(IJCNS) International Journal of Computer and Network Security, 25
Vol. 2, No. 1, January 2010
Multilevel Steganography: An Enhancement in
Steganography and Comparative Study with Current
Tools
Navneet Singh Sikarwar
Assistant Professor in Department of Computer Science and Engineering,
Arya College of Engineering & I.T., Jaipur, India
i_m_navneet@yahoo.co.in
Abstract: Today, there are a number of ways for securing data.
Steganography is one of them, where the secret message is
embedded in another message, thus the existent of message is
unknown. There are a lot of steganography applications
available on Internet, but they have some limitations. This paper
introduces new concept multilevel steganography: an
enhancement in steganogaphy, it increases the complexity of
steganography for breaking it and also gives comparative study
with current tools.
Keywords: Steganography, Information hiding, Cryptography,
digital image.
1. Introduction
There are a number of ways for information hiding, so of
these are covert channel, steganography, anonymity and
copywriting.
Figure 1. A Classification of Information hiding tech. [1]
Covert Channel is a parasitic communication channel
that draws bandwidth from another channel in order to
transmit information without the authorization or
knowledge of letter channel’s designer, owner or operator.
Steganography is the art of hiding information in a way
that prevents the detection of hidden messages. It comes
from the Greek words stegos (covered) and graphia
(writing), literally covered writing, in the sense of a
hidden thing. In linguistic Steganography, in particular,
machine readable data is to be encoded to innocuous natural
language text, thereby providing security against any
arbitrator tolerating natural language as a communication
medium. Technical Steganography is used in images, audio
and video file.
Anonymity is work of art or literature that has an
anonymous, undisclosed or unknown creator or author.
Copyright marking opposed to steganography, has
additional requirement of robustness against possible
attacks. It is not always need to be hidden. Copyright
marking is categorized in two type first is fragile
watermarking is destroyed as soon as the object is modified
too much and second is robust copyright marking have the
property, that it is infeasible to remove them or make them
useless without destroying the object at same time. Robust
copyright marking is again categorized in two type first is
finger printing is like hidden serial numbers which enable
the intellectual property owner to identify which customer
broken his license agreement by supplying the property to
third parties and second is watermarking tell us who is the
owner of the object. Watermarking is two types
imperceptible watermarking (not visible watermarking (very
small)) and visible watermarking.
A lot of places where we can imbed or hide our data these
are follows.
1. In HTML file if we embed any thing other then
HTML code then web browser only read HTML
code so there is lot of place for hide secret data.
2. Some operating system also provides some space
to hide your secret information. For example,
under Windows 95 operating system, drives
formatted as FAT16 (MS-DOS compatible)
without compression use cluster sizes of around
32 kilobytes (K). What this means is that the
minimum space allocated to a file is 32K. If a
file is 1K in size, then an additional 31K is
“wasted” due to the way storage space is
allocated. This “extra” space can be used to hide
information without showing up in the
directory.
3. Another method of hiding information in file
systems is to create a hidden partition. These
partitions are not seen if the system is started
normally. However, in many cases, running a
disk configuration utility (such as DOS's
FDISK) exposes the hidden partition. These
concepts have been expanded and a novel
proposal of a steganographic file system.
4. Protocols in the OSI network model have
vulnerabilities that can be used to hide
information. TCP/IP packets used to transport
26 (IJCNS) International Journal of Computer and Network Security,
information across the Internet have unused
space in the packet headers. The TCP packet
header has six unused (reserved) bits and the IP
packet header has two reserved bits. Thousands
of packets are transmitted with each
communication channel, which provides an
excellent covert communication channel if
unchecked.[2]
1.1 Steganography
The term steganography literally means “covered writing”
and involves transmission of secret messages through
apparently innocent files without detection of the fact that a
message was sent [3]. The innocuous file is known as the
cover (or innocent or clean) medium, while the file
containing the hidden-message is referred to as the stego (or
infected) medium. There are many tools available [4] that
can hide messages in images, audio and video files, and
steganography is now in common use [3]. Recent terrorist
activity has been tentatively linked to the use of
steganography [5] and is seen by various agencies as a
growing method of sending covert information [6].
Figure 2. Steganographic Model
Whereas cryptography was the preferred secret message
sending tool of the past, relying on complex ciphers to
prevent identification of the message, the huge bandwidth of
the Internet now offers an alternate and complementary
approach. Steganography allows hiding messages
innocuously amongst the vast content of Internet sites: for
instance, an image containing a hidden message maybe
posted to a website (eBay is often cited [7]) where others can
download the image and recover the message with the
appropriate password. The process of detecting
steganographic messages is known as steganalysis and a
particular steganalysis technique is called an attack. The
current state of the art involves identifying a particular
signature associated with a particular steganographic
technique and devising a statistical test to identify this
signature. Such handcrafted approaches are very useful but
suffer from a high false positive rate and are vulnerable to
steganographic approaches that hide messages in such a way
as to reinstate an expected property [8]. Steganalysis can be
viewed as a two-stage process: 1) Classification of an image
as being stego-bearing or not, and 2) Finding the location of
stego-bearing pixels (i.e. the pixels containing the hidden
message bits) with an aim to extracting, manipulating or
sterilizing the message. There has been considerable work
on the first stage using statistical techniques to identify a
particular steganographic technique [9].
The Art of steganography is defined in three ways.
1. Simple System- in this technique we just
embedded data in to LSB of image and also use
Vol. 2, No. 1, January 2010
another technique in which both sender and
receiver share a key value.
2. Operating in a transform space- in this
technique they embedded data into image as
well as use high compression technique in
steganography.
3. A general model- in this technique they first
embedded data into image then change some set
of bit of image using some random no.[10]
Three types of steganographic technique used for image is
1. LSB techniques
2. Masking and filtering techniques
3. Algorithms and transformation techniques [11]
Techniques for data hiding in audio and video file is
1. Low bit coding
2. Phase coding
3. Echo data hiding [12]
1.2 Cryptography
It is the practical art of converting messages or data into a
different form, such that no-one can read them without
having access to the 'key'. The message may be converted
using a 'code' (in which case each character or group of
characters is substituted by an alternative one), or a 'cypher'
or 'cipher' (in which case the message as a whole is
converted, rather than individual underlying cryptography.
Cryptanalysis is the science of 'breaking' or 'cracking'
encryption schemes, i.e. discovering the decryption key.
Cryptographic systems are generically classified along three
independent dimensions [13].
2. Proposed System
Information hiding techniques have been widely used to
transmission of hiding secret message for long time.
Ensuring data security is a big challenge for computer users.
Businessmen, professionals, and home users all have some
important data that they want to secure from others. The
idea behind to develop that proposed system we have some
requirement.
1. The first important requirement for message as
well as file (either in the form of data file or
image file that hide some information) is also
transmitted.
2. The provision for encryption and stenography
technique will be used.
3. The provision for multiple times (multilevel)
steganography.
4. The provision for multi types of steganography.
5. The provision for authentication as well as
confidentiality also requires.
In multilevel steganography we can apply stenography
multiple times with using different type’s stego files. This
work use following algorithm multiple times for accruing
multilevel steganography.
2.1 Algorithm HideFile (CF, SF, STF, K)
Input: CF is innocent cover file, SF is secret text
message/ secret message file / setgo file, STF is a file
name or location to save stego file and K is secret
shared key.
 (IJCNS) International Journal of Computer and Network Security, 27
Output: STF stego file and a validation number.
Procedure:
Step1: Open STF in write mode and CF in read mode.
Step2: Write all contents of CF into STF.
Step3: Close CF and add some random space into STF,
generate and return a validation number.
Step4: Open SF in read mode and encrypt all content of
SF, using shared key K and write into STF.
Step5: Close SF and STF.
Figure 3. Information hidding
2.2 Algorithm UnHideFile( STF,TF,VD,K)
Input: STF is a file name or location for stego file, TF
is a file name or location to save secret message file,
VD is validation number and K is secret shared key.
Output: TF secret message file.
Procedure:
Step1: Open STF in read mode and TF in write mode.
Step2: Start reading STF from the value of validation
number until end of file is reached.
Step3: Decrypt the contents of STF using shared key K
and write it into TF file.
Step4: Close STF and TF.
Figure 4. Extracting Information from stego file
3. Analysis of Proposed Steganography
technique against detection strategies
The encrypted secret message is steganographed in a
comparatively innocent file. This stego file has almost the
same properties as original cover file. Moreover encrypted
contents are steganographed multiple times using either
same or different steganographic approaches. Result of first
round of the steganography is given as input to the next
round of steganography process with a different cover file.
The introduction of multiple phases of steganographic
process increases the deciphering complexity of the secret
message.
Let Alice and Bob use steganography and Oscar try to
identify it as well as extracting secret information from it.
There are many ways for Oscar to identify it as well as
Vol. 2, No. 1, January 2010
extracting secret information. All these ways are mentioned
in following cases.
3.1 Oscar tries to detect the transmitted file as a stego
file
Oscar tries to identify the file that has been transmitted as
a stego file. He tries to access the original cover file and
compare cover file with stego file. With the use of multilevel
steganography then this detection is quite complex.
3.2 Oscar tries to find out validation number and
secret key
Stego file detection is not sufficient for extracting secret
data from it. Oscar requires validation number, secret key
and needs to know the specific steganographic approach.
This is quite a complex task in itself since technique of
steganography varies with stego file.
3.3 Oscar tries to find out the number of times and
types of steganography Alice or Bob has used
The number of levels of steganography and the specific
approach to be used at each level is agreed upon by the Alice
and Bob prior to actual transfer. Henceforth detecting the
levels of steganography and specific approach of
steganography used is difficult to determine.
4. Analysis of Proposed Steganography against
media oriented detection techniques
A good steganographic algorithm is one that avoids the
detection of stego file. Proposed work provides adequate
resistance against various medium specific detection
techniques in comparison to existing tools. Cover files
supported by the framework are image, audio, and video
files.
4.1 When stego file is image file
Detection of stego file could not succeed against the
following tests:
• Examination of color palette.
• Examination of size of image file.
• Comparison of Stego file format with that of
cover file.
• Application of filter to steganogram resulted
from stego file.
• Visible representation of statistical data of stego
file
4.2 When stego file is audio file
• Analysis of patterns in background noise
couldn’t detect the existence of stego file in the
transferred audio file.
A. 4.3 When stego file is video file
• Examination of distinguishing movements in
video could not point out video file as stego
video file.
5. Resistant Against StirMark Benchmark
A StirMark attack is the best and most successful attack
on reputed Stegangraphic images. StirMark is a tool
28 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 1, January 2010

developed for testing the robustness of an image-marking 6. Comparison with current tools
algorithm. At its lowest level StirMark introduces errors
into the image (as if the image had been high quality printed The limitation of current tools is following
and scanned in again). A slight distortion (consisting of a • Limit of size
stretch, shear and possible a subtle rotation) is applied. [14] • Authentication
StirMark benchmark apply following attacks • Type of steganography
• PSNR Multilevel Steganography tried to resolve these factors.
• EmbedTime Table 1 shows limitation of current tools, table 2 shows
• AddNoice techniques used by current tools and proposed work, and
• Test JPEG table 3 shows feature of current tools and proposed work.
• MedianCut
• ConvFilter Table 1: Limitation of current tools
• Selfsimilarities
S.No. Name of Tool Limits
• Removelime 1 EzStego [9] Only for GIF file.
• Rescale 2 S-Tool [11],[9] Only for GIF and BMP image.
• Rotation Not sport JPEG file.
• Rotationcrop 3 Steganos [9] Only for GIF and BMP image.
• RotationScale Not sport JPEG file.
• Affine 4 JSteg [9] Loss of information.
5 Stego DOS [11] Only for BMP image, size
• SmallRandomDistortion restriction 320×200 and 256
• LatestSmallRandomDistortions color.
6 White Noise Loss of many bit and sport only
Result of some stirMark Benchmark is show by following Stom [11] IBM Paint brush (PCX) file.
fig. 7 Hide and seek [9] Only for GIF file. Not sport
JPGE file.

Table 2: Technique used by current tools and proposed

work

S.No. Name of Tool Technique used

1 EzStego [9] LSB
2 S-Tool [11],[9] LSB
3 Steganos [9] LSB
Figure 5. Stego Image
4 JSteg [9] Compression based
5 Stego DOS [11] LSB
6 White Noise Stom [11] LSB
7 Hide and seek [9] LSB
8 Proposed work Algorithms and
transformations

Table 3: Feature of current tools and proposed work

Figure 6. Result after applying filter S.No. Name of Image Text Audio Video
Tool steg. steg. steg. steg.
1 EzStego [9] Yes Yes No No
2 S-Tool Yes Yes Yes No
[11],[9]
3 Steganos Yes Yes No No
[9]
4 JSteg [9] Yes Yes No No
5 Stego DOS Yes Yes No No
[11]
Figure 7. Result after applying Convfilter 6 White Yes Yes No No
Noise Stom
[11]
7 Hide and Yes Yes No No
seek [9]
8 Proposed Yes Yes Yes Yes
work

7. Application
There are a number of applications driving interest in the
Figure 8. Result after Rotation subject of information hiding:
 (IJCNS) International Journal of Computer and Network Security, 29
Vol. 2, No. 1, January 2010

• Military and intelligence agencies require
unobtrusive communications. Even if the content is
encrypted, the detection of a signal on a modern
battlefield may lead rapidly to an attack on the
signaler. For this reason, military communications
use techniques such as spread spectrum modulation
or meteor scatter transmission to make signals hard
for the enemy to detect or jam.
• Criminals also place great value on unobtrusive
communications. Their preferred technologies
include prepaid mobile phones, mobile phones that
have been modified to change their identity
frequently, and hacked corporate switchboards
through which calls can be rerouted.
• Law enforcement and counter intelligence agencies
are interested in understanding these technologies
and their weaknesses, so as to detect and trace
hidden messages.
• Recent attempts by some governments to limit
online free speech and the civilian use of
cryptography have spurred people concerned about
liberties to develop techniques for anonymous
communications on the net, including anonymous
remailers and Web proxies.
• Schemes for digital elections and digital cash make
use of anonymous communication techniques.
• Marketeers use email forgery techniques to send
out huge numbers of unsolicited messages while
avoiding responses from angry users. [1]
8. Conclusion
Data hiding techniques have been widely used for
transmission of hiding secret message for long time. The
goal is to modify the carrier in an imperceptible way only,
so that it reveals nothing neither the embedding of a
message nor the embedded message itself. The text here
proposes a good technique for information hiding, but
sometimes the selection of cover is difficult. The
deciphering complexity of algorithm is reasonably high.
This work given an idea about how we can enhance in the
steganography, that’s by we can resolve the limitation of
current steganography tools. This paper gives an idea about
various types of information hiding techniques and also
discus about resistance against detection strategies, media
oriented detection technique and strimark benchmark attack.
[5] Starr, B., and Utley, G. CNN, July 23, 2002:
http://www.cnn.com/2002/US/07/23/binladen.interne
t
[6] http://www.cise.nsf.gov/accomp/index.cfm?div=iis
[7] Kelley, J. USA Today, July 10, 2002:
http://www.usatoday.com/news/world/2002/07/10/we
bterror-cover.htm
[8] Provos N., “Defending against Statistical
Steganalysis”, Proc. 10th USENIX Security
Symposium, 2001.
[9] A.Westfeld & A. Pfitzmann, “Attacks on
Steganographic System”,
http://www.ece.cmu.edu/~adrian/487-s06/westfeld-
pfitzmann-ihw99.pdf
[10] R. J. Anderson & F. A. P. Petitcolas, “On the limits
of Steganography”, IEEE Journal of Selected Areas
in communications, 16(4), pp. 474-481, May 1998.
[11] N. F. Johnson & S. Jajodia, “Exploring
Steganography: Seeing the Unseen”, IEEE computer,
vol. 31, no. 2, pp. 26-34, Feb 1998.
[12] W. Bender, D. Gruhl, N. Morimoto & A. Lu
,“Techniques for Data hiding”,IBM Systems Journal,
vol. 35, pp. 313-336,1996
[13] Z. Hrytskiv, S. Voloshynovskiy & Y. Rytsar,
“Cryptography and Steganography of Video
InformationIn Modem communication”, Electronics
And Energetics, vol. 11, pp. 115-125, 1998.
[14] J. Watkins, “Steganography – Message Hidden in
Bits”,
http://mms.ecs.soton.ac.uk/mms2002/papers/6.pdf

References
[1] F. A. P. Petitcolas, R. J. Anderson & M. G. Kuhn,
“Information Hiding – A Survey”, IEEE Journal of
special issue on protection of multimedia content,
87(7), pp. 1062-1078, July 1999.
[2] N. F. Johnson & S. Jajodia, “Steganalysis: The
Investigation of Hidden Information”, IEEE
Information technology conference, pp. 113-116, Sep.
1st -3rd 1998.
[3] Johnson, N., Duric, Z., and Jajodia S., “Information
Hiding: Steganography and Watermarking”, 2001.
[4] http://www.jjtc.com/stegoarchive/stego/software.html