INFORMATION HIDING: Steganography and Watermarking Attacks and Countermeasures ADVANCES IN INFORMATION SECURITY INFORMATION HIDING: Steganography and Watermarking Attacks and Countermeasures by N eil F. Jo hnson Zor an Durie Sushil Ja jodia Center jar Secure Injormation Systems George Mason University SPRINGER-SCIENCE+BUSINESS MEDIA, LLC Library of Congress Cataloging-in-Publication Data Johnson, Neil F. Information hiding: steganography and watermarking: attaeks and eountermeasures / by Neil F. Johnson, Zoran Durie, Sushil Jajodia. p. em. --(Advanees in information seeurity ; 1) Includes bibliographieal referenees and index. ISBN 978-1-4613-6967-7 ISBN 978-1-4615-4375-6 (eBook) DOI 10.1007/978-1-4615-4375-6 l.Computer seeurity. 2. Data proteetion. 1. Durie, Zoran. II. Jajodia, Sushil. III. Title. IV. Series. QA76.9.A25 J25 2000 005.8--de21 00-046213 Copyright © 2001 by Springer Science+Business Media New York. Third Printing 2003. Origina1ly published by Kluwer Academic Publishers in 2001 Softcover reprint ofthe hardcover Ist edition 2001 Ali rights reserved. No part of this publieation may be reprodueed, stored in a retrieval system or transmitted in any form or by any means, mechanica1, photo-eopying, recording, or otherwise, without the prior written permission of the publisher, Springer-Science+Business Media, LLC. Printed on acid-free paper. Series Foreword ADVANCES IN INFORMAT ION SECURITY Sushil Jajodia Consulting Editor Department of Information & Software Engineering George Mason University Fairfax, VA 22030-4444, U.S.A. email: [email protected] Welcome to the first volume of ADVANCES IN INFORMATION SECURITY. The goals of this series are to establish the state of the art, set the course for future research in information security, and to serve as a central source of reference for information security research and developments. The scope of this series includes not only all aspects of computer and network security, but related areas such as fault tolerance and software assurance. The series aims to publish thorough and cohesive overviews on specific topics in Information Security, as well as works that are larger in scope than survey articles and that will contain more detailed background information. The series also provides a single point of coverage of advanced and timely topics and a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook. About this volume The first volume of this series deals with information hiding. With the proliferation of multimedia on the Internet, information hiding addresses two areas of concern: privacy of information from surveillance (steganography) and protection of intellectual property (digital watermarking). Derived from the Greek, steganography literally means "covered writing." Steganography explores methods to hide the existence of hidden messages. These methods include invisible ink, microdot, digital signature, covert VI charmel, and spread spectrum communication. Digital watermarks represent a commercial application of steganography. Watermarks can be used to track the copyright and ownership of electronic media. In this volume, the authors focus on techniques for hiding information in digital media. They analyze the hiding techniques to uncover their limitations. These limitations are employed to devise attacks against hidden information. The goal of these attacks is to expose the existence of a secret message or render a digital watermark unusable. In assessing these attacks, countermeasures are developed to assist in protecting digital watermarking systems. Understanding the limitations of the current methods will lead us to build more robust methods that can survive various manipulation and attacks. The more information that is placed in the public's reach on the Internet, the more owners of such information need to protect themselves from theft and false representation. Systems to analyze techniques for uncovering hidden information and recover seemingly destroyed information will be useful to law enforcement authorities in computer forensics and digital traffic analysis. SUSHlL JAJODIA Consulting Editor To my parents Bill and Carolyn, wife Ann-Marie, and son William. -NFJ To my wife Sladjana, and my children Petar and Sonja. -ZD To my parents. -SJ Contents LIST OF FIGUR.ES ............................................................................. XIII LIST OF TABLES .............................................................................. XVII PREFACE ............................................................................................ XIX 1. INTRODUCTION ............................................................................ 1 1.1 Steganography: Hiding Information ............................................. 1 1.2 Steganography throughout History ............................................... 2 1. 3 Methods for Hiding Information .................................................. 4 1.3.1 Hiding in Text ...................................................................... 5 1.3.2 Hiding in Disk Space ........................................................... 7 1.3.3 Hiding in Network Packets ................................................... 7 1.3.4 Hiding in Software and Circuitry ......................................... 7 1.3.5 Hiding in Audio and Images ................................................. 8 1.4 Attacks against Hidden Information ............................................. 8 1.4.1 Detection ............................................................................. 8 1.4.2 Distortion and Removal ....................................................... 9 1.5 Countermeasures Against Attacks .............................................. 10 1.6 Contributions & Future Work .................................................... 11 1.7 Organization of the Book ........................................................... 12 2. EXPLORING STEGANOGRAPHY .............................................. 15 2.1 Digital Images ........................................................................... 15 2.2 Hiding Information in Images .................................................... 17 2.2.1 Hiding Data in the Noise ................................................... 18 x 2.2.2 Watermarking Techniques ................................................. 22 2.3 Issues in Information Hiding ...................................................... 24 2.3.1 Level of Visibility: Perceptible or Imperceptible ................. 25 2.3.2 Robustness vs. Payload ...................................................... 25 2.3.3 Spatial or transform domain .............................................. 27 2.3.4 File Format Dependence .................................................... 28 2.3.5 Image Modeling ................................................................. 28 2.3.6 Summary of Hiding Techniques .......................................... 29 2.4 Examples of Digital Image Steganography Software .................. 30 2.4.1 StegoDos ........................................................................... 32 2.4.2 White Noise Storm ............................................................. 34 2.4.3 S-Tools .............................................................................. 36 2.4.4 Comments on Other Software ............................................. 40 2.4.5 Summary of Tools .............................................................. 43 2.5 Comments on Steganography .................................................... 43 3. STEGANALYSIS: ATTACKS AGAINST HIDDEN DATA ........ 47 3.1 Detection: Seeing the Unseen .................................................... 48 3.1.1 Techniques for Detecting Hidden Information .................... 49 3.1.2 Examples of Detecting Signatures in Stego-Images ............ 50 3.1.3 S-Tools .............................................................................. 52 3.1.4 Mandelsteg ........................................................................ 53 3.1.5 Hide and Seek .................................................................... 53 3.1.6 Hide4PGP ......................................................................... 54 3.1.7 EzStego, Stego On-line ....................................................... 55 3.1.8 .lsteg-.lpeg .......................................................................... 55 3.2 Distortion: Disabling Steganography and Watermarks ............... 60 3.2.1 Techniquesfor Distorting Embedded Data ......................... 61 3.2.2 Examples of Distorting Embedded Information .................. 62 3.3 Application of Steganalysis: Forensic Investigation ................... 73 3.4 Comments on Steganalysis ........................................................ 74 4. COUNTERMEASURES TO ATTACKS ....................................... 77 4.1 Countermeasures to Distortion ................................................... 78 4.2 Stronger Watermarks ................................................................. 79 4.3 Recognition Based on Image Characteristics .............................. 80 4.3.1 "Fingerprinting" Images ................................................... 82 4.3.2 Affine Transformations and Invariants ............................... 88 4.3.3 Using Fingerprints for Recognition .................................... 91 4.4 Recovering Watermarks from Distorted Images ......................... 96 4.4.1 Recovery using Image Fingerprints .................................... 96 4.4.2 Refinement using Normal Flow .......................................... 99 4.4.3 Examples of Recovering Watermarks from Images ........... 103 xi 4.5 Comments on Countermeasures ............................................... 108 Appendix A: Hiding Data in Network Traffic ..................................... 111 Appendix B: Glossary of Methods to Distort Stego-Images ................ 117 References ............................................................................................. 123 Index. ..................................................................................................... 129