Pascal Schöttle

A game-theoretic approach to content-adaptive steganography

Content-adaptive embedding is widely believed to improve steganographic security over uniform random embedding. However, such security claims are often based on empirical results using steganalysis methods not designed to detect adaptive embedding. We propose a framework for content-adaptive embedding in the case of imperfect steganography. It formally defines heterogeneity within the cover as a necessary condition for adaptive embedding. We devise a game-theoretic model for the whole process including cover generation, adaptive embedding, and a detector which anticipates the adaptivity. Our solution exhibits a unique equilibrium in mixed strategies. Its location depends on the level of heterogeneity of the cover source, but never coincides with naive adaptive embedding. The model makes several simplifying assumptions, including independent cover symbols and the steganalysts ability to recover the adaptivity criterion perfectly.

Weighted stego-image steganalysis for naive content-adaptive embedding

Weighted stego-image (WS) steganalysis is the state of the art for estimating LSB replacement steganography in spatial domain images. However, the most powerful WS variants designed against random uniform embedding perform poorly against content-adaptive steganography. As a remedy, we propose a novel variant of WS which is specialized in detecting small payloads hidden exclusively in the least detectable spots of a cover, benchmark its performance against known methods, and experimentally investigate the influence of the choice of the adaptivity criterion, i. e., the function that identifies supposedly secure spots in a heterogeneous cover. We find that adaptivity criteria which are hard to recover from the stego image alone provide stronger security against our specialized WS method.

Where to Hide the Bits

We present a stochastic two-player zero-sum game between defender and attacker related to the security of practical steganography. The defender wants to hide a message in a cover object drawn by nature. The attacker wants to distinguish plain covers from those with a hidden message. We study the case of n-bit covers, independently but not identically distributed to allow for variation in the predictability between parts of the cover. The defender knows the predictability exactly and chooses k embedding positions. The attacker may obtain side information to predict one chosen position of the cover and compare it to the observed object to make a decision. We present a unique mixed strategy Nash equilibrium for this game. It turns out that the attacker’s strategy is independent of the number of hidden bits k.

On the application of anomaly detection in Reliable Server Pooling systems for improved robustness against denial of service attacks

The Reliable Server Pooling (RSerPool) architecture is the IETFpsilas upcoming standard of a lightweight server redundancy and session failover framework for availability-critical applications. RSerPool combines the ideas from different research areas into a single, resource-efficient and unified architecture. Although there have already been a number of research papers on the pool management, load distribution and failover handling performance of RSerPool, the robustness against intentional attacks has not been intensively addressed yet. Therefore, the first goal of this paper is to provide a robustness analysis in order to outline the attack bandwidth necessary for a significant impact on RSerPool-based services. After that, we present our anomaly detection approach that has been designed to protect RSerPool systems against attacks. We also show the effectiveness of this approach by simulations.

Bitspotting: Detecting Optimal Adaptive Steganography

We analyze a two-player zero-sum game between a steganographer, Alice, and a steganalyst, Eve. In this game, Alice wants to hide a secret message of length \(k\) in a binary sequence, and Eve wants to detect whether a secret message is present. The individual positions of all binary sequences are independently distributed, but have different levels of predictability. Using knowledge of this distribution, Alice randomizes over all possible size-\(k\) subsets of embedding positions. Eve uses an optimal (possibly randomized) decision rule that considers all positions, and incorporates knowledge of both the sequence distribution and Alice’s embedding strategy.

Predictable rain?: steganalysis of public-key steganography using wet paper codes

Symmetric steganographic communication requires a secret stego-key pre-shared between the communicating parties. Public-key steganography (PKS) overcomes this inconvenience. In this case, the steganographic security is based solely on the underlying asymmetric encryption function. This implies that the embedding positions are either public or hidden by clever coding, for instance using Wet Paper Codes (WPC), but with public code parameters. We show that using WPC with efficient encoding algorithms may leak information which can facilitate an attack. The public parameters allow an attacker to predict among the possible embedding positions the ones most likely used for embedding. This approach is independent of the embedding operation. We demonstrate it for the case of least significant bit (LSB) replacement and present two new variants of Weighted Stego-Image (WS) steganalysis specifically tailored to detect PKS using efficient WPC. Experiments show that our WS variants can detect PKS with higher accuracy than known methods, especially for low embedding rates. The attack is applicable even if a hybrid stegosystem is constructed and public-key cryptography is only used to encapsulate a secret stego-key.

Forensics of high-quality JPEG images with color subsampling

Detecting prior compression is an essential task in image forensics and can be used to detect forgery in digital images. Many approaches focus on grayscale images and assume compressions with a low quality factor which often leave visible artifacts in the image. In practice, however, color images and high quality compression are much more relevant and widespread. Block convergence has been proposed to estimate the number of JPEG compressions with quality factor 100 for grayscale images and has been shown to produce accurate results [1]. This paper extends block convergence to the more relevant case of color images where chrominance subsampling and color conversion make the estimation more complex. By observing block convergence for macro-blocks over multiple recompressions we are able to produce accurate estimates for color images. Oftentimes block convergence for color images enables similar accuracy and allows to detect more recompressions compared to grayscale images, while maintaining a good distinction between never and once compressed images.

Managing the Weakest Link

We introduce a two-player stochastic game for modeling secure team selection to add resilience against insider threats. A project manager, Alice, has a secret she wants to protect but must share with a team of individuals selected from within her organization; while an adversary, Eve, wants to learn this secret by bribing one potential team member. Eve does not know which individuals will be chosen by Alice, but both players have information about the bribeability of each potential team member. Specifically, the amount required to successfully bribe each such individual is given by a random variable with a known distribution but an unknown realization.

Decoy Password Vaults: At Least as Hard as Steganography?

Cracking-resistant password vaults have been recently proposed with the goal of thwarting offline attacks. This requires the generation of synthetic password vaults that are statistically indistinguishable from real ones. In this work, we establish a conceptual link between this problem and steganography, where the stego objects must be undetectable among cover objects. We compare the two frameworks and highlight parallels and differences. Moreover, we transfer results obtained in the steganography literature into the context of decoy generation. Our results include the infeasibility of perfectly secure decoy vaults and the conjecture that secure decoy vaults are at least as hard to construct as secure steganography.

Forensics of High Quality and Nearly Identical JPEG Image Recompression

We address the known problem of detecting a previous compression in JPEG images, focusing on the challenging case of high and very high quality factors (>= 90) as well as repeated compression with identical or nearly identical quality factors. We first revisit the approaches based on Benford--Fourier analysis in the DCT domain and block convergence analysis in the spatial domain. Both were originally conceived for specific scenarios. Leveraging decision tree theory, we design a combined approach complementing the discriminatory capabilities. We obtain a set of novel detectors targeted to high quality grayscale JPEG images.