SSIS Details
Home Introduction Existing Methods SSIS Details Results and Examples Code Bibliography

 

SSIS System Detailed Description

Following is the SSIS algorithm as described in [1].

The basic idea behind the scheme is to hide the information as noise typical to natural images captured by photoelectronic devices. This wideband thermal noise can be modeled as additive white Gaussian noise (one that has a flat frequency spectrum). So the message is modulated with a pseudorandomly generated AWGN sequence and added to the image. Visually, it will look like a natural phenomenon, and without knowledge of the generating pseudorandom sequence it will appear as a completely random noise to computer analysis.

The system accepts as input: the cover image (2D graylevel matrix), the message (binary array) and 3 secret keys.

Encoding process

The encoder operates as follows (see Figure 2 above):

  1. Encrypt the message using key #1. This step is optional, but nevertheless recommended in order to improve security of the system and to make the distribution of the bits to appear more random. [1] does neither specify nor recommend the use of any known encryption algorithm. We have implemented 2 options:

    1. Advanced Encryption Standard (AES, a.k.a. Rijndael)

    2. One-time-pad  - the message bits are XORed with the 128-bit key

    In any case, the message is divided into 128-bit blocks and then reassembled after encryption.
    Note: if the message BER is expected to be greater than zero (i.e. the message will not be completely recovered by the decoder), the use of AES will lead to inability to recover the message at all, since AES gurantees that if a single bit of the ciphertext is changed, then all bits of plaintext are affected as a result. The second option, on the other hand, doesn't impose this kind of constraint. However, one-time-pad requires the key to be changed every time, otherwise the code is easily breakable (since it is linear).

  2. Encode the encrypted message using an error-correcting encoder. Error correction is an essential part of the stegosystem, because errors are inevitable when recovering the wideband signal from the stegoimage, as we shall later see.
    Any error-correcting code that is capable of correcting relatively high BER (typically greater than 0.15 BER, as the experiments have shown) can be used within the system. Marvel et al. used binary expansions of Reed-Solomon codes. We implemented 3 options: Reed-Solomon code, cyclic code and BCH code. The codes differ by the following characteristics:

    1. Rate of the encoder, i.e. the ratio between the length of the encoded message and the length of the original message. Low-rate codes have large such ratio, therefore less available image space can be used for hiding the data.

    2. Error-correcting ability of the code. Every code has a threshold BER above which the message cannot be restored properly.

    Therefore, the choice of a specific error-correcting code must be dictated by both the needed payload and the expected levels of degradation during transmission. On a completely distortion-free channel, the entire decoding process can be simulated at the encoding side, and the appropriate error-correcting code can be chosen.

  3. A pseudorandom Gaussian noise sequence, n, is generated by seeding the random number generator with key #2. It is then modulated with m, the output of the error-correcting encoder.
    A simple modulation scheme is to multiply the two sequences, as in (1). The recovery of the original signal from the restored modulated one would then simply be according to (2):

    Since m is a sequence consisting of 1 and -1, the resulting modulated sequence s has a Gaussian distribution. However, if the estimate of s is not exact, the scheme results in very bad estimation of m as well. Since in Gaussian distribution, the majority of the values are close to 0, even a small level of noise (due to inexact recovery of s) can change the sign of the sample to the opposite, which would result in incorrect estimation of the message bit m.



    As can be seen, the minimal noise amplitude needed in order to change the message bit from 1 to -1 (and vice versa), given that the sample amplitude is x, equals |x|.

    To cope with this problem, a nonlinear modulation scheme was developed in [1] as follows:
    generate a uniformly distributed random sequence u, and get another uniformly distributed random sequence u' according to (3). The modulated signal is constructed by choosing either from u or u' depending on the message bit. The chosen value is then transformed to Gaussian distribution according to (4).


    The recovery of the message bit is as follows: the sequences u and u' are regenerated at the decoding side. Now,


    Let's assume ui<0.5. In order for an error to occur at the decoding side, the noise amplitude A must satisfy (regardless of the message bit):


    Similarily, for ui>0.5:


    The minimal distortion amplitude, as function of the Gaussian value x being modulated, is therefore:


    The difference between the minimal distortion amplitudes can be seen from the following graph:


    So the new modulation scheme performs better in the vicinity of 0, where most of the Gaussian distribution reside.

    It is here that the spectrum of the message signal is "spread" over all frequencies.
    After modulation, the resulting signal is also multiplied by a constant scale factor, which is chosen manually in order to make the embedded signal power low with respect to the cover image power.

  4. The modulated signal is shuffled using an interleaver, which chooses a pseudorandom permutation of the numbers [1..size of the image] (using key #3 as the seed to the PRNG) and then adds the modulated signal to the cover image at the chosen positions. This reordering, besides providing an additional level of security, also helps to prevent bursts of errors, since all the message bits are equally spread over the cover image.

  5. Finally, before transmitting, the image is converted back to 8-bit precision, if we are working with 256-level images (this is actually a quantization transformation).

 

Decoding process

The decoder operates as follows:

  1. Since this is a blind scheme, an estimate of the original cover image must be obtained. This estimate is then subtracted from the received stegoimage to obtain the estimate of the embedded signal. For this purpose, we need to filter out the low-power additive random noise present in the stegoimage. The algorithm doesn't require use of a specific restoration filter. However, it was discovered by the authors that a specific mean filter (alpha-trimmed mean), which discards the minimum and maximum values in the processed window and calculates the mean of the remaining values provides the lowest embedded signal BER. In our implementation, we enable the user to choose the desired restoration filter.

  2. After restoration, the estimated embedded signal is deinterleaved, demodulated, decoded and decrypted according to what is described above (in the encoder section). Since both the sender and the receiver possess the same keys, these steps are just the reverse of the corresponding steps at the encoder side.