A Complexity Approach for Steganalysis

Robustness and security are two major concerns in information hiding. These two concerns have been defined in [6] as follows. "Robust watermarking is a mechanism to create a communication channel that is multiplexed into original content [...]. It is required that, firstly, the perceptual degradation of the marked content [...] is minimal and, secondly, that the capacity of the watermark channel degrades as a smooth function of the degradation of the marked content. [...]. Watermarking security refers to the inability by unauthorized users to have access to the raw watermarking channel. [...] to remove, detect and estimate, write or modify the raw watermarking bits."

In the framework of watermarking and steganography, security has seen several important developments since the last decade [1,4,7]. The first fundamental work in security was made by Cachin in the context of steganography [2]. Cachin interprets the attempts of an attacker to distinguish between an innocent image and a stego-content as a hypothesis testing problem. In this document, the basic properties of a stegosystem are defined using the notions of entropy, mutual information, and relative entropy. Mittelholzer, inspired by the work of Cachin, proposed the first theoretical framework for analyzing the security of a watermarking scheme [8].

These efforts to bring a theoretical framework for security in steganography and watermarking have been followed up by Kalker, who tries to clarify the concepts (robustness vs. security), and the classifications of watermarking attacks [6]. This work has been deepened by Furon et al., who have translated Kerckhoffs’ principle (Alice and Bob shall only rely on some previously shared secret for privacy), from cryptography to data hiding [5]. They used Diffie and Hellman methodology, and Shannon’s cryptographic framework [10], to classify the watermarking attacks into categories, according to the type of information Eve has access to [4,9], namely : Watermarked Only Attack (WOA), Known Message Attack (KMA), Known Original Attack (KOA), and Constant-Message Attack (CMA). Levels of security have been recently defined in these setups. The highest level of security in WOA is called stego-security [3], recalled below.

In the prisoner problem of Simmons [11], Alice and Bob are in jail, and they want to, possibly, devise an escape plan by exchanging hidden messages in innocent-looking cover contents. These messages are to be conveyed to one another by a common warden, Eve, who over-drops all contents and can choose to interrupt the communication if they appear to be stego-contents. The stegosecurity, defined in this framework, is the highest security level in WOA setup [3]. To recall it, we need the following notations :

-K is the set of embedding keys, -p(X) is the probabilistic model of N 0 initial host contents, -p(Y |K 1 ) is the probabilistic model of N 0 watermarked contents. Furthermore, it is supposed in this context that each host content has been watermarked with the same secret key K 1 and the same embedding function e. It is now possible to define the notion of stego-security : Definition 1 (Stego-Security) The embedding function e is stego-secure if and only if :

2 Toward a Cryptographically Secure Hiding

Almost all branches in cryptology have a complexity approach for security. For instance, in a cryptographic context, a pseudorandom number generator (PRNG) is a deterministic algorithm G transforming strings into strings and such that, for any seed k of length k, G(k) (the output of G on the input k) has size ℓ G (k) with ℓ G (k) > k. The notion of secure PRNGs can now be defined as follows.

Definition 2 A cryptographic PRNG G is secure if for any probabilistic polynomial time algorithm D, for any positive polynomial p, and for all sufficiently large k’s,

where U r is the uniform distribution over {0, 1} r and the probabilities are taken over U N , U ℓG(N ) as well as over the internal coin tosses of D.

Intuitively, it means that no polynomial-time algorithm can make a distinction, with a non-negligible probability, between a truly random generator and G.

Inspired by these kind of definitions, we propose what follows.

Definition 3 (Stegosystem) Let A an alphabet and S, M, K three sets of words on A called respectively the sets of supports, messages, and keys. A stegosystem on (S, M, K) is a tuple (I, E, inv) such that :

-I(s, m, k) and E(c, k ′ ) can be computed in polynomial time. I is called the insertion function, E the extraction function, s the host content, m the hidden message, k the embedding key, k ′ = inv(k) the extraction key, and s ′ is the stego-content. If ∀k ∈ K, k = inv(k), the stegosystem is symmetric, otherwise it is asymmetric.

Definition 5 (Probability set) A probability set X = {(S n , P n ), n ∈ N} on A is an infinite family of couples of finite sets S n ⊆ A * together with their probability distributions P n , such that for every n ∈ N, there exists r ∈ N such tha

This content is AI-processed based on open access ArXiv data.