Beruflich Dokumente
Kultur Dokumente
Schemes
Multimedia Security
Outline
Steganalysis to LSB encoding
Steganalysis based on JPEG compatibility
Some discussions
Introduction
Steganography
The art of secret communication
Stego content (e.g. images) should not
contain any easily detectable artifacts due
to message embedding
The less information is embedded, the
smaller the probability of introducing
detectable artifacts
Fidelity
Robustness
Steganography
Watermarking
Capacity
Goal
To inspect one or possibly more images
for statistical artifacts due to message
embedding in color images using the
LSB method
To find out which images are likely to
contain secret messages
To estimate the reliability of decisions
Type I error (false-alarm) and Type II error
(Miss)
Application Scenarios
Automatic
Checking
Internet
Images in
Seized computer
Images sent
to a certain address
Forensics Expert
LSB Encoding
Replacing the LSB of every gray-level of
color channel with message bits
On average 50% of the LSB are changed
Logic behind this scheme
LSB in scanned or camera-taken images are
essentially random
Encrypted (randomized) message are random
No statistical artifacts will be introduced
Important Observation
Number of unique colors in cover images
Typically smaller than the number of pixels in the images
1:2 for high quality scans in BMP format
1:6 or lower for JPEG images or video
Formulations
U: number of unique colors in an image
P: number of close color pairs
Two colors (R1,G1,B1) and (R2,G2,B2) are
close if |R1-R2|1 and |G1-G2|1 and |B1-B2|
1
Detection Algorithm
Calculate R=P/C(U, 2)
Using LSB embedding in randomly selected pixels
3.
4.
Calculate R=P/C(U,2)
Decide whether an image is embedded
Limitations
If the secret message size is too small
the two ratio will be very close to each other
We cannot distinguish images with and without
messages
Experiments
Using an image database of 300 color images
350x250 pixels
JPEG compressed
Capacity for each image: 32.8k bits (350x250*3/8)
Experimental Results
1.1
_ : original database
: embedded database
Parameter Optimization
Results
>s for all s
s decreases N(s, s) become flat and
the peak moves right
s increases N(s, s) become narrower
and the peak moves left
Easier to separate the two peaks for larger
secret message sizes
Threshold Selection
Type I Error = Type II Error
(equals minimizing overall error)
Experimental Results
Conclusions
The probability of error prediction is mainly determined
by the size of the secret message
The influence of the test message size is much smaller
Image Steganography
Image formats
Uncompressed (BMP)
Offering the highest capacity and best overall security
Palette (GIF)
Difficult to provide security with reasonable capacity
JPEG Compression
DCT
Uncompressed Image
Huffman coder
Borig
Zigzag-scan
dk(i), i=0,,63
Dk(i)=Round (dk(i)/Q(i))
JPEG Decompression
Huffman decoding
QDk(i)=Q(i)*Dk(i)
Multiplying quantized DCT step with
quantization step
Braw=DCT-1(QD )
Inverse DCT
B=[Braw]
rounded to integers in the range of 0-255
Observations
If the block B has no pixels saturated at 0
or 255
||Braw-B||2 16 , ||||: L2 norm
Since |Braw(i) B(i)| 0.5 for all i
Algorithm
1. Divide the images into 8x8 blocks
2. Arrange the blocks in a list, and remove all
saturated blocks from the list
Algorithm (cont.)
4. For each block B, calculate S
5. If S>16,
B is not compatible with JPEG compression.
else
Perform the additional check
6. After going through T blocks, if no incompatible blocks is
found, no evidence of steganography is available.
7. Repeat the algorithm for different 8x8 division for
detecting cropped images
Some Discussions
Reference
J. Fridrich, R. Du and M. Long, Steganalysis of
LSB encoding in color images, ICME 2000,
New York, 2000
J. Fridrich, M. Goljan and R. Du, Steganalysis
based on JPEG compatibility, SPIE Multimedia
Systems and Applications IV, Denver, 2001
G. Goth, Steganalysis gets past the hype, IEEE
Distributed Systems Online, April 2005