One-Time Pad Encryption Steganography System

Annual ADFSL Conference on Digital Forensics, Security and Law 2016 Proceedings

May 25th, 9:00 AM

One-Time Pad Encryption Steganography System One-Time Pad Encryption Steganography System

Michael J. Pelosi [email protected]

Gary Kessler Embry-Riddle Aeronautical University, Daytona Beach, FL, [email protected]

Michael Scott S. Brown University of Maryland University College, Adelphi, MD, [email protected]

(c)ADFSL

Follow this and additional works at: https://commons.erau.edu/adfsl

Part of the Aviation Safety and Security Commons, Computer Law Commons, Defense and Security

Studies Commons, Forensic Science and Technology Commons, Information Security Commons,

National Security Law Commons, OS and Networks Commons, Other Computer Sciences Commons, and

the Social Control, Law, Crime, and Deviance Commons

Scholarly Commons Citation Scholarly Commons Citation Pelosi, Michael J.; Kessler, Gary; and Brown, Michael Scott S., "One-Time Pad Encryption Steganography System" (2016). Annual ADFSL Conference on Digital Forensics, Security and Law. 4. https://commons.erau.edu/adfsl/2016/wednesday/4

This Peer Reviewed Paper is brought to you for free and open access by the Conferences at Scholarly Commons. It has been accepted for inclusion in Annual ADFSL Conference on Digital Forensics, Security and Law by an authorized administrator of Scholarly Commons. For more information, please contact [email protected].

http://commons.erau.edu/

http://commons.erau.edu/

https://commons.erau.edu/adfsl

https://commons.erau.edu/adfsl/2016

https://commons.erau.edu/adfsl/2016

https://commons.erau.edu/adfsl?utm_source=commons.erau.edu%2Fadfsl%2F2016%2Fwednesday%2F4&utm_medium=PDF&utm_campaign=PDFCoverPages

http://network.bepress.com/hgg/discipline/1320?utm_source=commons.erau.edu%2Fadfsl%2F2016%2Fwednesday%2F4&utm_medium=PDF&utm_campaign=PDFCoverPages










https://commons.erau.edu/adfsl/2016/wednesday/4?utm_source=commons.erau.edu%2Fadfsl%2F2016%2Fwednesday%2F4&utm_medium=PDF&utm_campaign=PDFCoverPages

mailto:[email protected]

/creativecommons.org/licenses/by-nc-nd/4.0/

/creativecommons.org/licenses/by-nc-nd/4.0/

One-Time Pad Encryption Steganography System CDFSL Proceedings 2016

© 2016 ADFSL Page 131

ONE-TIME PAD ENCRYPTIONSTEGANOGRAPHY SYSTEM

Michael J. [email protected]

Gary [email protected]

Embry-Riddle Aeronautical UniversityDaytona Beach, FL

Michael Scott [email protected]

University of Maryland University CollegeAdelphi, MD

ABSTRACTIn this paper we introduce and describe a novel approach to adaptive image steganography whichis combined with One-Time Pad encryption, and demonstrate the software which implements thismethodology. Testing using the state-of-the-art steganalysis software tool StegExpose concludesthe image hiding is reliably secure and undetectable using reasonably-sized message payloads(≤25% message bits per image pixel; bpp). Payload image file format outputs from the softwareinclude PNG, BMP, JP2, JXR, J2K, TIFF, and WEBP. A variety of file output formats isempirically important as most steganalysis programs will only accept PNG, BMP, and possiblyJPG, as the file inputs.Keywords: steganography, one-time pad, steganalysis, information hiding, digital forensics

INTRODUCTIONIn this paper we introduce a comprehensivesteganography software system and platformframework based on One-Time Pad (OTP)encryption and adaptive steganographytechnology. We provide usagerecommendations and advice guidelines. Thesystem is tested and shown to be resistant tomany common steganalysis attacks. In thecontext of this paper we are assumed advocateof the steganographer; someone who may be apolitical dissident in an oppressive regime, areligiously persecuted individual, a friendlyagent engaging in covert communication, or alawful individual desiring complete

communication privacy, among othercompelling examples.

BACKGROUNDSteganography

Steganography, the art of invisiblecommunication, is achieved by hiding secretdata inside a carrier file such as an image.After hiding the secret data, the carrier fileshould appear unsuspicious so that the veryexistence of the embedded data is concealed. Amajor drawback to encryption is that theexistence of the message data are not hidden.Data that has been encrypted, althoughunreadable, still exists as a suspicion-arousing

ADFSL Conference Proceedings 2016 One-Time Pad Encryption Steganography System

Page 132 © 2016 ADFSL

file transfer. If given enough time, once alerted,someone could potentially decrypt the data orderive other intelligence regarding eithersender or receiver. A solution to this problemis steganography; this is the ancient art ofhiding messages so that they are notdetectable.In steganography, the possible cover carriersare unsuspicious appearing files (images, audio,video, text, or some other digitallyrepresentative code) which will hold the hiddeninformation. A message is the information

hidden and may be plaintext, cipher text,images, or anything that can be embedded intoa bit stream. Together the cover carrier andthe embedded message create a stego-carrier.Hiding information may require a stego keywhich is additional secret information, such asa password or OTP key, required forembedding the information. For example, whena secret message is hidden within a coverimage, the resulting product is a stego-image.A possible formula of the process may berepresented as: cover medium + embeddedmessage + stego key = stego-medium

The advantage of steganography is that itcan be used to secretly transmit messageswithout the fact of the transmission beingdiscovered. Often, using encryption mightidentify the sender or receiver as someone withsomething to hide. It is believed thatsteganography was first practiced during theGolden Age in Greece. An ancient Greekrecord describes the practice of melting wax offwax tablets used for writing messages and theninscribing a message in the underlying wood.The wax was then reapplied to the wood,giving the appearance of a new, unused tablet.The resulting tablets could be conveniently

transported without anyone suspecting thepresence of a message beneath the wax.

LSB SteganographyThe simplest and popular imagesteganographic method is the least significantbit (LSB) substitution. It embeds messagesinto cover image by replacing the leastsignificant bits directly. The hiding capacitycan be increased by using up to 4 leastsignificant bits (one each for Red, Green, Blue,and Alpha color channels, respectively) in eachpixel. It has a common weak point i.e. thesample value changes asymmetrically. Whenthe LSB of cover medium sample value is equal

Figure 1. Graphical Version of a Steganographic System.

fE: steganographic function "embedding".fE-1: steganographic function "extracting".cover: cover data in which emb will be hidden.emb: message file to be hidden.stego: cover data with the hidden message.



to the message bit, no change is made.Otherwise the value 2n is changed to 2n+1 or2n+1 is changed to 2n. There are manyimprovements and modifications that havebeen proposed to strengthen this technique,such as adaptive techniques that alter payloaddistribution based on image characteristics. Ifthe message is first encrypted and thenembedded, the security is enhanced.

2.3 One-Time PadThe "one-time pad" encryption algorithm

was invented in the early 1900s and has sincebeen proven as unbreakable. The one-time padalgorithm is derived from a previous ciphercalled Vernam Cipher, named after GilbertVernam. The Vernam Cipher was a cipher thatcombined a message with a key read from apaper tape or pad. The Vernam Cipher wasnot unbreakable until Joseph Mauborgne

recognized that if the key was completelyrandom the cryptanalytic difficultly would beequal to attempting every possible key (Kahn,1996). Even when trying every possible key,one would still have to review each attempt atdecipherment to see if the proper key wasused. The unbreakable aspect of the one-timepad comes from two assumptions: the key usedis completely random and the key cannot beused more than once. The security of the one-time pad relies on keeping the key secret andusing each key only once.

The one-time pad is typically implementedby using exclusive-or (XOR) addition tocombine plaintext elements with key elements.An example of this is shown in Figure 2. Thekey used for encryption is also used fordecryption. Applying the same key to theciphertext results in the output of the originalplaintext.

Figure 2. Example of a One-Time Pad implementation using XOR addition.

OTP is immune even to unlimitedresources brute-force attacks. Trying all keyssimply yields all possible plaintexts, all equallylikely to be the actual plaintext. Even withknown plaintext, such as part of the messagebeing known, bruteforce attacks cannot beused, since an attacker is unable to gain anyinformation about the parts of the key neededto decrypt the rest of the message.

METHODOLOGYThe following describes the general methodimplemented in the software for keygeneration, encryption, embedding, messagetransfer, and decryption.

General Method1. Random image keys are generated

using a key generator program. The keygenerator program generates one-time



pad keys that consist of random coloredpixels. Each random colored pixelsconsists of random values for red,green, and blue colors throughout theimage. One image key is generated forevery message that is intended to besent.

2. To encrypt a message, a cover imageand random key image is selected. Eachpixel in the cover image is XOR'edwith the key image X, Y coordinatepixel. Each pixel consists of a 32-bitlong integer color value. One byte eachcorresponds to red, green, and bluecomponents, respectively. The XOR'edpixel values are then adjusted to hidethe message. The bytes in the messageare divided up into bits — one bit perpixel. The least significant bit (LSB) inthe XOR'ed pixel colors are thenadjusted to hide the message. Bitvalues that do not correspond areadjusted (in general, 50% of the valueswill already be set correctly). LSBs forred, green, or blue are selected based ona local pixel variation score, contingentif the sum of the RGB LSBs are evenor odd (even corresponds to a 0 bit,odd to a 1 bit).

3. At this point, the newly derived colorvalues are XOR'ed once again with therandom image key to generate colorvalues very close to the original image.These pixel color values will be used toconstruct the steganographic imagethat will be sent to the receiver.

4. Ideally at this point, both the originalcover image and the senders copy ofthe random image key can be destroyed(forensically wiped from the hard driveusing a file erasure procedure). This isto prevent later detection andstatistical comparisons.

5. Upon receipt of the steganographicimage, the receiver loads the intended

image key and XOR's each pixel of thesteganographic image with itsrespective corresponding X, Y pixel inthe image key. This will derive a seriesof bit values that correspond to theplaintext message. The bits can bereassembled into bytes (and later 2-byte Unicode characters) thatcorrespond to the plaintext message.

6. The start and end of the message aredelimited by randomly chosen 10-character delimiting strings that areembedded as EXIF comments into therandom image key by the key generatorprogram. Thus, random messagepadding is incorporated at the startand end of messages.

7. The random image key also contains arandom number seed, this is used forthe random number generatoralgorithm in use, and starts thegenerator at the proper sequence startvalue.

Random Number GenerationA cryptographically secure pseudo-randomnumber generator (CSPRNG) or cryptographicpseudorandom number generator (CPRNG) isa pseudorandom number generator (PRNG)with properties that make it suitable for use incryptography. Ideally, the generation ofrandom numbers in CSPRNGs uses entropyobtained from a high-quality source, whichmight be a hardware random numbergenerator or perhaps unpredictable systemprocesses — though unexpected correlationshave been found in several such ostensiblyindependent processes. Several robustCPRNGs are incorporated into thesteganography software.

Mersenne Twister

The Mersenne Twister is a pseudorandomnumber generator (PRNG). It is by far themost widely used general-purpose PRNG. Its



name derives from the fact that its periodlength is chosen to be a Mersenne prime. TheMersenne Twister was developed in 1997 byMakoto Matsumoto and Takuji Nishimura. Itwas designed specifically to rectify most of theflaws found in older PRNGs. It was the firstPRNG to provide fast generation of high-quality pseudorandom integers. The mostcommonly used version of the MersenneTwister algorithm is based on the Mersenneprime 219937−1. The standard libraryimplementation of this, MT19937, uses a 32-bitword length. There is another implementationthat uses a 64-bit word length, MT19937-64,that generates a different sequence. Thesoftware implements a cryptographically secureversion of the Mersenne Twister provided bythe algorithm authors Matsumoto andNishimura.

Other Random NumberGeneratorsOptional random number generator selectionsincluded in the OTP-Steg key generatorprogram include the following (each of thesecan be optionally selected by the user):

ISAAC — ISAAC (indirection,shift, accumulate, add, and count)is a cryptographically securepseudorandom number generatorand a stream cipher designed byRobert J. Jenkins, Jr. in 1996.

CryptGenRandom —CryptGenRandom is acryptographically securepseudorandom number generatorfunction that is included inMicrosoft's CryptographicApplication Programming Interface.In Win32 programs, Microsoftrecommends its use anywhererandom number generation isneeded.

RtlGenRandom — On a defaultWindows XP and later install,CryptGenRandom calls into afunction namedADVAPI32!RtlGenRandom, whichdoes not require one to load all theCryptAPI classes for usage.

Rnd() — Standard API randomnumber generator (forresearch/testing purposes only – itis not cryptographically secure).

Key GenerationKey Delimiters

Upon key generation, a pair of key delimiters isalso randomly chosen of 10 Unicode characterseach for the start delimiter and end delimiter,respectively. These are used to indicate to thedecryption program exactly where the messagestarts, and where it ends. Random padding isadded to both ends of the message — the startand the end of the message embedded in thepayload file. The key delimiters identify whereto start the message text, and where to cut itshort at the end of the message. These keydelimiters are contained in the EXIF imagecomment data in the key file. No EXIFcomment data whatsoever is contained in thepayload file. Also, the key delimiter values areutilized for random number generation seeddata used for encryption and decryption.

Expert System to Evaluateand Score Candidate Cover

ImagesIt is well known from the literature that somecover images present much better candidatesfor steganographic security than others basedon image characteristics. Typically, coverimages with a high degree of pixel colorvariation, very few saturated white or blackpixels, and few pixels next to each other of thesame color, are excellent payload candidates.We implement an expert system to give the



software user immediate knowledge of howgood a candidate a potential color image is fordetection security. We have incorporated atentative scoring system that evaluates imagesbased on several factors. The output scoreranges from 0 to 100%, with greater than 90%score being a good candidate for a cover image.Scores of 80-90% are marginal, and less than80% are considered not adequate. In thecurrent preliminary version, a peak signal-to-noise ratio (PSNR) versus a solid color imageis calculated. This rating is given a weightingof 25% in the overall score. Also, the numberof same color pixels next to each other is givena weighting of 25% for up to 5% of the image

pixels (in other words, a 5% of the imagepixels are same color next to each other, thisrating would be zero). Thirdly, a weightedrating of 25% is given to the number of whitepixels, up to 5%. The same weighting is alsocalculated for black pixels. Each of the fourfactors is combined for the rating from 0% upto 100%. Ideally, a cover image will have zerowhite pixels, zero black pixels, very few colorsnext to each other that are the same, and avery high variation in color over comparison toa solid color image. Table 1 below lists theabove and additional cover image scoringfactors that could be evaluated in an expertsystem rating scheme.



Table 1Potential Candidate Image Scoring Factors.

Factor Description ValuePSNR over solid color Peak signal-to-noise ratio of

image to solid color image.Higher values are better.

Percentage of saturated colors Portion of the image that iseither all-white or all black.

Lower values are better.

Percentage of nearby samecolors

Portion of image that hasneighboring pixels of the samecolor.


Randomness of LSB's Measures of randomness of thedistribution of the significantbits.

Higher randomness is better.

Random RGB LSBdistribution

Randomness of each colorchannel.

Higher values are better.

RS test on Cover Image Clean RS test on cover image. Lower values are better —indicates less probability of athreshold being reached afterencoding.

Chi-squared test on CoverImage

Clean Chi-square test on coverimage.


Pure Photograph Photo has not previously beencompression encoded usingalgorithm like JPEG.

Straight from a high-qualitydigital camera is best.

Original Photograph No other copies of the photoexist in clean or altered statethat can be used forcomparison.

Known source and originalityis best here.

Dimensions It is well known thatextremely large images haveless pixel color variation andsteganography here is moreeasily detected.

Approximate pixel dimensionsof images frequently found onthe Internet are best — about1600×1200 or less pixels.

Future Security =SmallPayloads

To ensure robustness against potential futureattacks we have limited payload relative sizes.The high limit for the bits-per-pixel pixel isapproximately 25%. And since only half ofpixels are typically altered based on themessage, this corresponds to a practical limit

of about 12.5% pixel alteration. By limiting thepixel bit payload, it quite robustly limitsdetectability now and in the future. Extremelyadvanced statistical detection techniques arebeing promulgated that are improving the oddsof successfully detecting steganography efforts.There is no guarantee that these steganalysisefforts will not double or triple in effectivenessin the next few years. As a safety measure and



margin of security, payload size is strictlylimited by the software to an amount thatshould be reasonably safe for the foreseeablefuture. This equals future security for messagesthat may be encrypted today and subsequentlyintercepted and archived for several years forlater decipherment.

SteganalysisSteganalysis is "the process of detectingsteganography by looking at variances betweenbit patterns and statistical norms." It is theart of discovering and revealing covertmessages. The goal of steganalysis is toidentify suspected information streams,determine whether or not they have hiddenmessages encoded into them, and, if possible,recover the hidden information. Unlikecryptanalysis, where it is evident thatintercepted encrypted data contains a message,steganalysis generally starts with severalsuspect information streams but uncertaintywhether any of these contain hidden message.The steganalyst starts by reducing the set ofsuspect information streams to a subset ofmost likely altered information streams. This isusually done with statistical analysis usingadvanced statistics techniques.

Analyzing repetitive patterns may revealthe identification of a steganography tool orhidden information. To inspect these patternsan approach is to compare the original coverimage with the stego image and note visibledifferences. This is called a known-carrierattack. By comparing numerous images, it ispossible that patterns emerge as signatures toa steganography tool. Another visual clue tothe presence of hidden information is paddingor cropping of an image. With somesteganographic tools if an image does not fitinto a fixed size it is cropped or padded withblack spaces. There may also be a difference inthe file size between the stego-image and thecover image. Another indicator is a large

increase or decrease in the number of uniquecolors, or colors in a palette which increaseincrementally rather than randomly. These arejust examples among the many published andeffective approaches.

StegExpose is a steganalysis tool specializedin detecting LSB (least significant bit)steganography in lossless images such as PNGand BMP. It has a command line interface andis designed to analyze images in bulk whileproviding reporting capabilities andcustomization which is comprehensible for nonforensic experts. The StegExpose ratingalgorithm is derived from an intelligent andthoroughly tested combination of pre-existingpixel based steganalysis methods includingSample Pairs by Dumitrescu (2003), RSAnalysis by Fridrich (2001), Chi-SquareAttack by Westfeld (2000), and Primary Setsby Dumitrescu (2002). In addition to detectingthe presence of steganography, StegExpose alsofeatures the quantitative steganalysis(determining the length of the hiddenmessage). We utilize StegExpose forsteganalysis to test the software reliability inhiding messages effectively from steganalysis.

Performance Speed andRobust Steganography

The straightforwardness of the embeddingalgorithm has also resulted in the goodembedding speed. Most of the files workedwith using the software take less than 60 to 90seconds for embedding. Typically, about 30seconds is required for decryption. Since thebit per pixel payload is less than 25%, therandom number generator does not have torepeatedly struggle to find empty pixels thathave not been previously encoded.

SOFTWAREIMPLEMENTATION

The software implementation consists of threeexecutable files: a key generator program, an



encryption program, and a decryptionprogram. The encryption program has imageanalysis functions and windows built-in to aidin cover image categorization.

Key Generation

A screenshot of the key generation program isshown below. The key generation programconstructs image keys of random colored pixelsaccording to the user preference for size andfile naming. Up to five previously discussedrandom number generators can be chosen fromto generate the random colored pixels.

Figure 4. Key Generator executable program.

Encryption and EmbeddingThe encryption program has by wide marginthe most features and functionality built-in.Also included are functions for deleting andforensically-wiping the key file used forencryption, as well as the original cover image.

By comparing the encrypted payload file to anoriginal cover image, steganography couldeasily be detected as the difference between thetwo images. It is an extremely importantsecurity measure to eliminate the original coverimage and key as soon as possible afterencryption takes place.



Figure 5. Encrypt/Embed executable program.

Message Hash ValueSHA-256 values of the message are calculatedin both the encryption and decryption steps. Inthe encryption step, the hashed value isincorporated into the end of the messagestring. Upon decryption, the transmitted hashvalue is compared to the hashed value of thedecrypted message, and displayed in thedecryption program graphical user interface. Ifthe values match, the user is informed that themessage has not been altered in any way sinceit was encrypted by the sender. This is also adouble check that successful decryption hastaken place and the message is authentic.

Text CompressionCompression prior to embedding the messagegenerally reduces message size by 50 to 80%.

The zLib compression library DLL is utilizedand called as a function within both theencrypt and decrypt programs. The resultmakes encryption and decryption quicker andalso has the benefit of reducing the bit perpixel payload size in the cover image,increasing security against detection.

4.5 Cover and Key FileDeletion and Forensic Data

WipingFile wiping utilities are used to deleteindividual files from an operating systemmounted drive. The advantage of file wipingutilities is that they can accomplish their taskin a relatively short amount of time as opposedto disk cleaning utilities which take muchlonger and must be run separately.



Built-In Cover and StegoImage Analysis Tools

Several image statistical analysis features arebuilt into the encryption program. Peak signal-to-noise ratio (PSNR), RS, Chi-Squared, LSBvisual analysis, color changes, and colorvariations. The distortion in the stego-imagecan be measured by parameters such as meansquare error (MSE) and peak signal-to-noiseratio (PSNR) (see Equation 1 and 2 below),and correlation. The lesser distortion means,the lesser MSE, but higher PSNR. If p is aM×N grayscale image and q is its stego-image,then the MSE and PSNR values are computedusing (1) and (2). For color images a pixelcomprises 3 or 4 bytes. Each byte can betreated as a pixel and the same equations canbe used to calculate the MSE and PSNR.

The software image analysis window in theencryption program is shown below. Using thiswindow, several operations can be performedto estimate effectiveness of message

embedding. Least significant bit (LSB) colorvalues can be investigated visually. Shown onthe right of the analysis window are the leastsignificant bit values of the photo on the left.If the least significant bit for red, green,and/or blue is set, this color is added at fullintensity to the respective pixel in the imageon the right. In Figure 7, individual leastsignificant bit color values can be investigatedas well in the red, green, and blue channels. Inthis image it is obvious there is a problem withthe blue channel — the sky has full intensityfor all values. Encoding message data herewould be risky, as the pixel variation isnonexistent. Steganography would be veryeasily detected by any encoding in this area.As a result, the software spreads out themessage embedding adaptively, and ignores theblue channel in the area of the sky. Since the

red channel has the most random variationthroughout the image, it carries the largestbrunt of the payload, leveraging its randomcharacter throughout the image.

Figure 6. Image Analysis window, cover image on left, LSB analysis on the right.



Figure 7. Analysis LSB color analysis graphics (Red, Green, Blue, All Colors).

Shown below are the variations in the redchannel, the blue channel in Figure 9 showsthe lack of variation in the sky area.

Figure 8. Red channel variation score (normalized to 0-255).


© 2016 ADFSL 3

Figure 9. Blue channel variation score (normalized to 0-255).

In Figure 10 below, the pixel leastsignificant bit encodings are shown. Noticethat in the area of the sky, only red pixels areencoded in the least significant bit. Other areasof the image vary between green and blueembedding depending on which color has the

most variation in that pixel general area.Figure 11 shows a blowup of the pixel leastsignificant coding in the area of the transitionbetween the trees and the sky. Notice that thepixel encodings shift from primarily blue-greento the red color at this transition.



Figure 10. Pixel LSB modification encodings (Red, Green, or Blue).

Figure 11. Figure 10 "Blow-Up": Pixel LSB encodings (Red, Green, or Blue).

The decryption process largely reverses theencryption process using the decryptionprogram. A SHA-256 hash value is computedfrom the decrypted message and compared tothe hashed value contained within the payloadfile. If the two values match, the hashed value

is presented with a green colored background.If not, the background is reddish. A greenvalue indicates to the receiver that the messagehas not been altered in any way since it waswritten.



Figure 12. Decrypt/Extract executable program.

USAGERECOMMENDATIONS

Photo selectionThere are several general guidelines for photoimage selection to increase security. Originalphotos taken with the user's own camerashould be selected as cover images. This is toensure that the duplicate of the original photodoes not exist somewhere on the Internet forcomparison. The photo should never havepreviously been encoded to JPEG to ensure

full CMOS pixel sensor color variationsthroughout the image. As mentionedpreviously, once these criteria are satisfied, theuser can evaluate an encodability score that iscalculated by the encryption program thatranges from 0 to 100%.

Encodability ScoreThe user should choose in general images thatscore above 90% for encodability to enhancesteganalysis security. The following is theweighting breakdown for the encodabilityscore:

25% Overall PSNR (dB) variation score (0-100%) (more color variation = higher score)25% Same colors next to each other (0-5%) (less same colors = higher score)25% Black pixels (0-5%) (less black = higher score)25% White pixels (0-5%) (less white = higher score)100% - (100-90% = OK, 90-80% = Marginal, <80% = Unacceptable)



RecommendedSteganographic Practices

Table 2Recommended Steganographic Practices.

No. Practice Description

1 SoftwareOperation

Steganography software should be operated on a computer that isnot connected to any network or the Internet. Files should betransferred using write only media such as DVD or CD, or lesssecurely by USB drive.

2 Original Photos

Only original photos taken by the users’ high-quality camerashould be considered as cover images. This is to ensure that theimage does not have duplicates available on the Internet. UseRAW (original camera file format) images where possible. Thesoftware directly accepts all RAW image file types including Nikon,Canon, Sony, etc.

3 Software USBLoaded

The software should be run off of a USB drive plugged into theisolated computer. Further, USB drive containing software, keys,and cover images should be located separately from the isolatedcomputer in a safe and secure location.

4 IsolatedComputers

The isolated computer used to run the software should be well-secured and not networked in any way. The operating systemshould be directly installed from DVD, and antivirus and checksfor malware should be regularly run to ensure there is no keystrokeloggers, rootkits, or other security compromises installed.

5 "To" and"From" Keys

Both sender and receiver should have their own set of unique keys.Sender A to B, and B to A, each use their own one-way key series.This is to prevent key reuse. Each key must be used only one time,and one time only. Security using OTP depends on this precept.

6 Exchanging Keys

Key exchange should take place upon physical meeting using writeonly media such as DVD or CD. Key exchange must not take placeover a network. Keys should be securely generated on isolatedcomputers. Keys must be stored on removable USB drives separatefrom the isolated computer.

7 Deleting Files

All files including cover image files and key files should beforensically deleted and wiped once used. Forensic wiping utilitiesin the encryption and decryption programs can be used for thispurpose. Wiping consists of randomly overwriting the previous fileseven times with random data.




8 SendingEncrypted Files

Encrypted files should be sent as anonymously as possible. Directemail exchange should be avoided. A preferable alternative is toupload files periodically to gallery websites which have potentiallythousands of viewers and downloaders daily. Identifying the specificreceiver will be difficult in this situation. Each sender shouldupload to a different anonymous gallery.

9Monitoring

WindowsVulnerabilities

It should be known that just the act of plugging in a USB driveinto a Windows computer creates a digital trail throughout thesystem registry. Installing software using a setup program alsocreates numerous records within the operating system registry. Asa result, the software should be run off of a USB drive withoutrunning a separate install/setup utility. Windows must be isolatedoff of any network to ensure malware is not installed.

10 Malware

Malware can cause a compromise in the steganography system atany time. A keystroke logger that is uploading typed messages isan instant fail. Users must be extremely cautious andknowledgeable about potential malware threats before using thesoftware. In particular, any networked computer presents a point ofvulnerability — the software and keys must never be used here.Only transfer of files previously encrypted on an isolated computercan be conducted over a network.

11 UsageLimitations

The biggest limitation is the human factor. Operational securitymust be observed that all times in addition to technical security.This means aggressive securing of the USB drive use for thesoftware and keys, as well as limited knowledge by partiesinvolved. People should be informed on a need-to-know basis only.

13 Encrypted KeysFor further security, keys can be encrypted for storage. As a resultthey will not be able to be used unless the user has knowledge ofthe encryption key.

14 Wipe OriginalPhotos

Original photos must be deleted and erased from the camera,storage medium, and USB drive as soon as possible after they areused.

15 Wipe Used Keys Keys must be deleted and erased as soon as they are used.

16Internet

Computer"Clean"

The computer connected to the Internet must be clean of virusesand malware or keystroke loggers. Special care must be taken inthis area.

17 Camera SecuredThe photo CMOS sensor output profile can be mapped to aparticular individual camera. Photo sent on the Internet can bematched up to the users’ camera. As a result, an effort should bemade to keep the camera secure.

18 File UploadGalleries

File upload galleries should be selected for anonymity and hightraffic volume.




19Carefully

Selected CoverImages

Cover images should be conforming to high encodability statisticsand originality. Also they should be of subject matter that will notraise any suspicions.

20 Image FileFormat

Various image file formats can be chosen, leveraging the fact thatsteganalysis software will not run on many different types of imagefile types. Take advantage of other lossless file formats besidesPNG and BMP such as TIF, J2K, EXR, WEBP, and JXR.

21 Must-Dos1: Keep software and keys in secure locations on USB drives. 2: Usesoftware on isolated computer not connected to Internet. 3: Usekeys and photos only once and be sure to erase files as soon aspossible, especially original cover images and keys.

SteganographicCommunication Security State

Level Estimation

We envision certain levels of steganographiccommunication security levels thatcorrespondents can use for planning, analysis,and security estimations. Thresholds can beestablished for protective measures using thesesecurity level guidelines.

Table 3Notional Steganographic Security Levels.SecurityLevel Name Description Impact

10 SecureCommunication commencing securely. Operationalsecurity and human threat and insider threat mustbe strongly monitored and evaluated here.

None — success

9 CommunicationSuspected

Authorities suspect communication withoutknowledge of sender and receiver. Low

8 Steg StatisticallyDetected

Positive steganography screening results indicatingfurther investigation. Moderate

7Internet

ComputerSearched

If proper security measures recommended previouslyare followed, nothing should be derived. Duresscode-word should be immediately used andcommunication ceased.

Moderate

6 TransmittedFiles Discovered

If proper procedures are used, locating these filesshould not present much evidence. Moderate

5Software

ComputerDiscovered

Traces of software use should be detectable inWindows registry. High



SecurityLevel Name Description Impact

4 Steg Known Investigators conclude illicit communication hastaken place, without acquiring USB drive(s). High

3 USB Drivediscovered

User should make efforts to inform receivercommunication is compromised. Severe

2Software

Discovered/Acquired

Knowledge of message text should be assumed atthis point. Severe

1 Key(s) acquired Complete security compromise. Severe

0 SuspectDetained

All communicating parties should make efforts todestroy any remaining evidence. Failure

Communicators should have a procedure inplace to indicate ceasing of messages and alsoto destroy related software and keyssystematically.

Steganographers should considerincorporating a duress code-word into theircommunication security protocol. The duresscode-word should be a predetermined word orphrase that indicates to the receiving partythat communication security has beencompromised. For example, capture byauthorities may have created a situation whereone party is succumbing to efforts to be"turned." The duress code word indicates sucha situation and should be carefully chosen toarouse no suspicion should authorities haveknowledge of its inclusion in a "trap" message.

Software AvailabilityThe software is available as a free educationaland research download to be used for digitalforensics education and related projects. Pleasefeel free to use the software for your owneducational and research purposes. Thesoftware can be acquired here:http://199.175.52.196/OTP-Steg/.

STEGANALYSISRESULTS

StegExpose is a Java based steganalysis toolheavily geared towards bulk analysis of losslessimages. It is a steganalysis tool specialized indetecting LSB (least significant bit)steganography in lossless images such as PNGand BMP. It has a command line interface andis designed to analyze images in bulk whileproviding reporting capabilities andcustomization which is comprehensible for non-forensic experts. The StegExpose ratingalgorithm is derived from an intelligent andthoroughly tested combination of pre-existingpixel-based steganalysis methods. Two newfusion detectors, standard and fast fusion werederived from four well-known steganalysismethods and successfully implemented in thetool. Standard fusion is more accurate thanany of the component detectors from which itis derived.

The following LSB steganalysis methodshave been incorporated in StegExpose. RSanalysis (Fridrich, Goljan, & Du, 2001) detectsrandomly scattered LSB embedding ingrayscale and color images by inspecting thedifferences in the number of regular andsingular groups for the LSB and "shifted" LSB



plane. Sample pair analysis (Dumitrescu, Wu,& Wang, 2003) is based on a finite statemachine whose states are selected multisets ofsample pairs called trace multisets(Dumitrescu, Wu, & Wang 2003). The chi-square attack (Westfeld & Piltzmann, 2000) isa statistical analysis of pairs of values (PoVs)exchanged during LSB embedding. PoVs aregroups of binary values within an object'sLSBs. Primary sets (Dumitrescu, Wu, &Memon, 2002) are based on a statisticalidentity related to certain sets of pixels in animage. The difference histogram analysis(Zhang & Ping, 2003) is a statistical attack onan image's histogram, measuring thecorrelation between the least significant and all

other bit planes. Two new fusion detectors,standard and fast fusion, were derived fromfour well-known steganalysis methods andsuccessfully implemented in the tool. Thestandard fusion test is more accurate than anyof the component detectors from which it isderived.

StegExpose (the free open source download)was run on a batch of 27 image files that wereencoded using the OTP-Steg software. Testspecifications and results are shown below.None of the embedded files were detectableabove the preset default threshold. Standardfusion was the test run which consists of all ofthe specific steganalysis tests mentioned above.

Table 4StegExpose Steganalysis Test Specifications.

Test Spec Description

Embedded Text File: U.S. Constitution; 52,782 Bytes Unicode (422,256 bits)Images: 27 Various landscape PNG photos, 1200×797 pixels (956,400 pixels) Nikon D90.

Uncompressed: Approximate Bits per Pixel (bpp) 0.442 bppCompressed (zLib): Approximate Bits per Pixel (bpp) 0.086 bpp

Alterations: 1.445% LSBs altered, 4.335% of pixelsFile Archive: http://199.175.52.196/OTP-Steg/USConstitution/

Table 5StegExpose Steganalysis Test Results using "Standard Fusion" test.File name Above Stego Threshold? Primary Sets Chi Square Sample Pairs RS analysis Fusion (mean)

00247.png FALSE 0.023408176 0.003533645 null 0.020185798 0.015709206

02155.png FALSE 0.068625394 0.019360332 null 0.044946323 0.044310683

02664.png FALSE NaN 5.03E-13 null 0.086586661 0.043293331

03090.png FALSE NaN 0.00370119 null 0.237370882 0.120536036

03164.png FALSE 0.136200359 0 null 0.022823646 0.053008002


03509.png FALSE 0.120022314 0.001400793 null 0.035957938 0.052460348

04031.png FALSE 0.004125309 3.57E-04 null 0.043804029 0.016095494






File name Above Stego Threshold? Primary Sets Chi Square Sample Pairs RS analysis Fusion (mean)

04479.png FALSE 0.047114348 0.001832157 null 0.061520437 0.036822314


05169.png FALSE 0.030743209 3.57E-04 null 0.037141532 0.022747301


05262.png FALSE 0.018022058 0.002062878 null 0.010998531 0.010361155

05777.png FALSE 0.017279631 6.59E-13 null 0.00706503 0.008114887


06672.png FALSE 0.06420808 0 null 0.064583463 0.042930515

07134.png FALSE 0.03542274 3.57E-04 null 0.017337435 0.017705773



08145.png FALSE 0.033316358 2.77E-04 null 0.023061286 0.01888482

09061.png FALSE 0.014700003 0.004850409 null 0.025382546 0.014977653

09252.png FALSE 0.074362745 7.14E-04 null 0.01319539 0.029424144

09431.png FALSE 0.040878552 0.003281354 null 0.031193448 0.025117784

09988.png FALSE 0.062680713 3.54E-04 null 0.054694774 0.039243301

Test Results Summary: Zero (0%)steganalysis detections using the "StandardFusion" detection algorithm in StegExposesoftware.

StegExpose can be downloaded here:https://github.com/b3dk7/StegExpose.

CONCLUSIONIn this paper we have presented a completeOne-Time Pad encryption and steganographysystem, including all software necessary tocomplete practical communication. We havecompiled recommended best practices andidentified potential security levels. Finally, wehave tested the software using robust state-of-the-art steganalysis techniques and found thelow payload threshold maintained in thesoftware produces a high margin ofcommunication security safety. No payloadfiles were detected (0% detections), despiteeach file containing the entire content of theU.S. Constitution as embedded text.



REFERENCES

A. Bhatacharya, I. Banerjee, and G. Sanyal,“A survey of steganography andsteganalysis techniques in image, text,audio and video cover carrier”, Journal ofGlobal Research in Computer Science,vol.2, no.4, pp.1-16, 2011.

A. Cheddad, J. Condell, K. Curran, and P.M.Kevitt, “Digital image steganography:survey and analysis of current methods”,Signal Processing, vol. 90, pp.727-752,2010.

A. Gangwar, and V. Srivastava, “ImprovedRGB-LSB steganography using secret key”,International Journal of Computer Trendsand Technology, vol.4, no.2, pp.85-89,2013.

A. Gutub, M. Ankeer, M. Abu-Ghalioun, A.Shaheen, and A. Alvi, “Pixel indicator highcapacity technique for RGB image basedsteganography”, in Proceedings of FifthIEEE International Workshop on SignalProcessing and its Applications, 2008,University of Sharjah, U.A.E.

A. Martin, G. Sapiro, and G. Seroussi, “Isimage steganography natural”, IEEETransactions on Image Processing, vol.14,no.12, pp.2040-2050, 2005.

A. Mishra, A. Gupta, and D. K. Vishwakarma,“Proposal of a new steganographyapproach”, in Proceedings of InternationalConference on Advances in Computing,Control, and TelecommunicationTechnologies, 2009, pp.175-178.

A. P. S. Pharwaha, “Secure datacommunication using moderate bitsubstitution for data hiding with threelayer security”, IE(I) Journal-ET, vol.91,

pp.45-50, 2010., International Journal ofSecurity and Its Applications, vol.6, no.2,pp.1-12, 2012.

A. R. S. Marcal, and P.R. Pereira, “Asteganographic method for digital imagesrobust to RS steganalysis”, LNCS, vol.3656,2005, pp.1192-1199.

B. Li, J. He, J. Huang, and Y.Q. Shi, “Asurvey on image steganography andsteganalysis”, Journal of InformationHiding and Multimedia Signal processing,vol.2, no.2, pp.142-172, 2011.

C. K. Chan, and L. M. Chang, “Hiding data inimages by simple LSB substitution”,Pattern Recognition, vol.37, pp.469-474,2004.

D. C. Lou, and C. H. Hu, “LSB steganographicmethod based on reversible histogramtransformation function for resistingstatistical steganalysis”, InformationSciences, vol.188, pp.346-358, 2012.Application of a large key cipher in imagesteganography by exploring the darkestand brightest pixels”, International Journalof Computer Science and Communication,vol. 3, no.1, pp.49-53, 2012.

G. Swain, and S. K. Lenka, “A dynamicapproach to image steganography using thethree least significant bits and extendedhill cipher”, Advanced Materials Research,vols. 403-408 pp.842-849, 2012.

G. Swain, and S. K. Lenka, “A hybridapproach to steganography- embedding atdarkest and brightest pixels”, inProceedings of International Conference onCommunication and ComputationalIntelligence, 2010, pp.529-534.



G. Swain, and S. K. Lenka, “A robust imagesteganography technique using dynamicembedding with two least significant bits”,Advanced Materials Research, vols. 403-408, pp.835-841, 2012.

G. Swain, and S. K. Lenka, “A technique forsecret communication by using a new blockcipher with dynamic steganography”

G. Swain, and S. K. Lenka, “LSB array basedimage steganography technique byexploring the four least significant bits”,CCIS

G. Swain, and S. K. Lenka, “Steganographyusing the twelve square substitution cipherand an index variable”, in Proceedings ofICECT, 2011, vol.3, pp.84-88.

G. Swain, D. R. Kumar, A. Pradhan, and S.K. Lenka, “A technique for securecommunication using message dependentsteganography”, International Journal ofComputer and CommunicationTechnology, vol.2, no. 2- 4, pp.177-181,2010.

H. B. Kekre, A. A. Athawale, and P. N.Halarnkar, “Increased capacity ofinformation hiding in LSB’s method fortext in image”, International Journal ofElectrical, Computer and SystemEngineering, vol.2, no.4, pp.246-249, 2008.

H. J. Zhang, and H. J. Tang, “A novel imagesteganography algorithm against statisticalanalysis”, in Proceedings of SixthInternational Conference on MachineLearning and Cybernetics, 2007, pp.3884-3888.

H. Mathkour, G. M. R. Assassa, A. A.Muharib, and I. Kiady, “A novel approachfor hiding messages in images”, inProceedings of International Conference onSignal Acquisition and Processing, 2009,pp.89-93.

H. Motameni, M. Norouzi, and A. Hatami,“Labeling method in steganography”, WorldAcademy of Science, Engineering andTechnology, vol. 24, pp.349-354, 2007. ,vol. 270, part II, 2012, pp.479-488.

J. He, S. Tang, and T. Wu, “An adaptivesteganography based on depth-varyingembedding”, in Proceedings of 2008Congress on Image and Signal Processing,2008, pp.660-663.

Kamaldeep, “Image steganography techniquesin spatial domain, their parameters andanalytical techniques: a review article” ,IJAIR, vol.2, no.5, pp.85-92, 2013.

M. A. B. Younes, and A. Jantan, “A newsteganography approach for imageencryption exchange by using leastsignificant bit insertion”, InternationalJournal of Computer Science and NetworkSecurity, vol.8, no.6, pp.247-254, 2008.

M. Bashardoust, G. B. Sulong, and P. Gerami,“Enhanced LSB image steganographymethod by using knight tour algorithm,vignere encryption and LZW compression”,International Journal of Computer ScienceIssues, vol.10, no.2, pp.221-227, 2013.

M. Hussain, and M. Hussain, “A survey ofimage steganography techniques”,International Journal of Advanced Scienceand Technology, vol. 54, pp.113-123, 2013.

M. Juneja, and P.S. Sandhu, “Designing ofrobust image steganography techniquebased on LSB insertion and encryption”, inProceedings of International Conference onAdvances in Recent Technologies inCommunication and Computing, 2009,pp.302-305.

M. K. Meena, S. Kumar, and N. Gupta,“Image steganography tool using adaptiveencoding approach to maximize imagehiding capacity”, International Journal of



Soft Computing and Engineering, vol.1,no.2, pp.7-11, 2011.

M. T. Parvez, and A. A. Gutub, “RGBintensity based variable-bits imagesteganography”, in Proceedings of IEEEAsia-pacific Services ComputingConference, 2008, pp.1322-1327.Gandharba Swain et al. / InternationalJournal of Computer Science &Engineering Technology (IJCSET)

N. Hamid, A. Yahya, R.B. Ahmad, D. Nejim,and L. Kannon, “Steganography in imagefiles: a survey”, Australian Journal of Basicand Applied Sciences, vol.7, no.1, pp.35-55,2013.

R. J. Anderson, and F. A. P. Petitcolas, “Onthe limits of steganography”, IEEE Journalof Selected Areas in Communications,vol.16, no.4, pp.474-481, 1998.

R. S. Gutta, Y. D. Chincholkar, and P. U.Lahane, “Steganography for two and threeLSBs using extended substitutionalgorithm”, ICTAT Journal onCommunication Technology, vol.4, no.1,pp.685-690, 2013.

S. M. Douiri, M. B. O. Medeni, S. Elbernoussi,and E. M. Souidi, “A new steganographicmethod for gray scale image using graphcoloring problem”, Applied Mathematics &Information Sciences, vol.7, no.2, pp.521-527, 2013.

Y. K. Jain, and R. R. Ahirwal, “A novel imagesteganography method with adaptivenumber of least significant bitsmodification based on private stego-keys”,International Journal of Computer Scienceand Security, vol.4, no.1, pp.40-49, 2010.

Y. K. Lee, G. Bell, S.Y. Huang, R.Z. Wang,and S.J. Shyu, “An advanced least-significant-bit embedding scheme forsteganographic encoding”, LNCS, vol.5414,2009, pp.349-360.

One-Time Pad Encryption Steganography System

Documents

Transcript of One-Time Pad Encryption Steganography System