| |
SSIS System Detailed Description
Following is the SSIS algorithm as described in [1].
The basic idea behind the scheme is to hide the information as
noise typical to natural images captured by photoelectronic devices. This
wideband thermal noise can be modeled as additive white Gaussian noise (one that
has a flat frequency spectrum). So the message is modulated with a
pseudorandomly generated AWGN sequence and added to the image. Visually, it will
look like a natural phenomenon, and without knowledge of the generating
pseudorandom sequence it will appear as a completely random noise to computer
analysis.
The system accepts as input: the cover image (2D graylevel matrix), the message (binary array) and 3 secret keys.
Encoding process
The encoder operates as follows (see Figure 2 above):
-
Encrypt the message using key #1. This step is optional, but
nevertheless recommended in order to improve security of the system and to make
the distribution of the bits to appear more random. [1] does neither specify nor
recommend the use of any known encryption algorithm. We have implemented 2
options:
-
Advanced Encryption Standard (AES, a.k.a. Rijndael)
-
One-time-pad - the message bits are XORed with the 128-bit
key
In any case, the message is divided into 128-bit blocks and then
reassembled after encryption.
Note: if the message BER is expected to be greater than zero (i.e. the
message will not be completely recovered by the decoder), the use of AES will
lead to inability to recover the message at all, since AES gurantees that if a
single bit of the ciphertext is changed, then all bits of plaintext are
affected as a result. The second option, on the other hand, doesn't impose this
kind of constraint. However, one-time-pad requires the key to be changed every
time, otherwise the code is easily breakable (since it is linear).
-
Encode the encrypted message using an error-correcting encoder.
Error correction is an essential part of the stegosystem, because errors are
inevitable when recovering the wideband signal from the stegoimage, as we shall
later see.
Any error-correcting code that is capable of correcting relatively high BER
(typically greater than 0.15 BER, as the experiments have shown) can be used
within the system. Marvel et al. used binary expansions of Reed-Solomon codes.
We implemented 3 options: Reed-Solomon code, cyclic code and BCH code. The codes
differ by the following characteristics:
-
Rate of the encoder, i.e. the ratio between the length of the
encoded message and the length of the original message. Low-rate codes have
large such ratio, therefore less available image space can be used for hiding
the data.
-
Error-correcting ability of the code. Every code has a threshold
BER above which the message cannot be restored properly.
Therefore, the choice of a specific error-correcting code must
be dictated by both the needed payload and the expected levels of degradation
during transmission. On a completely distortion-free channel, the entire
decoding process can be simulated at the encoding side, and the appropriate
error-correcting code can be chosen.
-
A pseudorandom Gaussian noise sequence, n, is generated
by seeding the random number generator with key #2. It is then modulated with
m, the output of the error-correcting encoder.
A simple modulation scheme is to multiply the two sequences, as in (1). The
recovery of the original signal from the restored modulated one would then
simply be according to (2):
Since m is a sequence consisting of 1 and -1, the resulting modulated
sequence s has a Gaussian distribution. However, if the estimate of s is
not exact, the scheme results in very bad estimation of m as well. Since in
Gaussian distribution, the majority of the values are close to 0, even a small
level of noise (due to inexact recovery of s) can change the sign of the
sample to the opposite, which would result in incorrect estimation
of the message bit m.
As can be seen, the minimal noise amplitude needed in order to change the
message bit from 1 to -1 (and vice versa), given that the sample amplitude is
x,
equals |x|.
To cope with this problem, a nonlinear modulation
scheme was developed in [1] as follows:
generate a uniformly distributed random sequence u, and get another
uniformly distributed random sequence u' according to (3). The modulated
signal is constructed by choosing either from u or u' depending on
the message bit. The chosen value is then transformed to Gaussian distribution
according to (4).
The recovery of the message bit is as follows: the sequences u and
u' are regenerated at the decoding side. Now,
Let's assume ui<0.5. In order for an
error to occur at the decoding side, the noise amplitude A must satisfy
(regardless of the message bit):
Similarily, for ui>0.5:
The minimal distortion amplitude, as function of the Gaussian value x
being modulated, is therefore:
The difference between the minimal distortion amplitudes can be seen from the
following graph:
So the new modulation scheme performs better in the vicinity of 0, where most of
the Gaussian distribution reside.
It is here that the spectrum of the message signal is "spread" over all
frequencies.
After modulation, the resulting signal is also multiplied by a constant scale
factor, which is chosen manually in order to make the embedded signal power low
with respect to the cover image power.
-
The modulated signal is shuffled using an interleaver, which
chooses a pseudorandom permutation of the numbers [1..size of the image] (using
key #3 as the seed to the PRNG) and then adds the modulated signal to the cover
image at the chosen positions. This reordering, besides providing an additional
level of security, also helps to prevent bursts of errors, since all the message
bits are equally spread over the cover image.
-
Finally, before transmitting, the image is converted back to
8-bit precision, if we are working with 256-level images (this is actually a
quantization transformation).
Decoding process
The decoder operates as follows:
-
Since this is a blind scheme, an estimate of the original cover
image must be obtained. This estimate is then subtracted from the received
stegoimage to obtain the estimate of the embedded signal. For this purpose, we
need to filter out the low-power additive random noise present in the stegoimage.
The algorithm doesn't require use of a specific restoration filter. However, it
was discovered by the authors that a specific mean filter (alpha-trimmed mean),
which discards the minimum and maximum values in the processed window and
calculates the mean of the remaining values provides the lowest embedded signal
BER. In our implementation, we enable the user to choose the desired restoration
filter.
-
After restoration, the estimated embedded signal is
deinterleaved, demodulated, decoded and decrypted according to what is described
above (in the encoder section). Since both the sender and the receiver possess the same keys, these steps are just the reverse of the corresponding steps at
the encoder side.
|