Side-Informed Steganography for JPEG Images by Modeling Decompressed Images

Side-informed steganography has always been among the most secure approaches in the field. However, a majority of existing methods for JPEG images use the side information, here the rounding error, in a heuristic way. For the first time, we show that the usefulness of the rounding error comes from its covariance with the embedding changes. Unfortunately, this covariance between continuous and discrete variables is not analytically available. An estimate of the covariance is proposed, which allows to model steganography as a change in the variance of DCT coefficients. Since steganalysis today is best performed in the spatial domain, we derive a likelihood ratio test to preserve a model of a decompressed JPEG image. The proposed method then bounds the power of this test by minimizing the Kullback-Leibler divergence between the cover and stego distributions. We experimentally demonstrate in two popular datasets that it achieves state-of-the-art performance against deep learning detectors. Moreover, by considering a different pixel variance estimator for images compressed with Quality Factor 100, even greater improvements are obtained.Comment: 13 pages, 7 figures, 1 table, submitted to IEEE Transactions on Information Forensics & Securit

Solving AX-equations

Název práce: Řešení AX-rovnic Autor: Jan Butora Katedra: Katedra algebry Vedoucí diplomové práce: doc. RNDr. Jiří Tůma, DrSc., Katedra algebry Abstrakt: V této práci si představíme pojem AX-rovnic a zaměříme se na dvě takové rovnice. Pomocí podobných technik, vybudujeme pro obě rovnice teorii, která nám umožní vyjádřit počet jejich řešení pouze v závislosti na jejich paramet- rech. Pomocí této teorie pak na příkladě ukážeme, že jednotlivé diferenční kroky, využívané pro diferenční kryptoanalýzu modulárního sčítání, nejsou nezávislé. Navíc na základě této teorie vybudujeme a implementujeme rychlé algoritmy na hledání všech řešení. Klíčová slova: diferenční kryptoanalýza, AX-rovnice, modulární sčítání, přenos, podmínky řešitelnostiTitle: Solving AX-equations Author: Jan Butora Department: Department of algebra Supervisor: doc. RNDr. Jiří Tůma, DrSc., Department of algebra Abstract: In this work, we present concept of AX-equations and focus on two such equations. Using similiar techniques, we build a theory for both equations, which allows us to express number of their solutions based only on their parameters. Using this theory, we demonstrate on an example that differential steps, used in differential cryptanalysis of modular addition, are not independent. Moreover, based on this theory we introduce and implement fast algorithms for searching solutions. Keywords: differential cryptanalysis, AX-equations, modular addition, carry, sol- vability conditionDepartment of AlgebraKatedra algebryMatematicko-fyzikální fakultaFaculty of Mathematics and Physic

Errorless Robust JPEG Steganography using Outputs of JPEG Coders

Robust steganography is a technique of hiding secret messages in images so that the message can be recovered after additional image processing. One of the most popular processing operations is JPEG recompression. Unfortunately, most of today's steganographic methods addressing this issue only provide a probabilistic guarantee of recovering the secret and are consequently not errorless. That is unacceptable since even a single unexpected change can make the whole message unreadable if it is encrypted. We propose to create a robust set of DCT coefficients by inspecting their behavior during recompression, which requires access to the targeted JPEG compressor. This is done by dividing the DCT coefficients into 64 non-overlapping lattices because one embedding change can potentially affect many other coefficients from the same DCT block during recompression. The robustness is then combined with standard steganographic costs creating a lattice embedding scheme robust against JPEG recompression. Through experiments, we show that the size of the robust set and the scheme's security depends on the ordering of lattices during embedding. We verify the validity of the proposed method with three typical JPEG compressors and benchmark its security for various embedding payloads, three different ways of ordering the lattices, and a range of Quality Factors. Finally, this method is errorless by construction, meaning the embedded message will always be readable.Comment: 10 pages, 11 figures, 1 table, submitted to IEEE Transactions on Dependable and Secure Computin

Compatibility and Timing Attacks for JPEG Steganalysis

This paper introduces a novel compatibility attack to detect a steganographic message embedded in the DCT domain of a JPEG image at high-quality factors (close to 100). Because the JPEG compression is not a surjective function, i.e. not every DCT blocks can be mapped from a pixel block, embedding a message in the DCT domain can create incompatible blocks. We propose a method to find such a block, which directly proves that a block has been modified during the embedding. This theoretical method provides many advantages such as being completely independent to Cover Source Mismatch, having good detection power, and perfect reliability since false alarms are impossible as soon as incompatible blocks are found. We show that finding an incompatible block is equivalent to proving the infeasibility of an Integer Linear Programming problem. However, solving such a problem requires considerable computational power and has not been reached for 8x8 blocks. Instead, a timing attack approach is presented to perform steganalysis without potentially any false alarms for large computing power.Comment: Workshop on Information Hiding and Multimedia Security, ACM, Jun 2023, Chicago, United State

Discrete Channel Capacity

Title: Discrete Channel Capacity Author: Jan Butora Department: Department of Algebra Supervisor: doc. Mgr. Štěpán Holub, Ph.D. et Ph.D., Department of Algebra Abstract: This Bachelor thesis introduces and examines C.E. Shannon's discrete channel capacity theory, which was first published in 1948 as one of the founding studies in the field of mathematical information theory. In the first place, possible way of information measurement is presented and communication systems are described. Additionally, emphasis is given to discrete noiseless channel and the theorem on calculating the capacity of such channels is examined and proven. Shannon's proof is examined in detail as it contains several non-trivial results in finite differences. Finally, calculation of channel capacity using the theorem is shown in practice. Keywords: difference equations, generating function, channel capacit

Modèles statistiques pour la stéganographie d'images: Expliquer et remplacer les heuristiques

The steganographic field is nowadays dominated by heuristic approaches for data hiding. While there exist a few model-based steganographic algorithms designed to minimize statistical detectability of the underlying model, many more algorithms based on costs of changing a specific pixel or a DCT coefficient have been over the last decade introduced. These costs are purely heuristic, as they are designed with feedback from detectors implemented as machine learning classifiers. For this reason, there is no apparent relation to statistical detectability, even though in practice they provide comparable security to model-based algorithms. Clearly, the security of such algorithms stands only on the assumption, that the detector used to assess the security, is the best one possible. Such assumption is of course completely unrealistic. Similarly, steganalysis is mainly implemented with empirical machine learning detectors, which use hand-crafted features computed from images or as deep learning detectors - convolutional neural networks. The biggest drawback of this approach is that the steganalyst, even though having a very good detection power, has very little to no knowledge about what part of the image or the embedding algorithm contributes to the detection, because the detector is used as a black box. In this dissertation, we will try to leave the heuristics behind and go towards statistical models. First, we introduce statistical models for current heuristic algorithms, which helps us understand and predict their security trends. Furthemore this allows us to improve the security of such algorithms. Next, we focus on steganalysis exploiting universal properties of JPEG images. Under certain realistic conditions, this leads to a very powerful attack against any steganography, because embedding even a very small secret message breaks the statistical model. Lastly, we show how we can improve security of JPEG compressed images through additional compression.Le domaine de la stéganographie est aujourd'hui dominé par des approches heuristiques pour la dissimulation de données. Bien qu'il existequelques algorithmes stéganographiques basés sur des modèles et conçus pour minimiser la détectabilité statistique du modèle sous-jacent, de nombreux autres algorithmes basés sur les coûts de modification d'un pixel spécifique ou d'un du modèle sous-jacent, de nombreux autres algorithmes basés sur les coûts de modification d'un pixel spécifique ou d'un coefficient DCT ont été introduits au cours de la dernière décennie. Ces coûts sont purement heuristiques, car ils sont conçus à partir des informations fournies par les détecteurs mis en œuvre sous la forme de classificateurs d'apprentissage automatique. Pour cette raison, il n'y a pas de relation apparente avec la détectabilité statistique, même si, dans la pratique, ils fournissent une sécurité comparable à celle des algorithmes basés sur des modèles. Il est clair que la sécurité de ces algorithmes ne repose que sur l'hypothèse où le détecteur utilisé pour évaluer la sécurité est le meilleur possible. Cette hypothèse est bien sûr totalement irréaliste.De même, la stéganalyse est principalement mise en œuvre avec des détecteurs empiriques d'apprentissage automatique, qui utilisent caractéristiques calculées à la main à partir d'images ou des détecteurs d'apprentissage profond - réseaux neuronaux convolutionnels. Le principal inconvénient de cette approche est que le stéganalyseur, même s'il dispose d'un très bon pouvoir de détection, n'a que très peu, voire aucune connaissance de la partie de l'image ou de l'algorithme d'incorporation contribue à la détection, car le détecteur est utilisé comme une boîte noire.Dans cette thèse, nous essaierons d'abandonner l'heuristique et de nous orienter vers des modèles statistiques. Tout d'abord, nous introduisons des modèles statistiques pour les algorithmes heuristiques actuels, ce qui nous aide à comprendre et à prédire leurs tendances en matière de sécurité. En outre, cela nous permet d'améliorer la sécurité de ces algorithmes. Ensuite, nous nous concentrons sur la stéganalyse en exploitant les propriétés universelles des images JPEG. Dans certaines conditions réalistes, cela conduit à une attaque très puissante contre toute stéganographie, parce que l'intégration d'un message secret, même très petit, brise le modèle statistique. Enfin, nous montrons comment nous pouvons améliorer la sécurité des images compressées JPEG grâce à une compression supplémentaire

Solving AX-equations

Title: Solving AX-equations Author: Jan Butora Department: Department of algebra Supervisor: doc. RNDr. Jiří Tůma, DrSc., Department of algebra Abstract: In this work, we present concept of AX-equations and focus on two such equations. Using similiar techniques, we build a theory for both equations, which allows us to express number of their solutions based only on their parameters. Using this theory, we demonstrate on an example that differential steps, used in differential cryptanalysis of modular addition, are not independent. Moreover, based on this theory we introduce and implement fast algorithms for searching solutions. Keywords: differential cryptanalysis, AX-equations, modular addition, carry, sol- vability conditio

Fighting the Reverse JPEG Compatibility Attack: Pick your Side

International audienceIn this work we aim to design a steganographic scheme undetectable by the Reverse JPEG Compatibility Attack (RJCA). The RJCA, while only effective for JPEG images compressed with quality factors 99 and 100, was shown to work mainly due to change in variance of the rounding errors after decompression of the DCT coefficients, which is induced by embedding changes incompatible with the JPEG format. One remedy to preserve the aforementioned format is utilizing during the embedding the rounding errors created during the JPEG compression, but no steganographic method is known to be resilient to RJCA without this knowledge. Inspecting the effect of embedding changes on both variance and mean of decompression rounding errors, we propose a steganographic method allowing resistance against RJCA without any side-information. To reach this goal, we propose a distortion metric making all embedding changes within a DCT block dependent, resulting in a lattice-based embedding. Then it turns out it is enough to cleverly pick the side of the (binary) embedding changes through inspection of their effect on the variance of decompression rounding errors and simply use constant costs in order to enforce their sparsity across DCT blocks. To increase security against detectors in the spatial (pixel) domain, we show an easy way of combining the proposed methodology with steganography designed for spatial domain security, further improving the undetectability for quality factor 99. The improvements over existing non-informed steganography are up to 40% in terms of detector's accuracy

High Quality JPEG Compressor Detection via Decompression Error

International audienceIn this work we will investigate which JPEG compressor was used to develop JPEG images compressed with quality factor100. We will do this by inspecting the rounding errors of the decompressed image. Under a few simple assumptions, we can derive aprobabilistic distribution of such rounding errors and detect whether this signal from a given JPEG image follow such a distribution. However,JPEG compression can be implemented in many different ways, which can greatly affect the assumptions made. This can lead to severeunderperformance of a forensic detector that is not aware of possible differences caused by different compressors. Our results on Alaska datasetshow that we can create a deep learning detector, which will with accuracy close to 100% correctly classify the JPEG compressor used for theimage compression.Dans ce travail, nous allons rechercher quel compresseur JPEG a été utilisé pour développer des images JPEG compressées avec un facteur de qualité de 100. Nous le faisons en inspectant les erreurs d'arrondi de l'image décompressée. Sous quelques hypothèses simples, nous pouvons dériver une distribution probabiliste de ces erreurs d'arrondi et détecter si le signal d'une image JPEG donnée suit une telle distribution. Toutefois, la compression JPEG peut être mise en oeuvre de nombreuses fac ¸ons différentes, ce qui peut affecter considérablement les hypothèses formulées. Cela peut conduire à une sous-performance importante d'un détecteur forensique qui peut être sensible au compresseur. Nos résultats sur le jeu de données Alaska montrent que nous pouvons créer un détecteur d'apprentissage profond qui, avec une précision proche de 100%, détermine quel compresseur JPEG a été utilisé pour la compression de l'image

Breaking ALASKA

International audienceThis paper describes the architecture and training of detectors developed for the ALASKA steganalysis challenge. For each quality factor in the range 60-98, several multi-class tile detectors implemented as SRNets were trained on various combinations of three input channels: luminance and two chrominance channels. To accept images of arbitrary size, the detector for each quality factor was a multi-class multi-layered perceptron trained on features extracted by the tile detectors. For quality 99 and 100, a new "reverse JPEG compatibility attack" was developed and also implemented using the SRNet via the tile detector. Throughout the paper, we explain various improvements we discovered during the course of the competition and discuss the challenges we encountered and trade offs that had to be adopted in order to build a detector capable of detecting steganographic content in a stego source of great diversity