Steganography and Steganalysis
<Developers of Embedding Program versus Steganalysts>
In addition to embedding and extracting topics, steganography has another topic "Steganalysis" which analyzes a multimedia file (e.g., image/sound file) if it is a stego-file (a file embedded with some secret data) or not.
The objective of steganalysis is, in simple terms, to detect the evil Internet files (that could be embedded with terrorists' communication messages) and prevent vicious crimes from happening to us. Steganalysis sessions in recent international conferences on Information Technology are quite popular. Some software company has already released a steganalysis software on a commercial basis.
However, we wonder "Could it be really possible to develop such steganography-detective software?" Actually, they don't say that it can detect any steganography. The program only outputs a message like "This image file can possibly be embedded with some secret data." But the program developer does not guarantee the detection result. As for the detection accuracy, the user's demand may change case by case. There is no definite accuracy-standard for all purposes. From the practical point of view we believe that the detection accuracy needs to be very high (e.g., more than 99%). However, we would say that there is no steganalysis software on the market which is worth buying at the moment. In the following part of this page we will show a steganalysis experiment performed by using a commercialized stego-detection program.
Most steganography-software developers do not disclose their embedding methods. Even if someone discloses the principle, the varieties of the practical implementation are very large, and the details of the embedding program are never known to anyone else but the program developer himself. So, we naturally wonder "What features are exploited and how can the steganalysts analyze the suspicious file when they don't know the embedding method?"
Every academic paper on steganalysis first assumes a specific embedding method, and then makes an assertion "As this embedding has this type of weakness, so we can take advantage of that weakness, and this detection method should be very effective." Then it says "The experimental results are here. We found this detection algorithm was very good." This is to say that each paper always stands on an assumption "if the embedding method is known."
Once such paper is publicized, the embedding-program developer can secretly change some programming options to make an easy escape from that weak point. So, it is really hard for the steganalysts to make an effective detection program even if the embedding method is known in principle. It becomes much harder when they don't know the embedding method. Actually, it is almost impossible. It is safe to say that they can do nothing meaningful to detect a stego file.
Meanwhile, an embedding-program developer may not be blamed even if he publicly announces "I am using this method", but actually he is using some other method. This is okay because he is guarded by "business secret."
An embedding program developer and a steganalyst are "enemies" against each other. They can't be a same person (same company). But, if someone plays a double role, he is an "arms merchant" who seeks only for money doing anything. His software products are nothing but evil.
Generally speaking, the embedding-program developers have a great advantage over the steganalysts in their cat-and-mouse game.
<Image files for steganography detection test>
We will show a steganography detection test performed by using a commercialized detection program "Stego WatchTM" which is an automated detection program included in "Stego SuiteTM" software developed by WetStone Technologies, Inc. 16 sample images tested in this experiment are shown below.
Only the images having a * mark to the right of the file size are the stego images embedded with some "secret data" by the "Information Embedding" module of our Qtech Hide & View. So, if you are interested in extracting the secret data, you can do it by the "Information Extracting" module. Some of the Access Keys needed are here. ("Popup block setting" must be "off" with your browser when you download them.) Other keys are ready on request . (When you contact us, go to the formed message sending page.)
This experiment was made by a security-conscious IT engineer (a Stego SuiteTM user) who is not in our KIT Steganography Research Group. When he performed the experiment, he did not know anything about the "right answer."
Experimental results and our assessment of this detection program are shown in other page.
16 Image Files used for the Experiment
Back to Home
(Updated on Mar. 01, 2015 by Eiji Kawaguchi)