steganography means is not to alter the structure of the secret message, but hides it inside a cover-object (carrier object). After hiding process cover object and stego-object (carrying hidden information object) are similar. So, steganography (hiding information) and cryptography (protecting information) are totally different from one another. Due
7
to invisibility or hidden factor it is difficult to recover information without known procedure in steganography. Detecting procedure of steganography known as Steganalysis. Basic steganography diagram shown is figure-5 and general steganography terminologies as follows:Message:
Plain text or some other object (image, file etc).
Cover Object:
It refers to the object used as the carrier to embed message into.
Embedding Algorithm:
Known as hiding message procedure.
Extracting Algorithm:
Known as unhide/uncover the message procedure.
Stego-Object:
Refers to the generated object, which is carrying a hidden message.
Stego-Key:
Refers to as password may be used to hide and then later for retrieval
Steganalysis:
The process of detecting hidden information inside of an object.
the message.
Further, Linguistic steganography is the types of steganography where cover object is a text. For example, combination of first letters in some paragraph may contain hidden message. Technical Steganography is one where cover object is not text. For example it could be image, video, audio, communication protocols from digital media [5]. Now there are several techniques available to achieve exchange of invisible communication. Information can easily be hidden to take the advantage of noise of the digital images and digital sound. Hiding data in executable files or sending sensitive information between processes from different security-level areas are also achieved [1]. Figure-6 shows the important digital carrier which can be used to achieve steganography.
Figure-5: Basic Steganography Diagram
8
Figure-6: Digital Medium to Achieve Steganography Depending on the type of the cover object there are many suitable steganographic techniques which are followed in order to obtain security. 1.6.1.1
Image Steganography
Taking the cover object as image in steganography is known as image steganography. Generally, in this technique pixel intensities are used to hide the information. Detailed description of image steganography will be presented in chapter 2.
1.6.1.2
Network Protocol Steganography
When taking cover object as network protocol, such as TCP, UDP, ICMP, IP etc, where protocol is used as carrier, is known as network protocol steganography. In the OSI network layer model there exist covert channels where steganography can be achieved in unused header bits of TCP/IP fields [11]. Detailed description is in chapter 2. 1.6.1.3
Video Steganography
Video Steganography is a technique to hide any kind of files or information into digital video format. Video (combination of pictures) is used as carrier for hidden information. Generally discrete cosine transform (DCT) alter values (e.g. 8.667 to 9) which is used to hide the information in each of the images in the video, which is not noticeable by the human eye. Video steganography uses such as H.264, Mp4, MPEG, AVI or other video formats. 1.6.1.4
Audio Steganography
When taking audio as a carrier for information hiding it is called audio steganography. It has become very significant medium due to voice over IP (VOIP) popularity. Audio steganography uses digital audio formats such as WAVE, MIDI, AVI MPEG or etc for steganography.
9
1.6.1.5
Text Steganography
General technique in text steganography, such as number of tabs, white spaces, capital letters, just like Morse code [1] and etc is used to achieve information hiding.
1.7
Cryptography vs. Steganography
Both cryptography and steganography is used to provide secret communication. However, cryptography and steganography are totally different from one another. Cryptography hides the contents of a secret message. Steganography conceals the existence of the message. In cryptography, it scrambled the structure of original message and produced an unintelligible message. Decryption key is required to recover (unintelligible message to original message). On the other side, steganography purpose is not to alter the structure of the secret message, but it hides inside a coverobject so it cannot be seen. In other word, steganography prevents an unauthorized user from suspecting that the data exists. In cryptography the algorithm uncovers/breaks, when someone is successful to read the secret message. In steganography algorithm uncover/break means, steganography algorithm is known by someone [1].
10
Chapter 2:
Steganography
2.1
Classical Steganography
2.1.1
Image and their Types
Images are the most popular cover object used for steganography. In the domain of digital images there exist many different image formats, in context of specific applications. For these different image formats, different steganographic algorithms exist to hide information in these images. There are different types of images available. For monochrome images based on 1 bit, its pixel value exists between 0 and 1. Grayscale or minimum color space images are of 8 bit depth their range varies from 0 to 255 to represent a gray level or color of pixel. The best type of visual quality images are with 24-bit depth where every byte is denoted to Red, Green and Blue basic color model. Their color spaces range from 0 to 1.6 millions to represent the pixel color. So it takes high storage for a file. Images are further categorized into compress and uncompress. Generally, uncompress true color images are stored in BMP formats, and compressed images are stored in JPEG formats. Further compress formats divide into lossy or lossless compression techniques.
2.1.2
Image Steganography Terminologies and Domains
Image steganography has the following terminology. Cover-Image: It refers to the image used as a carrier to embed message into. Message:
It can be plain text or some other image as a message.
Stego-Image: Refers to the generated image which is carrying a hidden message. Stego-Key:
Refers to a password which may be used to hide and then later decode the message
In image steganography a process hides or embeds the message into cover-image and generates a stego-image. That stego-image is then sent to the receiver without anyone else knowing that it contains the hidden message. The receiver can then extract the message with or without stego-key depends on the hiding scheme [1]. Figure-7 shows basic diagram of steganography.
11
Figure-7: Basic Image Steganography Diagram
Image steganography techniques can be divided into two domains, Spatial and Transformation Domains [6]. Spatial Domain Spatial domain techniques embed information in the intensity of the original image pixels directly. Basically least significant bit (LSB) method is used where it replaces the least significant bit of original pixel with the message bit. Transform Domain Transform domain also known as frequency domain where images are first transformed then the message is embedded in the image. Discrete cosine transformation (DCT) technique is used in JPEG images to achieve compression. DCT is a lossy compression transform where the cosine values cannot be generated as original, because DCT alter values (e.g. 8.667 to 9) to hide the information.
2.1.3
Image Steganography Detailed Example
Least significant bit (LSB) modification technique is very simple and common in image steganography [1]. Certain numbers of least significant bits are used to hide information data bits, figure-8 shows a portion of image with its pixels bits.
12
Figure-8: Image Pixels with its Binary values
Here we take a 24 bit image, blue circle shows the pixel value in red, green and blue intensity values (191,100,164 respectively) and very next box shows its binary form where
191
=
1011 1111
100
=
0110 0100
164
=
1001 1010
And secret information is ‘5’ with its binary as ‘101’. So simple replacement of each byte’s least significant bit with secret bit output will look like:191
=
1011 1111
100
=
0110 0100
165
=
1001 1011
So stego pixel values come after modifying the LSB of pixels with secret data bits. Other receiver end simply extracts the secret data bits from the LSB of each pixel.
2.1.4
Image Steganography Classifications
Generally image steganography is categorized in following aspects [7] and table-1 shows the best steganographic measures. High Capacity: Perceptual Transparency:
Maximum size of information can be embedded into image. After hiding process into cover image, perceptual quality will be degraded into stego-image as compare to cover-image.
13
Robustness:
After embedding, data should stay intact if stego-image goes into some
Temper Resistance:
It should be difficult to alter the message once it has been embedded into
transformation such as cropping, scaling, filtering and addition of noise.
stego-image. Computation Complexity:
How much expensive it is computationally for embedding and
Communication network steganography is a method of information hiding into a user data transmission. This type of steganography is generally very difficult to detect by another user because existence of covert channel is not visible. The backbone of network communication is Open System Interconnection (OSI) model shown in table-2. In order to achieve covert channels the weakness of these layers protocols (“A protocol is a set of rules which is used by computers to communicate with each other across a computer network”) is used. Table-2 shows the detail of 7 OSI layers with their protocols. For example at Transport level data is divided into segments and uses TCP/ UDP protocols to transmit normal data. Next at Network layer level data (segments) are transformed to packets format and internet protocol (IP) is used to transmit segments to next layer. For understanding we take example of TCP and IP header with its fields from RFC793, RFC791 respectively, description as shown in table-3 and 4.
14
Table-2: OSI SEVEN LAYER MODEL WITH IT PROTOCOLS
TCP Protocol Header Format Source Port:
The source port number is defined in these two bytes.
Destination Port:
The destination port number is defined in these two bytes.
Sequence Number:
The sequence number represents the first data octet of the segment (except when SYN is present). If SYN field is active then sequence number would be ISN+1.
Acknowledgment Number: The ACK control bit field, if it is set, represents that the sender of the segment is expecting to receive the value of next sequence number. Once a connection is established this is always sent. It has 32 bits. Data Offset:
It has 4 bits and represents the number of 32 bit words in the TCP Header. This indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits long.
Reserved:
It has 6 bits and denoted as reserved for future use. It must be zero. Control
Bits:
6 bits (from left to right): URG: Urgent Pointer field significant ACK: Acknowledgment field significant PSH: Push Function RST: Reset the connection 15
SYN: Synchronize sequence numbers FIN: No more data from sender Window:
It has 16 bits and represents the number of data octets at beginning, so the sender of this segment is willing to accept and also indicated by acknowledgment field.
Checksum:
It has 16 bits. It is used to represent with error checking.
Table-3: TCP HEADER FORMAT IN RFC 793
2.2.1.2 Version:
IP Protocol Header Format It has 4 bits to specify the format of the IP packet header. It could be IP, Internet Protocol and ST Datagram Mode (RFC 791).
IHL:
Internet Header Length; it has 4 bits and points to the beginning of the data. Minimum value of a correct header is 5.
Type of Service: It has 8 bits and represents the type of service (TOS); it is used for internet service quality selection. Total Length: Total Length is the length of a datagram in octets with its internet header and data. Identification: It has 16 bits to identify the value assigned by the sender to add in assembling the fragments of a datagram.
16
Table-4: IP HEADER FORMAT IN RFC 791
Flags:
It is 3 bits and Different Control Flags.
Bit 0:
reserved, must be zero
Bit 1:
(DF) 0 = May Fragment, 1 = Don't Fragment.
Bit 2:
(MF) 0 = Last Fragment, 1 = More Fragments.
0 1 2 +---+---+---+ | |D|M| |0|F|F| +---+---+---+
Fragment Offset: Time to Live:
It is 13 bits; this field is the indication of this fragment in datagram. It has 8 bits; this field indicates how much maximum time the datagram is allowed to remain in the internet system?
Protocol:
It has 8 bits; this field indicates the next level protocol used in data portion of the internet datagram.
Header Checksum:
It has 16 bits; used to checksum of the packet header. The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header.
17
Source Address:
These 32 bits have the sender address.
Destination Address: These 32 bits have the receiver address.
2.2.2
Covert Channels
Another kind of information hiding is achieved through covert channels of networks protocols. Covert channel modulates the certain properties of the communication medium. The initial concept of covert channel was first introduced by Lampson [8] in 1973. Later on U.S. Department of Defense defined covert channel as “any communication channel that can be exploited by a process to transfer information in a manner that violates the system’s security policy” [9]. Covert channel is described by National Computer Security Center (U.S. Department of Defense) in [9] “Manipulation of a communication protocol to transfer information in a way outside the protocol’s specification”. Generally, covert channel term used in network or communication steganography aspects. Network covert channels that are used for hidden communication can be used as well to make tunnels over the trusted protocols within firewalled networks to extract information from other compromised hosts [9]. The significance of covert channel has increased due to spread of internet (where generally a TCP/IP protocol suit is used for major internet communication). Covert channels are especially important in military systems where one has to observe the communication of different parties and also can exchange important information. Many government bodies or agencies have concerns with covert channel communication its presence and prevention aspects. Covert channels are generally classified into covert storage channels and covert timing channels [10]. Storage Covert Channel Information hiding through storage covert channel where sender hides data into storage location and receiver or other party simply retrieves information from that location. Timing Covert Channel In covert timing channel, sender modulate its own system resources (clock) these modulating responses in time observed by the receiver end and receiver simply extract the hidden information these observed responses.
18
2.2.3
Classification of Network Protocol Steganography
According to [12] network steganography is divided into three major groups as shown in figure-9. Modification of packets (MP), it applies over payload or protocol header fields to achieve information hiding. Modify structure of packets (MS), intentionally changes the flow of packets transmission, like reordering, intentionally loss of packets or insert the artificial delay in inter packets. Hybrid (HB), it is mixture of above two. It means modification of the packet header as well as its normal flow structure in transmission. Latest HB method [6], steganography has been achieved in intentionally retransmission of packets.
Figure-9: Classification of Network Steganography
19
Chapter 3: Related works in Steganography We have divided related works into two major domains: image based steganography and network protocols based steganography.
3.1
Image Based Steganography
3.1.1
Least Significant Bit (LSB) and Adaptive LSB Method
In [15, 16, and 17], authors have been proposed LSB based techniques where least significant bit of each pixel is replaced with message bit until message end. Same procedure is required to extract the secret message. It could be a major risk for this type of information hiding algorithm. Eavesdropper can apply ‘sequential scanning’ based techniques [14] to recover the secret message with little effort. Stego Color Cycle (SCC) is another data hiding method, where systematic orderly selection of RGB pixel keeps cycling the hidden data among the Red, Green and Blue channels and used one channel at a time. Problem in this method is if sequential scanning discovers few pixel data then rest of the hidden data can easily be extracted [14]. Modified Kekre’s Algorithm (MKA) [26] is based on LSB method. MKA has applied it on 24 bit Read Green Blue (RGB) color image. It uses up to five LSB’s of a pixel to embed the data. The intensity of the pixel value decides the number of LSB’s to embed and control the error. In MKA, it uses 8 bit secret key to perform XOR operation to all the bytes of message to achieve security. Message is also recovered by XOR operation with the same secret key. The embedding algorithm maintains a matrix of pixels where 5 bits of message are used to embed and this matrix is required to extract the hidden message from stego-image. Following checking process decides the number of bits to embed into pixel. The term “MSB” is used for the Most Significant Bit of cover-image pixel and “Message Bit” represents a bit of message to hide. In [19] Cheddad et al.’s have proposed a region of interest (ROI) in image based adaptive steganography method. It selects required ROI in the image where it carefully hides the data bits. The selection of these regions is based on human skin tone color detection. Generally adaptive steganography methods are hard to target for attacks especially when the hidden message capacity is too small. In [20] authors have proposed an adaptive least significant bit spatial domain embedding method. This method divides the image pixels ranges (0-255) and generates a stego-key. This private stego20
key has 5 different gray level ranges of image and each range indicates to substitute fixed number of bits to embed in least significant bits of image. It also proposed a method for color image just to modify the blue channel with this scheme for information hiding. Yang et al. in [21] proposed an adaptive LSB substitution based data hiding method for image. To achieve better visual quality of stego-image it takes care of noise sensitive area for embedding. Proposed method differentiates and takes advantage of normal texture and edges area for embedding. This method analyzes the edges, brightness and texture masking of the cover image to calculate the number of k-bit LSB for secret data embedding. The value of k is high at non-sensitive image region and over sensitive image area k value remain small to balance overall visual quality of image. The LSB’s (k) for embedding is computed by the high-order bits of the image. It also utilizes the pixel adjustment method for better stego-image visual quality through LSB substitution method. The overall results show a good high capacity method. In [22] anthers have proposed LSB based image hiding method. Common pattern bits (stego-key) are used to hide data. The LSB’s of the pixel are modified depending on the (stego-key) pattern bits and the secret message bits. Pattern bits are combination of MxN size rows and columns (of a block) and with random key value. In embedding procedure, each pattern bit is matched with message bit, if satisfied it modifies the 2nd LSB bits of cover image otherwise remains the same. This technique targets to achieve security of hidden message in stego-image using a common pattern key.
3.1.2
Pixel Value Difference (PVD) Method
In [23] Wu et al. proposed method where the size of the hidden data bits can be estimated by difference between the two consecutive pixels in cover image using simple relationship between two pixels. PVD method generally provides a good imperceptibility by calculating the difference of two consecutive pixels which determine the depth of the embedded bits. It PVD was successfully attacked by [24] histogram analysis of the stego-image. A novel adaptive least significant bits data hiding scheme has been proposed in [25]. Pixel value difference and simple least significant bits schemes are used to achieve adaptive least significant bits data embedding. For estimating the hidden capacity by PVD between two pixels, it hides k- LSB method at edge area and PVD for smooth area. So in this way the technique of [25] provides both larger capacity and high visual quality. The technique in [26] is not a PVD method but has advantage over [25] because it has almost same capacity and visual statistical result with less computational complexity. In [27] authors
21
have proposed a PVD method to improve the visual quality of the stego-image and this method utilized the human visual systems (HVS) sensitivity. The intensity variations from smoothness to high contrast computed by difference value of more than two neighbor pixels, which determine the embedding bits for each pixel. However, the embedding capacity of these methods is far less than that of [25] PVD methods. In [28] authors proposed a method of Multi-Pixel Differencing (MPD) which used more than two pixel to estimate smoothness of each pixel for data embedding, and it calculate sum of difference value of four pixels block. For small difference value it uses the LSB otherwise for high difference value it uses MPD method for data embedding. In [29] author proposed another pixel value differencing method, it used the three pixels for data embedding near the target pixel. It uses simple k-bit LSB method for secret data embedding where number of k-bit is estimated by near three pixels with high difference value. To retain better visual quality and high capacity it simply uses optimal pixel adjustment method on target pixels.
3.1.3
Edge Based Embedding Method
Generally, edge based data hiding schemes utilize the edges as well as smooth region of the cover image to store hidden information that have good perceptual transparency (depending on the embedding capacity) with good visual quality. But, as comparison with the cover image to stegoimage has much variation. PSNR difference with respect to cover image is too high. In [30] authors have introduced a high capacity of hidden data utilizing the LSB and hybrid edge detection scheme. For edge computation two types of canny and fuzzy edges detection method applied and simple LSB substitution is used to embed the hidden data. To achieve the perceptual transparency, [69] has proposed to embed the data near edges and itself edge pixel of the object. It utilized the feature of high variation of pixel intensity area (edges) to store data bits. It just modified the LSB’s while keeping the unchanged most significant bits at sharper edges. It is an edge adaptive case of LSB replacement so cover-image and stego-image has much statistical difference. In [31] authors have proposed a gray level image steganographic method, which use the pixel relationship to its neighborhood pixels for secret message. Three types of relationship was found; four pixels, diagonal pixels, and eight pixel neighbors, which further decide the smooth or edge region of image. Three bits are embedded into smooth area while variable bits are embedding into edge based area in image as secret message.
22
Tirandaz et al. in [32] proposed a data hiding method based on (binary text image) edges. Find out the edges of object (text) of binary image, directly embed the hidden bits to the outer boundary pixels of all connected edges area. The process of flipping and embedding is totally based on edge pixels; this becomes invisible for human eye. 8bit connectivity is used to identify the outer boundary of a connected object. This method scope is limited to only for binary (0, 1) types of images. Computation complexity is quite high with respect to scanning orders vertically and horizontally or etc.
3.1.4 Random Pixel Embedding Method To overcome the LSB detection problem [14] has proposed random pixel selection to embed the data bits with a stego-key. So sender and receiver should be synchronized when updating stego-key. This will put key management overhead in [14]. In [33] proposed a novel image steganography (randomization) method for RGB color images known as triple-A algorithm. The method supports more randomization by using two different seeds generated from a user-chosen key, which is used to select the component (s) for hiding the secret bits as well as the number of the bits used inside the RGB image component. Advance encryption standard (AES) also improve security in context of this type of randomization selection. Madhu et al. in [34] proposed an image steganography method, based on LSB substitution and selection of random pixel of required image area. This method is target to improve the security, where password is added by LSB of pixels. It generates the random numbers and selects the region of interest where secret message has to be hidden.
3.1.5
Masking and Filtering Embedding Method
Babita et al. in [35] uses 4 LSB of each RGB channel to embed data bits, apply median filtering to enhance the quality of the stego image and then encode the difference of cover and stego image as key data. In decoding phase the stego-image is added with key data to extract the hidden data. It increases the complexity to applying filtering.
3.1.6
Mapping Pixel to Hidden Data Method
In [36] proposed an image steganographic method of mapping pixels to alphabetic letters. It maps the 32 letters (26 for English alphabetic and other for special characters) with the pixel values. Five
23
(5) bits are required to represent these 32 letters and authors have generated in a table-5 where 4 cases design to represent these 32 letters. According to table-5, each letter can be represented in all 4 cases. It utilizes the image 7 MSB (Most Significant Bits) (27 = 128) bits for mapping. Proposed method maps each 4-case from the 7 MSB’s of pixel to one of the 32-cases in table-5. These 4-cases increase the probability of matching. This algorithm keeps the matching pattern of cover-image which is then used for extracting data from the stego-image.
Table-5: PIXEL MAPPING TABLE [36]
3.1.7
Labeling or Connectivity Method
In [37], authors have introduced a data hiding technique where it finds out the dark area of the image to hide the data using LSB. It converts it to binary image and labels each object using 8 pixel connectivity schemes for hiding data bits. In [38], authors have proposed a data hiding scheme in images considering the neighboring pixels. It uses the green component or channel (with less sensitivity for humane eyes) for data hiding. It computes the required bits of a pixel with its connected (left, right, top and bottom) pixels for hidden data.
3.1.8
Lossless or Reversible Method
In [39], authors have proposed a lossless data hiding technique in images using integer wavelet transform. For data hiding it used the LSB method for high frequency integer wavelet coefficient whose magnitude are below than threshold (which already selected). In [40] a novel lossless or reversible data hiding scheme for binary images is proposed. JPEG2000 compressed data is used and the bit-depth of the quantized coefficients are also embedded into some code-blocks. In [41] authors have proposed a reversible or lossless data hiding technique based on histogram shifting. It is based
24
upon a selection point of peak pixel value P from histogram and simply add or subtract 1 in all pixel values which are lesser or greater than P value. So simply embed the hidden bits in all P values pixels in the image using LSB. The capacity of data hiding of this technique is equal to number of P found in the image. For high data embedding capacity [42] proposed a new histogram shifting method. It takes the adjacent pixels instead of histogram peak point value [41] which increases the embedding capacity because local area is generally correlated and it becomes the plus point to achieve high capacity. But, when the differences between adjacent pixels in a sequential order are utilized to embed data the distribution of pixel difference does not keep a prominent maximum. So the high visual quality of this scheme will decrease after the initial period embedding is applied. Zeng et al. in [43] have proposed a new lossless data hiding method, which is also based on histogram shifting method. It utilizes the nine scan (all directional) path of adjacent pixels differences. Best scan path is chosen to achieve data embedding. It supports multi-layer embedding for high capacity. Experimental results show a high capacity for lossless data embedding algorithm as compared to above proposed techniques.
3.1.9
Pixel Intensity Based Method
Gutub et al. in [44] have proposed a pixel indicator technique; it chooses one channel among red, green and blue channels and embeds data into 2 LSB of chosen channel according to its method presented in [44]. The channel selection criteria are sequential and the capacity depends on the cover image channel bits which are very low. Tanvir et al. in [45] enhanced the technique of [44]. The new technique uses variable-bits to embed data into the chosen channel depending on the intensity of the pixel which increased the capacity as compared to [44] scheme.
3.1.10 Texture Based Method Hamid et al. in [18] have proposed a texture based image steganography. The texture analysis technique divides the texture areas into two groups, simple texture area and complex texture area. Simple texture is used to hide the 3-3-2 LSB (3 bits for Red, 3 bits for Green, 2 bits for Blue channels) method. On the other hand over complex texture area 4 LSB embedding technique is applied for information hiding. The above method used the both (2 to 4 LSB for each channel) methods depending on texture classification for better visual quality.
25
3.1.11 Transform (DCT) Based Method Generally DCT based image steganography hides the text messages in least significant bits of the Discrete Cosine (DC) coefficient of the image. For JPEG or video compression, DCT is a part of compression. DCT works well to just slightly modifying images DCT coefficient which is not easily noticeable to human eye. M. Chaumont et al. in [13] have proposed a DCT based data hiding method. It hides the color information in a compress gray-level image. It follows the color quantization, color ordering and the data hiding steps to achieve image steganography. The purpose of method is to give free access to gray-level image to everyone but restricted access of same color images to those who have its stego-key. K. S. Babu et al. in [46] proposed hiding secret information in image steganography for authentication which is used to verify the integrity of the secret message from the stego-image. The original hidden message is first transformed from spatial domain to discrete wavelet transform (DWT); the coefficients of DWT are then permuted with the verification code and then embedded in the special domain of the cover image. The verification code is also computed by special coefficient of the DWT. So this method can verify each row of the image of modified or tampered by any attacker.
3.2
Protocol Based Steganography
3.2.1
Unused, Optional, Padding Fields of Header
Generally, IP packet header fields can be used as covert channel, where it utilizes the unused or reserved bits of the packet header. Section 2.2.1.2 discussed the basic structure of IP header with its detailed field’s description. Around 1989, in [49] authors have proposed covert channels in header fields of multiple protocols (Bus, Token Ring) over LAN. Handel et al. in [50] Type of Service (ToS) bits of IP header is used as a steganographic carrier because many networks never use them where it utilizes the unused bits of Type of Service field of IP header and Flag field of TCP header for covert channel. However, these fields are zero in almost all default system configurations and would be easily detectable. G. Fisk et al. in [51] have proposed transmitting covert data in the TCP 16 bits “Urgent Pointer” (used to indicate high priority data) which is unused if the URG bit is not set. D. Kundur et al. in [52] have introduced covert channels in TCP Reset segments (RST flag set abort the connection) and in the unused code fields of Internet Control Message Protocol (ICMP)
26
messages. S. J. Murdoch et al. in [53] authors have proposed the IP header’s “Don’t Fragment” (DF) bit as a covert channel. The DF bit can be use as covert channel if the sender and receiver know the Maximum Transfer Unit (MTU) size and only send packets size with less than MTU size. In [55] authors identified a number of covert channels in various IPv6 header fields such as “Traffic Class” and “Flow Label”. W. Mazurczyk et al. in [56] have proposed a covert channel in unused bits in IP/UDP/RTP packet headers. Covert channel is achieved by simply replacing the unused bits with secret message that becomes easily detectable by monitoring the communication activity. Generally, many protocols have extension of the standard headers. There are some pre-defined header extensions that allow passing non-mandatory information. Many protocols also allow header extensions not in the original specification just extending the capabilities of the protocol to transmit some data. Generally, almost all protocols have optional header fields in their standard header. This is special portion of header which is not used for normal data transmission. Sometime optional header is treated as covert channel for transporting non-mandatory information on demand. T. Graf in [57] uses IPv6 destination options header for transmitting covert information. Author directly embeds the covert data in options header by enabling the option field. In [55] authors use IPv6 Authentication, Hop-by-Hop, Fragment, and Encapsulating Security Payload optional headers for covert communication. Z. Trabelsi et al. in [58] have proposed to hide covert data by masking IP addresses in the IP record route option. It can be achieved by hiding covert data masked as IP addresses in IP Route Record option headers. All of the above covert channels allow sending secret data by embedding it in extended standard headers. However, these covert channels do not discuss the synchronization of the transfer sessions and the control of data flow between the involved hosts. In [52, 55] authors have introduced padding of the TCP and IP header to 4-byte boundaries (if header options are used). It also used the padding in IPv6 to transmit covert data. In [59] proposed a new steganographic system utilizing inter protocol steganography, the PadSteg (Padding Steganography) tool, which is based on ethernet frames padding and is used in conjunction with ARP (Address Resolution Protocol) and TCP (Transmission Control Protocol) protocols.
3.2.2
Packet Length and Sorting
Length field is used to indicate the length of headers or header extensions or messages (frames, packets) of any communication protocol. In [60, 61] authors proposed to modulate the link layer frames lengths for covert data transmission. At least 256 different frame lengths within a pre-defined
27
range are employed to encode the covert message. Each length encodes one byte covert information. As the frame lengths to encode the transmitted encrypted message are randomly selected from the pre-defined range, the distribution of these lengths is far from normal network traffic. Hidden message is encrypted, where the receiver simply decodes the covert byte from the received message length. This covert channel communication is vulnerable to network traffic detection, because predefined (byte mapping to certain length) dictionary encode or decode covert message is static and its length does not belong to normal network traffic distribution. This makes it easily vulnerable to statistically network traffic detection. N. B. Lucena et al. in [55] used the same technique to modulate the size of IP/UDP/TCP packets. In [62] authors have developed a covert channel for almost all types of protocols. Covert data is encoded as a sum of all bits of a message. Covert sender and receiver are known by predefined maximum possible sum “S” (all bits set in a message of maximum length) and a division of [0, S] into different intervals. The sender reorders the messages so that the message sum of bit interval denotes the required covert data bits. The covert receiver simply decodes the covert bits by identifying the interval in which the sum of message bits lies. Liping Ji et al. in [63] have introduced a normal-traffic network covert channel based on message length. The Normal-Traffic Network Covert Channel, called NTNCC takes the normal messages length as reference and uses the message length to represent each message. The lengths are sorted and partitioned into equal-size buckets. Each bucket represents a specific length range which has taken as a unit for information transmission. NTNCC randomly selects N normal traffic message, where N is already known by sender and receiver. The receiver only keeps the length range of each bucket. Sender selects the required bucket (length range) for normal data transmission. The receiver side already maintains the bucket list (length) to decode covert information through message length. Liping Ji et al. in [64] have introduced a novel covert channel based on messages size. To simulate normal network traffic, [64] recently proposed to take normal communicating message lengths as Reference. As the sending message learns from the Reference, this method would decrease abnormal network traffic to some extent. However, as the Reference keeps being updated by appending either the sending lengths or increased lengths, the normal length distribution of the Reference would be destroyed with the increase of communication. As such, [64]’s method cannot simulate normal network traffic well with large amount of covert communication. YAO Quan-zhu et al. in [54] have introduced another covert channel called LAWB that is based on packet length. The sender and
28
receiver share a secret matrix with each cell representing a unique packet length. The row IDs of the matrix can be used to encode the covert message. During communication each time a random cell from a specific row is chosen to be the length of the sending packet. Then the receiver would get the row ID by finding out which row contains the length. In addition, the secret matrix is updated periodically to resist the statistical detection. However, as the packet lengths are also randomly selected within a pre-defined range covert channel is still vulnerable to network traffic detection. Packet reordering means receiving packets in a different order than that which is used to send them. D. Kundur et al. in [65] have introduced a covert channel packets sorting. Where a set of n packets can be arranged in “n!” ways, where a maximum of log2n! bits can be transmitted. So, this technique requires sequence numbers with each packet to identify the original packet order. This method only modifies the sequence number instead of actually packet sorting. In [66] authors have proposed reordering packets for covert communication where destination addresses in a series of subsequent packets are ordered. The covert sender encode zero as a sequence of packets with decreasing addresses and encodes one as a sequence of packets with increasing addresses. The major point of this method its sequence length depends on the error rate of the channel. In [68] authors have proposed a covert channel based on packet reordering phenomenon. Sender manipulates the order of packets. Sender assigns different symbols for different permutations of consecutive packets, where different permutations hold different meanings (or codes). The code words themselves are selected based on the traffic behavior which follows the natural reordering characteristics of the host channel. In [73] authors have proposed a permutation based covert channel on all type of reliable stream protocol. This method has used lower-layer packet reordering for covert messages in TCP protocol. Before transmitting it encodes covert information by permuting IP packets and reading the permutation at the destination side prior to deliver to TCP layer.
3.2.3
Multiple Connection Covert Channels
Hassan Khan et al. in [74] have proposed a covert channel based on multiple network connections between a pair of communicating hosts to transmit covert data. The covert data is embedded in the order and sequence of connections to/from which regular (cover) packets of data are sent/received. Sender and Receiver Socket Managers are used to signal for covert data transmission on which active connection, where data received from sockA represent 1, and data received from sockB represent 0 is transmitted as shown in figure-10.
29
Figure-10: Flow Diagram [74] 3.2.4
Retransmission Covert Channel
In [6] authors have introduced a new approach for covert channel in all type of network protocols that utilize retransmission mechanisms. In this scheme intentionally invoked retransmitted packet carries a steganogram (hidden data) instead of user data in the payload field. Retransmission Steganography (RSTEG) idea is not acknowledge to a successfully received packet in order to intentionally invokes retransmission. Simply RSTEG scheme acknowledges to intentionally invoked retransmission packets as well as acknowledge to a successfully received packet. In their paper authors use Transport Control Protocol (TCP) retransmission mechanisms for RSTEG as covert channel. RSTEG can also be used with Retransmission Timeout (RTO), Fast Retransmit/Recovery (FR/R) and Selective Acknowledgement (SACK). Sender mark intentionally invoked retransmitted packet to differentiate with normal retransmitted packet for covert information. Sender and receiver share a secret Stego-Key (SK), and a hash function (H) is used to calculate the Identifying Sequence (IS) for covert information. To minimize the risk of detection in paper simulation, RTO-based retransmissions should be used by RSTEG, and intentional retransmissions are also generated at natural level. However, in order to maximize steganographic bandwidth, SACK-based RSTEG is more appropriate. RSTEG may be used for IPv4 and IPv6 in all hidden communication as shown in figure-11. The author admits this scheme can be detected, especially when intentional retransmissions are issued excessively by sender end.
30
Figure-11: Cases of Retransmission [6]
3.2.5
Acknowledgement Based Covert Channel
In [49] authors have introduced the possibility of constructing covert channels by modulating the use of protocol operations based on acknowledgment. Receiver side to acknowledge each frame separately or wait for two frames mechanism used as covert channel. Authors in [47] have introduced a CLACK’s message encoding method is based on partial acknowledgments. A CLACK encoder embeds covert information in partial acknowledgments (ACKs) of a TCP data channel and uses the TCP data sent from the server as acknowledgments to the covert information transmissions. In this scheme, a CLACK encoder is a TCP receiver, and a CLACK decoder is a TCP sender. A CLACK encoder writes a covert message in the TCP ACK field. CLACK encoder only needs to receive data and send pure ACKs, The limitation of this scheme is that network should be lossless, should preserve packet order and no retransmission. In this method the server side has to always send data and its Nagle algorithm is also turned off.
3.2.6
IP Identification and Fragment Offset
The purpose of IP Identification (ID) header field is to reassemble IP fragmented packets. Bo Xu et al. in [48] have introduced to embed the message into identification field of IP header for covert information. First byte can be used to carry message and the second byte can be used to identify the order. Authors have used Identification field of the IPv4 header through Path Maximum
31
Transmission Unit Discovery (PMTUD) and send. Author compared it with [67]’s scheme, which can provide higher security. Furthermore, this scheme applicable to send covert information only point to point by selecting proper IP packets according to PMTU discovery. In [79] authors have used the IP Identification field which is generated by multiplying each byte of the covert information by 256. In [67] authors have used high eight bits of the IP ID for transmitting covert information and the lower eight bits generate randomly (where high bits use as the XOR of the data and a secret key). Authors in [80] proposed a middlemen technique using IP ID and fragmented bits of packets. He merges the covert information into the IP ID and Fragment Offset fields and set a reserved bit for indication that this packet contains covert information for receiver end. Wojciech Mazurczyk et al. in [81] have introduced covert channel in utilizing mechanisms for handling oversized IP packets, like IP fragmentation, PMTUD (Path MTU Discovery) and PLPMTUD (Packetization Layer Path MTU Discovery). The authors introduce some new methods and some extensions of existing covert methods. On of them, is that sender and receiver already known by predefined number of fragments. For example, if the number of fragments is even then “0” is transmitted and binary “1” for odd case. Other one is modulating the values Fragment Offset field. Sender generates fake fragments which contain the covert information, and receiver identifies with some hash, and identifying sequence parameters, and decodes covert information.
3.2.7
TCP Initial Sequence Number and Address Field Modulation
The purpose of TCP sequence numbers is the indication how much data has been reliably or guaranteed transmitted or received by both server and client end. Initial Sequence Number (ISN) is the first sequence number which is chosen by the client side. The basic idea to choose ISN is that sequence number should not be overlapped with the previous incarnation of TCP connection. [82]. In [79] authors have proposed two directions, first used TCP ISN which is generated by multiplying each covert byte with 256. They have also used an indirect channel called the bounce channel (see in figure-12). Secondly, sender used the scheme where it sends the TCP SYN packet to a bounce host with a spoofed IP source address used as destination. After receiving of the SYN packet the bounce host sends a SYN/ACK or SYN/RST to the actual receiver with the acknowledged ISN+1. The receiver ‘C’ (see in figure-12) decodes the hidden information by decrementing the ACK number.
32
Figure-12: The TCP Initial Sequence Number Bounce Channel [79]
In [60, 61] authors have introduced a mechanism of directly embedding information in the destination address fields. Sender uses different addresses for covert data, so that some information in shape of bits already been exchanged to identify or decode the covert data. The scheme was originally developed to target to link layer frames but this method can also be used for other layers, such as port numbers (transport layer) or IP addresses (network layer) can also be modulated. Authors in [55] introduced that source address can be modulated for covert information. This is the case for IP addresses (if spoofing is possible) or port numbers. Frequently changing of source address or port number can be easily identified as anomalies things by different tools, which can be the limitation of this work.
3.2.8
Timestamp Modulation
Timestamp allows data to be sent at any time in full duplex direction, and therefore timestamp echoing may occur in either direction. In [50] authors have used the IP timestamp header option to transmit the covert data by modulating the timestamp. However, this header extension has only 24 hops limits. In [84] authors have also implemented a method for covert messaging through TCP timestamp header options quit impressive. The authors in [84] have inserted covert information into low order bits of the sender timestamps; at slow TCP connections these timestamps are random. So sender slow the TCP stream instead of directly modifying timestamps, this way the timestamps on packets are valid when they are sent and covert information can be transmitted. The algorithm analyzes and matches the least significant bit (LSB) of every segment of TCP which is generated by the system with the current covert bit to be sent. If the LSB does not match then send TCP segment with delay of one tick otherwise send it immediately. (see in figure-13).
33
Figure-13: Modulating the least significant bit of the TCP timestamp field [84]
3.2.9 WAN C. Kratzer et al. in [85] have proposed the 802.11 MAC headers as a covert channel, which communicates between two random WLAN hosts. In proposed scheme to send one or more bits it used the MAC header fields of packet. It modifies an erroneous bit of the packet where normal receivers simply drop that packet while covert receiver decodes the message by identifying that erroneous bit. It uses the retry bit for duplicating a packet for normal data. The other method, covert channel is achieved through duplicate transmission of frames. The covert sender encodes covert bits by duplicating frames and sends to covert receiver and he/she decodes the hidden data by detecting the duplications of packets. Later authors in [86] have revised the scheme of enhanced it by implementing steganography and steganalysis tool set. In [87] authors have proposed covert channel in 802.11 headers fields, sequence control and initial vector fields used as covert channel based on configuration of the network. Sequence control is used to controls the sequence of packets, and initial vector fields used to encrypt with RC4 of packet payload. The author admits loosing one frame result in the loss of entire message so the receiver have to keep sensing the network for a prefixed number of frames to reconstruct the original message. In [76] authors have proposed a covert channel in MAC header (data link layer). The sequence control or initial vector fields or both of them may be used depending on the configuration of the network. Author suggests putting the fragment number with zero and from sequence controlling field use one byte out of the 12 bits for covert channel.
3.2.10 IP, HTTP and ICMP Tianling Xu et al. in [77] have proposed a method to hide the information into the Hypertext Transfer Protocol (HTTP) protocol header fields. This technique uses the HTTP request-packet (Get-
34
packet) method for covert information. They have introduced mid-server between client and server, where mid-server receive request-packet from the client, embeds information being hidden in the header fields of the request-packet and transmits the request-packet to web server. More than 1000 bytes of data could be embedded in a HTTP request-packet (Get-packet). This technique has not very good performance in resisting network analysis tool. In [83, 72] authors have proposed different methods for hiding covert channels into HTTP protocol headers. They used different header field values, such as, lower or upper case, the existence or non-existence of optional header fields, multiple white spaces, and new nonstandard header fields for covert information. Mazurczyk et al. in [71] have proposed a method, where covert channel achieved in SIP/SDP protocol signaling phase. Covert information embedded into the SIP INVITE commands [71]. It is achieved in creator, version and session name fields. Space and tabs are also considered for covert channel. Covert information achieved in proposed solutions is more than 2000 bits in one direction for each performed VoIP call. Mohammed A.Al-Hamami et al. in [78] have used the ICMP message for covert information. Firstly, normal message is converted into secret message then embed that secret/covert message into unused bits of ICMP. For identification purpose TOS field of IP header is used. At the end, these packets are sent over different routes to prevent any attacker from understanding the contents of packet for simple security purpose. In [75] authors have build the covert channel over ICMP Echo-Request packet, It explore the ICMP identifier, that contain the Process ID of the "ping" process, and also time measuring option for covert information. It embeds the covert data in last significant byte of the OS fingerprint. This method can be embedded in any legitimate channel that is based on protocol using ICMP. It also provides high stealthness, reliability despite temporary data loss as well as data confidentiality using one-time pad (OTP) as the basic encryption mechanism. In [70] authors have proposed protocol which exploits ICMP Echo Request as covert channel. For real TCP/IP stack behavior it uses OS finger-printing techniques to achieve security enhancements, such as stealthness, lightweight, confidentiality, integrity, reliability and ordering. This method has possibility to transmit large amounts of data covertly in just five bytes of ICMP Echo request.
35
Chapter 4:
Pixel Intensity Based High Capacity Data Embedding
High Capacity has major concern in image steganography. The proposed method in image steganography is used to improve the capacity of hidden data into hosted signal without causing any statistically significant modification. Many novel data hiding methods based on Least Significant Bits (LSB) and Pixel Value Differencing (PVD) to increase the hiding capacity have been proposed with imperceptible quality. One of the above methods we have improved the Modified Kekre’s Algorithm (MKA) [26] which is based on LSB technique. The improved scheme increases the embedding capacity while retaining the quality of stego-image (carrying hidden data) as good as MKA [26]. Experimental results show that the improved scheme outperform the original comparative scheme especially in capacity of hidden data-bits where higher intensity of the pixel decide the number of bits to embed into the cover-image [1]. According to figures 14 and 15, lower intensity pixel cannot distort the visual quality of pixel and it can also store higher number of bits. Our improved version shows that we are efficiently utilizing the maintain matrix (it maintain the position of pixel where 5 LSB are used to embed the data).
4.1
Modified Kekre’s Algorithm
Modified Kekre’s Algorithm (MKA) [26] is based on Least Significant Bit (LSB) method. MKA is applied on 24 bit Read Green Blue (RGB) color image. It uses up to five LSB’s of a pixel to embed the data. The intensity of the pixel value decides the number of LSB’s to embed and control the error. MKA uses 8 bit secret key to perform XOR operation to all the bytes of message to achieve security. Message is also recovered by XOR operation with the same secret key. The embedding algorithm maintains a matrix of pixels where 5 bits of message are used to embed and this matrix is required extracting the hidden message from stego-image. Following checking process decides the number of bits to embed into pixel. The term “MSB” is used as Most Significant Bit of cover-image pixel, and “Message Bit” represents a bit of message to hide. Don’t care bits are represented with ‘x’. There is a pseudo code of the modified algorithm:-
36
If ( Pixel’s 4 MSB = = 1111 ) If ( Message Bit = = 1 ) Utilize 5 LSB of Pixel with Data & mark matrix Else Utilize 4 LSB of Pixel with Data Else If ( Pixel’s 3 MSB = = 111 ) If ( Message Bit = = 0 ) Utilize 5 LSB of Pixel with Data & mark matrix Else Utilize 3 LSB of Pixel with Data Else If ( Pixel’s 2 MSB = = 11 ) Utilize 2 LSB of Pixel with Data Else If ( Pixel’s 1 MSB = = 1 ) Utilize 1 LSB of Pixel with Data
In the above pseudo code of MKA algorithm which shows that up to 5 LSB of pixel can be used to embed the bits of message data depending to the intensity of the pixel value. The above procedure also has been mapped into table-6. Where 4 MSB are 1111 another 4 LSB xxxx are don’t care (whatever bits it contained in 4 LSB’s) and the data bit (want to embed) is 1 then utilize 5 LSB of pixel and mark maintain matrix pixel position to identify that this pixel contains 5 bits of data. If data bit is not 1 then we use only 4 LSB of pixel to embed data bit. Same procedure will be run to extract the data bits of message using estimated matrix because it keeps the track of the pixel position where 5 LSB bits are utilized. At the end 8 bit secret key with XOR operations is applied on the extracted message to regenerate original message which was previously embedded.
37
Table-6: DATA EMBEDDING BASED ON PIXEL BITS
S.No
MSB’s of Pixel
If Data Bit is
Matrix
Utilize
Entry
Bit/Bits
1
1111 xxxx
1
1
5
2
1111 xxxx
0
-
4
3
1110 xxxx
0
1
5
4
1110 xxxx
1
-
3
5
1100 xxxx
x
-
2
6
1000 xxxx
x
-
1
Where x: Don’t care bit
4.2
Proposed Method
We have improved MKA [26] algorithm with respect to two major aspects. First lower intensity pixel have also been used for data hiding and secondly maximum utilization of matrix which keeps the track of pixel where 5 LSB are used. So according to the figure-14, three pixels (Red = 255, Green = 255 and Blue = 0) are generating Yellow color in left part. If we change (Blue = 16) 4 LSB’s of Blue pixel will generate Yellow color in right part of the figure-14. If we compare both left and right part, Yellow color almost has the same color and also same visual quality. Same scenario shown in figure-15 where if we modified the 4 LSB’s of all pixels (RGB) then resulting color seems to be the same as figure-15 of left part. Our idea is that change in lower intensity pixel value has less visual degradation quality effects. If pixel intensity is less than 16, it can be modified into 0 to 15 ranges, which will not degrade the visual quality of that pixel. So we can also embed up to 4 bits into that pixel.
38
Figure-14: One Channel with Extreme Modified 4 LSB’s
Figure-15: Three Channels with Extreme Modified 4 LSB’s
Algorithm Apply 8 bit secret key with XOR operation on all bytes of message to change its originality of message as in MKA [1] and also maintaining a matrix for those pixels which embed 5, 3 and 2 LSB’s of data. Following verification process decides to embed the data bits to cover-image.
If ( Pixel’s 4 MSB = = 1111 ) If ( Message Bit = = 1 ) Utilize 5 LSB of Pixel with Data & mark matrix Else Utilize 4 LSB of Pixel with Data Else 39
If ( Pixel’s 3 MSB = = 111 ) If ( Message Bit = = 0 ) Utilize 5 LSB of Pixel with Data & mark matrix Else Utilize 3 LSB of Pixel with Data Else If ( Pixel’s 3 MSB = = 110) If ( Message Bit = = 0 ) Mark the matrix with 1, move to next Message Bit & embed next 2 Message bits to 2 LSB’s of Pixel. (Utilized 3 Bits) Else Utilize 2 LSB of Pixel with Data Else If ( Pixel’s 2 MSB = = 10 ) If ( Message Bit = = 0 ) Mark the matrix with 1, move to next Message Bit & embed next 1 Message bit to 1 LSB’s of Pixel. (Utilized 2 Bits) Else Utilize 1 LSB of Pixel with Data Else If ( Pixel’s 2 MSB = = 01 ) If ( Message Bit = = 0 ) Mark the matrix with 1, move to next Message Bit & embed next 1 Message bit to 1 LSB’s of Pixel. (Utilized 2 Bits) Else Utilize 1 LSB of Pixel with Data Else If ( Pixel’s 3 MSB = = 001 ) If ( Message Bit = = 0 ) Mark the matrix with 1, move to next Message Bit & embed next 1 Message bit to 1 LSB’s of Pixel. (Utilized 2 Bits)
40
Else Utilize 1 LSB of Pixel with Data Else If ( Pixel’s 4 MSB = = 0001 ) If ( Message Bit = = 0 ) Mark the matrix with 1, move to next Message Bit & embed next 2 Message bits to 2 LSB’s of Pixel. (Utilized 3 Bits) Else Utilize 2 LSB of Pixel with Data Else If ( Pixel’s 4 MSB = = 0000 ) If ( Message Bit = = 0 ) Utilize 5 LSB of Pixel with Data & mark matrix Else Utilize 4 LSB of Pixel with Data
In the above pseudo code of proposed algorithm, we have noticed that it has stored 2 bits when marking the entry in matrix. One bit in matrix and other is in pixel itself. One bit of data we are discarding and mark the matrix 1. Basically we are discarding a bit which already exists into a pixel then store another bit in 1st LSB of a pixel. The same case will apply when we are embedding 3 or 2 bits of data with mark matrix. For example 10xx xxxx pixel value and data bits are 01 for embedding. After embedding value will be 10xx xxx1, first 0 will be replaced with 10xx xxxx pixel 7th bit of 0. Against of it mark the matrix at this position of pixel and next data bit 1 is replaced with 1st pixel LSB bit as 10xx xxx1. This also shows that we have used the low intensity based pixel with up to 5 LSB of data embedding and also comprehensive use of matrix. The above procedure has also been mapped into table-7. Same procedure will be run to extract the data bits of message using estimated or maintained matrix. Maintained matrix keeps the track of the pixel position where 2, 3 and 5 bits are utilized. At the end 8 bit secret key with XOR operation is applied on the extracted message to regenerate original message which was embedded.
41
Table-7: PROPOSED DATA EMBEDDING BASED ON PIXEL BITS S.No 1
MSB’s of
If Data
Matrix
Utilize
Pixel
Bit is
Entry
Bit/Bits
1111 xxxx
1
1
5
2
1111 xxxx
0
-
4
3
1110 xxxx
0
1
5
4
1110 xxxx
1
-
3
5
110x xxxx
0
1
3
6
110x xxxx
1
-
2
7
10xx xxxx
0
1
2
8
10xx xxxx
1
-
1
9
01xx xxxx
0
1
2
10
01xx xxxx
1
-
1
11
001x xxxx
0
1
2
12
001x xxxx
1
-
1
13
0001 xxxx
0
1
3
14
0001 xxxx
1
-
2
15
0000 xxxx
0
1
5
16
0000 xxxx
1
-
4
Where x: Don’t care bit
4.3
Comparison
The main advantage of our proposed algorithm is that we can use all the bytes of cover-image to hide the data bits. Our proposed algorithm has very high capacity of data hiding as compare to MKA [26] as can be seen from the table-8 and graph-3. It has almost the same statistical results, e.g. PSNR, MSE, RMSE [26] average number of bytes changed in image for embedding data and average number of bits changed per pixel. In MKA [26] it does not utilize the lower intensity based pixel for high capacity data embedding. We are also taking the full advantage of maintain matrix for extra hidden bits.
42
4.4
Experimental Result
In our experiments, we use three cover image “Lena”, “Baboon” and “Papper” with 512x512 resolutions. The cover images are RGB uncompressed BMP formats. Graph-1 and table-10 show the capacity in bytes of three cover images Lena, Baboon and Papper. Abraham Lincoln’s letter to his son’s teacher is used as message to hide into the cover images. Both MKA [26] and proposed algorithm results are obtained in table-9. It’s PSNR, MSE, RMSE have almost same results, but in ‘Papper’ image PSNR is quite high, which shows to achieve a high capacity is dependent on image texture and may degrade its PSNR. We have also introduced new (ideal) parameter in our experiment which known as “Ideal Capacity”, maximum data can be stored if embedded data bits are same as cover image, just to know proposed and previous methods how much support maximum number of bits for hidden data. This can be seen from graph-2. Second one is “100 %of Pixel Utilization” if we utilize the complete image to store data bits then proposed algorithm has very high embedding rate as shown in table-8 and graph-3. Its PSNR, MSE, RMSE and other stats are as close to MKA [26].
4.5
Conclusion
In this method we have improved the data hiding capacity of exiting MKA [26]. We have utilized the lower intensity based pixel for data embedding. We have also fully utilized the maintained matrix for extra hidden data bits. For comparison we have used same PSNR, MSE, RMSE and average number of bits for comparison method. All these parameters are almost same in both MKA [26] and in our proposed method. New parameter has been introduced to find the ideal capacity in cover-image. So, if we utilized all pixels of the cover-image for data hiding to estimate how much bits can be used to hide in current image, our proposed algorithm is provably has very high data hiding capacity with same visual quality of MKA [26].
43
Table-8: 100 % PIXEL USED TO EMBED DATA, VALUE OF MSE, RMSE, PSNR, PERCENTAGE OF USED PIXEL IN IMAGE, PERCENTAGE OF USED BYTES CHANGED, AVERAGE NO OF BITS CHANGED PER PIXEL AND PERCENTAGE OF USED PIXEL OF COVER IMAGE TO STORE DATA. Our Proposed
Cover Image
Embedded Data
% of used Pixel in
Bytes
100% utilized pixels
% of Changed Bytes
Image
Avg. # Bits/Pixel
MSE
RMSE
PSNR
Lena
186556
100
56.0228
0.0680
2.7539
1.6595 43.7314
Baboon
172538
100
53.3098
0.0714
1.9608
1.4003 45.2065
Papper
196081
100
58.4234
0.0655
5.7008
2.3876 40.5715
Lena
127402
100
55.0795
0.0698
2.2271
1.4923 44.6534
Baboon
117631
100
52.8102
0.0724
1.7574
1.3257 45.6820
Papper
114718
100
53.7704
0.0742
0.9743
0.9871 48.2439
MKA 100% utilized pixels
Table-9: VALUE OF MSE, RMSE, PSNR, PERCENTAGE OF USED PIXEL IN IMAGE, PERCENTAGE OF USED BYTES CHANGED, AVERAGE NO OF BITS CHANGED PER PIXEL AND PERCENTAGE OF USED PIXEL OF COVER IMAGE TO STORE DATA. Our Proposed
Cover Image
Lena
Embedded Data Bytes
%
of
used Pixel in Image
Abraham Lincoln’s Letter
%
of
Changed Bytes
Avg. # Bits/Pixel
MSE
RMSE PSNR
1785
0.9666
55.5906
0.0695
0.0174 0.1320
65.7180
Baboon 1785
1.1237
51.3975
0.0775
0.0070 0.0838
69.6609
Papper
0.8867
59.9455
0.0646
0.0723 0.2689
59.5402
1785
44
MKA Abraham Lincoln’s Letter Lena
1785
1.3659
57.3357
0.0690
0.0254 0.1595
64.0778
Baboon 1785
1.7282
51.6077
0.0781
0.0107 0.1032
67.8539
Papper
1.4773
55.0267
0.0724
0.0156 0.1248
66.2061
1785
Table-10: EMBEDDING CAPACITY OBTAINED WITH MKA AND OUR PROPOSED METHOD Cover
Capacity
Ideal Capacity Our
Our
Image
MKA
Lena
125998 132200
137603 235663
Baboon 120975 124020
130207 225865
Papper
115094 238578
Proposed
114201 139828
MKA
Proposed
160000 140000 120000 100000
MKA
80000
Proposed
60000 40000 20000 0 1
2
3
(1) Lena (2) Baboon (3) Papper
Graph-1: Embedded Capacity (in Bytes) 300000 250000 200000 MKA
150000
Proposed
100000 50000 0 1
2
3
(1) Lena (2) Baboon (3) Papper
Graph-2: Ideal Capacity in Bytes
45
250000 200000 150000
MKA Proposed
100000 50000 0 1
2
3
(1) Lena (2) Baboon (3) Papper
Graph-3: 100% utilization of cover-image & Capacity in Bytes
(a) Lena
(b) Baboon
46
(c) Papper
Chapter 5: 5.1
Objects Edge Based Data Embedding
Embedding Data in Edge Boundaries with High PSNR
Currently available data hiding techniques do not pay much attention on stego-object (hidden information in original object) with respect to its originality of cover (original) object. Both coverobjects and stego-objects are drifted in context of (quality measure in image) peak signal to noise ratio (PSNR) and mean square error (MSE) aspects. This paper proposed a data hiding method around the edge boundary of an object with high PSNR. The experimental results show very high rate of PSNR. Proposed scheme is targeted for low rate of hidden data but with high PSNR. Two parameter, undetectablilty and embedding capacity have major importance in information hiding. Generally, cover object has to sacrifice its originality due to secret information embedding. The distortion due to data hiding is not affordable in some applications like medical images, visual artifacts measuring application etc. We have proposed an edge boundary based information hiding method with high PSNR and with high perceptual transparency as well as comparison with original cover image. Through experimental results proposed technique has high perceptual transparency with low computational complexity. Stego-image can further be used as an original image for application (segmentation of objects, feature extraction of objects). Its information hiding capacity can easily be increased depending on computed threshold. Thresholds may vary depending on the image visual characteristics to consider its high PSNR. Moreover, extraction of the secret information is independent of original cover image.
5.1.1
Proposed Method
Proposed method utilizes the edge boundaries of an image as embedded data. For edge computation we used ‘Sobel’ edge detector method with its default thresholds parameters. Following embedding procedure is tested with sobel edge detectors and its results discussed in experimental sections. Currently, we fix the horizontal edges direction for data embedding in experimental results. ‘EDGE_LEN’ denotes the length of any edge. Minimum edge difference threshold ‘DIF_THRESH’ denotes the difference threshold value of two pixels (edge pixel with its neighbor pixel). First, compute the edges of the image using sobel edge detector. Now find out the horizontal edges up to certain number of EDGE_LEN from sobel edge detected image. Now compute the absolute difference of edge (pixel) with its upper (row-1) boundary pixel that should be greater than 47
DIF_THRESH. If DIF_THRESH condition satisfied then LSBs substitution is used to embed the hidden data bit into the upper boundary of the edge pixel. (DIF_THRESH conditions are available in pseudo code of the embedding procedure and table-11 also shows the embedding cases and its conditions.) After embedding the hidden data bits compute again the sobel edge detection of stegoimage. If the edges of objects in stego-image is not identical with original cover-image objects edges then update the DIF_THRESH value (with predefine values). Now repeat the above whole procedure, until the stego-image edges are identical to the cover-edge image. Complete procedure can be summarized with following steps such as edge computation, edge length finding, embedding data and matching the cover-image edges with stego-image edges. Finally, we have a stego-image (having hidden bits, around the horizontal edge of the image). Both EDGE_LEN and DIF_THRESH may be embedded, or known by both parties. Interpretation of DIF_THRESH condition from table-11 is as follows. Upper Pixel denotes the pixel of above (row-1) current edge pixel. Data Bit denotes the message bit to hide. Edge Pixel denotes the current edge pixel value. ‘x’ denotes the don’t care value. From table-11, first row shows that if Upper Pixel value is even and Data Bit is ‘0’, then don’t modify the Upper Pixel. Second row of table-11, if Upper Pixel value is odd and Data Bit is ‘0’, so have to check first condition (Upper Pixel < Edge Pixel) if satisfied then subtract -1 from the Upper Pixel value of current Edge Pixel, otherwise add +1 into Upper Pixel. Further table-11 rows are also interpreted like above.
Table-11: EDGE BOUNDARY EMBEDDING CASES
Upper Pixel
Data Bit
Upper
Upper
Pixel
Pixel
Edge
Edge
Pixel
Pixel
Even
0
x
x
Odd
0
-1
+1
Even
1
-1
+1
Odd
1
x
x
x: do not change. Upper Pixel: Upper pixel. -1: Subtract -1 from upper pixel. +1: Add +1 in upper pixel.
48
Now in extracting phase, we take the Sobel mask filter of stego-image and generate the stego-edge binary image. Then we extract the hidden bits from the upper boundary of the stego-edge image where DIFF_THRESH conditions should satisfy and consider the second parameter EDGE_LEN. In phase of extracting we find the stego-image edge where edge length should be greater or equal to EDGE_LEN. If this condition is satisfied then we take the absolute difference of all upper pixels (of edge) and edge pixels itself e.g. Diff = | Upper Pixel – Edge Pixel |
(1)
If ‘Diff’ value is greater than DIF_THRESH then simply take a least significant bit of upper pixel as an extracted bit. It would be 0 or 1. Otherwise skip upper pixel and move to next upper pixel for ‘Diff’ calculation (1). Repeat the extracting process until reach to EDGE_LEN. Next find other edge area where stego-image edge pixels are equal or greater than EDGE_LEN, and start again extracting procedure for this edge of stego-image. The pseudo code of embedding and extracting procedure is as follows:-
Embedding Procedure
Step 1: Compute Sobel mask filter of cover-image as CoverImgEdge binary image. Step 2: Copy the cover-image into the stego-image. Step 3: Find the horizontal edge length equal to EDGE_LEN in CoverImgEdge binary image. Step 4: IF (Upper pixel value of horizontal edge is LESS than edge pixel value) AND (upper pixel do not belongs to any other edge pixels) AND (Difference of upper pixels and edge pixel values are GREATER than DIF_THRESH) THEN IF (Upper pixel == Odd AND Hidden Bit == 0). Subtract 1 from stego-image upper pixel. Else IF (Upper pixel == Even AND Hidden Bit ==1) Subtract 1 from stego-image upper pixel. Else Do not update the value of upper pixel. END
49
IF (Upper pixel value of horizontal edge is GREATER than edge pixel value) AND (Upper pixel do not belong to edge pixel) AND (Difference of upper pixel and edge pixel values are LESS than DIF_THRESH)
THEN IF (Upper pixel == Odd AND Hidden Bit == 0). Add 1 in stego-image upper pixel Else IF (Upper pixel == Even AND Hidden Bit ==1) Add 1 in stego-image upper pixel Else Do not update the value. END
Step 5: Now take again Sobel mask filter of Stego-image as StegoImgEdge binary image. IF (StegoImgEdge NOT Equal CoverImgEdge Images) THEN Update the DIF_THRESH + constant and repeat from step 2: END
Step 6: Stego-image contain the hidden bits of message.
Extracting Procedure
Step 1: Compute Sobel mask filter of stego-image as StegoImgEdge binary image. Step2: Find the pixels of horizontal edge length equal to EDGE_LEN in StegoImgEdge binary image. Step 3: Compute the Diff (equation 1) value from the edge pixel of stego-image. Step 4: IF ‘Diff’ greater or equal to DIF_THRESH than take a least significant bit of upper pixel of stego-image. Repeats step 3 until edge reach to the EDGE_LEN.
50
Step 5: Repeat step 2 for all edges of StegoImgEdge binary image and store the least significant bits to a buffer which indicate the uncover message.
Every image computes its own DIFF_THRESH depending on its texture during data embedding phase. It is strength of this proposed technique that it increases the complexity to uncover the hidden information. Both cover and stego images have same edges characteristic even after embedding hidden data into stego-image. Advantage of this scheme, it can iteratively repeat data embedding until meet the required PSNR of stego-image just modifying its thresholds (EDGE_LEN, DIFF_THRESH). Figure-16 shows the zoom view of cameraman image. It identifies area of edges and boundaries of edges with the hidden data. Green color shows the hidden data area around the boundaries of edges. Figure-17 shows the how the covert data has embedded into edge boundary of image objects. Take the zoom view of figure-17 image object edge with its pixel values (97, 98 100, 102, 106) and edge pixels (29, 29, 29, 29, 29). Its difference is shown (68, 69, 71, 73, 77), which satisfy the DIF_THRESH condition so use the table-11, for embedding data. Suppose covert data bits are (1 1 0 1 0). So according to table-11, new edge boundary pixel would be (97, 99, 100, 103,106), as shown in figure-18.
Figure-16: Shows the some hidden area around edge boundaries.
51
Figure-17: Shows the Pixel values and Difference value.
Figure-18: Stego-image edge pixel values.
5.1.2 Experimental Results The experimental results presented in this section demonstrate the performance of our proposed scheme. To conduct our experiments we have test our scheme over more then 50 standard images of different resolutions including some of them with 256x256 grayscale images, “Cameraman”, ‘‘Tiffany”, ‘‘Lena” and ‘‘Baboon”. These test images are shown in table-12 with their evaluated parameters, and other images are shown in figure-19.
Generally, stego image quality is considered from two aspects. First, we use the peak signal-to-noise ratio (PSNR) measurement to evaluate the difference between the stego and cover images. Second, 52
we compare the quality of the stego image to the cover image as seen by the human visual system (HVS). Mean square error (MSE) is between the cover and stego images. For a cover image whose width and height are m and n, where I denote the cover-image and K denotes the stego-image MSE is defined as:
(2) The general PSNR formula is defined as:
(3)
Where
denotes the maximum value of a pixel in image 255 in grayscale image. A higher PSNR
indicates that the quality of the stego image is as and more similar to the cover image. Table-12 shows the quality and PSNR, MSE, and Root Mean Square Error (RMSE) of images which is produced by our proposed method. Overall PSNR is around 84% to 93% range, even with hidden data. Cameraman second column of table-12 shows the complete characteristics of it. First it shows the cover image, its edge detected image then stego image with its edge detected image and finally difference of both edge images which are zero means both are same. Edge Difference Threshold (EDGE_THRESH) of cameraman shows minimum difference of edge pixel with its boundary pixel is 16, and data is embedded in boundaries of the image’s object edges. Minimum of Edge Length shows the minimum length of edge is 4 to be considered for data embedding. Covert Bits number of hidden bits is 240 in cameraman case MSE, RMSE, and PSNR are respectively shown. Table-13 shows even much higher PSNR with different threshold values e.g. if we change the EDGE_LEN (minimum of required edge length) its PSNR is 96+% of stego-image. In table-13 shows different PSNR according to thresholds. Table-14 shows the results of proposed method utilizing the sobel based edge detection method of different other images with their parameters such as EDGE_THRESH, EDGE_LEN, Covert Bits and PSNR.
53
Table-12: RESULTS OF PROPOSED SCHEME WITH MSE, PSNR
Title
Cameraman
Tiffany
Lena
Baboon
16
96
16
80
4
4
4
4
Cover Image
Edge Of Cover Image
Stego Image
Edge Of Stego Image Difference of Cover and Stego Image Edge Edge Difference Threshold Minimum
54
of Edge Length Covert Bits
240
170
158
151
MSE
9.7656
3.0518
2.5940
5.0354
RMSE
0.0313
0.0055
0.0161
0.224
PSNR
88.2338
93.2853
83.9911
89.1105
Table-13: PROPOSED METHOD WITH DIFFERENT EDGE LENGTH THRESHOLD
Cameraman Stego Image
Edge 16
16
16
16
4
8
12
16
Covert Bits
240
99
56
4
MSE
9.7656
3.2043
1.3733
0.45
Difference Threshold Minimum of Edge Length
RMSE
0.0313
0.0179
0.0117
0.0012
PSNR
88.2338
93.0734
96.7532
99.99
55
Table-14: SOBEL EDGE RESULTS WITH PROPOSED METHOD Covert Image Rice
5.1.3
DIF_THRESH EDGE_LEN 32
4
Bits
PSNR
384
75
Lena
16
4
58
83
Woman
80
4
312
96
Woman blonde
128
4
293
90
Crowd
64
4
487
82
Pirate
112
4
374
92
Living room
64
4
1755
80
Conclusion
This method has introduced an image steganographic technique with data hiding into image while retaining higher PSNR of stego-image with its cover image. This technique is targeting the low rate of capacity but higher PSNR of stego-image. Proposed method embeds the data bits to edge boundary of stego-image objects, where both cover and stego-image objects have identical edges. So stego-image can further be utilized for processing depending on application (segmentation of objects or etc), because objects edge pixel values are not modified. Proposed technique is hard to recover the hidden message due to its threshold which varies depending on image itself. Future works is targeted to improve its capacity and multiple edge direction (vertical, diagonal or etc) can be further explored to hide data with high PSNR.
56
5.2
Information Hiding using Edge Boundaries of Objects
It is an extension of 5.1 proposed method. We use canny edge technique for edge detection and data embedding with proposed method. Canny edge detection method is very reliable and most useful algorithm that used in different processing steps for applications such as segmentation, object finding, feature extraction and etc. Current embedding method embeds the data around the object edges (detected by canny edge detector). Table-15 shows the results of different images as shown in figure-19. Canny edge based data hiding method has quite good results instead of sobel based scheme. Algorithm can be seen from section 5.1.1 just to modify canny edge detector method instead of sobel. Experimental results shows that canny has much batter than sobel based edge detection method for data hiding in our proposed method. Table-14 and Table-15 are sobel and canny based results of proposed data embedding methods. In table-14 cameraman has around 78% of PSNR but has very low embedding capacity just 240 bits but in table-15 cameraman has same 78% of PSNR and has 789 bits of covert data init, like this baboon, rice, lena has more than 75% of PSNR and 749, 363, 156 respective covert bits. So canny edge based our proposed data embedding has almost same PSNR but with quite good increased capacity. Advantage of this scheme is its integrity of edges of objects in an image. Our proposed method is more useful in those applications which used canny based scheme (for further processing steps). Table-15 CANNY EDGE RESULTS WITH PROPOSED METHOD Covert Bits
PSNR
Cameraman
Image
DIF_THRESH EDGE_LEN 48
4
798
78
Baboon
96
4
749
86
Rice
32
4
363
76
Lena
16
4
156
80
Woman
48
4
1005
85
Woman blonde
96
4
1187
84
Crowd
128
4
1089
82
Pirate
112
4
1299
97
Living room
112
4
3822
89
57
Cameraman
Baboon
Lena
Woman
Crowd
Pirate
Rice
Woman blonde
Living room
Figure-19 Image Data Set For Experiments
58
Chapter 6: A Network Covert Channel Achieved through Message Length The main advantage of packet length based covert channel scheme is its temper resistance because these schemes are not tempering the content of the message except its length. It is hard to detect if the packet length distribution is normal or real network packet lengths. In this method our focus is to utilize the network protocol packet length and its payload to achieve a high rate of covert channels with also maintaining the normal network traffic behavior. Our proposed scheme is flexible that can easily be used with all network protocols. For experimental results we achieved covert channel in NS2 with (transmission control protocol) TCP Tahoe protocol. 6.1
Proposed Model
Our proposed technique is partially based on packet lengths. To consider the normal traffic distribution we utilize the real network packet lengths for covert communication. In proposed scheme, covert data can be embedded as payload of packets so it increases the capacity of covert data. We use intelligent transmission of (stego data) packet. A detailed scheme and flow chart with its pseudo code is as follows. In proposed model both (Alice and Bob) generate a reference M x N dimensional master matrix on both sides, where each element of matrix is filled with the real network packet lengths. Each cell is representing a unique length. M, N (rows and columns) of matrix is already known by Alice and Bob. Terminologies are as follows.
59
V and T is pre shared by Alice and Bob.
Step1: Synchronization phase, where Alice and Bob filled the M x N matrix in (checker box, sequential) predefined order with the normal or real network traffic packet lengths. Step2: Alice selects Wi, the ith subgroup of C and converts it into decimal Wd value. Find the equivalent Wd row ID into matrix and randomly select a cell in that row. So, a packet length denoted as ‘Len’ is retrieved. Step3: If the column of selected cell is matched to V (stego) column, which indicates that sender will send the stego (covert) data of ‘Len’ size in the payload of that packet. Step4: If Step 3 fails then sender sends the normal data packets of ‘Len’ size to the receiver. Step5: Receiver simply finds out a cell in his matrix which contains the equivalent size of the received packet length. Step6: If the column of selected cell is matched to V (stego) column, Receiver extracts the stego (covert) data directly from the packet payload. Step7: If Step 6 fails, then Stego data is extracted by the row ID of the selected cell. Step8: After up to T packet transmission, both Alice and Bob reshuffle their matrix in predefine (transposition, checker box) order. Step9: Above steps repeat until the Alice has covert data to send.
As describe below through flow chart Alice and Bob synchronize with each other and generate the matrix of packet length. Alice select matrix row equivalent to his covert bits and then randomly select any column of that matrix which has the packet length. If that length selected from the V column, then put the covert data into the packet payload otherwise generate the application data of selected packet length size. After T packet transmission both parties shuffle their matrix predefined ordered. Bob simple find the received packet length in his matrix. If found length is from V column then retrieved the payload as covert data otherwise packet length is the covert data. The main advantage of proposed scheme is its improvement in capacity. For covert data transmission both packet length and packet payload is used. Another use the normal or real network traffic packets sizes as references in our covert communication. To remove statistical detection by introducing the periodic (after T predefined packet transmission) matrix transformation or reshuffling
60
simultaneously on both Alice and Bob sides. Each element of matrix has no correlation with its neighbor elements, like sorting or any other sequential ordering etc.
Flow Chart of Protocol Packet length based Covert Channel.
6.2
Packet Loss Scenarios
Packet loss from Alice end as shown in figure-20. Bob will not received any packet and waiting for packet and sent ACK of previous packet to Alice. So after receiving previous ACK or Time Out occur at Alice side it send again the packet. Covert data is safe and again sent with its respective packet. If packet ACK loss by Bob ends as shown in figure-21, so above scenario will occur. Alice will not receive any ACKs and her Time Out occurs. She sent again that packet with its covert data. At Bob end he already been received that packet with covert data so he ignore that packet.
61
Figure-20: Packet Loss
Figure-21: Acknowledgment Loss
6.3
Experimental Results
In proposed method experiments, NS2 simulator (ns-allinone-2.31 version) is used to simulate proposed model in TCP (Tahoe) protocol. We compare proposed model with [61], [63] and [64]. We also generate the synthetic data for study. We captured the SZABIST server dataset of TCP (protocol) packets sizes for specific hour to use real time packet size characteristics. Figure-22 depicts the complete scenario, where node 0 and 4 are TCP and node 1 and 3 are UDP sender and receiver. Node 2 and 3 are behaving like routers. Data link between node 0 to 2 and 1 to 2 is 2Mbps, node 2 to 3 link 1.5 Mbps, and 3 to 4 and 3 to 5 has 1.7 Mbps, with 10 ms delay. To increase the packet dropping factor and creating real time router behavior, reduce the data link between 2 to 3 as compare to other data links. Figure-23 depicts the average traffic variation of normal [63] and proposed model, we have just plotted very small period of average of packet sizes for proper understanding, we use synthetic data embedding and randomly covert data bits are embedded in simulation, overall normal, previous, and proposed traffic lies in same type of variation range. We have compared [63] and proposed technique in different time duration and varying the W bit size 2 to 4. We have generated 5.5, 2.5 and 1 hour traffic from node 1 to 4, for both schemes; figure24 depict the capacity graph. We use W (bits of covert data) as 2-bit. In [63] technique produced only 2 bits of covert data per packet throughout TCP transmission. Proposed technique used the packet payload as covert data, which increase data rate, with minor effects of throughput of the data,
62
as shown in the table-16. Overall TCP throughputs is shown in figure-25, which shows that proposed technique does not effect the overall TCP data throughputs of node 1 to 4, but actually application data is suffer from the covert data, as depicted in table-16, because covert data is directly proportional to actual data. In figure-25 throughput graph is marked with normal TCP data and covert data with green and red color. Congestion window and (round trip time) RTT delay graphs verses time are shown in figure 26 and 27. Congestion window and RTT graphs are same for both [63] and proposed technique, because both have same throughput and overall data transmission rate. In proposed technique internal use of packet payload for covert data, which is considering as normal TCP data and it is in-effective for TCP congestion window and RTT.
Figure-22: Simulation Scenario
Figure-23: Average Traffic Variations
63
Figure-24: Capacity Graph
Figure-25: Throughput Graph
Figure-26: Congestion Window
64
Figure-27: Round Turn Trip Time (RTT)
Table-16: ONE HOUR TRAFFIC (2) Parameter
Proposed
Ji [64]
W-bits
2
2
NxM
4x100
400
V(Stego column)
3
X
1000
X
Packet Range
1 to 1460
1 to 1460
Packet Sent
14400
14400
Traffic Time
3600sec–1 hr
3600sec–1 hr
T(no. of packets sent/received)
TCP Data
11097829
11097829
Covert Data
106233
3500
Throughput without
10991596
11097829
Covert Data Overall Throughput Packet Loss
65
(99.42%)
(100 %)
11097829
11097829
(100%)
(100%)
0.035 %
0.035 %
In table-16, X is denoting to null, TCP Data, Covert Data, Throughput, Overall Throughput are in bytes. Table-16 shows the 1 hour traffic of TCP packet transmission, where V knows as stegocolumns as 3, which indicate to send covert data into packet payload. Simultaneously transposition time of matrix is T no. of packet received and sent. Proposed covert data capacity is very high instead of [63] approach. In table-17 shows the 5.5 hour TCP traffic transmission with W-bit 2. In table-18 shows the 2.5 hour TCP traffic transmission with W-bit 2. In table-19 shows the 1 hour TCP traffic transmission with W-bit 3. Table-20 shows the 1 hour TCP traffic transmission with W-bit 4.
Table-17: FIVE HOUR TRAFFIC (2) Parameter
Proposed
Ji [64]
W-bits
2
2
NxM
4x100
400
V(Stego column)
3
X
1000
X
Packet Range
1 to 1460
1 to 1460
Packet Sent
80000
80000
20000 sec
20000 sec
5.5 hr
5.5 hr
T (no. of packets sent/received)
Traffic Time TCP Data
58208332
58208332
Covert Data
677662
19900
Throughput without
57540670
58208332
Covert Data Overall Throughput
(98.58%)
(100 %)
58208332
58208332
(100 %)
(100 %)
0.022 %
0.022 %
Packet Loss
66
Table-18: TWO AND HALF HOUR TRAFFIC (2) Parameter
Proposed
Ji [64]
W-bits
2
2
NxM
4x100
400
V(Stego column)
3
X
1000
X
1 to 1460
1 to 1460
T (no. of packets sent/received) Packet Range Packet Sent Traffic Time
40000
40000
10000 sec
10000 sec
2.5 hr
2.5 hr
TCP Data
29534246
29534246
Covert Data
416757
9900
Throughput without
29117489
Covert Data
(98.58%)
Overall Throughput Packet Loss
29534246 (100 %) 0.026 %
29534246 (100 %)
29534246 (100 %) 0.026 %
Table-19: ONE HOUR TRAFFIC WITH W-BITS (3) Parameter
Proposed
Ji [64]
W-bits
3
3
NxM
8x50
400
V(Stego column)
3
X
1000
X
Packet Range
1 to 1460
1 to 1460
Packet Sent
14400
14400
Traffic Time
3600sec–1 hr
3600sec–1 hr
TCP Data
10807092
10807092
T (no. of packets sent/received)
67
Covert Data
215960
Throughput without
10591132
Covert Data
(98.00%)
Overall Throughput Packet Loss
10807092 (100 %) 0.027 %
5250 10807092 (100 %)
10807092 (100 %) 0.027 %
Table-20: ONE HOUR TRAFFIC WITH W-BITS (4) Parameter
Proposed
Ji [64]
W-bits
4
4
NxM
16x25
400
V(Stego column)
3
X
1000
X
Packet Range
1 to 1460
1 to 1460
Packet Sent
14400
14400
Traffic Time
3600sec–1 hr
3600sec–1 hr
TCP Data
10781094
10781094
Covert Data
215960
5250
Throughput without
10404374
10781094
Covert Data
(96.50%)
(100 %)
10781094 (100
10781094
T (no. of packets sent/received)
Overall Throughput Packet Loss
%)
(100 %)
0.023 %
0.023 %
Overall throughput and all other characteristics are same as in previous technique. Where [63] and [64] techniques results are same, because [63] is the improved version of [64]’s method in context of packet sizes, its covert data capacity is same. So indirectly our proposed technique has much higher capacity instead of [64] and [63]. In [61] authors have used maximum 8 bits to send covert data in each packet, because its packet range is 256. Its capacity is also very small as compared to our proposed model; quantitative figures are shown in table-21.
68
Table-21: TOTAL COVERT DATA BYTES ACHIEVED Models
Data Sent
Covert
Wbit-2
bytes
Data bytes
Proposed
58208332
677662
Ji [64]
58208332
19900
Ji [63]
58208332
19900
58208332
318949
Garling [61] Wbit-8
6.4
Conclusion
In this paper we proposed a high capacity covert channel in network protocol. Our proposed model utilized the normal packet length feature and also packet payload for covert data communication. It is temper resistance and time efficient. Due to (predefine no. of packets) after T packet transmission it reshuffle the normal traffic reference which increase its temper resistance as compared to previous technique.
69
Chapter 7:
Conclusion and Future Work
In this work, we have analyzed the currently available data hiding techniques for image and communication protocols aspects. We also proposed techniques both for images and protocols. Generally, after embedding data into image, cover object has to sacrifice its originality. Both cover and stego-objects are drifted in some context (quality measure in image, like peak signal to noise ratio (PSNR) and mean square error (MSE) aspects. The distortion due to data hiding is not affordable in some applications. Our first proposed method is targeted to improve the capacity of hidden data into hosted carrier without causing any statistically significant modification. Our experimental results compare with previous methods shows that the proposed method has quite high capacity with almost same (previous methods) statistically results. Second proposed method is targeted to achieve high PSNR of stego-image with it cover-image. Third method is target to achieve in network protocol based data hiding method, utilizing the payload and its packet length to achieve data hiding. Our techniques allow us to satisfy our initial objectives of providing a way to embed a large amount of secret data while maintaining visual imperceptibility (by naked eye).
In future, our second edge based data hiding method can be further improved to fully utilizing its all direction of edge for storing data. Another opposite aspects will be explored, is steganalysis, where try to find generic methods to detect the stego-data.
70
Bibliography:
[1]
N. Johnson and S. Jajodia, “Exploring steganography: seeing the unseen”, IEEE Computer, pp. 26-34, February 1998.
[2]
F.A.Petitcolas, R.Anderson, and M.Kuhn, “Information hiding: A survey,” in Proc. IEEE, vol. 87, pp. 1062–1078, July 1999.
[3]
Ahlfeldt, R.-M., “Information Security in a Distributed Healthcare Domain”. Ph.D. thesis 2006, University of Sk¨ovde, Department of Communication and Information.
[4] [5]
Tanembaum, A. S., Computer Networks, 4th Edition. Prentice Hall, 2003. Pfitzmann, B., “Information hiding terminology - results of an informal plenary meeting and additional proposals”. In: Proceedings of the First International Workshop on Information Hiding. Springer-Verlag, London, UK, pp. 347–350. 1996
[6]
Mazurczyk W., Smolarczyk S., Szczypiorski K.: “Hiding Information in Retransmissions”, In: Computing Research Repository (CoRR), abs/0905.0363, arXiv.org E-print Archive, Cornell University, Ithaca, NY (USA), May 2009 URL: http://arxiv.org/abs/0905.0363
[7]
E Lin, E Delp, “A Review of Data Hiding in Digital Images”. Proceedings of the Image Processing, Image Quality, Image Capture Systems Conference (PICS'99), Savannah, Georgia, April 25-28, 1999.
[8]
Lampson, B. W., “A Note on the Confinement Problem”. Commun. ACM 16 (10), 613–615. 1973.
[9]
CSC-STD-001-83, “Trusted Computer System Evaluation Criteria (TCSEC)”, National Computer Security Center, U.S. Department of Defense, August 1983.
[10]
Ahsan, K. & Kundur, D., “Practical Data hiding in TCP/IP”, Proceedings of the Workshop on Multimedia Security at ACM Multimedia, 2002.
[11]
Handel, T. & Sandford, M., “Hiding data in the OSI network model”, Proceedings of the 1st International Workshop on Information Hiding, June 1996.
[12]
Mazurczyk, W., Lubacz, J., Szczypiorski, K. “Hiding Data in VoIP” In Proc of: The 26th Army Science Conference (ASC 2008), Orlando, Florida, USA, December 1-4, 2008.
[13]
M. Chaumont and W. Puech, “DCT-Based Data Hiding Method To Embed the Color Information in a JPEG Grey Level Image”, 14th European Signal Processing Conference (EUSIPCO 2006), Florence, Italy, September 4-8, 2006, copyright by EURASIP.
71
[14]
S. Venkatraman, A. Abraham, M. Paprzycki, "Significance of Steganography on Data Security", International Conference on Information Technology: Coding and Computing (ITCC'04), 5-7 April 2004.
[15]
G.C. Kessler, "An Overview of Steganography for the Computer Forensics Examiner", Forensic Science Communications, Vol. 6, No. 3, July 2004.
[16]
D. Artz, "Digital Steganography: Hiding Data within Data", IEEE Internet Computing: Spotlight, pages 75-80, May-June 2001.
[17]
K. Bailey, K. Curran, "An Evaluation of Image Based Steganography Methods", Multimedia Tools & Applications, vol. 30, No. 1, pages 55-88, July 2006.
[18]
Hamid, A. M., M. L. M. Kiah, et al. (2009). "Novel Approach for High Secure and High Rate Data Hidden in the Image Using Image Texture Analysis." International Journal of Engineering and Technology (IJET): 0975-4042
[19]
A. Cheddad, J. Condell, K. Curran and P. McKevitt, “Enhancing Steganography in digital images”, IEEE - 2008 Canadian conference on computer and Robot vision, pp. 326-332, 2008.
[20]
Yogendra Kumar Jain, R. R. Ahirwal, “A Novel Image Steganography Method With Adaptive Number of Least Significant Bits Modification Based on Private Stego-Keys”, International Journal of Computer Science and Security (IJCSS) vol. 4, 1st March 2010.
[21]
H. Yang, X. Sun, G. Sun. “A High-Capacity Image Data Hiding Scheme Using Adaptive LSB Substitution”. Journal: Radioengineering Year: vol. 18, 4 Pages/record No.: 509-516, 2009.
[22]
Shashikala Channalli and Ajay Jadhav, “Steganography An Art of Hiding Data”, International Journal on Computer Science and Engineering, IJCSE vol. 1, no.3 2009.
[23]
D. C. Wu and W. H. Tsai, “A steganographic method for images by pixel-value differencing", Pattern Recognition Letters, vol. 24, no. 9-10, pp. 1613-1626, 2003.
[24]
H.C. Wu, N.I Wu, C.S. Tsai and M.S. Hwang, “Image Steganographic scheme based on pixel-value differencing and LSB replacement methods”, VISP(152), No. 5, October 2005
[25]
Cheng-Hsing Yang, Chi-Yao Weng, Shiuh-Jeng Wang, Member, IEEE, and Hung-Min Sun, “Adaptive Data Hiding in Edge Areas of Images with Spatial LSB Domain Systems”, IEEE Transactions on Information Forensics and Security, vol. 3, no. pp. 488-497. 3rd September 2008.
72
[26]
H. B. Kekre, Archana Athawale, Pallavi N. Halarnkar, “Performance Evaluation of Pixel Value Differencing and Kekre’s Modified Algorithm for Information Hiding in Images”, International Conference on Advances in Computing, Communication and Control, pp 342346, 2009.
[27]
Chung-Ming Wang, Nan-I Wu, Chwei-Shyong Tsai, Min-Shiang Hwang, “A high quality steganographic method with pixel-value differencing and modulus function”. Journal of Systems and Software, vol. 81, no. 1, p. 150-158, 2008,
[28]
Ki-Hyun Jung, Kyeoung-Ju Ha, Kee-Young Yoo. ”Image data hiding method based on multi-pixel differencing and LSB substitution methods”. In Proc. 2008 International Conference on Convergence and Hybrid Information Technology (ICHIT '08). Daejeon (Korea), Aug. 28-30, p. 355-358, 2008.
[29]
Hanling Zhang Guangzhi Geng Caiqiong Xiong, “Image Steganography Using Pixel-Value Differencing”, Electronic Commerce and Security, ISECS '09. Second International Symposium on May 2009.
[30]
Chen, W. J., Chang, C. C. and Le, T. H. N., "High Payload Steganography Mechanism Using Hybrid Edge Detector," Expert Systems with Applications (ESWA 2010), vol. 37, no. pp. 3292-3301, 4th April 2010.
[31]
Hossain, M. Al Haque, S. Sharmin, F. “Variable rate Steganography in gray scale digital images using neighborhood pixel”, information Computers and Information Technology, ICCIT '09. 12th International Conference Dhaka, 2009.
[32]
Tirandaz, H.;
Davarzani, R.;
Monemizadeh, M.;
Haddadnia, J. “Invisible and High
Capacity Data Hiding in Binary Text Images Based on Use of Edge Pixels”, International Conference on Signal Processing Systems 15-17 May 2009 [33]
Adnan Gutub, Ayed Al-Qahtani, Abdulaziz Tabakh, “Triple - A: Secure RGB Image Steganography Based on Randomization”, IEEE/ACM international conference on computer systems and applications, pp. 400 - 403, 2009.
[34]
V.Madhu Viswanatham, Jeswanth Manikonda, “A Novel Technique for Embedding Data in Spatial Domain”, International Journal on Computer Science and Engineering, IJCSE vol. 2 Issues 2010.
[35]
Babita Ahuja, Manpreet Kaur, Manav Rachna “High Capacity Filter Based Steganography”, International Journal of Recent Trends in Engineering, vol. 1, no. 1, May 2009.
73
[36]
Al-Husainy, M. A., “Image Steganography by Mapping Pixels to Letters,” Journal of Computer Science, vol.5 no.1, pp. 33-38, 2009.
[37]
H.Motameni, M.Norouzi, M.Jahandar and A.Hatami, "Labeling Method in Steganography," World Academy of Science, Engineering and Technology, France. 2007.
[38]
Ali Shariq Imran, M. Younus Javed, and Naveed Sarfraz Khattak “A Robust Method for Encrypted Data Hiding Technique Based on Neighborhood Pixels Information”, World Academy of Science, Engineering and Technology 31 2007.
[39]
G. Xuan, Y. Q. Shi, C. Yang, Y. Zheng, D. Zou, P. Chai, “Lossless data hiding using integer wavelet transform and threshold embedding technique”. IEEE International Conference on Multimedia and Expo (ICME05), Amsterdam, Netherlands, July, 2005.
[40]
Shogo Ohyama, Michiharu Niimi,Kazumi Yamawaki,Hideki Noda, “Lossless data hiding using bit depth embedding for JPEG2000 compressed bit-stream”. Journal of Communication and Computer, vol. 6, no. 2, Feb 2009.
[41]
Z. Ni, Y.Q. Shi, N. Ansari, and W. Su, “Reversible data hiding, IEEE Trans. Circuits and Systems for Video Technology,” 16(3), 2006, pp.354-362.
[42]
C.C. Chang, W.L. Tai, and K.N. Chen, “Lossless Data Hiding Based on Histogram Modification for Image Authentication,” Doi 10.1109/EUC. pp.506-511, 2008.
[43]
Xianting Zeng, Lingdi Ping, Zhuo Li, “Lossless Data Hiding Scheme Using Adjacent Pixel Difference Based on Scan Path” , Journal of Multimedia, 2009.
[44]
Adnan Gutub, Mahmoud Ankeer, Muhammad Abu- Ghalioun, Abdulrahman Shaheen, and Aleem Alvi, “Pixel indicator high capacity technique for RGB image based Steganography”, WoSPA 2008 – 5th IEEE International Workshop on Signal Processing and its Applications, University of Sharjah, Sharjah, U.A.E. 18 – 20 March 2008.
[45]
Mohammad Tanvir Parvez, Adnan Abdul-Aziz Gutub, "RGB Intensity Based Variable-Bits Image Steganography," IEEE Asia-Pacific Services Computing Conference, pp.1322-1327, 2008.
[46]
K. S. Babu, K. B. Raja, K. Kiran Kumar, T. H. Manjula Devi, K. R. Venugopal, L. M. Pataki, “Authentication of secret information in image steganography”, IEEE Region 10 Conference, TENCON-2008, pp. 1-6, Nov. 2008.
74
[47]
Xiapu Luo Chan, E.W.W. Chang, R.K.C. “CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding”. ICC '09. IEEE International Conference on 14-18 June 2009.
[48]
Bo Xu, Jiazhen Wang, Deyun Peng,”Practical Protocol Steganography: Hiding Data in IP Header,” Asia International Conference on Modeling and Simulation 2007: 584-588.
[49]
M. Wolf, “Covert Channels in LAN Protocols,” Proc. Wksp. Local Area Network Security (LANSEC), pp. 91–101, 1989.
[50]
T. Handel and M. Sandford, “Hiding Data in the OSI Network Model,” Proc. 1st Int’l. Wksp. Information Hiding, pp. 23–38, 1996.
G. Fisk et al., “Eliminating Steganography in Internet Traffic with Active Wardens,” Proc. 5th Int’l. Wksp. Information Hiding, Oct. 2002.
[53]
D. Kundur and K. Ahsan, “Practical Internet Steganography: Data Hiding in IP,” Proc. Texas Wksp. Security of Information Systems, Apr. 2003.
[54]
YAO Quan-zhu and ZHANG Peng, “Coverting channel based on packet length”, Computer
[55]
N. B. Lucena, G. Lewandowski, and S. J. Chapin, “Covert Channels in IPv6,” Proc. Privacy
Engineering , vol.34 no.3, February 2008.
Enhancing Technologies (PET), pp. 147–66, May 2005. [56]
W. Mazurczyk and Z. Kotulski, “New VoIP Traffic Security Scheme with Digital Watermarking”, Proc. International Conference Computer Safety, Reliability, and Security (SafeComp), pp.170-81, Sept. 2006.
[57]
T. Graf, “Messaging over IPv6 Destination Options,” tech. rep., Swiss Unix User Group, 2003, http://grayworld.net/papers/messip6.txt
[58]
Z. Trabelsi et al., “Traceroute Based IP Channel for Sending Hidden Short Messages,” Proc. Advances in Information and Computer Security (IWSEC), pp. 421–36, Oct. 2006.
[59]
Jankowski, B., Mazurczyk, W., Szczypiorski, K. “Information Hiding Using Improper Frame Padding”, Submitted to 14th International Telecommunications Network Strategy and Planning Symposium, Warsaw, Poland. 2010.
75
[60]
M. A. Padlipsky, D. W. Snow, and P. A. Karger, “Limitations of End-to-End Encryption in Secure Computer Networks,” Tech. Rep. ESD-TR-78-158, Mitre Corporation,August1978. http://stinet.dtic.mil/cgibin/GetTRDoc?AD=A059221&Location=U2&doc=GetTRDoc.pdf.
[61]
C. G. Girling, “Covert Channels in LAN’s,” IEEE Trans. Software Engineering, vol. SE-13, no. 2, pp. 292–96, Feb. 1987.
[62]
M. C. Perkins, “Hiding out in Plaintext: Covert Messaging with Bitwise Summations,” Master’s thesis, Iowa State University, 2005.
[63]
Liping Ji, Haijin Liang, Yitao Song, Xiamu Niu, "A Normal-Traffic Network Covert Channel," International Conference on Computational Intelligence and Security, vol. 1, pp.499-503, 2009.
[64]
Liping Ji, Wenhao Jiang, and Benyang Dai, “A novel covert channel based on length of messages”, International Conference on e-Business and Information System Security, 2009.
[65]
D. Kundur and K. Ahsan, “Practical Internet Steganography: Data Hiding in IP,” Proc. Texas Wksp. Security of Information Systems, Apr. 2003.
[66]
A. Galatenko et al., “Statistical Covert Channels through PROXY Server,” Proc. 3d Int’l. Wksp. Mathematical Methods Models, and Architectures for Computer Network Security, pp. 424–29, Sept. 2005.
[67]
K. Ahsan and D. Kundur, “Practical Data Hiding in TCP/IP,” Proc. ACM Wksp. Multimedia Security, Dec. 2002.
[68]
Adel El-Atawy, Ehab Al-Shaer: “Building Covert Channels over the Packet Reordering Phenomenon”. INFOCOM 2009: 2186-2194.
[69]
Kathryn Hempstalk, "Hiding Behind Corners: Using Edges in Images for Better Steganography", Proceedings of the Computing Women's Congress, Hamilton, New Zealand, 11- 19 February 2006.
[70]
Ray, B. Mishra, S. “A Protocol for Building Secure and Reliable Covert Channel”, Privacy, Security and Trust, 2008. PST '08. Sixth Annual Conference on Oct. 2008.
[71]
Mazurczyk, W., Szczypiorski, K.: “Covert Channels in SIP for VoIP Signalling”. 4th International Conference on Global E-security 2008 (ICGeS 2008), London, United Kingdom, Communications in Computer and Information Science (CCIS) 12, Springer Verlag Berlin Heidelberg, 65-72 (2008).
76
[72]
M. Van Horenbeeck, “Deception on the Network: Thinking Differently About Covert Channels,” Proc. 7th Australian Info. Warfare and Security Conf., Dec. 2006.
[73]
J. Levy, J. Paduch, and B. Khan, "Superimposing permutational covert channels onto reliable stream protocols," in Proceedings of MALWARE 2008, Alexandria VA, Oct. 2008.
[74]
Hassan Khan, Yousra Javed, Fauzan Mirza and Syed Ali Khayam “Embedding a covert channel in active network connections”, Proceedings of the 28th IEEE conference on Global telecommunications, 2009.
[75]
Ray, B., Mishra, S.: “Secure and reliable covert channel”. In: CSIIRW ’08: Proceedings of the 4th annual workshop on Cyber security and information intelligence research (2008).
[76]
Frikha, L. Trabelsi, Z, “A new covert channel in WIFI networks” Risks and Security of Internet and Systems, 2008. CRiSIS '08. Third International Conference, Oct. 2008
[77]
Tianling Xu, Kaiguo Yuan, Jingzhong Wang, Xinxin Niu, Yixian Yang, “A real-time information hiding algorithm Based on http protocol”, 2009 IEEE International Conference on Network Infrastructure and Digital Content (IEEE IC-NIDC2009)
[78]
Mohammed A.Al-Hamami, Aseel K.Al-Noaimy, "Information Hiding in ICMP Messages", Magazine of Al- Rafidain University College for Science, no.15, 2004, Baghdad, Iraq.
[79]
C. H. Rowland, “Covert Channels in the TCP/IP Protocol Suite,” First Monday, Peer Reviewed Journal on the Internet, July 1997.
[80]
E. Cauich, R. Gómez Cárdenas, and R. Watanabe, “Data Hiding in Identification and Offset IP Fields,” Proc. 5th Int’l. School and Symp. Advanced Distributed Systems (ISSADS), pp. 118–25, Jan. 2005.
[81]
Wojciech Mazurczyk and Krzysztof Szczypiorski, “Steganography in Handling Oversized IP Packets”. In Proc. of: 2009 International Conference on Multimedia Information Networking and Security (MINES 2009) - First International Workshop on Network Steganography (IWNS'09), Wuhan, Hubei, China, vol. I, pp. 559-564, November, 2009.
[82]
J.
Postel,
“Transmission
Control
Protocol,”
RFC
0793,
IETF,
Sept.
1981,
http://www.ietf.org/rfc/rfc0793.txt [83]
A. Dyatlov and S. Castro, “Exploitation of Data Streams Authorized by a Network Access Control System for Arbitrary Data Transfers: Tunneling and Covert Channels over the HTTP Protocol,” tech. rep., Gray-World, June 2003. http://gray-world.net/projects/papers/covert_paper.txt
77
[84]
J. Giffin et al., “Covert Messaging Through TCP Timestamps,” Proc. Privacy Enhancing Technologies Workshop (PET), pp. 194–208, Apr. 2002.
[85]
C. Kratzer, D. Jana, L. Andreas, K. Tobias, and hne, "WLAN steganography: a first practical review," in Proceedings of the 8th workshop on Multimedia and security Geneva, Switzerland: ACM, 2006.
[86]
Krätzer, C., Dittmann, J., Merkel, R.: “WLAN steganography revisited”. In: Proc: of SPIE Electronic Imaging 2008, San Jose, CA, 2008
[87]
L. Frikha, Z. Trabelsi, W. El-Hajj, "Implementation of a Covert Channel in the 802.11 Header," International Wireless Communications and Mobile Computing Conference (IWCMC), pp. 594--599, Aug. 2008.
78
Buy your books fast and straightforward online - at one of world’s fastest growing online book stores! Environmentally sound due to Print-on-Demand technologies.
Buy your books online at
www.get-morebooks.com Kaufen Sie Ihre Bücher schnell und unkompliziert online – auf einer der am schnellsten wachsenden Buchhandelsplattformen weltweit! Dank Print-On-Demand umwelt- und ressourcenschonend produziert.
Bücher schneller online kaufen
www.morebooks.de VDM Verlagsservicegesellschaft mbH Heinrich-Böcking-Str. 6-8 D - 66121 Saarbrücken
