Perfectly Secure Steganography: Capacity, Error Exponents, and Code Constructions (original) (raw)
Related papers
Constructing perfect steganographic systems
Information and Computation, 2011
We propose steganographic systems for the case when covertexts (containers) are generated by an i.i.d. or a finite-memory distribution, with known or unknown statistics. The probability distributions of covertexts with and without hidden information are the same; this means that the proposed stegosystems are perfectly secure, i.e. an observer cannot determine whether hidden information is being transmitted. In contrast, existing results only include methods for which the distributions of covertexts with and without hidden text are close but not equal.
Information-Theoretic Approach to Steganographic Systems
2007 IEEE International Symposium on Information Theory, 2007
We propose a simple universal (that is, distributionfree) steganographic system in which covertexts with and without hidden texts are statistically indistinguishable. The stegosystem can be applied to any source generating i.i.d. covertexts with unknown distribution, and the hidden text is transmitted exactly, with zero probability of error. Sequences of covertexts with and without hidden information obey the same distribution (the stegosystem is perfectly secure). The proposed steganographic system has two important properties. First, the rate of transmission of hidden information approaches the Shannon entropy of the covertext source as the size of blocks used for hidden text encoding tends to infinity. Second, if the size of the alphabet of the covertext source and its minentropy tend to infinity then the number of bits of hidden text per letter of covertext tends to log(n!)/n where n is the (fixed) size of blocks used for hidden text encoding. Besides, the resource complexity of the proposed algorithms grows only polynomially.
Provably Secure Universal Steganographic Systems
IACR Cryptology ePrint Archive, 2006
We propose a simple universal (that is, distribution-free) steganographic system in which covertexts with and without hidden texts are statistically indistinguishable. Moreover, the proposed steganographic system has two important properties. First, the rate of transmission of hidden information approaches the Shannon entropy of the covertext source as the size of blocks used for hidden text encoding tends to infinity. Second, if the size of the alphabet of the covertext source and its minentropy tend to infinity then the the number of bits of hidden text per letter of covertext tends to log(n!)/n where n is the (fixed) size of blocks used for hidden text encoding. The proposed stegosystem uses randomization.
Asymptotically optimal perfect steganographic systems
Problems of Information Transmission, 2009
In 1998 C. Cachin proposed an information-theoretic approach to steganography. In particular, in the framework of this approach, so-called perfectly secure stegosystems were defined, where messages that carry and do not carry hidden information are statistically indistinguishable. There was also described a universal steganographic system, for which this property holds only asymptotically, as the message length grows, while encoding and decoding complexity increases exponentially. (By definition, a system is universal if it is also applicable in the case where probabilistic characteristics of messages used to transmit hidden information are not known completely.) In the present paper we propose a universal steganographic system where messages that carry and do not carry hidden information are statistically indistinguishable, while transmission rate of "hidden" information approaches the limit, the Shannon entropy of the source used to "embed" the hidden information.
New results on robustness of secure steganography
2006
abstract Steganographic embedding is generally guided by two performance constraints at the encoder. Firstly, as is typical in the field of watermarking, all the transmission codewords must conform to an average power constraint. Secondly, for the embedding to be statistically undetectable (secure), it is required that the density of the watermarked signal must be equal to the density of the host signal.
On The Limits Of Perfect Security For Steganographic System
Until now the discussion on perfect security for steganographic systems has remained confined within the realm of mathematicians and information theory experts whose concise and symbolic representation of their philosophies, postulates, and inference thereafter has made it hard for the na\"ive academics to have an insight of the concepts. This paper is an endeavor not only to appraise on the limitations of one of such pioneer comprehensions but also to illustrate a pitfall in another scheme that asserts on having perfect security without the use of public or secret key. Goals set are accomplished through contrasting test results of a steganographic scheme that exploits English words with corresponding acronyms for hiding bits of secret information in chat - a preferred way to exchange messages these days. The misapprehension about perfect security and reign in characteristic of stego key in bit embedding process are unfolded respectively by launching elementary chosen-message a...
An Information-Theoretic Model for Steganography * Christian Cachin
An information-theoretic model for steganography with a passive adversary is proposed. The adversary's task of distinguishing between an innocent cover message C and a modified message S containing hidden information is interpreted as a hypothesis testing problem. The security of a steganographic system is quantified in terms of the relative entropy (or discrimination) between the distributions of C and S, which yields bounds on the detection capability of any adversary. It is shown that secure steganographic schemes exist in this model provided the covertext distribution satisfies certain conditions. A universal stegosystem is presented in this model that needs no knowledge of the covertext distribution, except that it is generated from independently repeated experiments. * To appear in Information and Computation. A preliminary version of this work was presented at the 2nd
Stretching the limits of steganography
Information Hiding, 1996
We present a number of insights into information hiding. It was widely believed that public key steganography was impossible; we show how to do it. We then look at a number of possible approaches to the theoretical security of hidden communications. This turns out to hinge on the ine ciency of practical compression algorithms, and one of the most important parameters is whether the opponent is active or passive (i.e., whether the censor can add noise, or will merely allow or disallow a whole messages). However, there are covertexts whose compression characteristics are such that even an active opponent cannot always eliminate hidden channels completely.
An information-theoretic model for steganography
Information Hiding, 1998
An information-theoretic model for steganography with passive adversaries is proposed. The adversary's task of distinguishing between an innocent c o ver message C and a modi ed message S containing a secret part is interpreted as a hypothesis testing problem. The security of a steganographic system is quanti ed in terms of the relative e n tropy or discrimination between P C and P S . Several secure steganographic schemes are presented in this model; one of them is a universal information hiding scheme based on universal data compression techniques that requires no knowledge of the covertext statistics.
Randomness Efficient Steganography
arXiv (Cornell University), 2009
Steganographic protocols enable one to embed covert messages into inconspicuous data over a public communication channel in such a way that no one, aside from the sender and the intended receiver, can even detect the presence of the secret message. In this paper, we provide a new provably-secure, private-key steganographic encryption protocol secure in the framework of Hopper et al [2]. We first present a "one-time stegosystem" that allows two parties to transmit messages of fixed length (depending on the length of the shared key) with information-theoretic security guarantees. Employing a pseudorandom generator (PRG) permits secure transmission of longer messages in the same way that such a generator allows the use of one-time pad encryption for long messages in a symmetric encryption framework. The advantage of our construction, compared to all previous work is randomness efficiency: in the information theoretic setting our protocol embeds a message of length n bits using a shared secret key of length (1 + o(1))n bits while achieving security 2 −n/ polylog n ; simply put this gives a rate of key over message that is 1 as n → ∞ (the previous best result [5] achieved a constant rate > 1 regardless of the security offered). In this sense, our protocol is the first truly randomness efficient steganographic system and breaks through a natural barrier imposed by bounded-round rejecting sampling. Furthermore, in our protocol, we can permit a portion of the shared secret key to be public while retaining precisely n private key bits. In this setting, by separating the public and the private randomness of the shared key, we achieve security of 2 −n. Our result comes as an effect of a novel application of randomness extractors to stegosystem design. Definition 2. The min-entropy of a random variable X, taking values in a set V , is the quantity H ∞ (X) min v∈V (− log Pr[X = v]). Statistical Distance We use statistical distance to measure the distance between two random variables. Shoup [14] presents a detailed discussion on statistical distance and its properties.