sign in sign up
<<
Home , Traffic analysis

Appendix A: Hiding Data in Network Traffic

Various network protocols have characteristics that can be used to hide information [23, 34, 69]. TCP/IP packets are used to transport information and an uncountable number of packets are transmitted daily over the . Any of these packets can provide a covert communication channel. The packet headers have unused space or other values that can be manipulated to hide information. However, filters can be set to detect information in the "unused" or reserved spaces. One way to circumvent this detection is to take advantage of information in the headers that typically go unchecked by most systems. Such information includes the values for sequence and identification numbers. Covert-tcp is a tool that takes advantage of TCPIIP headers to pass hidden messages in apparently innocent network traffic [69]. The packets being sent may appear as initial connection requests, established data streams, or other intermediate steps in transmission. The data is embedded in the IP packet identification and TCP sequence number fields. These fields are less likely to be distorted due to network routing or filtering.

Hiding in the Header - Identification Field

Figure 67 illustrates the layout of the IP packet headers. The IP identification (IPID) field assists with the re-assembly of packet data by remote routers and host systems. The value of the field provides a unique number so if packets get fragmented along a route, they can be reassembled in the proper order. Encoding information in the IPID involves replacing the 112 Appendicies

16-bit numerical value with a value that contains the representation of the encoded information (a 16-bit numerical value may be as large as 65,535).

IP Header Bits ~ o 4 8 16 19 24 32

IVERS HLEN I Service Type Total Length

I Identification I Flags I Fragment Offset ------I Source IP Address

Destination IP Address

I IP Options ------I Data

Figure 67. Sample IP Header

Simply substituting an ASCII value in place of the IPID will work, but results in identification values from 0 through 255; too small to be realistic. An option is to base the IPID on a function of the ASCII values. A solution is to make the IPID the product of the ASCII value and some fixed "key." In this example the key is 256 (the size of the ASCII set). This key provides a range of values from 0 through 65,280. Dividing the IPID value by 256 results in the decoding of the embedded ASCII value. Table 5 illustrates hiding the word "Neil" (ASCII values 78, 101, 105 108) in the IPID field of four IP packets as viewed from a TCP Dump. (Two bytes can be sent using the same technique. The characters Ne can be represented with the IPID value of 20069 and il can be represented as the value 26988). Appendix A: Hiding Data in Network Traffic 113

Table 5. Encoding "Neil" in the IP Identification Field Encoding (view from TCPDump) Decoding Packet One: Packet One: 18:50:13.551117 ... (ttl 64, id 19968/256) sender.mydomain.com.7180> [ASCII: 78 (N) ) receiver.mydomain.com.www:S537657344: 537657344(0) win 512 (ttl 64, id 19968)

Packet Two: Packet Two: 18:50:14.551117 ... (ttl 64, id 25856/256) sender.mydomain.com.51727 > [ASCII: 101(e») receiver.mydomain.com.www:S1393295360 :1393295360(0) win 512 (ttl 64, id 25856)

Packet Three: Packet Three: 18:50:15.551117 ... (ttl 64, id 26880/256) sender.mydomain.com.9473 > [ASCII: 105 (i») receiver.mydomain.com.www:S3994419200 :3994419200(0) win 512 (ttl 64, id 26880)

Packet Four: Packet Four: 18:50:16.551117 .,. (ttl 64, id 27648/256) sender.mydomain.com.41727 > [ASCII: 108(1») receiver.mydomain.com.www:S1393295360 :1393295360(0) win 512 (ttl 64, id 27648)

Hiding in the TCP Header - Sequence Number Field

Figure 68 illustrates the layout of the TCP packet headers. The sequence number (SEQ) field is a 32-bit number that enables a client to establish a reliable protocol negotiation with a remote server. A 32-bit number can range in values from 0 to 4,294,967,295 (quite a bit if information can be hidden in this value). 114 Appendicies

'l'CP Header f• Bits -7 o 4 8 16 19 24 32

Source Port Destination Port I ------Sequence NUmber I

Acknowledgment Number

IHLEN Reserved I Bits Window

Checksum Urgent Pointer

Options Padding

Data

Figure 68. Sample TCP Header

Table 6 illustrates hiding the word "Neil" (ASCn values 78, 101, 105 108) in the SEQ field of four IP packets as viewed from a TCP Dump. Like in the previous example, simply using the ASCn values 0 through 255 produces SEQ numbers that are too small to produce realistic values for the sequence numbers.

Table 6. Encoding "Neil" in the TCP Sequence Number Field Encoding (view from 'l'CPDump) Decoding Packet One: Packet One: 18: 50: 29.071117 ... S 1303511040/16711680 sender.mydomain.com.45321 > [ASCII: 78 (N) ] receiver.mydomain.com.www:S1303511040 :1303511040(O} win 512 (ttl 64, id 49408)

Packet Two: Packet Two: 18:50:30.071117 ... S 1687879680/16711680 sender.mydomain.com.65292 > [ASCII: 101 (e) ] receiver.mydomain.com.www:S1687879680 :1687879680(O} win 512 (ttl 64, id 47616)

Packet Three: Packet Three: 18: 50: 31. 071117 ... S 1754726400/16711680 sender.mydomain.com.25120 > [ASCII: 105 (i) ] receiver.mydomain.com.www:S1754726400 :1754726400(O} win 512 (ttl 64, id 41984)

Packet Four: Packet Four: 18: 50: 32.071117 . .. S 1804861440/16711680 sender.mydomain.com.37291 > [ASCII: 108(l}] receiver.mydomain.com.www:S1804861440 :1804861440(O} win 512 (ttl 64, id 37315) Appendix A: Hiding Data in Network Traffic 115

Since the values for a SEQ can be as large as 4,294,967,295, a larger multiplier (16,711,680 = 65,280*256) is used. This provides values ranging from 0 to 4,261,478,400 when multiplied by the appropriate ASCII values. Since the SEQ is such a large value, four bytes of information can easily be passed in a single packet header. For example, Neil can be sent as the single value 1,340,352,872. Dividing the SEQ value by 16,711,680 will result in the decoding the embedded ASCII value. The process selected in these two examples is simple and straightforward. Any function can be used in selecting values for these fields as long as the result complies with the restrictions of the carrier. Appendix B: Glossary of Methods to Distort Stego• Images

These descriptions and definitions are based on the processing instructions and descriptions from the software used to perform the manual image processing test for distortion in Chapter 3. This appendix has the definitions ordered in three sections. This appendix defines processes for image conversions, image processing techniques, and methods and options for image color reduction.

IMAGE CONVERSIONS

24-bit color to 8-bit color Converting 24-bit color images to 8-bit color image format. For options used in color reduction, (see the subsection Color Reduction Options, Methods, and Dithering below).

24-bit color to 8-bit grayscale Converting 24-bit color images to 8-bit grayscale image format.

8-bit color to 8-bit grayscale Converting 8-bit color images to 8-bit grayscale image format. This test is only applied to images surviving the 24-bit color to 8-bit color conversion.

JPEG Compression Joint Photographic Experts Group compression is a compression technique that supports 24-bit images and can reduce a file size by as much as 96%. It removes some color information while retaining the brightness data. At higher compressions it can result in a visible loss of quality. It does not support transparency or layers. JPEG is best for photographs and for images that contain a variety of tonal values. 118 Appendicies

IMAGE PROCESSING

Blur Blurring smoothes transitions and decreases contrast by averaging the pixels next to hard edges of defined lines and areas where there are significant color transitions.

Add noise Adding noise to an image reduces the amount of detail in an image and creates a grainy texture. Two types of noise insertion are Random and Uniform.

Random Noise Inserts random colored pixels to an image.

Uniform Noise Inserts pixels and colors that more closely resemble the original pixels.

Noise Reduction Reduces noise by adjusting colors and averaging pixel values. Two filters for noise reduction are Despeckle and Median Cut.

DespeckJe The Despecke filter blurs an image except at its edges and areas of contrast.

Median Cut The Median Cut filter removes noise by averaging the colors in an image one pixel at a time. It calculates the median of a block of pixels around the pixel in question and then sets the pixel's value to the median.

Sharpen Sharpen filters produce the opposite effect of the Blur filters by increasing the contrast between adjacent pixels where there are significant color contrasts, usually at the edges of objects.

Edge Enhancement Enhance Edge Filter increases the contrast along the edges in the image.

Rotate Moves an image around its center point in a given plane.

Scale and Resize Scaling and resizing include ways to increase or decrease an image's dimensions. Scaling or resizing involves duplicating or removing pixels as necessary to achieve the selected width and height of an image. It produces better results than the resampling methods when used with hard-edged images. Appendix B: Glossary of Methods to Distort Stego-Images 119

Resample Resampling involves an interpolation process to minimize the "raggedness" normally associated with expanding an image. As applied here, interpolation smoothes out rough spots by estimating how the "missing" pixels should appear, and then filling them with the appropriate color. It produces better results than the simply scaling or resizing with photo-realistic images and with images that are irregular or complex.

Soften Softening applies a uniform blur to an image to smooth edges and reduce contrasts. Smoothing causes less distortion than blurring.

Crop Cropping eliminates areas of an image outside a specified boundary.

Mirror Reverses the image horizontally. What was the left side becomes the right side, and the right becomes the left.

Flip Flipping an image reverses it vertically. What was the top becomes the bottom, and the bottom becomes the top. Flipping produces the same effect as rotating an image 1800 and then mirroring.

Watermark Embedding an additional watermark for the tests.

Stego (LSB) Embedding an additional message with a steganography tool using the LSBs for the tests.

Symmetric Scale and Resample Symmetric resize and resample. See scale, resize, and resample above.

Asymmetric Stretch and Stretch• A stretch is an asymmetric resize or resample. The Resample image is only manipulated in height or width, not both. See scale, resize, and resample above.

COLOR REDUCTION OPTIONS, METHODS, AND DITHERING

Color Reduction Options Optimized Median Cut The palette is generated using the Heckbert median cut algorithm. The palette uses occurrence of colors as weighing, and ranks accordingly. It is accurate to 5 bits per channel. Even if the image contains fewer colors than the palette that is generated, this method may not represent each color exactly. 120 Appendicies

Optimized Octree The Optimized Octree method generates a palette more quickly than the Optimized Median Cut method. It is accurate to 8 bits per channel, but it is not as good at weighing color importance as the other method. If the image contains fewer colors than the palette that is generated, every color in the image is represented in the palette.

Web Safe Palette The standard palette is a generic palette that contains a balanced number of 252 colors. For images created for the Web, it produces images that can be viewed without color distortion on most monitors.

Color Reduction Methods Nearest Color Match The Nearest Color method replaces the original color of a pixel with the color in the newly generated palette that is closest to its RGB value.

Order Dither The Ordered Dither method adjusts adjacent pixels of different colors to give the illusion of a third color. It uses set patterns based on a known palette to change the color. This method can result in distinct patterns of light and dark areas. Dithering is a technique for simulating colors that are missing from an image file's palette. The missing colors are simulated by intermingling pixels of two or more palette colors. If the unavailable color differs too greatly from the colors in the image's palette, dithering produces a grainy or mottled appearance.

Error Diffusion The Error Diffusion method uses the most similar color in the palette, and it spreads any discrepancy between the old and new color to the surrounding pixels. After a color is replaced, the "error," or discrepancy is added to the next pixel, before selecting the nearest color. This process is repeated for every pixel in the image. Error diffusion dithering is a popular dithering method. The "error" in the title refers to the cumulative difference between the actual values of pixels in the image and their "true" values if they were all set to their correct colors. By reducing this error, error diffusion dithering produces image quality that is superior to that achieved by non-error adjusted dithering. Appendix B: Glossary of Methods to Distort Stego-Images 121

Dithering Methods and Options

Reduce Color Bleeding Error diffusion dithering causes colors to bleed. Color bleed is most noticeable in images with hard vertical edges because the edges are softened by the "travelling" color. The option to Reduce Color Bleeding lessens the left-to-right color bleed by applying a fractional coefficient to the error value. By reducing the error value, less color information is carried from one pixel to the next.

Include Windows Palette Include Windows colors, means that the 16 standard Windows colors are included in the palette. References

1. Anandan, P. A Computational Framework and an Algorithm for the Measurement of Visual Motion. International Journal of Computer Vision, 2:283-310, 1989. 2. Anderson, R. (ed.), Information Hiding: First International Workshop, Proceedings, Cambridge, UK, Lecture Notes in Computer Science, vol. 1174, Berlin, Heidelberg, New York: Springer-Verlag, 1996. 3. Anderson R., F. Petitcolas, On the Limits of Steganography. IEEE Journal on Selected Areas in Communications, 16(4):474-481, 1998 4. Anderson R., R. Needham, A. Shamir. The Steganographic File System, in [9], 1998. 5. Anonymous ([email protected]). UnZign, Tool for testing the robustness of digital watermarks. http://altem.org/watermarklI997. 6. Anonymous, Author alias: Black Wolf. StegoDos - Black Wolf's Picture Encoder vO.90B, Public Domain. ftp://ftp.csua. berkeley .eduipub/cypherpunks/steganography/StegoDos.zip. 7. Anonymous. How to reverse engineer Steganos (First Step): Speed up brute force cracking, http://www.fravia.orglmrCsteg.htm. February 1998. 8. Arachelian, Ray (alias: Arsen). White Noise Storm™, Shareware ©1992, 1993, 1994. ftp://ftp.csua.berkeley .edulpub/cypherpunks/steganography/wns21 O.zip. 9. Aucsmith, David, (ed.), Information Hiding: Second International Workshop, Portland, Oregon, USA. Lecture Notes in Computer Science, vol. 1525, Berlin Heidelberg New York: Springer-Verlag, 1998. 10. Bancroft, C. Genomic Steganography: Amplifiable Microdots. Talk provided at Biomolecular Computation Worksop: Its Potential and Applications, National Science Foundation, Arlington, Virginia, 1 October 1999. 11. Bender W., D. GruW, N. Morimoto, A. Lu. Techniques for Data Hiding, IBM Systems Journal 35(3&4):313-336, 1996. 12. Brassil J., L. O'Gorman, N.F. Maxemchuk, S.H. Low. Document Marking and Identification using Both Line and Word Shifting, Infocom, Boston, April, pp. 853- 860, 1995. ftp:l/ftp.research.att.comldistibrassillI995/infocom95.ps.Z. 124 References

13. Braudaway, G.W. Protecting Publicly-Available Images with an Invisible Watermark. Proceedings of the (ICIP97) IEEE International Conference on Image Processing, Santa Barbara, CA, USA, 1997. 14. Brown, Andy. S-Toolsfor Windows, Shareware 1994. ftp://idea.sec.dsi.unimi.itJpub/security/cryptJcode/s-tools3.zip (version 3), ftp://idea.sec.dsi.unimi.itJpub/security/cryptJcode/s-tools4.zip (version 4.0) 15. Brown, W., B.J. Shepherd. Graphics File Formats: Reference and Guide. Greenwich, CT: Manning Publications. 1995. 16. Caronni, G. Assuring Ownership Rights for Digital Images, in Reliable IT Systems, Wiesbaden: Vieweg Publications, 1995. 17. Cha S.D., G.H. Park, H.K. Lee. A Solution to the Image Downgrading Problem. ACSAC pp. 108-112, 1995. 18. Clelland C.T., V. Risca, C. Bancroft. Hiding Messages in DNA Microdots. Nature, 399(6736):533-534, 1999. 19. Cole, E. Steganography. Information System Security paper, George Mason University, 1997. 20. Cox I., J. Kilian, T. Shamoon, T. Leighton. A Secure, Robust Watermark for Multimedia. In: [2] pp. 185-206,1996. 21. Cox I., J. Kilian, T. Leighton, T. Shamoon. Secure Spread Spectrum Watermarking for Multimedia. Technical Report 95-10, NEC Research Institute, 1995. 22. Craver S., N. Memon, B. Yeo, N.M.Yeung. Resolving Rightful Ownerships with Invisible Watermarking Techniques: Limitations, attacks, and implications. IEEE Journal on Selected Areas in Communications, 16(4):573-586, 1998. 23. Digimarc Corporation: PictureMarc™, MarcSpider™, http://www.digimarc.com 24. Dunigan, T. Internet Steganography. Oak Ridge National Laboratory, Computing Information and Networking Division, Technical Report (ORNUTM-13XXX) Restricted Distribution, October 1998. 25. Duric Z., N.F. Johnson, S. Jajodia. Recovering Watermarks from Images. Technical Report ISE-TR-99-04, Center for Secure Information Systems, George Mason University, April 1999. 26. Flickner M, et al. Query by Image and Video Content: The QBIC System. IEEE Computer, 28(9):23-32, 1995. 27. Flynn, J. A Journey within Steganos, http://www.fravia.orglfly_Ol.htm 28. Frankel C., M.J. Swain, V. Athitsos. WebSeer - An Image Search Engine for the World Wide Web. University of Chicago, Computer Science Department, Technical Report 96-14, 1996. 29. Franz E., A. Jerichow, S. Moller, A. Pfitzmann, I. Stierand. Computer Based Steganography: How It Works And Why Therefore Any Restrictions On Cryptography Are Nonsense, At Best, in: [2] pp. 7-21, 1996. 30. Foley J., A. van Dam, S. Feiner, J. Hughes. Computer Graphics: Principles and Practice, 2nd ed. New York: Addison-Wesley, 1990. 31. Gehani A., T.H. LaBean, J.H. Reif. DNA-based Cryptography, in [89], 2000. 32. Grhul D., W. Bender. Information Hiding to Foil the Casual Counterfeiter, in [9], pp. 1-15, 1998. 33. Gruhl D., W. Bender, A. Lu. Echo Hiding, in [2], pp. 295-315,1996. 34. Handel T.G., M.T. Stanford, III. Hiding Data in the OSI Network Model, in: [2] pp. 23-38, 1996. 35. Hansmann, F. Steganos. Deus Ex Machina Communications. http://www.steganography.com. References 125

36. Hastur, Henry. MandelSteg and GIFExtract, ftp:l/ftp.dsi.unimi.itlpub/seCurity/crypt/code; Stealth for PGP v 1.1, ftp://ftp.netcom.com. 37. Heckbert, P. Color Image Quantization for Frame Buffer Display, ACM Computer Graphics, 16(3):297-307, July 1982. 38. Jaime, B. Digital Image Processing, 4th ed. Berlin Heidelberg New York: Springer• Verlag, 1997. 39. Johnson, Neil F. In Search of the Right Image: Recognition and Tracking of Images in Image Databases, Collections, and The Internet, Center for Secure Information Systems, George Mason University, Technical Report CSIS-TR-99-05-nfj, May 1999. 40. Johnson, Neil F. Steganography. Information System Security paper, George Mason University, 1995. http://isse.gmu.edul-njohnsonlstegdoc/ 41. Johnson Neil F., S. Jajodia. Exploring Steganography: Seeing the Unseen,IEEE Computer, 31(2):26-34, February 1998 42. Johnson Neil F., S. Jajodia. Steganalysis of Images Created Using Current Steganography Software, in [9], 1998. 43. Johnson Neil F., Z. Duric, S. Jajodia. A Role of Digital Watermarking in Electronic Commerce, accepted for publication by the ACM 1999. 44. Kahn, David. The Codebreakers, 2nd edition. New York: Macmillan, 1996. 45. Kashyap V., K. Shah, A. Sheth. Metadata for Building the Multimedia Patch Quilt, in [76], pp. 297-319,1996. 46. Katzenbeisser Stefan, Fabien A. P. Petitcolas (eds.), Information Hiding Techniques for Steganography and Digital Watermarking, Cambridge, Massachusetts: Artech House Books, 2000. 47. Koch E., J. Rindfrey, 1. Zhao. Copyright Protection for Multimedia Data. Proceedings of the International Conference on Digital Media and Electronic Publishing, Leeds, UK. December 1994. 48. Koch E., J. Zhao. Towards Robust and Hidden Image Copyright Labeling. Proceedings, IEEE Workshop on Nonlinear Signal and Image Processing, Neos Marmaras, Greece, pp. 452-455,1995. 49. Kundur D., D. Hatzinakos. A Robust Digital Image Watermarking Method Using Wavelet-based Fusion. IEEE International Conference on Image Processing, Santa Barbara, CA 1997. 50. Kurak C., J. McHugh. A Cautionary Note On Image Downgrading, IEEE Eighth Annual Applications Conference, pp. 153-159, 1992. 51. Lach J., W. H. Mangione-Smith, M. Potkonjak. Enhanced Intellectual Property Protection for Digital Circuits on Programmable Hardware, in [65], 1999. 52. Lach 1., W. H. Mangione-Smith, M. Potkonjak. Fingerprinting Digital Circuits on Programmable Hardware, in [9], 1998. 53. Lee, Jong-Hyeon. "Fingerprinting." Chapter 8 in [46] pp. 175-189, 2000. 54. Machado, Romana. Stego, EzStego, and Stego On-line. http://www.stego.coml 55. Marcus, S. Querying Multimedia Databases in SQL, in [76], pp. 263-277, 1996. 56. Maroney, Colin. Hide and Seek, Freeware. ftp://ftp.csua.berkeley.edulpub/cypherpunks/steganography/hdsk41b.zip. 57. McDonald A.D., M.G. Kuhn. StegFS: A Steganographic File System for Linux, in [65] pp. 454-468, 2000. 58. MediaSec Technologies LLC. SysCopTM, http://www.mediasec.coml 126 References

59. Niblack W., et al. The QBIC Project: Querying Images by Content Using Color, Texture, and Shape. Storage and Retrieval for Image and Video Databases, SPIE vol. 1908, February 1993. 60. Norman, Bruce. Secret Warfare. Washington, DC: Acropolis Books, 1973. 61. 6 Ruanaidh J., W. Dowling, F. Bowland. Phase Watermarking of Digital Images. IEEE International Conference on Image Processing, Lausanne, Switzerland, 1996. 62. Pentland A., R. Picard, J. Sclaroff. Photobook - Content-based Manipulation of Image Databases. International Journal of Computer Vision, 18(3):233-254, 1996. 63. Petitcolas F., M. Kuhn. StirMark. Tool for testing the robustness of digital watermarks, 1997. http://www.cl.carn.ac.ukl-fapp2/watermarkinglimage_watermarkinglstirmark 64. Petitcolas F., R. Anderson, M. Kuhn. Attacks on Copyright Marking Systems, in [9], 1998. 65. Pfitzmann, A. (ed.), Information hiding: third international workshop, Proceedings, Dresden, Germany, 29 September - 1 October 1999, Lecture Notes in Computer Science, vol. 1768, Berlin, Heidelberg, New York: Springer-Verlag, 2000. 66. Repp, H. Hide4PGP, http://www.rugeley.demon.co.uklsecurity/Hide4PGP.zip 67. Rhoads, G.B. Steganography Methods Employing Embedded Calibration Data. http://patent.womplex.ibm.com/details?patencnumber=05636292 US5636292, 1997. 68. Rosenfeld, A., Models: The Graphics-Vision Interface. In T.L. Kunii, ed., Visual Computing, Springer, Tokyo, pp. 21-23,1992. 69. Rowland, C.H. Covert Channels in the TCPIIP Protocol Suite, 1996. http://www.psionic.com/papers/ 70. Signum Technologies. SureSign, http://www.signumtech.com/ 71. Smith J.R., S-F. Chang. Searching for Images and Videos on the World-Wide Web. Center for Telecommunication Research Technical Report #459-96-25, Columbia University, 1996. 72. Smith J.R., S-F. Chang. Querying by Color Regions using the VisualSEEK content-based visual query system. In M.T. Maybury (ed.), Intelligent Multimedia Information Retrieval. IJCAI, 1996. 73. Smith 1.., S-F. Chang. VisualSEEK - A Fully Automated Content-based Image Query System. ACM Multimedia Conference, Boston, MA, November 20, 1996. 74. Smith J., B. Comiskey, Modulation and Information Hiding in Images, in [2], pp. 207-226, 1996. 75. Stewart, G.W. Introduction to Matrix Computations. New York: Academic Press, 1973. 76. Subrahmanian V.S., S. Jajodia (eds.), Multimedia Database Systems: Issues and Research Directions. Berlin, Heidelberg, New York: Springer-Verlag, 1996. 77. Subrahmanian, V.S. Principles of Multimedia Database Systems. San Francisco: Morgan Kaufmann Publishers, 1998. 78. Swain MJ., C. Frankel, V. Athitsos. WebSeer - An Image Search Engine for the World Wide Web. IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR), 17-19 June 1997. 79. Swanson M., B. Zhu, A.H. Tewfik. Transparent Robust Image Watermarking. IEEE International Conference on Image Processing, Lausanne, Switzerland, 1996. 80. Swanson M., M. Kobayashi, A.H. Tewfik. Multimedia Data-Embedding and Watermarking Technologies. Proceedings ofthe IEEE 86(6):1064-1087,1998. References 127

81. Tanaka K., Y. Nakamura, K. Matsui. Embedding Secret Information into a Dithered Multi-level Image. Proceedings, IEEE Military Communications Conference, pp. 216-220, 1990. 82. Trucco E., A. Verri. Introductory Techniquesfor 3-D Computer Vision. New Jersey: Prentice-Hall, 1998. 83. Turk M., A. Pentland. Eigenfaces for Recognition. Journal of Cognitive Neuroscience, 3:71-86,1991. 84. Upham, D. Jpeg-Jsteg. Modification of the Independent JPEG Group's JPEG software (release 4) for I-bit steganography in JFIF output files. ftp://ftp.funet.fi/pub/cryptlsteganography. 85. Wayner, Peter. Disappearing Cryptography. Chestnut Hill, MA: AP Professional, 1996. 86. Weiss, I. Review - Geometric Invariants and Object Recognition. International Journal of Computer Vision, 10:207-231, 1993. 87. Westfeld A., A. Pfitzmann. Attacks on Steganographic Systems: Breaking the Steganographic Utilities EzStego, Jsteg, Steganos, and S-Tools - and some Lessons Learned. In [65J pp. 61-75, 2000. 88. Westfeld A., G. Wolf. Steganography in a video conferencing system, in [9J pp. 32-47, 1998. 89. Winfree E .. D.K. Gifford (eds.), DNA Based Computers V, Massachusetts Institute of Technology, June 1999, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, vol. 54, American Mathematical Society, 2000. 90. Woodfill, 1. Motion Vision and Tracking for Robots in Dynamic, Unstructured Environments. PhD Dissertation, Stanford University, 1992. 91. Wu J.K., et al. CORE - A Content-based Retrieval Engine for Multimedia Information Systems. Multimedia Systems, 2:25-41, February 1995. 92. Xia X, C.G. Boncelet, G.R. Arce. A Multiresolution Watermark for Digital Images. IEEE International Conference on Image Processing, October 1997 93. Zevon, Warren. "Lawyers, Guns, and Money." Music track released in the albums Excitable Boy, 1978; Stand in the Fire, 1981; A Quiet Normal Life, 1986; Learning to Flinch, 1993; I'll Sleep When I'm Dead (Anthology), 1996. 94. Zim. Herbert S. Codes and Secret Writing. New York: William Marrow and Company, 1948. Index StirMark, 68, 69, 70, 101, 104, A 105, 107, 126 absolute affine invariant, 90, 92 unZign,70 adaptive embedding, 23 attacker adaptive steganography, 40, 77 active, 47, 78 affine invariants, xviii, 90, 91,92 passive, 47, 48 affine transform, 82, 86, 88, 89, B 90,91,98,99,100,103,105, 106, 109 BMP format, 17, 19,36,41,42, inverse, 90, 98, 100 54,61 annotation, 81 aperture problem, 99 C attack carrier, xvii, 5, 7, 8, 9, 10,22,25, active, 47, 78 28,30,48,51,55,77,83,115 averaging, 118 chosen message attack, 62 compression, 7,8, 10, 17, 19, cipher, 3, 6 21,22,23,26,28,45,54,60, color reduction, 38, 117 62,65,66,67,68,77,82, communication channel, 7, 43, 117 75, 111 countermeasures to, 12, 77 compression destruction, 22, 76 attack, 7, 8, 10, 17, 19,21,22, detecting hidden information, 23,26,28,45,54,60,62,65, 75 66,67,68,77,82,117 distortion, 8, 9, 10, 11, 12, 13, JPEG/JPG, 17, 19,21,23,28, 17,18,24,26,33,47,49,50, 45,60,61,62,65,66,67,68, 51,60,70,71,76,77,78,79, 117,127 81,82,86,88,90,91,100, lossless, 17,62 107,108,109,117,119,120 lossy, 8, 10, 17,21,22,26,28, affine transform, 82, 86, 88, 60,62,77 89,90,91,98,99,100, computer forensics, 12, 74, 75 103, 105, 106, 109 copyright, xvii, 22, 26, 30, 44, 45, geometric, 70 48,60,68,71,74,78,79,83, geometric distortion, 70 108 mosaic, 71 infringement, 71 passive, 47, 48 copyright infringement, 71 steganalysis, xvii, xviii, 11, 12, correlation, 84, 91 14,47,48,49,73,74,75 normalized cross correlation, chosen message, 62 84,91 chosen message attack, 62 similarity measure, 84, 85 stego-only,49 132 Index counterfeiting digital watermarks, slack space, 7, 40 10 disk drives countermeasures, xviii, 10, 11, 12, file allocation table (FAT), 7 77, 78, 79 hidden partition, 7 countermeasures to attacks, 12, 77 displacement, xviii, 11,90,99, cover, 1,5, 17, 18, 19,20,21,22, 100, 10 1, 102, 107 23,26,28,30,32,33,34,36, normal, xviii, 11,99, 100, 101, 38,40,45,47,48,49,50,51, 107 52,53,54,60,65,74 distortion covert channel, 2 affine transform, 82, 86, 88, 89, covert-tcp, 111 90,91,98,99,100,103,105, cryptography, 1,2,43,44 106, 109 cyber-warfare, 73, 74 StirMark attack, 68, 69, 70, 101, 104, 105, 107, 126 D unZign attack, 70 data compression, 7,8, 10, 17, 19, visible, 17 21,22,23,26,28,45,54,60, DNA, 4 62,65,66,67,68,77,82,117 domain JPEG, 17, 19,21,23,28,45, spatial, 28 60,61,62,65,66,67,68, transform (signal), 25, 27 117, 127 E lossless, 17, 62 lossy, 8, 10, 17,21,22,26,28, , 1, 4, 26, 34, 36, 40, 60,62,77 44,48,54 database EzStego, 20,40,55, 63, 125, 127 image, 81 destruction attack, 22, 76 F detecting hidden information, 75 feature point, 84, 87, 90, 92, 96, detection, 2, 3, 8, 10, 12,44,47, 99,109 48,51,55,57,58,71,73,74, feature points, xviii, 11, 82, 83, 75,76,77,111 84,85,86,87,88,91,92,95, dictionary attack, 48, 76 96,109 Digimarc, 23, 24, 67,124 matching, 84, 86 digital fingerprint, 44, 82 file allocation table (FAT), 7 digital signature, 2 file system, 7 digital watermarking, 65, 77, 125 fingerprint, 1, 11,44, 79, 82, 83, digital watermarking vs. 91,96,106,108,109,125 steganography, 45 and recognition, xviii, 9, 10, discrete cosine transform (DCT), 11,12,77,78,79,81,82,83, 8,28,29,65 85,87,91,92,108,109 disk drive digital, 44, 82 Index 133

feature points, xviii, 11, 82, 83, I 84,85,86,87,88,91,92,95, identification marks, ID marks, 96,109 83,108,109 identification marks (ID identification watermark, 82 marks), 83, 108, 109 image identification watermark, 82 formats matching feature points, 84, 86 24-bit, 15, 16, 17, 19,20,21, selecting feature points, 82 36,37,38,41,45,54,61, forensics, 12, 73, 74, 75 62,66,117 Fourier transform 8-bit, 19,20,33,38,50,51, fast Fourier transform (FFf), 54 27 B~P, 17,19,36,41,42,54, 61 G Graphical Interchange genomic steganography, 4 Format (GlF), 16, 17, 19, gradient magnitude, 82, 83, 84, 87 36,38,40,54,61,63 Graphical Interchange Format JPEG, 17, 19,21,23,28,45, (GlF), 16, 17, 19,36,38,40, 60,61,62,65,66,67,68, 54,61,63 117, 127 palette, 9, 16, 17, 19,20,21, H 34,38,50,52,53,54,119, hard drive 120, 121 slack space, 7, 40 palette-based hard drives 8-bit, 19, 20, 33, 38, 50, 51, file allocation table (FAT), 7 54 hidden partition, 7 image database, 81 hidden message, 4, 6, 8,9,10,22, techniques 23,26,44,45,47,48,49,50, annotation, 81 51,53,54,55,60,63,75,111 image properties, 15,22,51, hidden partition, 7 81 Hide and Seek, 33, 50, 53, 54, 63, image processing, xvii, 10, 17,21, 64,65,125 23,25,26,28,32,61,62,63, Hide4PGP, 52, 54, 126 64,65,71,77,79,80,117 hiding data in network traffic, 111 image properties, 15,22,51,81 histogram, 56, 57, 81 image recognition, xviii, 11, 12, histogram analysis, 9 78,79,81,82,83,91,108 Hollywood, 3 image recovery, 98 HTML,5 image tracking, 91 human sensory system, 8 imperceptibility, 59 information hiding, 12, 14, 17,24 integrity, 9, 17,34,51 134 Index intellectual property, xvii, 108 M intelligence, 2 Mandelbrot fractals, 40, 53 invariants Mandelsteg, 40, 52, 53 absolute, 90, 92 mask,22,23, 79,103,107 affine, xviii, 90, 91, 92 mask-based watermark, 79, 103, inverse affine transform, 90, 98, 107 100 masking, 17, 25 investigation, 8, 44, 48, 49, 58, matching features, 84, 86 73, 74 matching patterns, 9 invisible ink, 2, 3 microdots, 2, 4, 123, 124 IP header mosaic,71 in steganography, 111 IP packet N in steganography, 7,12,111, 112,114 network traffic, 5, 111 hiding data in, 111 J noise, 8, 9, 10, 12, 18,20,26,27, 28,29,34,50,54,55,63,66, J. Edgar Hoover, 4 67,68,118 JPEG/JPG, 17, 19,21,23,28,45, normal displacement, xviii, 11, 60,61,62,65,66,67,68,117, 99, 100, 101, 107 127 normalflow,96,99,100 Jpeg-Jsteg, 28, 45, 55, 56, 58, 63, normalized cross correlation, 84, 65, 127 91 normalized cross-correlation 84 L 85 ' , law enforcement, 44, 48, 73, 74, null cipher, open code, 2, 3, 6 75 computer forensics, 12, 73, 74, o 75 Office of Censorship, 3 investigation, 8,44, 48,49, 58, operating system, 7 73, 74 Le Moulin de la Galette, 45 p least significant bit (LSB), 2, 17, 18,19,20,21,23,26,27,33, palette shift, 20 41,54,57,58, 119 passive attack, 47, 48 license,22,30,45 patchwork, 25 local structure, 83, 86, 87 pattern block encoding, 25 low-frequency, 21, 23 pattern matching, 9 luminance, 8,22,25,51,52,53, perceptual threshold, 9 79 permutation, 2, 44 Index 135

PictureMarc, 23, 24, 65, 66, 67, s 68, 124 secrecy, xvii, 1,44 pixel, 2, 14,15, 16, 19,20,21,23, selecting feature points, 82 33,45,50,51,52,54,64,65, self-executing embedded 66,67,68,70,71,83,84,85, messages, 12 88,98,101,105,106,118,119, sequence number, 111, 113 120, 121 signature, 7, 49, 52, 53, 55 signature for S-Tools, 52 Q similarity, 38, 57, 81, 84, 85, 87, quantization, 27 91 query, 12,81,82, 126 similarity measure, 84, 85 by content, 81 normalized cross correlation, by example, 81 84,91 query by content, 81 similarity retrieval, 81 query by example, 81 slack space, 7, 40 software R covert-tcp, III raster data, 15, 19,41,50,54 EzStego, 20,40, 55,63, 125, recognition, xviii, 9, 10, 11, 12, 127 77,78,79,80,81,82,83,85, Hide and Seek, 33, 50, 53, 54, 87,91,92, 108, 109, 125, 126, 63,64,65,125 127 Hide4PGP, 52, 54, 126 feature points, xviii, 11,82, 83, Jpeg-Jsteg, 28, 45, 55, 56, 58, 84,85,86,87,88,91,92,95, 63,65,127 96,109 Mandelsteg, 40, 52, 53 matching feature points, 84, 86 PictureMarc, 23, 24, 65, 66, 67, recognizing images, xviii, 11, 12, 68, 124 78,79,81,82,83,91,108 Stealth, 40, 125 reconnaissance, 2 Steganos, 14,40,41,42,63, recovering watermarks, 79, 96, 123, 124, 127 103, 124 StegoDos, 32, 33, 76, 123 recovery S-Tools, 20, 21, 32, 36, 37, 38, refinement, 11, 12, 73, 79, 91, 39,40,52,63,64,66,67,68, 96,99,100,101,108 124, 127 redundancy, 25, 26, 45 SysCop, 65, 66, 67, 68, 125 robust watermark, 10,63,74 White Noise Storm (WNS), 32, robust watermarking, 63 34,35,40,123 robustness, 24, 26,45,59,60,61, spatial domain, 28 62,68,126 spatial relationship, 27, 81 spread spectrum, 2, 25, 34 frequency hopping, 34 136 Index

Stealth, 40, 125 Jpeg-Jsteg, 28,45,55,56, steganalysis, xvii, xviii, 11, 12, 58,63,65,127 14,47,48,49,73,74,75 Mandelsteg, 40, 52, 53 attacks, 49 Stealth, 40, 125 detecting hidden information, Steganos, 14,40,41,42,63, 75 123, 124, 127 methods, 49 StegoDos, 32, 33, 76, 123 chosen message attack, 62 S-Tools, 20,21,32,36,37, stego-only, 49 38,39,40,52,63,64,66, tools 67,68,124,127 StirMark, 68, 69, 70, 101, White Noise Storm (WNS), 104, 105, 107, 126 32,34,35,40,123 unZign,70 steganography model, 5 steganalyst, 47, 49 steganography vs. digital steganographer, 9 watermarking, 45 steganography, xvii, xviii, 1,2,3, Steganos, 14,40,41,42,63, 123, 4,8,9, 11, 12, 14, 15, 17,20, 124, 127 21,22,25,28,30,32,34,36, StegoDos, 32, 33, 76, 123 40,43,44,45,47,48,49,50, stegokey,5 52,61,62,63,65,73,74,75, stego-key,26 76, 77, 111, 119, 123, 124, 125, stego-only attack, 49 127 StirMark, 68, 69, 70, 101, 104, adaptive, 40, 77 105, 107, 126 attacks, xvii, xviii, 11, 12, 14, S-Tools, 20, 21,32,36,37,38, 47,48,49,73,74,75 39,40,52,63,64,66,67,68, detecting hidden information, 124, 127 75 signature, 52 DNA, 4 substitution, 2, 44 method sum-of-squares differences bit-wsie, 27, 28, 60, 61 (SSD),82 spatial domain, 28 SureSign,65,66,67,68,126 transform domain, 25, 27 SysCop, 65, 66, 67, 68, 125 model of, 5 steganalysis, xvii, xviii, 11, 12, T 14,47,48,49,73,74,75 tattoos, 2 tools TCPpacket covert-tcp, 111 in steganography, 113 EzStego,20,40,55,63,125, TCP/IP, 7,12,111,126 127 headers, 111 Hide and Seek, 33, 50, 53, packets, 7, 111 54,63,64,65,125 threshold of perceptibility, 9 Hide4PGP, 52, 54, 126 Index 137 tracking images, 91 SysCop, 65, 66, 67,68, 125 tracking information, 30 visible, 22, 60 traffic analysis, 74 watermark recovery, 79, 96, 103, transform domain, 25, 27 124 watermarking, 65, 77, 125 v watermarking systems, xvii, 8, 12, visible watermarks, 22, 60 79 watermarking vs. steganography, w 45 wavelet transform, 28 watermark White Noise Storm (WNS), 32, digital, xvii, xviii, 1, 10, 11, 12, 34,35,40,123 22,25,44,45,59,65,74,75, World War 11,3 77,78,79,81,82,108,126 mask, 22, 23, 79,103,107 x mask-based, 79, 103, 107 testing, 76 Xerxes, 3 tools y PictureMarc, 23, 24, 65, 66, 67,68,124 YeUowbeard, 3 SureSign, 66, 67, 68