PAPER PRESENTATION ON

IMPROVED TECHNIQUES FOR

STEGANOGRAPHY
AND
STEGANALYSIS

SUBMITTED BY:
SHUBHI JAIN
ELECTRONICS AND COMMUNICATION
GYAN GANGA INSTITUTE OF TECHNOLOGY AND SCIENCES
JABALPUR

MADHYA PRADESH
CONTENTS:
1. INTRODUCTION
2. HISTORY
3. TERMINOLOGY
4. TYPES OF STEGANOGRAPHY
5. IMPLEMENTATION OF STEGANOGRAPHY
6. STEGANALYSIS
7. LIMITATIONS OF STEGANOGRAPHY
8. APPLICATIONS OF STEGANOGRAPHY
9. CONCLUSION

INTRODUCTION
Have you ever wanted to hide something from your friends, family or
government? If the answer is yes, then you need to learn about STEGANOGRAPHY.
Steganography, coming from the Greek words stegos, meaning roof or covered and
graphia which means writing, is the art and science of hiding the fact that communication is
taking place. To give a more formal definition, the Merriam Webster Dictionary defines
steganography as: The Art or practice of concealing a message, image, or file.
Steganography and cryptography are closely related. Cryptography
scrambles messages so they cannot be understood. Steganography on the other hand, will
hide the message so that they cannot be seen. Using steganography, you can embed a
secret message inside a piece of unsuspicious information and send it without anyone
knowing of the existence of the secret message.
As the field of stegonagraphy has progressed, people have become
increasingly interested in being able to detect these hidden messages inside media. The
field of steganalysis has emerged to meet this need. Steganalysis can be defined as, the
art and science of detecting steganography.The main goals of steganalysis are to detect
stegonagraphy and to detect what method (or piece of software) was used to hide the
information.

HISTORY
Throughout history, people always have aspired to more privacy and
security for their communications. One of the first documents describing Steganography
comes from Histories by Herodotus, the Father of History. The first known application dates
back to the ancient Greek times, when messengers tattooed messages on their shaved
heads and then let their hair grow so the message remained unseen. A different method
from that time used wax tables as a cover source. Text was written on the underlying wood
and the message was covered with a new wax layer. The tablets appeared to be blank so
they passed inspection without question until a woman named Gorgo guessed that maybe
the wax was hiding something. She removed the wax and became the first woman
cryptanalyst in History.
The Germans developed microdot technology during World War II
which was referred to as the enemys masterpiece of espionage. Microdots are
photographs, the size of a printed period having the clarity of standard-sized type-written
pages.The microdots where then printed in a letter or on an envelope and being so small,
they could be sent unnoticed.
Recently, the United States government claimed that Osama Bin
Laden and the al-Qaeda organization use steganography to send messages through
websites and newsgroups. However, until now, no substantial evidence supporting this
claim has been found, so either al-Qaeda has used or created real good steganographic
algorithms, or the claim is probably false. Many different motives exist to detect the use of
steganography, so techniques to do so continue to be developed while the hiding
algorithms become more advanced.

TERMINOLOGY
When a message is encrypted, its easy to understand that it
contains sensitive information, a secret and someone might try to break it.
Steganography solves this problem by hiding the sensitive information in a harmless file
called carrier file. Steganographic software enables information to be hidden in text,
graphics, sound files. The embedding process produces a stego object which contains the

hidden message. We can use a stego key to control the embedding process, so we can
also restrict detection and/or recovery of the embedded data to other parties with the
appropriate permissions to access this data.
When designing information hiding techniques, we have to consider
three competing aspects: capacity, security, and robustness. Capacity refers to the amount
of information we can embed in a cover object. Security relates to an eavesdroppers
inability to detect the hidden information. Robustness refers to the amount of modification
the stego-object can withstand before an adversary can destroy the information.

TYPES OF STEGANOGRAPHY
Steganography can be split into two types, these are Fragile and
Robust. The following section describes the definition of these two different types of
steganography.
Fragile Fragile steganography involves embedding information into a file which is
destroyed if the file is modified. This method is unsuitable for recording the copyright
holder of the file since it can be so easily removed, but is useful in situations where it is
important to prove that the file has not been tampered with, such as using a file as
evidence in a court of law, since any tampering would have removed the watermark.
Fragile steganography techniques tend to be easier to implement than robust methods.
Robust Robust marking aims to embed information into a file which cannot easily be
destroyed. Although no mark is truly indestructible, a system can be considered robust
if the amount of changes required to remove the mark would render the file useless.
There are two main types of robust marking: Fingerprinting and Water marking

IMPLEMENTATION OF STEGANOGRAPHY
There are ways to hide information in an image, audio and even text
files. Moreover, if that message is in addition encoded then it has one more supplemental
level of protection. Computer steganography is based on two principles.
1. The first one is that the files that contain digitized images or sound can be altered to a
certain extend without loosing their functionality unlike other types of data that have to be
exact in order to function properly, an example of that would be a computer program.
2. The other principle deals with the human inability to distinguish negligible changes in
image color or sound quality, which is especially easy to make use of in objects that
contain redundant information, be it 16-bit sound, 8-bit or even better 24-bit image.
Speaking of images, changing the value of the least significant bit of
the pixel color wont result in any perceivable change of that color. One of the best and
most widely spread steganographic products for Windows95/98/NT is S-Tools.
Background. Evaluation method and Software evaluation which include S-Tools and Hide
and Seek v4.1 are the software packages which were reviewed with respect to
Steganographic manipulation of images. A very useful feature is the status line that
displays the largest message size that can be stored in the carrier file. All the software
uses the LSB method to both images and audio files. Steganography allows you to hide
information in five innocent looking files types: JPEG, PNG, BMP, HTML and WAV.
Null ciphers (unencrypted messages) were also used. An example of
a message containing a null cipher is German Spy in World War II:
Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit.
Blockade issue affects Pretext for embargo on byproducts, ejecting suets and Vegetable
oils.

Taking the second letter in each word the following message emerges:
Pershing sails from NY June 1.

METHOD OF STEGANOGRAPHY IN TEXT

Since everyone can read, encoding text in neutral sentences is
doubtfully effective. But taking the first letter of each word of the previous sentence, you will
see that it is possible and not very difficult. Hiding information in plain text can be done in
many different ways. The first-letter algorithm used here is not very secure, as knowledge
of the system that is used, automatically gives you the secret. This is a disadvantage that
many techniques of hiding secrets inside plain text have in common.
Many techniques involve the modification of the layout of a text,
rules like using every n-th character or the altering of the amount of white space after lines
or between words. The last technique was successfully used in practice and even after a
text has been printed and copied on paper for ten times, the secret message could still be
retrieved.
Another possible way of storing a secret inside a text is using a
publicly available cover source, a book or a newspaper, and using a code which consists
for example of a combination of a page number, a line number and a character number.
This way, no information stored inside the cover source will lead to the hidden message.
Discovering it, relies solely on gaining knowledge of the secret key.

METHODS OF STEGANOGRAPHY IN IMAGES

Images are extremely common in the internet. Average users
frequently upload pictures to social networking sites or email photos to friends and
relatives. The vast number of images floating around the internet make them strong
candidate for steganography because the odds of someone making an effort to scan a
particular image are almost nil. Images are also ideal because it is very easy and
unsuspicious to upload original content from your own camera. If a message is embedded
into an image and original is kept a secret, a possible adversary will not be able to perform
comparisons with some original image that is known to be clean
Two fundamental methods of steganography of images covered by
this paper are LSB insertion in lossless files and embedding in JPEG pictures.

LSB INSERTION IN BMP FILE

A bitmap file is an image encoded as 8-bit red, green, and blue
(RGB) values for every single pixel. This provides 24-bit color and is a lossless encoding
method. By changing the least significant bit (LSB) of each RGB value we can encode up
to 3 bits per pixel to embed a secret message. The effect that this bit twiddling can have on
the color of the pixel is so small that it is imperceptible to the human vision system (HVS).
Changing all three LSBs can make a maximum change of a 4.57x10-05 % shift in the color
spectrum. Most likely one could alter the 2nd or 3rd LSB without making the picture
suspicious to the human eye. To better visualize the changes happening to the picture,
consider the following example .The values below are a representation of 3 pixels, the
columns are the RGB values and each row makes a pixel:
(01100111 00011001 10011100)
(01101000 11001011 11000001)
(10010100 11001101 10001001)
Lets say we wish to embed the value 11001000 into this set. By moving left to right and
top to bottom and changing the LSB for each 8-bit group we get the following result:

(00101101 00011101 11011100)

(10100110 11000101 00001100)
(11010010 10101100 01100011)
The bold characters are the embedded data; underlined characters
are bits that actually had to be switched. In this example only 3 bits had to be altered,
minimizing the effect on image. One of the nice properties of inserting data into the LSB of
value is that statistically only one half of bits will need to be changed, and the fewer
changes to the image the better.
This steganographic method is a very simple and straightforward
example, making it one of the easier methods to detect and thwart. Changing the LSBs
leaves behind statistical changes that a smart program could detect. The insertion of bits in
a linear fashion is particularly vulnerable. Some methods improve upon it by using a
pseudorandom number generator to randomly pick pixel locations to insert data, although
this reduces the amount of data that can be hidden. Another disadvantage to this method is
that it requires lossless images, which arent as commonly shared as lossy ones. Also, in a
lossy picture small irregulations could be explained away as noise, a scapegoat that this
method lacks.

LSB INSERTION IN JPEG FILE

An improvement upon the previous method is a similar tactic applied
to JPEG images. Rather than embedding the data in the LSB of the RGB values of pixel, it
is hidden in the LSB of the coefficients of the Discrete cosine transformations (DCT) for an
8 x 8 macro block. Jpeg is a lossy compression; some resolution is lost by sub-sampling
colors and performing the DCT. With steganography, lossy methods cannot be tolerated
because the data must remain intact. To avert this problem, data is inserted after the lossy
parts of the compression scheme. After that, JPEG uses run length encoding for further
compression, but this process is lossless and will not corrupt the hidden data.
While in principle this method is not very different from the BMP
example, it does provide some improvements. DCT coefficients already suffer from
rounding errors due to lossy compression. This makes the data a bit more irregular, making
odd artifacts and noise more likely, possibly disguising the steganography. Also, a
steganography method for images can minimize visibility of alteration by focusing on
writing to the high frequency coefficients, which are less noticeable.
Steganalysis programs are still able to find patterns indicating
tampering. One statistical property that this method can leave behind is that adjacent DCT
coefficients have the same frequency, rather than the gradual change that most images
have. In figure1 image a shows how after the steganographic coefficients

for an unmodified image and b shows how after the steganographic process, adjacent
coefficients have the same value. Again, there are various tips and tricks to prevent
detection. Usually when the new methods are developed, new steganalysis methods to
detect them follow.

METHODS OF STEGANPGRAPHY IN AUDIO

Audio steganography is the application of steganographic techniques

to encode hidden messages in audio files. Generally, audio steganography is considered
more difficult than steganography in an image or video. This is especially true for
compressed file formats such as mp3. One current application of audio steganography is
the embedding of watermarks in purchased music files, allowing them to be tracked back to
the source if unlawfully distributed.
A number of techniques are used to embed messages in audio files.
The aspect they all have in common is that the message must be hidden in a way that is
inaudible to someone playing back the sound file. An uncompressed sound format such as
WAV Contains plenty of high frequencies that are inaudible to humans, and therefore has
plenty of room to hide a hidden message. Compressed Audio formats, such as mp3,
attempt to remove as much inaudible data as possible using mathematical and
psychoacoustic techniques. Audio Compression is directly at odds with audio
steganography: the more unnecessary Inaudible data is removed, the less space there is
to hide a message and not disturb the audio.

BASIC TECHNIQUE
The simplest way to hide a message in an audio file is to use a key
stream to encode some data in the least significant bits of the sampled audio. Essentially,
this adds a low-level stream of noise to the sound that would be inaudible during normal
listening. This technique works well for WAV, which uses a fixed number of bits (usually
16) for each sample. Generally, data is inserted into the WAV file using a key stream,
which is generated from a pass phrase. The key stream indicates which samples should be
modified to contain hidden data. An average of 3 LSBs sample can be modified before the
added noise becomes audible to listeners.
The simple LSB encoding method does not work for compressed
audio such as MP3, which uses a variety of compression techniques (including
psychoacoustic techniques) in order to ensure that every bit is significant. While the
increasing prevalence of compressed audio may appear to render LSB-encoding obsolete,
there is still longoing research into the improvement of LSB compression techniques. One
method to improve the capacity of LSB-encoded signals is using a simple technique called
minimum-error replacement. The technique works like this: Suppose that, in a single
sample, you wish to encode k LSBs of hidden data. Normally, the LSBs would simply be
replaced with the encoded LSBs. However, in minimum- error encoding, you also look at
the sample with the same k LSBs encoded, and the k-1st bit flipped. You then see which
of these encoded samples is closer numerically to the original sample, and replace the
original sample with that one.
k=4
Original Sample

XXXX XXXX

XXX1 0001

Sample with 1111

encoded to k LSB

XXXX XXXX

XXX1 1111

Sample with 1111

encoded to k LSB
and k +1 flipped

XXXX XXXX

XXX0 1111

In above example, 4 LSBs are used to encode the data 1111 in a

16-bit sample. The two options are replacement of 11111 and 01111 as the other bits
are not relevant. Since 11111-10001=01110 and 10001-01111=00010, we change the last
5 bits of sample to 01111.
Another technique that can be used to reduce perception of noise in
LSB-encoded data is error smearing. This refers to the diffusion of encoded signals over
subsequent samples in order to prevent the perception of popping or hissing that can
occur when adding noise to quiet areas of an audio sample. The error added to each
subsequent sample is usually the previous samples error divided by 2.The first sample
after the encoded data will get the error, the second sample gets the error, and so
fourth until the next encoded sample.

STEGANALYSIS :

DETECTING STEGANOGRAPHY

As more and more techniques of hiding information are developed

and improved, the methods of detecting the use of steganography also advance. Most
steganographic techniques involve changing properties of the cover source and there are
several ways of detecting these changes. There are three types of Steganalysis attacks:
(1) aural; (2) structural; and (3) statistical.
1. Aural attacks. They consist of striping away the significant parts of a digital content in
order to facilitate a humans visual inspection for anomalies. A common test is to show the
LSBs of an image.
2. Structural attacks. Sometimes, the format of the digital file changes as hidden
information is embedded. Often, these changes lead to an easily detectable pattern in the
structure of the file format. For instance, it is not advisable to hide messages in images
stored in GIF format. In such a format an images visual structure exists to some degree in
all of an images bit layers due to the color indexing that represents 224 colors using only
256 values.
3. Statistical attacks. Digital pictures of natural scenes have distinct statistical behavior.
With proper statistical analysis, we can determine whether or not an image has been
altered, making forgeries mathematically detectable. In this case, the general purpose of
Steganalysis is to collect sufficient statistical evidence about the presence of hidden
messages in images, and use them to classify whether or not a given image contains a
hidden content. In the following section, we present some available statistical-based
techniques for hidden message detection.

Text
While information can be hidden inside texts in such a way that the
presence of the message can only be detected with knowledge of the secret key, for
example when using the earlier mentioned method using a publicly available book and a
combination of character positions to hide the message, most of the techniques involve
alterations to the cover source. These modifications can be detected by looking for patterns
in texts or disturbings, thereof, odd use of language and unusual amounts of whitespace.

Images
Although images can be scanned for suspicious properties in a very
basic way, detecting hidden messages usually requires a more technical approach.
Changes in size, file format, last modified timestamp and in the color palette might point out
the existence of a hidden message, but this will not always be the case. A widely used
technique for image scanning involves statistical analysis. Most steganographic algorithms
that work on images, assume that the least-significant bit is more or less random. This is
however, an incorrect assumption. While the LSB might not seem to be of much
importance, applying a filter which only shows the least-significant bits will still produce a

recognizable image. Since this is the case, it can be concluded that the LSB are not
random at all, but actually contain information about the whole image. When inserting a
hidden message into an image, this property changes. Especially with encrypted data,
which has very high entropy, the LSB of the cover image will no longer contain information
about the original, but because of the modifications they will now be more or less random.
With a statistical analysis on the LSB, the difference between
random values and real image values can easily be detected. Using this technique, it is
also possible to detect messages hidden inside JPEG files with the DCT method, since this
also involves LSB modifications, even though these take place in the frequency domain.
For higher order statistical analysis image matrices method is used.
IMAGE QUALITY MATRICES
Image quality metrics are often used for coding artifact evaluation,
performance prediction of vision algorithms, quality loss due to sensor inadequacy, etc.
Steganographic schemes, whether by spread-spectrum, quantization modulation, or LSB
insertion/modification, can be represented as a signal addition to the cover image. In this
context, Avcibas and colleagues hypothesis is that steganographic schemes leave
statistical evidences that can be exploited for detection with the aid of IQMs and
multivariate regression analysis of variance (ANOVA).
Using ANOVA, the authors have pointed out that the following IQMs
are the best feature generators: mean absolute error, mean square error, Czekznowski
correlation, image fidelity, cross correlation, spectral magnitude distance, normalized mean
square, HVS error, angle mean, median block spectral phase distance, and median block
weighted spectral distance.
A linear function of the IQMs is given by
y1 = 1x11 + 2x12 + . . . + qx1q + 1
y2 = 2x21 + 2x22 + . . . + qx2q + 2
...
yN = nxn1 + 2x12 + . . . + qxnq + n,
where xij is the quality coefficient for the image i = {1 . . . n} and IQM j = {1 . . . q}.
Finally, k is the regression coefficient, and is random error.
Once we calculate these coefficients, we can use the resulting coefficient vector to any
new image in order to classify it as stego or non-stego image

Audio and video

The statistical analysis method can be used against audio files too,
since the LSB modification technique can be used on sounds too. Except for this, there are
several other things that can be detected. High, inaudible frequencies can be scanned for
information and odd distortions or patterns in the sounds might point out the existence of a
secret message. Also, differences in pitch, echo or background noise may raise suspicion.
Like implementing steganography using video files as cover sources, the methods of
detecting hidden information are also a combination of techniques used for images and
audio files. However, a different steganographic technique can be used that is especially
effective when used in video films. The usage of special code signs or gestures is very
difficult to detect with a computer system.

LIMITATIONS OF STEGANOFGRAPHY
There are limitations on the use of steganography due to the size of
the medium being used to hide the data. In order for steganography to be useful the

message should be hidden without any major changes to the object it is being embedded
in. This leaves limited room to embed a message without noticeably changing the original
object. This is most obvious in compressed files where many of the obvious candidates for
embedding data are lost.
Unfortunately, all of the methods mentioned above can also be used
to hide illicit, unauthorized or unwanted activity. What can be done to prevent or detect
issues with steganography? Other uses for steganography range from the trivial to the
abhorrent, including Criminal communications, Fraud, Hacking, Electronic payments,
Gambling, pornography, Harassment, Intellectual property offenses, viruses, pedophilia.

APPLICATIONS : IMPROVED TECHNOLOGY OF STEGNOGRAPHY

In this section, we show that there are many applications for Information Hiding.
Advanced data structures. We can devise data structures to conceal unplanned
information without breaking compatibility with old software. Furthermore, we can devise
advanced data structures that enable us to use small pieces of our hard disks to secretly
conceal important information
Medical imagery. Hospitals and clinical doctors can put together patients exams,
imagery, and their information. When a doctor analyzes a radiological exam, the patients
information is embedded in the image, reducing the possibility of wrong diagnosis and/or
fraud. Medical-image steganography requires extreme care when embedding additional
data within the medical images: the additional information must not affect the image quality
Military agencies. Militaries actions can be based on hidden and protected
communications. Even with crypto-graphed content, the detection of a signal in a modern
battlefield can lead to the rapid identification and attack of the involved parties in the
caution. For this reason, military-grade equipment uses modulation and spread spectrum
techniques in its communications.
Intelligence agencies. Justice and Intelligence agencies are interested in studying these
technologies, and identifying their weaknesses to be able to detect and track hidden
messages
Document authentication. Hidden information bundled into a document can contain a
digital signature that certifies its authenticity.
General communication. People are interested in these techniques to provide more
security in their daily communications. Many governments continue to see the internet,
corporations, and electronic conversations as an opportunity for surveillance
Digital elections and electronic money. Digital elections and electronic money are
based on secret and anonymous communications techniques.
Radar systems. Modern transit radar systems can integrate information collected in a
radar base station, avoiding the need to send separate text and pictures to the receivers
base stations.
Remote sensing. Remote sensing can put together vector maps and digital imagery of a
site, further improving the analysis of cultivated areas, including urban and natural sites,
among others.

CONCLUSION
Steganography is a dynamic tool with a long history and the
capability to adapt to new levels of technology. It has its own place in computer data
security. By the amount of free and commercial tools available today, one can deduce that
the use of steganography is growing. Steganography is just another tool for someone to
use to hide data, and I believe it will be used more often in the future, whether for covert
communication or personal data concealment. Security professionals will surely need to be
aware of its existence as its use becomes more prevalent. Hiding a message with

steganography methods reduces the chance of a message being detected. In and of itself,
steganography is not a good solution to secrecy, but neither is simple substitution and
short block permutation for encryption. But if these methods are combined, you have much
stronger encryption routines. Like any tool, steganography is neither inherently good nor
evil, it is the manner in which it is used which will determine whether it is a benefit or a
detriment to our society.
REFERENCES:

1.

An Introduction to Steganography, Steganalysis, and Digital Watermarking Micah

Losli, Clint Whiteside, Chris Shultz, Erin Sullivan.

2.
3.

Steganography and Steganalysis- J.R. Krenn

Steganography and Steganalysis in Digital Multimedia- Anderson Rocha, Siome
Goldenstein1

4. Steganalysis Gets Past the Hype, G. Goth.

http://diit.sourceforge.net
www.studentyogi.com
http://www.sans.org/reading_room/whitepapers/stenganography/
http://www.slideworld.com
9. www.author stream.com
5.
6.
7.
8.

SUMMARY
The Right to privacyis the most comprehensive of rights and the right
most valued by civilized man.
- Justice Louis Brandies, US Supreme
Court, 1928.

Steganography has been used in various forms for 2500 years.

Steganography is the art and science of hiding information by embedding messages
within other, seemingly harmless messages. It has found use in variously in military,
diplomatic, personal and intellectual property applications. Briefly stated, steganography is
the term applied to any number of processes that will hide a message within an object,
where the hidden message will not be apparent to an observer. This paper will explore
steganography from its earliest instances through potential future application.
Paper contains techniques for steganalysis of images that have been
potentially subjected to steganographic algorithms, both within the passive warden and
active warden frameworks. It describes briefly about various steganalysis attacks. Our
hypothesis is that steganographic schemes leave statistical evidence that can be exploited
for detection with the aid of image quality features and multivariate regression analysis. To
this effect image quality metrics have been identified based on the analysis of variance
(ANOVA) technique as feature sets to distinguish between cover-images and stegoimages. The classifier between cover and stego-images is built using multivariate
regression on the selected quality metrics and is trained based on an estimate of the
original image. Finally it covers the major applications of steganography for human
civilization.

Pafe no . 6, 10th line

that it requires lossless images, which arent as commonly shared as lossy ones. Also, in a