KEYWORDS: Steganalysis, 3D modeling, Steganography, Detection and tracking algorithms, Image processing, Error analysis, Databases, RGB color model, Sensors, Linear filtering
Color interpolation is a form of upsampling, which introduces constraints on the relationship between neighboring pixels in a color image. These constraints can be utilized to substantially boost the accuracy of steganography detectors. In this paper, we introduce a rich model formed by 3D co-occurrences of color noise residuals split according to the structure of the Bayer color filter array to further improve detection. Some color interpolation algorithms, AHD and PPG, impose pixel constraints so tight that extremely accurate detection becomes possible with merely eight features eliminating the need for model richification. We carry out experiments on non-adaptive LSB matching and the content-adaptive algorithm WOW on five different color interpolation algorithms. In contrast to grayscale images, in color images that exhibit traces of color interpolation the security of WOW is significantly lower and, depending on the interpolation algorithm, may even be lower than non-adaptive LSB matching.
The vast majority of steganographic schemes for digital images stored in the raster format limit the amplitude of embedding changes to the smallest possible value. In this paper, we investigate the possibility to further improve the empirical security by allowing the embedding changes in highly textured areas to have a larger amplitude and thus embedding there a larger payload. Our approach is entirely model driven in the sense that the probabilities with which the cover pixels should be changed by a certain amount are derived from the cover model to minimize the power of an optimal statistical test. The embedding consists of two steps. First, the sender estimates the cover model parameters, the pixel variances, when modeling the pixels as a sequence of independent but not identically distributed generalized Gaussian random variables. Then, the embedding change probabilities for changing each pixel by 1 or 2, which can be transformed to costs for practical embedding using syndrome-trellis codes, are computed by solving a pair of non-linear algebraic equations. Using rich models and selection-channel-aware features, we compare the security of our scheme based on the generalized Gaussian model with pentary versions of two popular embedding algorithms: HILL and S-UNIWARD.
State-of-the-art JPEG steganographic algorithms, such as J-UNIWARD, are currently better detected in the spatial domain rather than the JPEG domain. Rich models built from pixel residuals seem to better capture the impact of embedding than features constructed as co-occurrences of quantized JPEG coefficients. However, when steganalyzing JPEG steganographic algorithms in the spatial domain, the pixels’ statistical properties vary because of the underlying 8 × 8 pixel grid imposed by the compression. In order to detect JPEG steganography more accurately, we split the statistics of noise residuals based on their phase w.r.t. the 8 × 8 grid. Because of the heterogeneity of pixels in a decompressed image, it also makes sense to keep the kernel size of pixel predictors small as larger kernels mix up qualitatively different statistics more, losing thus on the detection power. Based on these observations, we propose a novel feature set called PHase Aware pRojection Model (PHARM) in which residuals obtained using a small number of small-support kernels are represented using first-order statistics of their random projections as in the projection spatial rich model PSRM. The benefit of making the features “phase-aware” is shown experimentally on selected modern JPEG steganographic algorithms with the biggest improvement seen for J-UNIWARD. Additionally, the PHARM feature vector can be computed at a fraction of computational costs of existing projection rich models.
This paper is an attempt to analyze the interaction between Alice and Warden in Steganography using the Game Theory. We focus on the modern steganographic embedding paradigm based on minimizing an additive distortion function. The strategies of both players comprise of the probabilistic selection channel. The Warden is granted the knowledge of the payload and the embedding costs, and detects embedding using the likelihood ratio. In particular, the Warden is ignorant about the embedding probabilities chosen by Alice. When adopting a simple multivariate Gaussian model for the cover, the payoff function in the form of the Warden’s detection error can be numerically evaluated for a mutually independent embedding operation. We demonstrate on the example of a two-pixel cover that the Nash equilibrium is different from the traditional Alice’s strategy that minimizes the KL divergence between cover and stego objects under an omnipotent Warden. Practical implications of this case study include computing the loss per pixel of Warden’s ability to detect embedding due to her ignorance about the selection channel.
When a steganalysis detector trained on one cover source is applied to images from a different source, generally
the detection error increases due to the mismatch between both sources. In steganography, this situation is
recognized as the so-called cover source mismatch (CSM). The drop in detection accuracy depends on many
factors, including the properties of both sources, the detector construction, the feature space used to represent
the covers, and the steganographic algorithm. Although well recognized as the single most important factor
negatively affecting the performance of steganalyzers in practice, the CSM received surprisingly little attention
from researchers. One of the reasons for this is the diversity with which the CSM can manifest. On a series of
experiments in the spatial and JPEG domains, we refute some of the common misconceptions that the severity
of the CSM is tied to the feature dimensionality or their “fragility.” The CSM impact on detection appears too
difficult to predict due to the effect of complex dependencies among the features. We also investigate ways to
mitigate the negative effect of the CSM using simple measures, such as by enlarging the diversity of the training
set (training on a mixture of sources) and by employing a bank of detectors trained on multiple different sources
and testing on a detector trained on the closest source.
Recently, a new steganographic method was introduced that utilizes a universal distortion function called UNIWARD. The distortion between the cover and stego image is computed as a sum of relative changes of wavelet coefficients representing both images. As already pointed out in the original publication, the selection channel of the spatial version of UNIWARD (the version that hides messages in pixel values called S-UNIWARD) exhibits unusual properties – in highly textured and noisy regions the embedding probabilities form interleaved streaks of low and high embedding probability. While the authors of UNIWARD themselves hypothesized that such an artifact in the embedding probabilities may jeopardize its security, experiments with state-of-the-art rich models did not reveal any weaknesses. Using the fact that the cover embedding probabilities can be approximately estimated from the stego image, we introduce the novel concept of content-selective residuals and successfully attack S-UNIWARD. We also show that this attack, which is made possible by a faulty probabilistic selection channel, can be prevented by properly adjusting the stabilizing constant in the UNIWARD distortion function.
In this paper, we propose a method for estimation of camera lens distortion correction from a single image. Without relying on image EXIF, the method estimates the parameters of the correction by searching for a maximum energy of the so-called linear pattern introduced into the image during image acquisition prior to lens distortion correction. Potential applications of this technology include camera identification using sensor fingerprint, narrowing down the camera model, estimating the distance between the photographer and the subject, forgery detection, and improving the reliability of image steganalysis (detection of hidden data).
The design of both steganography and steganalysis methods for digital images heavily relies on empirically
justified principles. In steganography, the domain in which the embedding changes are executed is usually
the preferred domain in which to measure the statistical impact of embedding (to construct the distortion
function). Another principle almost exclusively used in steganalysis states that the most accurate detection
is obtained when extracting the steganalysis features from the embedding domain. While a substantial body
of prior art seems to support these two doctrines, this article challenges both principles when applied to the
JPEG format. Through a series of targeted experiments on numerous older as well as current steganographic
algorithms, we lay out arguments for why measuring the embedding distortion in the spatial domain can be
highly beneficial for JPEG steganography. Moreover, as modern embedding algorithms avoid introducing easily
detectable artifacts in the statistics of quantized DCT coefficients, we demonstrate that more accurate detection
is obtained when constructing the steganalysis features in the spatial domain where the distortion function is
minimized, challenging thus both established doctrines.
In camera identification using sensor fingerprint, it is absolutely essential that the fingerprint and the noise residual from a given test image be synchronized. If the signals are desynchronized due to a geometrical transformation, fingerprint detection becomes significantly more complicated. Besides constructing the detector in an invariant transform domain (which limits the type of the geometrical transformation) a more general approach is to maximize the generalized likelihood ratio with respect to the transform parameters, which requires a potentially expensive search and numerous resamplings of the entire image (or fingerprint). In this paper, we propose a measure that significantly reduces the search complexity by reducing the need to resample the entire image to a much smaller subset of the signal called the fingerprint digest. The technique can be applied to an arbitrary geometrical distortion that does not involve spatial shifts, such as digital zoom and non-linear lens-distortion correction.
In an attempt to alleviate the negative impact of unavailable cover model, some steganographic schemes utilize the knowledge of the so-called “precover” when embedding secret data. The precover is typically a higherresolution (unquantized) representation of the cover, such as the raw sensor output before it is converted to an 8-bit per channel color image. The precover object is only available to the sender but not to the Warden, which seems to give a fundamental advantage to the sender. In this paper, we provide theoretical insight for why side-informed embedding schemes for empirical covers might provide high level of security. By adopting a piece-wise polynomial model corrupted by AWGN for the content, we prove that when the cover is sufficiently non-stationary, embedding by minimizing distortion w.r.t. the precover is more secure than by preserving a model estimated from the cover (the so-called model-based steganography). Moreover, the side-informed embedding enjoys four times lower steganographic Fisher information than LSB matching.
In this paper, we propose a regression framework for steganalysis of digital images that utilizes the recently proposed rich models – high-dimensional statistical image descriptors that have been shown to substantially improve classical (binary) steganalysis. Our proposed system is based on gradient boosting and utilizes a steganalysis-specific variant of regression trees as base learners. The conducted experiments confirm that the proposed system outperforms prior quantitative steganalysis (both structural and feature-based) across a wide range of steganographic schemes: HUGO, LSB replacement, nsF5, BCHopt, and MME3.
KEYWORDS: Steganalysis, Steganography, Quantization, Error analysis, Neptunium, Digital watermarking, Signal to noise ratio, Linear filtering, Sensors, Interference (communication)
Today, the most reliable detectors of steganography in empirical cover sources, such as digital images coming from a known source, are built using machine-learning by representing images with joint distributions (co-occurrences) of neighboring noise residual samples computed using local pixel predictors. In this paper, we propose an alternative statistical description of residuals by binning their random projections on local neighborhoods. The size and shape of the neighborhoods allow the steganalyst to further diversify the statistical description and thus improve detection accuracy, especially for highly adaptive steganography. Other key advantages of this approach include the possibility to model long-range dependencies among pixels and making use of information that was previously underutilized in the marginals of co-occurrences. Moreover, the proposed approach is much more flexible than the previously proposed spatial rich model, allowing the steganalyst to obtain a significantly better trade off between detection accuracy and feature dimensionality. We call the new image representation the Projection Spatial Rich Model (PSRM) and demonstrate its effectiveness on HUGO and WOW – two current state-of-the-art spatial-domain embedding schemes.
In this paper, we propose a rich model of DCT coefficients in a JPEG file for the purpose of detecting steganographic
embedding changes. The model is built systematically as a union of smaller submodels formed as joint
distributions of DCT coefficients from their frequency and spatial neighborhoods covering a wide range of statistical
dependencies. Due to its high dimensionality, we combine the rich model with ensemble classifiers and
construct detectors for six modern JPEG domain steganographic schemes: nsF5, model-based steganography,
YASS, and schemes that use side information at the embedder in the form of the uncompressed image: MME,
BCH, and BCHopt. The resulting performance is contrasted with previously proposed feature sets of both low
and high dimensionality. We also investigate the performance of individual submodels when grouped by their
type as well as the effect of Cartesian calibration. The proposed rich model delivers superior performance across
all tested algorithms and payloads.
A standard way to design steganalysis features for digital images is to choose a pixel predictor, use it to compute
a noise residual, and then form joint statistics of neighboring residual samples (co-occurrence matrices). This
paper proposes a general data-driven approach to optimizing predictors for steganalysis. First, a local pixel
predictor is parametrized and then its parameters are determined by solving an optimization problem for a given
sample of cover and stego images and a given cover source. Our research shows that predictors optimized to
detect a specific case of steganography may be vastly different than predictors optimized for the cover source
only. The results indicate that optimized predictors may improve steganalysis by a rather non-negligible margin.
Furthermore, we construct the predictors sequentially - having optimized k predictors, design the k + 1st one
with respect to the combined feature set built from all k predictors. In other words, given a feature space (image
model) extend (diversify) the model in a selected direction (functional form of the predictor) in a way that
maximally boosts detection accuracy.
Computational photography is quickly making its way from research labs to the market. Recently, camera manufacturers
started using in-camera lens-distortion correction of the captured image to give users more powerful
range of zoom in compact and affordable cameras. Since the distortion correction (barrel/pincushion) depends
on the zoom, it desynchronizes the pixel-to-pixel correspondence between images taken at two different focal
lengths. This poses a serious problem for digital forensic methods that utilize the concept of sensor fingerprint
(photo-response non-uniformity), such as "image ballistic" techniques that can match an image to a specific camera.
Such techniques may completely fail. This paper presents an extension of sensor-based camera identification
to images corrected for lens distortion. To reestablish synchronization between an image and the fingerprint,
we adopt a barrel distortion model and search for its parameter to maximize the detection statistic, which is
the peak to correlation energy ratio. The proposed method is tested on hundreds of images from three compact
cameras to prove the viability of the approach and demonstrate its efficiency.
By working with high-dimensional representations of covers, modern steganographic methods are capable of
preserving a large number of complex dependencies among individual cover elements and thus avoid detection
using current best steganalyzers. Inevitably, steganalysis needs to start using high-dimensional feature sets as
well. This brings two key problems - construction of good high-dimensional features and machine learning that
scales well with respect to dimensionality. Depending on the classifier, high dimensionality may lead to problems
with the lack of training data, infeasibly high complexity of training, degradation of generalization abilities, lack
of robustness to cover source, and saturation of performance below its potential. To address these problems
collectively known as the curse of dimensionality, we propose ensemble classifiers as an alternative to the much
more complex support vector machines. Based on the character of the media being analyzed, the steganalyst first
puts together a high-dimensional set of diverse "prefeatures" selected to capture dependencies among individual
cover elements. Then, a family of weak classifiers is built on random subspaces of the prefeature space. The
final classifier is constructed by fusing the decisions of individual classifiers. The advantage of this approach is
its universality, low complexity, simplicity, and improved performance when compared to classifiers trained on
the entire prefeature set. Experiments with the steganographic algorithms nsF5 and HUGO demonstrate the
usefulness of this approach over current state of the art.
Most steganographic schemes for real digital media embed messages by minimizing a suitably defined distortion
function. In practice, this is often realized by syndrome codes which offer near-optimal rate-distortion performance.
However, the distortion functions are designed heuristically and the resulting steganographic algorithms
are thus suboptimal. In this paper, we present a practical framework for optimizing the parameters of additive
distortion functions to minimize statistical detectability. We apply the framework to digital images in both spatial
and DCT domain by first defining a rich parametric model which assigns a cost of making a change at every
cover element based on its neighborhood. Then, we present a practical method for optimizing the parameters
with respect to a chosen detection metric and feature space. We show that the size of the margin between support
vectors in soft-margin SVMs leads to a fast detection metric and that methods minimizing the margin tend
to be more secure w.r.t. blind steganalysis. The parameters obtained by the Nelder-Mead simplex-reflection
algorithm for spatial and DCT-domain images are presented and the new embedding methods are tested by blind
steganalyzers utilizing various feature sets. Experimental results show that as few as 80 images are sufficient for
obtaining good candidates for parameters of the cost model, which allows us to speed up the parameter search.
The goal of temporal forensics is to establish temporal relationship among two or more pieces of evidence. In this paper, we focus on digital images and describe a method using which an analyst can estimate the acquisition time of an image given a set of other images from the same camera whose time ordering is known. This is achieved by first estimating the parameters of pixel defects, including their onsets, and then detecting their presence in the image under investigation. Both estimators are constructed using the maximum-likelihood principle. The accuracy and limitations of this approach are illustrated on experiments with three cameras. Forensic and law-enforcement analysts are expected to benefit from this technique in situations when the temporal data stored in the EXIF header is lost due to processing or editing images off-line or when the header cannot be trusted. Reliable methods for establishing temporal order between individual pieces of evidence can help reveal deception attempts of an adversary or a criminal. The causal relationship may also provide information about the whereabouts of the photographer.
In camera identification using sensor noise, the camera that took a given image can be determined with high certainty
by establishing the presence of the camera's sensor fingerprint in the image. In this paper, we develop methods to reveal
counter-forensic activities in which an attacker estimates the camera fingerprint from a set of images and pastes it onto
an image from a different camera with the intent to introduce a false alarm and, in doing so, frame an innocent victim.
We start by classifying different scenarios based on the sophistication of the attacker's activity and the means available
to her and to the victim, who wishes to defend herself. The key observation is that at least some of the images that were
used by the attacker to estimate the fake fingerprint will likely be available to the victim as well. We describe the socalled
"triangle test" that helps the victim reveal attacker's malicious activity with high certainty under a wide range of
conditions. This test is then extended to the case when none of the images that the attacker used to create the fake
fingerprint are available to the victim but the victim has at least two forged images to analyze. We demonstrate the test's
performance experimentally and investigate its limitations. The conclusion that can be made from this study is
that planting a sensor fingerprint in an image without leaving a trace is significantly more difficult than previously
thought.
Sensor fingerprint is a unique noise-like pattern caused by slightly varying pixel dimensions and inhomogeneity of the
silicon wafer from which the sensor is made. The fingerprint can be used to prove that an image came from a specific
digital camera. The presence of a camera fingerprint in an image is usually established using a detector that evaluates
cross-correlation between the fingerprint and image noise. The complexity of the detector is thus proportional to the
number of pixels in the image. Although computing the detector statistic for a few megapixel image takes several
seconds on a single-processor PC, the processing time becomes impractically large if a sizeable database of camera
fingerprints needs to be searched through. In this paper, we present a fast searching algorithm that utilizes special
"fingerprint digests" and sparse data structures to address several tasks that forensic analysts will find useful when
deploying camera identification from fingerprints in practice. In particular, we develop fast algorithms for finding if a
given fingerprint already resides in the database and for determining whether a given image was taken by a camera
whose fingerprint is in the database.
In digital image forensics, it is generally accepted that intentional manipulations of the image content are
most critical and hence numerous forensic methods focus on the detection of such 'malicious' post-processing.
However, it is also beneficial to know as much as possible about the general processing history of an image,
including content-preserving operations, since they can affect the reliability of forensic methods in various ways.
In this paper, we present a simple yet effective technique to detect median filtering in digital images-a widely
used denoising and smoothing operator. As a great variety of forensic methods relies on some kind of a linearity
assumption, a detection of non-linear median filtering is of particular interest. The effectiveness of our method
is backed with experimental evidence on a large image database.
In this paper, we propose a practical approach to minimizing embedding impact in steganography based on syndrome
coding and trellis-coded quantization and contrast its performance with bounds derived from appropriate
rate-distortion bounds. We assume that each cover element can be assigned a positive scalar expressing the impact
of making an embedding change at that element (single-letter distortion). The problem is to embed a given
payload with minimal possible average embedding impact. This task, which can be viewed as a generalization of
matrix embedding or writing on wet paper, has been approached using heuristic and suboptimal tools in the past.
Here, we propose a fast and very versatile solution to this problem that can theoretically achieve performance
arbitrarily close to the bound. It is based on syndrome coding using linear convolutional codes with the optimal
binary quantizer implemented using the Viterbi algorithm run in the dual domain. The complexity and memory
requirements of the embedding algorithm are linear w.r.t. the number of cover elements. For practitioners,
we include detailed algorithms for finding good codes and their implementation. Finally, we report extensive
experimental results for a large set of relative payloads and for different distortion profiles, including the wet
paper channel.
YASS is a steganographic algorithm for digital images that hides messages robustly in a key-dependent transform
domain so that the stego image can be subsequently compressed and distributed as JPEG. Given the fact that
state-of-the-art blind steganalysis methods of 2007, when YASS was proposed, were unable to reliably detect
YASS, in this paper we steganalyze YASS using several recently proposed general-purpose steganalysis feature
sets. The focus is on blind attacks that do not capitalize on any weakness of a specific implementation of the
embedding algorithm. We demonstrate experimentally that twelve different settings of YASS can be reliably
detected even for small embedding rates and in small images. Since none of the steganalysis feature sets is in
any way targeted to the embedding of YASS, future modifications of YASS will likely be detectable by them as
well.
This paper presents a large scale test of camera identification from sensor fingerprints. To overcome the problem of
acquiring a large number of cameras and taking the images, we utilized Flickr, an existing on-line image sharing site. In
our experiment, we tested over one million images spanning 6896 individual cameras covering 150 models. The
gathered data provides practical estimates of false acceptance and false rejection rates, giving us the opportunity to
compare the experimental data with theoretical estimates. We also test images against a database of fingerprints,
simulating thus the situation when a forensic analyst wants to find if a given image belongs to a database of already
known cameras. The experimental results set a lower bound on the performance and reveal several interesting new facts
about camera fingerprints and their impact on error analysis in practice. We believe that this study will be a valuable
reference for forensic investigators in their effort to use this method in court.
It is a well-established result that steganographic capacity of perfectly secure stegosystems grows linearly with
the number of cover elements-secure steganography has a positive rate. In practice, however, neither the
Warden nor the Steganographer has perfect knowledge of the cover source and thus it is unlikely that perfectly
secure stegosystems for complex covers, such as digital media, will ever be constructed. This justifies study of
secure capacity of imperfect stegosystems. Recent theoretical results from batch steganography, supported by
experiments with blind steganalyzers, point to an emerging paradigm: whether steganography is performed in a
large batch of cover objects or a single large object, there is a wide range of practical situations in which secure
capacity rate is vanishing. In particular, the absolute size of secure payload appears to only grow with the square
root of the cover size. In this paper, we study the square root law of steganographic capacity and give a formal
proof of this law for imperfect stegosystems, assuming that the cover source is a stationary Markov chain and
the embedding changes are mutually independent.
Quantitative steganalyzers are important in forensic steganalysis
as they can estimate the payload, or, more precisely, the number of
embedding changes in the stego image. This paper proposes a general
method for constructing quantitative steganalyzers from features used
in blind detectors. The method is based on support vector regression,
which is used to learn the mapping between a feature vector extracted
from the image and the relative embedding change rate. The performance is evaluated by constructing quantitative steganalyzers for eight steganographic methods for JPEG files, using a 275-dimensional feature set. Error distributions of within- and between-image errors are empirically estimated for Jsteg and nsF5. For Jsteg, the accuracy is compared to state-of-the-art quantitative steganalyzers.
In this paper, we extend our camera identification technology based on sensor noise to a more general setting when
the image under investigation has been simultaneously cropped and scaled. The sensor fingerprint detection is
formulated using hypothesis testing as a two-channel problem and a detector is derived using the generalized
likelihood ratio test. A brute force search is proposed to find the scaling factor which is then refined in a detailed
search. The cropping parameters are determined from the maximum of the normalized cross-correlation between two
signals. The accuracy and limitations of the proposed technique are tested on images that underwent a wide range of
cropping and scaling, including images that were acquired by digital zoom. Additionally, we demonstrate that sensor
noise can be used as a template to reverse-engineer in-camera geometrical processing as well as recover from later
geometrical transformations, thus offering a possible application for re-synchronizing in digital watermark detection.
A JPEG image is double-compressed if it underwent JPEG compression twice, each time with a different quantization
matrix but with the same 8 × 8 grid. Some popular steganographic algorithms (Jsteg, F5, OutGuess)
naturally produce such double-compressed stego images. Because double-compression may signficantly change
the statistics of DCT coefficients, it negatively influences the accuracy of some steganalysis methods developed
under the assumption that the stego image was only single-compressed. This paper presents methods for detection
of double-compression in JPEGs and for estimation of the primary quantization matrix, which is lost during
recompression. The proposed methods are essential for construction of accurate targeted and blind steganalysis
methods for JPEG images, especially those based on calibration. Both methods rely on support vector machine
classifiers with feature vectors formed by histograms of low-frequency DCT coefficients.
In this paper, we study the problem of identifying digital camera sensor from a printed picture. The sensor is identified
by proving the presence of its Photo-Response Non-Uniformity (PRNU) in the scanned picture using camera ID
methods robust to cropping and scaling. Two kinds of prints are studied. The first are postcard size (4" by 6") pictures
obtained from common commercial printing labs. These prints are always cropped to some degree. In the proposed
identification, a brute force search for the scaling ratio is deployed while the position of cropping is determined from
the cross-correlation surface. Detection success mostly depends on the picture content and the quality of the PRNU
estimate. Prints obtained using desktop printers form the second kind of pictures investigated in this paper. Their
identification is complicated by complicated geometric distortion due to imperfections in paper feed. Removing this
distortion is part of the identification procedure. From experiments, we determine the range of conditions under which
reliable sensor identification is possible. The most influential factors in identifying the sensor from a printed picture
are the accuracy of angular alignment when scanning, printing quality, paper quality, and size of the printed picture.
In this paper, we study how specific design principles and elements of steganographic schemes for the JPEG
format influence their security. Our goal is to shed some light on how the choice of the embedding operation and
domain, adaptive selection channels, and syndrome coding influence statistical detectability. In the experimental
part of this paper, the detectability is evaluated using a state-of-the-art blind steganalyzer and the results are
contrasted with several adhoc detectability measures, such as the embedding distortion. We also report the
first results of our steganalysis of the recently proposed YASS algorithm and compare its security to other
steganographic methods for the JPEG format.
Blind steganalysis based on classifying feature vectors derived from images is becoming increasingly more powerful.
For steganalysis of JPEG images, features derived directly in the embedding domain from DCT coefficients
appear to achieve the best performance (e.g., the DCT features10 and Markov features21). The goal of this paper
is to construct a new multi-class JPEG steganalyzer with markedly improved performance. We do so first by extending
the 23 DCT feature set,10 then applying calibration to the Markov features described in21 and reducing
their dimension. The resulting feature sets are merged, producing a 274-dimensional feature vector. The new feature
set is then used to construct a Support Vector Machine multi-classifier capable of assigning stego images to
six popular steganographic algorithms-F5,22 OutGuess,18 Model Based Steganography without ,19 and with20
deblocking, JP Hide&Seek,1 and Steghide.14 Comparing to our previous work on multi-classification,11, 12 the
new feature set provides significantly more reliable results.
KEYWORDS: Video, Video compression, Sensors, Optical sensors, Video surveillance, Digital imaging, Image compression, Internet, Video processing, Digital cameras
Photo-response non-uniformity (PRNU) of digital sensors was recently proposed [1] as a unique identification fingerprint
for digital cameras. The PRNU extracted from a specific image can be used to link it to the digital camera that took the
image. Because digital camcorders use the same imaging sensors, in this paper, we extend this technique for
identification of digital camcorders from video clips. We also investigate the problem of determining whether two video
clips came from the same camcorder and the problem of whether two differently transcoded versions of one movie came
from the same camcorder. The identification technique is a joint estimation and detection procedure consisting of two
steps: (1) estimation of PRNUs from video clips using the Maximum Likelihood Estimator and (2) detecting the presence
of PRNU using normalized cross-correlation. We anticipate this technology to be an essential tool for fighting piracy of
motion pictures. Experimental results demonstrate the reliability and generality of our approach.
KEYWORDS: Cameras, Sensors, Optical filters, Error analysis, Denoising, Image compression, Statistical analysis, Signal detection, Digital imaging, Signal to noise ratio
In this paper, we revisit the problem of digital camera sensor identification using photo-response non-uniformity noise
(PRNU). Considering the identification task as a joint estimation and detection problem, we use a simplified model for
the sensor output and then derive a Maximum Likelihood estimator of the PRNU. The model is also used to design
optimal test statistics for detection of PRNU in a specific image. To estimate unknown shaping factors and determine
the distribution of the test statistics for the image-camera match, we construct a predictor of the test statistics on small
image blocks. This enables us to obtain conservative estimates of false rejection rates for each image under Neyman-
Pearson testing. We also point out a few pitfalls in camera identification using PRNU and ways to overcome them by
preprocessing the estimated PRNU before identification.
In this paper, we propose a general framework and practical coding methods for constructing steganographic
schemes that minimize the statistical impact of embedding. By associating a cost of an embedding change with
every element of the cover, we first derive bounds on the minimum theoretically achievable embedding impact
and then propose a framework to achieve it in practice. The method is based on syndrome codes with low-density
generator matrices (LDGM). The problem of optimally encoding a message (e.g., with the smallest embedding
impact) requires a binary quantizer that performs near the rate-distortion bound. We implement this quantizer
using LDGM codes with a survey propagation message-passing algorithm. Since LDGM codes are guaranteed
to achieve the rate-distortion bound, the proposed methods are guaranteed to achieve the minimal embedding
impact (maximal embedding efficiency). We provide detailed technical description of the method for practitioners
and demonstrate its performance on matrix embedding.
Matrix embedding is a general coding method that can be applied to most steganographic schemes to improve their embedding efficiency-the number of message bits embedded per one embedding change. Because smaller number of embedding changes is less likely to disrupt statistic properties of the cover object, schemes that employ matrix embedding generally have better steganographic security. This gain is more important for long messages than for shorter ones because longer messages are easier to detect. Previously introduced approaches to matrix embedding based on Hamming codes are, however, not efficient for long messages. In this paper, we present novel matrix embedding schemes that are effcient for embedding messages close to the embedding capacity. One is based on a family of codes constructed from simplex codes and the second one on random linear codes of small dimension. The embedding effciency of the proposed methods is evaluated with respect to theoretically achievable bounds.
We present a new approach to detection of forgeries in digital images under the assumption that either the camera that took the image is available or other images taken by that camera are available. Our method is based on detecting the presence of the camera pattern noise, which is a unique stochastic characteristic of imaging sensors, in individual regions in the image. The forged region is determined as the one that lacks the pattern noise. The presence of the noise is established using correlation as in detection of spread spectrum watermarks. We proposed two approaches. In the first one, the user selects an area for integrity verification. The second method attempts to automatically determine the forged area without assuming any a priori knowledge. The methods are tested both on examples of real forgeries and on non-forged images. We also investigate how further image processing applied to the forged image, such as lossy compression or filtering, influences our ability to verify image integrity.
Construction of steganographic schemes in which the sender and the receiver do not share the knowledge about the location of embedding changes requires wet paper codes. Steganography with non-shared selection channels empowers the sender as now he is able to embed secret data by utilizing arbitrary side information, including a high-resolution version of the cover object (perturbed quantization steganography), local properties of the cover (adaptive steganography), and even pure randomness, e.g., coin flipping, for public key steganography. In this paper, we propose a new approach to wet paper codes using random linear codes of small codimension that at the same time improves the embedding efficiency-the number of message bits embedded per embedding change. We describe a practical algorithm, test its performance experimentally, and compare the results to theoretically achievable bounds. We point out an interesting ripple phenomenon that should be taken into account by practitioners. The proposed coding method can be modularly combined with most steganographic schemes to allow them to use non-shared selection channels and, at the same time, improve their security by decreasing the number of embedding changes.
In this paper, we construct blind steganalyzers for JPEG images capable of assigning stego images to known steganographic programs. Each JPEG image is characterized using 23 calibrated features calculated from the luminance component of the JPEG file. Most of these features are calculated directly from the quantized DCT coefficients as their first order and higher-order statistics. The features for cover images and stego images embedded with three different relative message lengths are then used for supervised training. We use a support vector machine (SVM) with Gaussian kernel to construct a set of binary classifiers. The binary classifiers are then joined into a multi-class SVM using the Max-Win algorithm. We report results for six popular JPEG steganographic schemes (F5, OutGuess, Model based steganography, Model based steganography with deblocking, JP Hide and Seek, and Steghide). Although the main bulk of results is for single compressed stego images, we also report some preliminary results for double-compressed images created using F5 and OutGuess. This paper demonstrates that it is possible to reliably classify stego images to their embedding techniques. Moreover, this approach shows promising results for tackling the diffcult case of double compressed images.
KEYWORDS: Cameras, Steganalysis, Digital imaging, Databases, Image compression, Wavelets, Distortion, Steganography, Quantization, Signal to noise ratio
The contribution of this paper is two-fold. First, we describe an improved version of a blind steganalysis method previously proposed by Holotyak et al. and compare it to current state-of-the-art blind steganalyzers. The features for the blind classifier are calculated in the wavelet domain as higher-order absolute moments of the noise residual. This method clearly shows the benefit of calculating the features from the noise residual because it increases the features' sensitivity to embedding, which leads to improved detection results. Second, using this detection engine, we attempt to answer some fundamental questions, such as "how much can we improve the reliability of steganalysis given certain a priori side-information about the image source?" Moreover, we experimentally compare the security of three steganographic schemes for images stored in a raster format - (1) pseudo-random ±1 embedding using ternary matrix embedding, (2) spatially adaptive ternary ±1 embedding, and (3) perturbed quantization while converting a 16-bit per channel image to an 8-bit gray scale image.
This paper is an extension of our work on stego key search for JPEG images published at EI SPIE in 2004. We provide a more general theoretical description of the methodology, apply our approach to the spatial domain, and add a method that determines the stego key from multiple images. We show that in the spatial domain the stego key search can be made significantly more efficient by working with the noise component of the image obtained using a denoising filter. The technique is tested on the LSB embedding paradigm and on a special case of embedding by noise adding (the ±1 embedding). The stego key search can be performed for a wide class of steganographic techniques even for sizes of secret message well below those detectable using known methods. The proposed strategy may prove useful to forensic analysts and law enforcement.
In this paper, we propose a new method for estimation of the number of embedding changes for non-adaptive ±k embedding in images. By modeling the cover image and the stego noise as additive mixture of random processes, the stego message is estimated from the stego image using a denoising filter in the wavelet domain. The stego message estimate is further analyzed using ML/MAP estimators to identify the pixels that were modified during embedding. For non-adaptive ±k embedding, the density of embedding changes is estimated from selected segments of the stego image. It is shown that for images with a low level of noise (e.g., for decompressed JPEG images) this approach can detect and estimate the number of embedding changes even for small values of k, such as k=2, and in some cases even for k=1.
Hiding data in binary images can facilitate the authentication and annotation of important document images in digital domain. A representative approach is to first identify pixels whose binary color can be flipped without introducing noticeable artifacts, and then embed one bit in each non-overlapping block by adjusting the flippable pixel values to obtain the desired block parity. The distribution of these flippable pixels is highly uneven across the image, which is handled by random shuffling in the literature. In this paper, we revisit the problem of data embedding for binary images and investigate the incorporation of a most recent steganography framework known as the wet paper coding to improve the embedding capacity. The wet paper codes naturally handle the uneven embedding capacity through randomized projections. In contrast to the previous approach, where only a small portion of the flippable pixels are actually utilized in the embedding, the wet paper codes allow for a high utilization of pixels that have high flippability score for embedding, thus giving a significantly improved embedding capacity than the previous approach. The performance of the proposed technique is demonstrated on several representative images. We also analyze the perceptual impact and capacity-robustness relation of the new approach.
In this paper, we show that the communication channel known as writing in memory with defective cells is a relevant information-theoretical model for a specific case of passive warden steganography when the sender embeds a secret message into a subset C of the cover object X without sharing the selection channel C with the recipient. The set C could be arbitrary, determined by the sender from the cover object using a deterministic, pseudo-random, or a truly random process. We call this steganography “writing on wet paper” and realize it using low-density random linear codes with the encoding step based on the LT process. The importance of writing on wet paper for covert communication is discussed within the context of adaptive steganography and perturbed quantization steganography. Heuristic arguments supported by tests using blind steganalysis indicate that the wet paper steganography provides improved steganographic security for embedding in JPEG images and is less vulnerable to attacks when compared to existing methods with shared selection channels.
In this paper, we propose a new method for estimating the number of embedding changes for non-adaptive ±K embedding in images. The method uses a high-pass FIR filter and then recovers an approximate message length using a Maximum Likelihood Estimator on those stego image segments where the filtered samples can be modeled using a stationary Generalized Gaussian random process. It is shown that for images with a low noise level, such as decompressed JPEG images, this method can accurately estimate the number of embedding changes even for K=1 and for embedding rates as low as 0.2 bits per pixel. Although for raw, never compressed images the message length estimate is less accurate, when used as a scalar parameter for a classifier detecting the presence of ±K steganography, the proposed method gave us relatively reliable results for embedding rates as low as 0.5 bits per pixel.
In this paper, we demonstrate that it is possible to use the sensor’s pattern noise for digital camera identification from images. The pattern noise is extracted from the images using a wavelet-based denoising filter. For each camera under investigation, we first determine its reference noise, which serves as a unique identification fingerprint. This could be done using the process of flat-fielding, if we have the camera in possession, or by averaging the noise obtained from multiple images, which is the option taken in this paper. To identify the camera from a given image, we consider the reference pattern noise as a high-frequency spread spectrum watermark, whose presence in the image is established using a correlation detector. Using this approach, we were able to identify the correct camera out of 9 cameras without a single misclassification for several hundred images. Furthermore, it is possible to perform reliable identification even from images that underwent subsequent JPEG compression and/or resizing. These claims are supported by experiments on 9 different cameras including two cameras of exactly same model (Olympus C765).
In this paper, we present a new method for estimating the secret message length of bit-streams embedded using the Least
Significant Bit embedding (LSB) at random pixel positions. We introduce the concept of a weighted stego image and
then formulate the problem of determining the unknown message length as a simple optimization problem. The
methodology is further refined to obtain more stable and accurate results for a wide spectrum of natural images. One of
the advantages of the new method is its modular structure and a clean mathematical derivation that enables elegant
estimator accuracy analysis using statistical image models.
Steganalysis in the wide sense consists of first identifying suspicious objects and then further analysis during which
we try to identify the steganographic scheme used for embedding, recover the stego key, and finally extract the
hidden message. In this paper, we present a methodology for identifying the stego key in key-dependent
steganographic schemes. Previous approaches for stego key search were exhaustive searches looking for some
recognizable structure (e.g., header) in the extracted bit-stream. However, if the message is encrypted, the search
will become much more expensive because for each stego key, all possible encryption keys would have to be tested.
In this paper, we show that for a very wide range of steganographic schemes, the complexity of the stego key search
is determined only by the size of the stego key space and is independent of the encryption algorithm. The correct
stego key can be determined through an exhaustive stego key search by quantifying statistical properties of samples
along portions of the embedding path. The correct stego key is then identified by an outlier sample distribution.
Although the search methodology is applicable to virtually all steganographic schemes, in this paper we focus on
JPEG steganography. Search techniques for spatial steganographic techniques are treated in our upcoming paper.
In lossless watermarking, it is possible to completely remove the embedding distortion from the watermarked image
and recover an exact copy of the original unwatermarked image. Lossless watermarks found applications in fragile
authentication, integrity protection, and metadata embedding. It is especially important for medical and military
images. Frequently, lossless embedding disproportionably increases the file size for image formats that contain lossless
compression (RLE BMP, GIF, JPEG, PNG, etc...). This partially negates the advantage of embedding information as
opposed to appending it. In this paper, we introduce lossless watermarking techniques that preserve the file size. The
formats addressed are RLE encoded bitmaps and sequentially encoded JPEG images. The lossless embedding for the
RLE BMP format is designed in such a manner to guarantee that the message extraction and original image
reconstruction is insensitive to different RLE encoders, image palette reshuffling, as well as to removing or adding
duplicate palette colors. The performance of both methods is demonstrated on test images by showing the capacity,
distortion, and embedding rate. The proposed methods are the first examples of lossless embedding methods that
preserve the file size for image formats that use lossless compression.
In this paper, we describe a new higher-order steganalytic method called Pairs Analysis for detection of secret messages embedded in digital images. Although the approach is in principle applicable to many different steganographic methods as well as image formats, it is ideally suited to 8-bit images, such as GIF images, where message bits are embedded in LSBs of indices to an ordered palette. The EzStego algorithm with random message spread and optimized palette order is used as an embedding archetype on which we demonstrate Pairs Analysis and compare its performance with the chi-square attacks and our previously proposed RS steganalysis. Pairs Analysis enables more reliable and accurate message detection than previous methods. The method was tested on databases of GIF images of natural scenes, cartoons, and computer-generated images. The experiments indicate that the relative steganographic capacity of the EzStego algorithm with random message spread is less than 10% of the total image capacity (0.1 bits per pixel).
In this paper, we present a new steganographic paradigm for digital images in raster formats. Message bits are embedded in the cover image by adding a weak noise signal with a specified but arbitrary probabilistic distribution. This embedding mechanism provides the user with the flexibility to mask the embedding distortion as noise generated by a particular image acquisition device. This type of embedding will lead to more secure schemes because now the attacker must distinguish statistical anomalies that might be created by the embedding process from those introduced during the image acquisition itself. Unlike previously proposed schemes, this new approach, that we call stochastic modulation, achieves oblivious data transfer without using noise extraction algorithms or error correction. This leads to higher capacity (up to 0.8 bits per pixel) and a convenient and simple implementation with low embedding and extraction complexity. But most importantly, because the embedding noise can have arbitrary properties that approximate a given device noise, the new method offers better security than existing methods. At the end of this paper, we extend stochastic modulation to a content-dependent device noise and we also discuss possible attacks on this scheme based on the most recent advances in steganalysis.
In this paper, we present general methodology for developing attacks on steganographic systems for the JPEG image format. The detection first starts by decompressing the JPEG stego image, geometrically distorting it (e.g., by cropping), and recompressing. Because the geometrical distortion breaks the quantized structure of DCT coefficients during recompression, the distorted/recompressed image will have many macroscopic statistics approximately equal to those of the cover image. We choose such macroscopic statistic S that also predictably changes with the embedded message length. By doing so, we estimate the unknown message length by comparing the values of S for the stego image and the cropped/recompressed stego image. The details of this detection methodology are explained on the F5 algorithm and OutGuess. The accuracy of the message length estimate is demonstrated on test images for both algorithms. Finally, we identify two limitations of the proposed approach and show how they can be overcome to obtain accurate detection in every case. The paper is closed with outlining a condition that must be satisfied by all secure high-capacity steganographic algorithms for JPEGs.
Steganography is the art of hiding the very presence of communication by embedding secret messages into innocuous looking cover documents, such as digital images. Detection of steganography, estimation of message length, and its extraction belong to the field of steganalysis. Steganalysis has recently received a great deal of attention both from law enforcement and the media. In our paper, we classify and review current stego-detection algorithms that can be used to trace popular steganographic products. We recognize several qualitatively different approaches to practical steganalysis - visual detection, detection based on first order statistics (histogram analysis), dual statistics methods that use spatial correlations in images and higher-order statistics (RS steganalysis), universal blind detection schemes, and special cases, such as JPEG compatibility steganalysis. We also present some new results regarding our previously proposed detection of LSB embedding using sensitive dual statistics. The recent steganalytic methods indicate that the most common paradigm in image steganography - the bit-replacement or bit substitution - is inherently insecure with safe capacities far smaller than previously thought.
Lossless data embedding has the property that the distortion due to embedding can be completely removed from the watermarked image without accessing any side channel. This can be a very important property whenever serious concerns over the image quality and artifacts visibility arise, such as for medical images, due to legal reasons, for military images or images used as evidence in court that may be viewed after enhancement and zooming. We formulate two general methodologies for lossless embedding that can be applied to images as well as any other digital objects, including video, audio, and other structures with redundancy. We use the general principles as guidelines for designing efficient, simple, and high-capacity lossless embedding methods for three most common image format paradigms - raw, uncompressed formats (BMP), lossy or transform formats (JPEG), and palette formats (GIF, PNG). We close the paper with examples of how the concept of lossless data embedding can be used as a powerful tool to achieve a variety of non-trivial tasks, including elegant lossless authentication using fragile watermarks. Note on terminology: some authors coined the terms erasable, removable, reversible, invertible, and distortion-free for the same concept.
In this paper, we study the security of fragile image authentication watermarks that can localize tampered areas. We start by comparing the goals, capabilities, and advantages of image authentication based on watermarking and cryptography. Then we point out some common security problems of current fragile authentication watermarks with localization and classify attacks on authentication watermarks into five categories. By investigating the attacks and vulnerabilities of current schemes, we propose a variation of the Wong scheme18 that is fast, simple, cryptographically secure, and resistant to all known attacks, including the Holliman-Memon attack9. In the new scheme, a special symmetry structure in the logo is used to authenticate the block content, while the logo itself carries information about the block origin (block index, the image index or time stamp, author ID, etc.). Because the authentication of the content and its origin are separated, it is possible to easily identify swapped blocks between images and accurately detect cropped areas, while being able to accurately localize tampered pixels.
In this paper, we introduce a new forensic tool that can reliably detect modifications in digital images, such as distortion due to steganography and watermarking, in images that were originally stored in the JPEG format. The JPEG compression leave unique fingerprints and serves as a fragile watermark enabling us to detect changes as small as modifying the LSB of one randomly chosen pixel. The detection of changes is based on investigating the compatibility of 8x8 blocks of pixels with JPEG compression with a given quantization matrix. The proposed steganalytic method is applicable to virtually all steganongraphic and watermarking algorithms with the exception of those that embed message bits into the quantized JPEG DCT coefficients. The method can also be used to estimate the size of the secret message and identify the pixels that carry message bits. As a consequence of our steganalysis, we strongly recommend avoiding using images that have been originally stored in the JPEG format as cover-images for spatial-domain steganography.
In this paper, we present two new methods for authentication of digital images using invertible watermarking. While virtually all watermarking schemes introduce some small amount of non-invertible distortion in the image, the new methods are invertible in the sense that, if the image is deemed authentic, the distortion due to authentication can be removed to obtain the original image data. Two techniques are proposed: one is based on robust spatial additive watermarks combined with modulo addition and the second one on lossless compression and encryption of bit-planes. Both techniques provide cryptographic strength in verifying the image integrity in the sense that the probability of making a modification to the image that will not be detected can be directly related to a secure cryptographic element, such as a has function. The second technique can be generalized to other data types than bitmap images.
In this paper, we describe new and improved attacks on the authentication scheme previously proposed by Yeung and Mintzer. Previous attacks assumed that the binary watermark logo inserted in an image for the purposes of authentication was known. Here we remove that assumption and show how the scheme is still vulnerable, even if the binary logo is not known but the attacker has access to multiple images that have been watermarked with the same secret key and contain the same (but unknown) logo. We present two attacks. The first attack infers the secret watermark insertion function and the binary logo, given multiple images authenticated with the same key and containing the same logo. We show that a very good approximation to the logo and watermark insertion function can be constructed using as few as two images. With color images, one needs many more images, nevertheless the attack is still feasible. The second attack we present, which we call the 'collage-attack' is a variation of the Holliman-Memon counterfeiting attack. The proposed variation does not require knowledge of the watermark logo and produces counterfeits of superior quality by means of a suitable dithering process that we develop.
Digital watermarks have recently been proposed for authentication and fingerprinting of both video data and still images and for integrity verification of visual multimedia. In such applications, the watermark must be oblivious and has to depend on a secret key and on the original image. It is important that the dependence on the key be sensitive, while the dependence on the image be continuous (robust). Both requirements can be satisfied using special image digest (hash) functions that return the same bit-string for whole class of images derived from an original image using common processing operations including rotation and scaling. It is further required that two completely different images produce completely different bit-strings. In this paper, we extend our previous work on robust image digest functions describing ideas how to make the hash function independent of image orientation and size. The robust image digest can be clearly utilized for other applications, such as a search index for an efficient image database search.
KEYWORDS: Digital watermarking, Distortion, Image compression, Digital filtering, Visibility, Modulation, Image processing, Digital image processing, Image filtering, Information security
A methodology for comparing robustness of watermarking techniques is proposed. The techniques are first modified into a standard form to make comparison possible. The watermark strength is adjusted for each technique so that a certain perceptual measure of image distortion based on spatial masking is below a predetermined value. Each watermarking technique is further modified into two versions for embedding watermarks consisting of one and 60-bits, respectively. Finally, each detection algorithm is adjusted so that the probability of false detections is below a specified threshold. A family of typical image distortions is selected and parametrized by a distortion parameter. For the one-bit watermark, the robustness with respect to each image distortion is evaluated by increasing the distortion parameter and registering at which value the watermark bit is lost. The bit error rate is used for evaluating the robustness of the 60-bit watermark. The methodology is explained with two frequency-based spread spectrum techniques. The paper is closed with an attempt to introduce a formal definition of robustness.
KEYWORDS: Digital watermarking, Image compression, Image filtering, Nonlinear filtering, Linear filtering, Digital filtering, Sensors, Electronic filtering, Image processing, Binary data
Low-frequency watermarks and watermarks generated using spread spectrum techniques have complementary robustness properties. In this paper, we combine both watermarking paradigms to design an oblivious watermark that is capable of surviving an extremely wide range of severe image distortions. An image is first watermarked with a low- frequency pattern and then a spread spectrum signal is added to the watermarked image. Since both watermarks are embedded in a different portion of the frequency space, they do not interfere. For the low-frequency watermark, we modify the NEC scheme so that the original image is not needed for watermark extraction. The image is first normalized nd the watermark is embedded into the lowest frequency discrete cosine modes by encoding a binary pattern using a special quantization-like function. The low-frequency watermark is combined with a spread spectrum signal added to the middle frequencies of a DCT. The resulting double watermarked image is extremely robust with respect to a very wide range of quite severe image distortions including low-pass filtering, pixel permutations, JPEG compression, noise adding, and nonlinear deformations of the signal, such as gamma correction, histogram manipulations, and dithering.
Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks.
You are receiving this notice because your organization may not have SPIE eBooks access.*
*Shibboleth/Open Athens users─please
sign in
to access your institution's subscriptions.
To obtain this item, you may purchase the complete book in print or electronic format on
SPIE.org.
INSTITUTIONAL Select your institution to access the SPIE Digital Library.
PERSONAL Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.