Unseen: An Overview of Steganography andPresentation of Associated Java ApplicationC-HideJessica Codr, [email protected] (A project report written under theguidance of Prof. Raj Jain)DownloadABSTRACT:People have desired to keep certain sensitive communications secret for thousands of years. In our new ageof digital media and internet communications, this need often seems even more pressing. This paper presentsgeneral information about steganography, the art of data hiding. The paper provides an overview ofsteganography, general forms of steganography, specific steganographic methods, and recent developments inthe field. The information presented in this paper is also applied to a program developed by the author, andsome sample runs of the program are presented.KEYWORDS:steganography, steganalysis, data hiding, data security, data embedding, stego-objects, watermarking, secretcommunications, secret messages, hidden messages, hidden channel, covert channel, LSB alterationsTABLE OF CONTENTS:Introduction and OverviewSteganography Versus Cryptology1.Characteristics of Strong Steganography2.Origins of Steganography3.1.Cover Media and General Steganography TechniquesDigital Media1.Text2.Network Communications3.2.Specific Steganographic TacticsLeast Significant Bit Alterations1.Transform Domain Techniques2.Data Dispersal and Feature Modification Techniques3.Non-Image Techniques4.3.Cutting-Edge DevelopmentsNovel View of Steganography1.Advances with JPEGs2.Advances with Networks3.Steganalysis and Artificial Intelligence4.Other Recent Developments5.4.Unseen: An Overview of Steganography and Presentation of Associated Java Application C-Hidehttp://www.cse.wustl.edu/~jain/cse571-09/ftp/stegano/index.html 1 of 21Author's Application and ConclusionsMy Application: Description1.My Application: Results and Evaluation2.Final Conclusions3.5.ReferencesAcronymsAppendix A: Additional TermsAppendix B: Puzzle SolutionsAppendix C: Java Application Design Choices1. Introduction and OverviewHave you ever set up code words for talking with your friends so that you could convey something to themwithout those nearby knowing you were doing so? Perhaps you established a code word or signal to be usedat a party to indicate you were bored and ready to go home or, if you are more devious, established a systemto cheat at a card game. If you have done anything like this, you have used steganography. Steganography isthe art of hiding a message so that only the intended recipient knows it is there. In the most widely citeddescription of steganography, two prisoners, Alice and Bob, are trying to plan a jail escape while under thewatchful eye of Warden Wendy. Wendy will not tolerate suspicious behavior, such as passing notes that areclearly encrypted. So Alice and Bob communicate such that it seems they are talking about somethingharmless (such as the weather or their families) when they are actually planning an escape (cited in[Bergmair06] from [Simmons84]). From this simple theoretical example, many steganographic techniques andpractices have spawned and have helped improve data security in the real world.1.1. Steganography Versus CryptologyIn the "real world", steganography, like cryptology, is intended to add a layer of security to communicationsso that pesky eavesdroppers don't know what Alice is saying to Bob. However, unlike cryptology,steganography is not meant to obscure the message, but to obscure the fact that there is a message at all.Attacks against cryptography take what is known to be an encrypted message and attempt to decrypt themessage. Attacks against steganography take what seems to be an ordinary image, text, multimedia file, orother document and determine whether or not there is another message hidden within.Steganography and cryptography are strongest when combined. A message sent in secret (steganography) inan encrypted form (cryptography) is much more secure than a "plain text" message sent by secret means or aclearly sent encrypted message. There are some cases in which steganography can take the place ofcryptography; for instance German bans on encrypting radio communications were recently countered byapplying steganography to radio communications [Westfeld06]. Generally, however, steganography "is notintended to replace cryptography but supplement it" [Johnson95].Steganography, like cryptography, also has its own set of terminology. In steganography, cover refers to themedia in which a message is hidden. Covertexts and coverimages are texts and images used as covers,respectively. A stego-object is the cover with the secret message embedded in it.Steganography also has an additional branch known as watermarking, which is a means of hiding data withina cover in order to mark that cover and prevent duplication or unauthorized use. Whereas pure steganographyhides data completely, watermarking is meant to be detectable but unalterable. Watermarks can be applied totext documents containing intellectual property, art work, music files, movies, or anything that an author orowner does not want others to use or copy without proper authorization. The watermark verifies a media fileUnseen: An Overview of Steganography and Presentation of Associated Java Application C-Hidehttp://www.cse.wustl.edu/~jain/cse571-09/ftp/stegano/index.html 2 of 21owner's right to use it. If the watermark can be removed, systems that check watermarks to see if the user isauthorized to have the media just see an ordinary file with no protection and allow the owner to use it. Thus,watermarks must be "hidden" so as not to damage the media and must be detectable by an outside system, butnot removable [Lu05][Katzenbeisser00]. This discussion of the purpose of watermarking leads into a moregeneral discussion of the goals of strong steganography, presented in the next subsection.1.2. Characteristics of Strong SteganographyThough steganography's most obvious goal is to hide data, there are several other related goals used to judge amethod's steganographic strength. These include capacity (how much data can be hidden), invisibility(inability for humans to detect a distortion in the stego-object), undetectability (inability for a computer to usestatistics or other computational methods to differentiate between covers and stego-objects), robustness(message's ability to persist despite compression or other common modifications), tamper resistance(message's ability to persist despite active measures to destroy it), and signal to noise