Project Report

Brigitte Si

25 July 2004

Athabasca University
COMP607 Project

Project Report Page 1 of 13

Table of Contents

1. Introduction ...................................................................................................................3
1.1 Project Goal.........................................................................................................................3
1.2 Motivation............................................................................................................................3
1.3 Resources.............................................................................................................................4
2. Background Research....................................................................................................5
3. Project Details.................................................................................................................6
3.1 Project Overview..................................................................................................................6
3.1.1 Requirements Gathering...............................................................................................6
3.1.2 Tutorial Design.............................................................................................................6
3.1.3 Scheduling....................................................................................................................7
3.2 Steganography for Computer Images.................................................................................7
3.3 More Recent Use of Steganography....................................................................................8
4. Conclusion......................................................................................................................9
5. Glossary.........................................................................................................................10
6. References and Bibliography.......................................................................................11

Project Report Page 2 of 13

1. Introduction

Digital multimedia data provides a robust and easy editing and

modifying of data. The data can be delivered over computer networks
with little to no errors and often without interference.

Unfortunately, digital media distribution raises a concern for digital

content owners. Digital data can be copied without any loss in quality
and content. This poses a big problem for the protection of intellectual
property rights of copyright owners. Watermarking is a solution to the
problem. It can be defined as embedding digital data, such as
information about the owner, recipient, and access level, without being
detectable in the host multimedia data.

Steganography relies on hiding covert message in unsuspected

multimedia data and is generally used in secret communication
between acknowledged parties. Steganography is a method of
encryption that hides data among the bits of a cover file, such as a
graphic or an audio file. The technique replaces unused or insignificant
bits with the secret data. Steganography is not as robust to attacks
since the embedded data is vulnerable to destruction.

Watermarking has the feature of robustness against attacks. Even if

the existence and method of embedding the data is known, it may be
difficult to destroy the hidden data.

Data hiding and data embedding can be classified as methods between

steganography and watermarking.

1.1 Project Goal

The goal of the project is to construct an introductory tutorial on the

subject of steganography, mainly focused on embedding text data in
digital images.

Additionally, the tutorial walks through two steganographic program

examples.

1.2 Motivation

Project Report Page 3 of 13

The primary reason for selecting steganography among the list of
possible project topics was due to the unfamiliarity of the word that
twigged an interest in the subject.

Another motivation for researching the topic was after reading an

online article in the USA Today titled “Terror groups hide behind Web
encryption” that claims terrorists and, in particular, Osama bin Laden
and the al-Qaida network, may be using steganography to
communicate with each other in planning terrorist attacks. It is
thought that images with hidden messages are placed on bulletin
boards or dead drops for other terrorists to pick up and retrieve hidden
messages. Thus far, this supposition has yet to be proven.

1.3 Resources

The single resource dedicated to the project is the author of the

report.

Project Report Page 4 of 13

2. Background Research

The primary tool used in the research of steganography and

watermarking is the Internet.

The first objective was to understand the various terminologies related

to the field. This was done through the Wikipedia and the
hyperdictionary websites.

Additional technical details were obtained from various articles listed

under the References and Bibliography section.

The following points can be attributed to the renaissance of

steganography:

• Government ban on digital cryptography. Individuals and

companies who seek confidentiality look to steganography as an
important complementary since combining cryptography and
steganography can help in avoiding suspicion and protect
privacy.

• The increased need to protect intellectual property rights by

digital content owners, using efficient watermarking.

• The trend towards electronic communications and humans desire

to conceal messages from curious eyes. With rapid advancement
in technology, steganographic software is becoming effective in
hiding information in image, audio or text files.

Project Report Page 5 of 13

3. Project Details

3.1 Project Overview

3.1.1 Requirements Gathering

It was determined at an early stage of the requirements gathering that

the tutorial will focus primarily on steganography for embedding text
information in computer images. The steganography techniques
covered include least significant bit insertion, masking and filtering,
and algorithms and transformations. The tutorial does not cover other
steganography techniques such as distortion, spread spectrum
steganography, and statistical steganography.

Since “information hiding” refers to both watermarking and

steganography, digital watermarking is briefly mentioned in the
tutorial. As well, the tutorial contains a section on steganalysis.

Two steganographic program examples were selected from the

Internet to include in the tutorial.

• JPHS (Jpeg hide and seek) is a free program designed by Allan

Latham.

• 4t HIT Mail Privacy LITE 1.01 is a tool provided free of charge by

4t Niagara Software.

3.1.2 Tutorial Design

The tutorial is written in HTML. The main page is the menu.htm file.
The tutorial was designed for easy navigation. An attempt was made
to achieve a concise tutorial on the subject of steganography without
losing the reader with excessive technical detail on the steganographic
techniques.

Self-test quiz are available in certain sections of the tutorial. The quiz
enables readers to test their understanding on the particular section of
the tutorial.

Project Report Page 6 of 13

3.1.3 Scheduling

The project requirements and design were made exclusively by the

single resource. Since the project did not involve group dynamics the
project schedule was fairly well paced.

Task Estimated Actual

Hours Hours
Gather Requirements. 20 23
Design Tutorial. 15 20
Create Self-Test Quiz. 6 5
Test Example Programs. 3 3
Test & Assess Tutorial. 1 1
Total Number of Hrs: 45 52

3.2 Steganography for Computer Images

The challenge of using steganography in computer images is to hide as

much data as possible with the least noticeable difference in the
image. There are a number of steganographic methods and
applications available for download on the Internet.

In general, the steganography process consists of the following steps:

• Identifying redundant bits in a cover image.

• Selecting a subset of the redundant bits to be replaced with the

secret message. The stego image is created by replacing these
redundant bits with the message bits.

Information hidden by setting the least significant bits of the image

pixels to the bits of the secret data may be invisible to the human eye
but it is relatively easy to detect and remove by a third party who
suspect the presence of the embedded data.

Steganography is more noticeable with JPEG images due to the lossy

compression algorithm used in JPEG files. There may be a significant
difference between the file size of the cover image and the stego
image. The algorithm used also affects the probability of detection of

Project Report Page 7 of 13

the steganography. An algorithm used to hide large amounts of
information typically result in greater change to the image appearance.

Refer to the tutorial for a detail explanation of how steganography is

used in computer images.

3.3 More Recent Use of Steganography

A more recent use of steganography is in the design of covered

channels in TCP/IP for thwarting filters and firewalls. Although this
steganography method is not covered in the tutorial it warrants a brief
mention in the report.

The following is a simple explanation of the build-up of a TCP/IP

connection:

For each connection there is a send sequence number and a receive

sequence number. The synchronization requires each side to send its
own initial sequence number and to receive a confirmation of it in
acknowledgment from the other side. Each side must receive the other
side's initial sequence number and send a confirmation
acknowledgment.

1) A --> B SYN my sequence number is X

2) A <-- B ACK your sequence number is X
3) A <-- B SYN my sequence number is Y
4) A --> B ACK your sequence number is Y

Since step 2 and 3 can be combined in a single message this is called

a three-way handshake. In this three-way handshake hidden data can
be embedded in the packet header.

For example, host A sends a synchronization package and an initial

sequence number to host B requesting acknowledgement. Host B
answers with an initial sequence number increased by one and its
acknowledgement. The connection is established by the
acknowledgement from host A to host B. By embedding hidden
identification information in the header data it is possible to create a
'bounce' effect. Host A sends the package to host B, but this time, due
to the hidden data in the header, host B sends the acknowledgement
that was meant for host A to host C. Host C can establish the
connection anonymously without host B knowing that host C is not
host A.

Project Report Page 8 of 13

4. Conclusion

Steganography is not intended to replace cryptography but rather to

supplement it. If a message is encrypted and hidden with a
steganographic method it provides an additional layer of protection
and reduces the chance of the hidden message being detected.

Steganography is still a fairly new concept to the general public

although this is likely not true in the world of secrecy and espionage.
Digital watermark technology is currently being used to track the
copyright and ownership of digital content. Efforts to improve the
robustness of the watermarks are necessary to ensure that the
watermarks and embedded information can securely defend against
watermarking attacks.

With continuous advancements in technology it is expected that in the

near future more efficient and advanced techniques in steganalysis will
emerge that will help law enforcement to better detect illicit materials
transmitted through the Internet.

The tutorial introduces a tiny part of the art of steganography.

Steganography goes well beyond simply hiding text information in an
image. Steganography applies not only to digital images but to other
media as well, such as audio files, communication channels, and other
text and binary files.

Project Report Page 9 of 13

5. Glossary

Cover image - An image containing an embedded message.

Cypher text – Refers to encrypted data.

Cryptography – The art of protecting information by encrypting it into

an unreadable format, called cipher text. A secret key is used to
decrypt the message into plain text.

Encryption – The translation of data into a secret code.

Least significant bit (LSB) - The bit contributing the least value in a
string of bits.

Lossless compression - For most types of data, lossless compression

techniques can reduce the space needed by only about 50%. No data
is lost in the process. For greater compression, one must use a lossy
compression technique.

Lossy compression - Lossy compression technologies attempt to

eliminate redundant or unnecessary information. Some amount of data
is lost in the process.

Plain text – Refers to any message that is not encrypted - also called
clear text.

Steganalysis – The art of discovering and rendering useless covert

messages.

Steganography - A means of overlaying one set of information

("message") on another (a cover).

Stego image - The result of combining the cover image and the
embedded message.

Stego text – It is the result of applying some steganographic process

to a plain text (not necessarily encrypted).

TCP/IP - The Transmission Control Protocol / Internet Protocol is the

standard protocol suite used on the Internet.

Project Report Page 10 of 13

6. References and Bibliography

1. iNFOSYSSEC. Cryptography, Encryption and Stenography.

[online] 2000. Available at
http://www.infosyssec.org/infosyssec/cry2.htm; Accessed on 23
June 2004.

2. Wikipedia - The Free Encyclopedia. Steganography. [online]

2004 June. Available at
http://en.wikipedia.org/wiki/Steganography; Accessed on 23
June 2004.

3. Wikipedia - The Free Encyclopedia. Stegotext. [online] 2004

June. Available at http://en.wikipedia.org/wiki/Stegotext;
Accessed on 23 June 2004.

4. Plunt. Steganography (hide and seek) Tutorial. [online]

Astalavista Group. 2004 January. Available at
http://www.astalavista.com//data/hide_and_seek.txt; Accessed
on 24 June 2004.

5. Kahn, D. The Codebreakers. The Macmillan Company. New York.

1967.

6. Johnson, N. F., Duric, Z., Jajodia, S. Information Hiding:

Steganography and Watermarking - Attacks and
Countermeasures. Kluwer Academic Press. Norwrll, MA, New
York, The Hague, London, 2000.

7. Johnson, N. F., Jajodia, S. Exploring Steganography: Seeing the

Unseen. [online] 1998 February. Available at
http://www.jjtc.com/pub/r2026.pdf; Accessed on 24 June 2004.

8. Rude, T. J. Steganography - Disappearing Cryptography. [online]

CRAZYTRAIN.COM 2000. Available at
http://www.crazytrain.com/rudedude.pps; Accessed on 25 June
2004.

9. Haldar, V. Steganography and Audio. [online] Available at

http://www.ics.uci.edu/~lopes/teaching/280ubicompW03/studen
ts%20presentations/vivek%20haldar.pdf; Accessed on 27 June
2004.

Project Report Page 11 of 13

10. hyperdictionary. Discrete cosine transform. [online] 2003.
Available at
http://www.hyperdictionary.com/computing/discrete+cosine+tra
nsform; Accessed on 27 June 2004.

11. hyperdictionary. Fast Fourier transform. [online] 2003. Available

at
http://www.hyperdictionary.com/dictionary/Fast+Fourier+Transf
orm; Accessed on 27 June 2004.

12. Wikipedia. Wavelet compression. [online] 2004 May. Available at

http://en.wikipedia.org/wiki/Wavelet_compression; Accessed on
27 June 2004.

13. Wi-Fi Planet. Blowfish. [online] 2003 October. Available at

http://wi-fiplanet.webopedia.com/TERM/B/Blowfish.html;
Accessed on 30 June 2004.

14. Johnson, N. F., Jajodia, S. Steganalysis of Images Created Using

Current Steganography Software. [online] 1998. Available at
http://www.jjtc.com/ihws98/jjgmu.html; Accessed on 29 June
2004.

15. Johnson, N. F., Jajodia, S. Steganalysis: The Investigation of

Hidden Information. [online] 1998 September. Available at
http://www.jjtc.com/pub/it98a.htm; Accessed on 30 June 2004.

16. Wikipedia - The Free Encyclopedia. Steganalysis. [online] 2004

May. Available at http://en.wikipedia.org/wiki/Steganalysis;
Accessed on 02 July 2004.

17. Kessler, G. An Overview of Steganography for the Computer

Forensics Examiner. [online] 2004 February. Available at
http://www.garykessler.net/library/fsc_stego.html; Accessed on
02 July 2004.

18. Computerworld. Steganography: Hidden Data. Quickstudy by

Deborah Radcliff. [online] 2002. Available at
http://www.computerworld.com/securitytopics/security/story/0,
10801,71726,00.html; Accessed on 02 July 2004.

19. Craver, S., Yeo, B., Yeung, M. Technical trials and legal
Tribulations. Communications of the ACM [online] 1998 July.

Project Report Page 12 of 13

 Volume 41. Issue 7. Available at
http://portal.acm.org/citation.cfm?
id=278476.278486&dl=portal&dl=ACM&idx=278476&part=perio
dical&WantType=periodical&title=Communications%20of%20the
%20ACM; Accessed on 03 July 2004.

20. Gupta, M. Steganography is more than a tool for spies. [online]

Eurescom 2001. Available at
http://www.eurescom.de/message/messageSep2001/stegano.as
p; Accessed on 05 July 2004.

Project Report Page 13 of 13