The Community for Technology Leaders
RSS Icon
Issue No.05 - May (2009 vol.58)
pp: 662-676
Nicholas Hopper , University of Minnesota, Minneapolis
Luis von Ahn , Carnegie Mellon University, Pittsburgh
John Langford , Yahoo! Research, New York
Steganography is the problem of hiding secret messages in "innocent-looking” public communication so that the presence of the secret messages cannot be detected. This paper introduces a cryptographic formalization of steganographic security in terms of computational indistinguishability from a channel, an indexed family of probability distributions on cover messages. We use cryptographic and complexity-theoretic proof techniques to show that the existence of one-way functions and the ability to sample from the channel are necessary conditions for secure steganography. We then construct a steganographic protocol, based on rejection sampling from the channel, that is provably secure and has nearly optimal bandwidth under these conditions. This is the first known example of a general provably secure steganographic protocol. We also give the first formalization of "robust” steganography, where an adversary attempts to remove any hidden messages without unduly disrupting the cover channel. We give a necessary condition on the amount of disruption the adversary is allowed in terms of a worst case measure of mutual information. We give a construction that is provably secure and computationally efficient and has nearly optimal bandwidth, assuming repeatable access to the channel distribution.
Steganography, covert channels, provable security.
Nicholas Hopper, Luis von Ahn, John Langford, "Provably Secure Steganography", IEEE Transactions on Computers, vol.58, no. 5, pp. 662-676, May 2009, doi:10.1109/TC.2008.199
[1] B.W. Lampson, “A Note on the Confinement Problem,” Comm. ACM, vol. 16, no. 10, pp. 613-615, 1973.
[2] NCSC-TG-030: A Guide to Understanding Covert Channel Analysis of Trusted Systems. US Nat'l Computer Security Center, 1993.
[3] D. Kahn, The Codebreakers: The Story of Secret Writing, revised ed. Scribner, 1996.
[4] G. Jagpal, “Steganography in Digital Images,” PhD dissertation, Cambridge Univ., Selwyn College, May 1995.
[5] Information Hiding Techniques for Steganography and Digital Watermarking. S. Katzenbeisser and F.A. Petitcolas, eds. Artech House, 2000.
[6] K. Matsui and K. Tanaka, “Video-Steganography: How to Secretly Embed a Signature in a Picture,” Proc. IMA IP Workshop, 1994.
[7] A. Westfeld and G. Wolf, “Steganography in a Video Conferencing System,” Proc. Second Int'l Workshop Information Hiding (IH '98), D. Aucsmith, ed., pp. 32-47, 1998.
[8] D. Gruhl, A. Lu, and W. Bender, “Echo Hiding,” Proc. First Int'l Workshop Information Hiding (IH '96), R.J. Anderson, ed., pp. 293-315, 1996.
[9] C. Neubauer, J. Herre, and K. Brandenburg, “Continuous Steganographic Data Transmission Using Uncompressed Audio,” Proc. Second Int'l Workshop Information Hiding (IH '98), vol. 1525, pp. 208-217, 1998.
[10] J. Brassil, S.H. Low, N.F. Maxemchuk, and L. O'Gorman, “Electronic Marking and Identification Techniques to Discourage Document Copying,” IEEE J. Selected Areas in Comm., vol. 13, no. 8, pp. 1495-1504, 1995.
[11] G.J. Simmons, “The Prisoners' Problem and the Subliminal Channel,” Proc. Int'l Cryptology Conf. (CRYPTO '83), pp. 51-67, 1983.
[12] R.J. Anderson, “Stretching the Limits of Steganography,” Proc. First Int'l Workshop Information Hiding (IH '96), pp. 39-48, 1996.
[13] R.J. Anderson and F.A. Petitcolas, “On the Limits of Steganography,” IEEE J. Selected Areas in Comm., vol. 16, no. 4, pp. 474-481, May 1998.
[14] C. Cachin, “An Information-Theoretic Model for Steganography,” Proc. Second Int'l Workshop Information Hiding (IH '98), pp. 306-318, 1998.
[15] T. Mittelholzer, “An Information-Theoretic Approach to Steganography and Watermarking,” Proc. Third Int'l Workshop Information Hiding (IH '99), A. Pfitzmann, ed., pp. 1-16, 1999.
[16] J.A. O'Sullivan, P. Moulin, and J.M. Ettinger, “Information Theoretic Analysis of Steganography,” Proc. IEEE Int'l Symp. Information Theory (ISIT '98), p. 297, Aug. 1998.
[17] J. Zöllner, H. Federrath, H. Klimant, A. Pfitzmann, R. Piotraschke, A. Westfeld, G. Wicke, and G. Wolf, “Modeling the Security of Steganographic Systems,” Proc. Second Int'l Workshop Information Hiding (IH '98), pp. 344-354, 1998.
[18] C. Cachin, “An Information-Theoretic Model for Steganography,” Information and Computation, vol. 192, no. 1, pp. 41-56, 2004.
[19] N.J. Hopper, J. Langford, and L. von Ahn, “Provably Secure Steganography,” Proc. 22nd Ann. Int'l Cryptology Conf. (CRYPTO'02), M. Yung, ed., pp. 77-92, 2002.
[20] N. Hopper, “Toward a Theory of Steganography,” PhD dissertation, Technical Report CMU-CS-04-157, Carnegie Mellon Univ., Pittsburgh, Aug. 2004.
[21] L. Reyzin and S. Russell, “Simple Stateless Steganography,” Cryptology ePrint Archive, Report 2003/093, http:/eprint.iacr. org/, 2003.
[22] N. Dedić, G. Itkis, L. Reyzin, and S. Russell, “Upper and Lower Bounds on Black-Box Steganography,” Proc. Second Theory of Cryptography Conf. (TCC '05), J. Kilian, ed., pp. 227-244, 2005.
[23] T.V. Le and K. Kurosawa, “Efficient Public Key Steganography Secure against Adaptively Chosen Stegotext Attacks,” Cryptology ePrint Archive, Report 2003/244, http:/, 2003.
[24] A. Lysyanskaya and M. Meyerovich, “Provably Secure Steganography with Imperfect Sampling,” Proc. Ninth Int'l Conf. Theory and Practice of Public-Key Cryptography (PKC '06), M. Yung, Y.Dodis, A. Kiayias, and T. Malkin, eds., pp. 123-139, 2006.
[25] M. Backes and C. Cachin, “Public-Key Steganography with Active Attacks,” Proc. Second Theory of Cryptography Conf. (TCC '05), J.Kilian, ed., pp. 210-226, 2005.
[26] O. Goldreich, S. Goldwasser, and S. Micali, “How to Construct Random Functions,” J. ACM, vol. 33, no. 4, pp. 792-807, 1986.
[27] J. Håstad, R. Impagliazzo, L.A. Levin, and M. Luby, “A Pseudorandom Generator from Any One-Way Function,” SIAM J. Computing, vol. 28, no. 4, pp. 1364-1396, 1999.
[28] J. Wolfowitz, Coding Theorems of Information Theory. Springer and Prentice Hall, 1978.
[29] J. Kilian, ed., Proc. Second Theory of Cryptography Conf. (TCC), 2005.
13 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool