Upper and Lower Bounds on Black-Box Steganography

We study the limitations of steganography when the sender is not using any properties of the underlying channel beyond its entropy and the ability to sample from it. On the negative side, we show that the number of samples the sender must obtain from the channel is exponential in the rate of the stegosystem. On the positive side, we present the first secret-key stegosystem that essentially matches this lower bound regardless of the entropy of the underlying channel. Furthermore, for high-entropy channels, we present the first secret-key stegosystem that matches this lower bound statelessly (i.e., without requiring synchronized state between sender and receiver)

On the Gold Standard for Security of Universal Steganography

While symmetric-key steganography is quite well understood both in the information-theoretic and in the computational setting, many fundamental questions about its public-key counterpart resist persistent attempts to solve them. The computational model for public-key steganography was proposed by von Ahn and Hopper in EUROCRYPT 2004. At TCC 2005, Backes and Cachin gave the first universal public-key stegosystem - i.e. one that works on all channels - achieving security against replayable chosen-covertext attacks (SS-RCCA) and asked whether security against non-replayable chosen-covertext attacks (SS-CCA) is achievable. Later, Hopper (ICALP 2005) provided such a stegosystem for every efficiently sampleable channel, but did not achieve universality. He posed the question whether universality and SS-CCA-security can be achieved simultaneously. No progress on this question has been achieved since more than a decade. In our work we solve Hopper's problem in a somehow complete manner: As our main positive result we design an SS-CCA-secure stegosystem that works for every memoryless channel. On the other hand, we prove that this result is the best possible in the context of universal steganography. We provide a family of 0-memoryless channels - where the already sent documents have only marginal influence on the current distribution - and prove that no SS-CCA-secure steganography for this family exists in the standard non-look-ahead model.Comment: EUROCRYPT 2018, llncs styl

Steganography Based on Random Pixel Selection For Efficient Data Hiding

ABSTRACT In this paper we present a novel steganographic approach to increase the security of the data hidden in a cover RGB image. Here we have used LSB insertion method that hides the bits of a secret message into the least significant bit in the red plane of the pixels within a cover image. The pixels are selected by using a random number generator. It is commonly seen that the changes in the LSB of the colour cannot be detected due to noise that is presents in the digital images by the human visual system. The central idea of the proposed method is to increase security, so the data is embedded only into the red plane of the image. We have also explained the method that extracts the hidden message at the receiving end using a key. The main objective of the paper is to combine both the preferences and the resistance to the visual and statistical attacks for a large amount of the data to be hidden in a cover image

Meteor: Cryptographically Secure Steganography for Realistic Distributions

Despite a long history of research and wide-spread applications to censorship resistant systems, practical steganographic systems capable of embedding messages into realistic communication distributions, like text, do not exist. We identify two primary impediments to deploying universal steganography: (1) prior work leaves the difficult problem of finding samplers for non-trivial distributions unaddressed, and (2) prior constructions have impractical minimum entropy requirements. We investigate using generative models as steganographic samplers, as they represent the best known technique for approximating human communication. Additionally, we study methods to overcome the entropy requirement, including evaluating existing techniques and designing a new steganographic protocol, called Meteor. The resulting protocols are provably indistinguishable from honest model output and represent an important step towards practical steganographic communication for mundane communication channels. We implement Meteor and evaluate it on multiple computation environments with multiple generative models

Steganography and collusion in cryptographic protocols

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2006.Includes bibliographical references (leaves 61-62).Steganography, the hiding of covert messages inside innocuous communication, is an active area of cryptographic research. Recent research has shown that provably undetectable steganography is possible in a wide variety of settings. We believe that the existence of such undetectable steganography will have far reaching implications. In this thesis, we investigate the impact of steganography on the design of cryptographic protocols. In particular, we show that that all existing cryptographic protocols allow malicious players to collude and coordinate their actions by steganographicly hiding covert messages inside legitimate protocol traffic. Such collusion is devastating in many settings, and thus we argue that it's elimination is an important direction for cryptographic research. Defeating such steganographic collusion requires not only new cryptographic protocols, but also a new notion of protocol security. Traditional notions of protocol security attempt to minimize the injuries to privacy and correctness inflicted by malicious participants who collude during run-time. They do not, however, prevent malicious parties from colluding and coordinating their actions in the first place! We therefore put forward the notion of a collusion-free protocol which guarantees that no set of players can use the protocol to maliciously coordinate their actions.(cont.) As should be expected, such a strong notion of security is very difficult to achieve. We show that achieving collusion-free security is impossible in a model with only broadcast communication and that even with physically private communication (e.g. physical envelopes) there are still many ideal functionalities that have no collusion-free protocols. Fortunately, under natural assumptions collusion-free protocols exist for an interesting class of ideal functionalities. Assuming the existence of trapdoor permutations, we construct collusion-free protocols, in a model with both broadcast messages and physical envelopes, for every finite ideal functionality in which all actions are public.by Matthew LepinskiPh.D

Upper and Lower Bounds on Black-Box Steganography

Abstract We study the limitations of steganography when the sender is not using any properties of theunderlying channel beyond its entropy and the ability to sample from it. On the negative side, we show that the number of samples the sender must obtain from the channel is exponential inthe rate of the stegosystem. On the positive side, we present the first secret-key stegosystem that essentially matches this lower bound regardless of the entropy of the underlying chan-nel. Furthermore, for high-entropy channels, we present the first secret-key stegosystem that matches this lower bound statelessly (i.e., without requiring synchronized state between senderand receiver). 1 Introduction Steganography's goal is to conceal the presence of a secret message within an innocuous-looking communication. In other words, steganography consists of hiding a secret hiddentext message within a public covertext to obtain a stegotext in such a way that an unauthorized observer is unable to distinguish between a covertext with a hiddentext and one without. The first rigorous complexity-theoretic formulation of secret-key steganography was provided by Hopper, Langford and von Ahn [10]. In this formulation, steganographic secrecy of a stegosystem is defined as the inability of a polynomial-time adversary to distinguish between observed distributions of unaltered covertexts and stegotexts. (This is in contrast with many previous works, which tended to be information-theoretic in perspective; see, e.g., [4] and other references in [10, 4].