CS 691, Summer 2009 – PROJECT REPORT 1 A Study on Image Steganography Archana Sapkota, Deepti Reddy Abstract— In this paper we talk about what steganography is. We go through the different existing steganomatic techniques and methods. A lot of different steganography methods have been proposed over a few years. We specifically discuss about the existing JPEG steganography techniques. Though they have achieved good visual resistance, many of them could not survive the statistical attack. Several steganalytic methods have also been proposed in past which detect existence of secret message in the cover message. We review some of the steganalysis techniques that break some JPEG steganography techniques. Index Terms—steganalysis., Remote Monitoring, Wireless Sensor Network. I. INTRODUCTION S teganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message. While going back to the history, in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent covering message was written. Herodotus tells the story of a message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece about Persian invasion plans. This method has obvious drawbacks such as delayed transmission while waiting for the slave's hair to grow, and its one-off use since additional messages requires additional slaves. In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink. During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots were typically minute, about or less than the size of the period produced by a typewriter. WWII microdots needed to be embedded in the paper and covered with an adhesive. This was reflective and thus detectable by viewing against glancing light. Alternative techniques included inserting microdots into slits cut into the edge of post cards. Steganographic methods and various watermarking schemes are applications of information hiding techniques. Steganographic methods hide the secret information in the cover carrier so that the existence of the embedded information is undetectable. The cover carrier can be many kinds of digital media such as text, image, audio, and video. Because of the insensitivity of the human visual system, digital images have been widely used as cover carriers in most steganographic schemes, and are especially referred to as image hiding techniques. Few applications of staganography would be confidential communication and secret data storing, protection of data alteration, access control system for digital content distribution, media database systems etc. Simmons formulated information hiding as a prisoners problem. The same model can be adopted in the steganography as discussed further in this paper. The adversary can be considered active or passive. Alice and Bob are in jail, locked up in separate cells far apart from each other, and wish to devise an escape plan. They are allowed to communicate by means of sending authenticated messages via trusted couriers, provided they do not deal with escape plans. The couriers are agents of the warden Eve (the adversary) and will leak all communication to her. If Eve detects any sign of conspiracy, she will thwart the escape plans by transferring both prisoners to high-security cells from which nobody has ever escaped. Alice and Bob are well aware of these facts, so that before getting locked up, they have shared a secret codeword that they are now going to exploit for adding a hidden meaning to their seemingly innocent messages. Alice and Bob succeed if they can exchange information allowing them to coordinate their escape and Eve does not become suspicious. Wendy Is it stego? Alice Embedding Algorithm Cover message Secret message Secret key Fig 1. Prisoner’s Problem Bob Extracting Algorithm Secret key Hidden message CS 691, Summer 2009 – PROJECT REPORT 2 Substitution Techniques: II. CLASSIFICATION AND TECHNIQUES USED IN STEGANOGRAPHY There are many approaches in classifying steganographic systems. They can be classified according to the type of covers used for secret communication. Here, we classify steganography according to the cover modifications applied in the embedding process. The six classifications are: Substitution systems – Substitute redundant parts of a cover with a secret message. Transform domain techniques – Embed secret information in a transform space of the signal (eg. Frequency domain) Spread spectrum techniques – Adopt ideas from spread spectrum communication Statistical methods – Encode the information by modifying many statistical properties of a cover and then use of hypothesis testing in the extraction process. Distortion techniques – Storing of information by signal distortion and then measure the deviation from the original cover in the decoding step Cover generation method – Encode information in the way that the a cover for secret communication is created. There are three techniques to hide information in a cover file. Injection (or insertion) – In this technique, data to be hidden is stored in selections of a file that are ignored by the processing application. This avoids modifying bits that are relevant to the end-user. Binary files and executables are good file types for injection. Taking advantage of unused or reserved space to hold covert information provides a means of hiding information without perceptually degrading the carrier. When operating systems tore files, depending on the operating system, some may end up having unused space that is allocated to a file. This extra space can be used for embedding information. Another method of hiding information in file systems is to create a hidden partition. These partitions are not seen if the system is started normally. However, in many cases, running a disk configuration utility exposes the hidden partition. Protocols in the OSI network model also have vulnerabilities that can be used to hide information. TCP/IP packets used to transport information across the Internet have unused space in packet headers. Thousands of packets are transmitted with each communication channel, which provides an excellent covert communication channel if unchecked. Substitution – Using this approach, the least significant bits of information that determine the meaningful content of the original file with is replaced with new data in a way that causes the least amount of distortion. The main advantage of substitution technique is that the cover file size does not change after the execution of the algorithm. Generation -. This technique doesn't require an existing cover file. This technique generates a cover file for the sole purpose of hiding the message. In this paper, we look into various substitution methods used to save data in image files. Basic substitution techniques involve encoding secret information by substitution insignificant parts of the cover image by the secret message bits. In these methods, the receiver can extract the secret information if he has knowledge of the cover element positions used to hide the secret message. Since only a few changes were made to the cover image, the sender and receiver assume that a passive attacker won’t suspect the cover image has a secret message embedded in it. Least Significant bit substitution: Using the least significant bit substitution, a surprising amount of information can be hidden with little, if any, perceptible impact to the carriers itself. The data can be easily manipulated and recovered using steganography methods such as the least significant bit substitution. Embedding –For LSB, the substitution method involves choosing a subset of cover elements and performing the substitution operation on these cover elements. The substation basically exchanges the LSB of the cover element 0 or 1. An embedding process of more than 1 bit can be performed as well. A 2-bit substitution can be achieved by storing two message bits in the two most least significant bits of the cover element. Extracting – At the receivers end, the extraction process is pretty simple and it involves extracting the LSB of the selected cover-elements using during the embedding process and lining them up to reconstruct the embedded or secret message. The only piece of the information the receiver needs to know to reconstruct the secret message is the sequence of cover element indices used during the embedded process. 1 0 1 1 1 0 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 1 1 1 1 1 0 0 1 0 0 0 1 0 1 0 0 1 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 1 1 0 0 0 0 1 Figure 2: Hide letter “a” (ASCII code 91, in binary 01100001 inside eight bytes of the cover image Approaches used for Embedding and Extracting to overcome security threats: One approach is where the sender simply uses all the cover elements for embedding the secret information starting from CS 691, Summer 2009 – PROJECT REPORT the first cover element. The embedding processing using this method will be completed long before the end of the cover image and the unused cover elements will be left unchanged. The problem with this method is that it poses a security risk as the first part of the cover that was changed will be statistically different in properties than the second part where the cover elements were left untouched. Algorithm 1.0 Embedding process using least significant bit substitution j, ---- jk(m) – sub-set of cover elements m – message bit Exchanges LSB of Cji by mi For i = 1, ….., K(c) do Si ← Ci End For For i = 1….., K(m) do Compute index ji where to store ith message bit Sji ← Cji mi End For Algorithm 1.0 Extraction process using least significant bit substitution j, ---- jk(m) – sub-set of cover elements For i = 1, ….., K(M) do Compute index ji where to store ith message bit is stored mi ← LSB(Cij) End For A better approach to overcome the security threat is to use a pseudo random number generator that will help spread the secret message over the entire cover in a random manner. One common method used to achieve this is the random interval method. In this method, the sender and receiver share a stegokey k that is used as a seed for a random number generator. This helps to create a random sequence of indices that will be used to embed the secret message. This way the distance between two embedded bits is determined in a pseudorandom way. The receiver in this method knows the seed k and has knowledge of the pseudorandom number generator. This helps the receiver to re-construct the indices used to embed the secret message and in-turn get the secret image. Pseudo-random collisions: Considering all cover bits can be accessed in the embedding process, the message bits can be distributed randomly in the whole cover. This makes it hard for an attacker since there is no guarantee that subsequent message bits are embedded in the same order as the order here used is random. Embedding: Alice (the sender) will create a sequence of element indices and store each subsequent message bit in the next index determined by the pseudo random number generator. Considering the output of the pseudo random number generator is not restricted in any way, particular index 3 could be used more than once. This causes Alice to use an index more than once and corrupt the secret message bits. These are called collisions. The probability of collisions increases as the secret message is bigger and the cover image is smaller. Extracting : If the collisions are less, Alice can hope that the corrupted bits are just a few and using an error-correcting code, Bob (the receiver) can reconstruct the corrupted bits. As the probability of collisions increases, this method is hard to rely on. T Approaches used to overcome risks: The probability of collisions is negligible only for short images. One way to overcome the risk of collisions is for the sender to keep track of all cover bits that have already been used for substitution in a set S. If an index is already contained in B, the sender will simply discard the element number generated by the pseudo random number generator and run the random number generator to find an index that is not in set S. The receiver Bob will have to use the same technique to be able to decode the hidden message. Palette-based images: Uncompressed images like BMP provide a large space in which one can embed messages. However, their redundant data is obvious making it easily suspicious to steganalysts. Hence, JPEG and GIF are better choices for steganographic applications. Steganographers tend not to like to use palette based images, because the limitation on the colors available in a finite palette causes difficulties in hiding data. Two approaches to embedding messages in palette-based images are embedding messages into the palette and embedding messages into image data. Embed images into Palette: Shuffling Entries:One way this is done is to shuffle the color entries and then use different combinations of color entries to hide the intended message. Stego-image remains visibly intact but the orders of the colors in the palette are changed. One disadvantage of this method is that it is limited by the size of the palette. EZ Stego method :EZ stego method is similar to the commonly used LSB method for 24 bit color images (or 8 bit grayscale images). This is more widely used in which the colors in the palette are first sorted by luminance, which is a linear combination of three colors R, G, B in the palette. In the palette that is re-ordered, most neighboring palette entries are close to each other in the color space. The method embeds the messages in a binary form into the LSB of indices (pixels) pointing to the palette colors. Since, the colors with similar luminance values may be relatively far from each other, this method does not easily generate high quality steg-images. Fridrich method: Hiding message bits into parity bit of close colors-. The value of parity bit of the color R, G, B is CS 691, Summer 2009 – PROJECT REPORT determined. A message bit is embedded into each pixel of the cover image. This is done by searching for the closest color entry in the palette until a color entry with the desired parity bit is found. The parity bits of the palette entries that correspond to real images are more or less randomly distributed, guaranteeing that the original colors are not modified too much within the steg image. Fig. 3. An example to illustrate the steganographicmethods. (a) Original image (b) stego-image obtained using EZ Stego method; (c) stego-image obtained using Fridrich_s method; 4 International Standard-10918 (IS-10918). The JPEG compression is based on the DCT and allows substantial compression to be achieved while producing a reconstructed image with high visual fidelity. Following is the JPEG encoding procedure. The input image is first divided into 8 × 8 non-overlapping blocks, and each block is transformed by the FDCT into a set of 64 DCT coefficients. These coefficients are then quantized using a quantization table with 64 entries. The quantized results are all integers and defined as the division of each DCT coefficient by its corresponding quantization value, and rounding to the nearest integer. The quantization step is lossy because of the rounding error. The quantized coefficients are then passed to the entropy encoding step to form the compressed code. One of two tables must be provided in this step according to different entropy coding schemes. If Huffman encoding is used, a Huffman table must be provided. If arithmetic encoding is used, an arithmetic coding conditioning table must be provided. It should be noted that the entropy encoding step is lossless. The decoding process consists of three steps: entropy decoding, dequantization and inverse DCT. Each step in decoding process performs essentially the inverse of its corresponding step in encoding procedure. The entropy decoding step decodes the compressed code to the quantized DCT coefficients. The dequantization step then converts each quantized DCT coefficient to its approximate value by multiplying with its quantization value. DCT is then used to convert the dequantized coefficients to their spatial value. III. JPEG STEGANOGRAPHY Most image hiding systems use uncompressed images (e.g., BMP) or losslessly compressed images (e.g., GIF) as coverimages. These images potentially contain much visual redundancy so that they can provide large capacity to hide secret data. Many image hiding systems have been proposed and several stego-products have been developed based on lossless image formats (e.g., EzStego). For reducing transmission bandwidth and storing space, the JPEG image is currently the most common format used on the internet. While JPEG images have gained a lot of attraction, one of the challenges in using JPEG images is the reduced embedding capacity for steganography due to the efficient compression technique using discrete cosine transform(DCT). But various methods have been devices to make use of the maximum capacity available in the images of such format. JPEG steganographic methods use the DCT coefficients to embed the secret bits. A. JPEG compression JPEG is an international standard for continuous-tone still image compression which has been approved by International Standard Organization (ISO) under the denomination of Original image FDCT Quantization Entropy Encoding Compressed code Fig 2. JPEG encoding Compressed code Entropy Decoding Fig 3. JPEG decoding DeQuantization IFDCT Reconstructed image CS 691, Summer 2009 – PROJECT REPORT 5 Fig 4. Histogram of JPEG coefficients after quantization F5: The main observations we get from the histogram of JPEG coefficients is, the frequency of occurrence decreases with increasing absolute value and the difference between two bars in the middle is greater than the difference between two bars near the end. Instead of replacing the LSBs of the quantized DCT coefficients with the secret bits, the absolute value of the coefficient is decreased by 1. It also randomly chooses randomly DCT coefficients to embed the secret bits. Secret message B. JPEG steganographic Algorithms Quantization A lot of JPEG staganographic algorithms have been proposed in the past. In this section we will go through the proposed algorithms. Most of the algorithms make use of DCT coefficient to embed the hidden message. We briefly describe some of the commonly used JPEG steganographic techniques in this section. J-steg: Embeds the secret data by sequentially flipping the LSB of the quantized DCT coefficients (except 0s and 1s) without causing detectable artificial distortion. It has an embedding capacity of 12% and is secure against visual attack however fails easily against statistical attacks. J-steg influences the pairs of the frequency of the occurrence of the coefficients. Fig 5. Message embedding in Jsteg password P E P-1 Pseudo random Number generator Entropy Encoding steganogram Fig 7. F5 algorithm, P –permutation, E – embedding Function. F5 is more statistically robust then Jsteg. The capacity is claimed to be more than 13% and efficiency( number of bits per change) is considered to be higher than Jsteg as well. “Minimal distortion” embedding: Each coefficient is assigned a scalar value expressing the contribution of making an embedding change at that coefficient to overall detectability. If the raw, uncompressed cover image is available to the sender rather than just its JPEG compressed form, the sender can use the knowledge of the unquantized DCT coefficients to jointly minimize the overall distortion due to quantization and embedding. This type of embedding is called Perturbed Quantization and was also utilized in the MMx-stego system. The guiding design principle of these methods is the belief that the smallest the embedding distortion, the harder it is to detect the embedding changes. In other words, the methods are focusing on increasing the embedding efficiency. OutGuess: Fig 6. Histogram of JPEG coefficients after Jsteg The OutGuess steganographic algorithm was proposed by Neils Provos10 to counter the statistical chi-square attack. In the first pass, similar to J-Steg, OutGuess embeds message bits along a random walk into the LSBs of coefficients while skipping 0’s and 1’s. After embedding, the image is processed again using a second pass. This time, corrections are made to the coefficients that were not visited during the first pass to make the stego image histogram match the cover image histogram. Because OutGuess preserves the first order statistics, the image histogram cannot be used as the distinguishing statistics. On the other hand, even though the global image histogram is preserved, the histograms of individual DCT coefficients are not necessarily preserved. They are only preserved if the shape of the individual histogram is the same as the shape of the global histogram. CS 691, Summer 2009 – PROJECT REPORT 6 Spatial Domain JPEG steganography: JPEG-compatibility steganalysis resistant method: In recent work, Fridrich, Goljan and Du introduced [5] JPEG compatibility” steganalysis method that is surprisingly accurate at determining if bitmap images that originated as JPEG files have been altered (and even specifying where and how they were altered), even if only a single bit has been changed. And Newman et al, described a steganographic method that encodes the embedded data in the spatial domain, yet cannot be detected by their steganalysis mechanism. Their method is a hybrid in that it encodes the embedded data in the spatial domain via JPEG coefficient manipulation; this is whyit is resistant to detection using either spatial or frequency steganalysis techniques. They claim that their topological approach that may change many bits in the spatial file, but will never be detected by JPEG compatibility steganalysis; it will always produce a false negative. YASS: Both methods essentially embed data in the spatial domain in a robust manner and then distribute the image as JPEG The embedded message thus must be robust to JPEG compression, which can be arranged using error correction. YASS[6] has been shown to be undetectable using current best blind steganalysis classifiers with payload of approximately 0.05 bits per non-zero DCT coefficient. Fig 8. Chi-square attack on Jsteg Histogram Based attack on F5: Though F5 algorithm is quite resistant towards chi-square attack because it does not impact the overall histogram distribution, but it does increase the number of zeros in the histogram. So, the steganogram can be detected by observing the difference between the histogram of the stegangram and the cover image. Fridrich at el, have introduced a method for estimating the cover image histogram. They have also given the technique to estimate the unknown message length. IV. JPEG STEGANOLYSIS Chi- square: If the bits used for overwriting the least significant bits are equally distributed, the frequencies of both values of each PoV(Pair of Values) become equal. The chi-square attack explores the problem of PoV(Pair ov Values) to detect the secret bits embedded in the LSB of the stego-image. The detection of the chi-square attack is achieved by sequentially accumulating the similarity of PoVs. That is, if the secret bits are embedded in the LSB of the stego-image, they could be detected by the chi-square attack. Different from the chisquare attack, the extended chi-square attack divides the stegoimage into blocks, and detects the secret bits by calculating the similarity of PoVs in each block. If the chi-square attack is a global method, the extended chi-square attack can be considered as a local method because it detects the secret bits in each block of the stego-image independently As shown is the fig 6, the histogram of the DCT coefficient is altered noticeably. Thus, Chi-square can easily break Jsteg algorithm Fig 9. Attack on F5 Re-embedding Technique attack on outguess: OutGuess works by overwriting the LSBs. Embedding another message into the stego image will partially cancel out and will thus have a different effect on the stego image than on the cover image. The embedding process introduces noise into the DCT coefficients and thus increases the discontinuities in the spatial domain along the boundaries of 8×8 JPEG blocks. However, due to partial canceling of repeated LSB embedding, CS 691, Summer 2009 – PROJECT REPORT this increase in spatial discontinuities will be smaller when we re-embed message bits in the stego image than the increase for the cover image. This increase is a candidate for the distinguishing statistics. Fridrich at el devised this technique to break outguess. 7 conducted research on the filed of securing steganography. Christian Cachin in his work on information theoretical model for steganography gave the definitions of perfectly secure steganography. He used the concept of relative entropy or discrimination between two probability distribution to define the secure steganography. A stegnosystem is called perfectly secure if Fig 10. Attack on outguess JPEG Compatibility Steganalysis: Fridrich, Goljan and Du introduced an ingenious steganalysis technique that determines whether a bitmap representation of an image derived from a JPEG file has been altered. If a bitmap image were derived from an image once stored in JPEG format, their method can determine this in most cases, even if the low order bits of the image have been manipulated after conversion to bitmap format. Their method takes advantage of the last fact that not all spatial domain blocks can be the output of decoded JPEG coefficient sets, i.e., not all spatial blocks are JPEG blocks. Their steganalytical method first determines that the bitmap was at one time stored in JPEG format, then recovers the 8 × 8 JPEG block alignments and the best candidate for the quantization table. It then detects those blocks that could not have been produced by the JPEG decoding process. Since changing a single bit in a spatial block can cause a JPEG block to become JPEG incompatible, this approach is extremely sensitive to manipulation of images in the spatial domain; it can readily detect even low payload size steganographical embeddings that do not take the JPEG characteristics into account, provided they manipulate bitmaps that were once stored in JPEG form. V. SECURE STEGANOGRAPHIC MODELS According to Kerckhoffs’principle the embedding algorithm is supposed to be known to the public. Therefore, the embedding process may use an embedding key so that only the legal user can successfully extract the embedded data by using the corresponding extraction key in the extraction process. Securing the detection of the steganography is a challenging task. A lot of techniques that have been proposed in the past have failed the statistical attacks. At the same time people have Where Pc is the probability distribution of the cover image and Ps is the probability distribution of the stego image. He has modeled the detection as a process of hypothesis testing. Phil Sallee on his paper on Model-based steganography proposed information-theoretic method for performing steganography and steganalysis using a statistical model of the cover medium. His method JPEG images which achieves a higher embedding efficiency and message capacity while remaining secure against first order statistical attacks. In their methods they modify the least significant portions of the coefficients to encode the hidden information. The model will consist of a parametric description of the marginal DCT coefficient densities. Lyu at el, in their work on detecting hidden message using higher order statistics and support vector machine proposed wavelet-like decomposition to build higher-order statistical models of natural images. This model includes basic coefficient statistics as well as error statistics from an optimal linear predictor of coefficient magnitude. These higher-order statistics appear to capture certain properties of \natural" images, and more importantly, these statistics are significantly altered when a message is embedded within an image. This makes it possible to detect, with a reasonable degree of accuracy. Thus modeling the steganograpy problem in the higher order statistics makes it more secure to the future attacks. Katzenbeisser and Petitcolas and by Hopper, et al., also proposed the definition to a secure steganography and modeled steganography with the complexity-theoretic security notions of modern cryptography, and to define a secure stegosystem such that the stegotext is computationally indistinguishable from the covertext. VI. AVAILABLE TOOLS AND EXPERIMENTS We tried to use some of the existing tools available in the internet to see how some of the steganograms look like. We picked fee available tools on random basis and used them. Below shown is one of the tools used. It uses F5 like algorithms and takes a cover file and the message as input and embeds using the user given password. The generated steganogram visually looks the same as the cover image. We can also extract the embedded image using the same tools. CS 691, Summer 2009 – PROJECT REPORT 8 (d) (a) (b) (e ) Fig 11. (a)snapshot of the tool, (b) Cover image, summer 2009 white water rafting in Arkansas river. (c ) stego image with embedded text. (d) Stego image with embedded image (e) embedded image VII. CONCLUSION (c) In this paper we gave on overview of different steganographic mehods focusing on image steganography which have been proposed in the past few years. Many simple methods have attained good visual resistance but they have failed significantly against the statistical methods. We also discussed about the JPEG steganography which is one of the most attractive methods today. The proposed JPEG steganography and how they could not survive several statistical methods was also discussed. We also review some steganalysis methods which took advantage of the first order statistics to break the steganograpy. Several secure models of steganography were CS 691, Summer 2009 – PROJECT REPORT also proposed in the past using information theory model and also using higher order statistics. One of the biggest challenge we saw while reviewing the work on steganography was the definition of secure steganography. Most of the work in the past was done considering the visual or the lower statistical pattern of the image. It would be interesting to extend such security models of steganography to a higher level or to do further research on the possible patterns of the stego image and the cover image. Extending the definition of perfectly secure steganography to meet all the possibilities of detection would be another interesting topic of research. An interesting future research is to define a secure stegosystem such that the stegotext is computationally indistinguishable from the coverimage. REFERENCES [1] Liu, C. and Liao, S. 2008. High-performance JPEG steganography using complementary embedding strategy. Pattern Recogn. 41, 9 (Sep. 2008), 2945-2955. DOI= http://dx.doi.org/10.1016/j.patcog.2008.03.005 [2] New Methodology for Breaking Steganographic Techniques for JPEGs, with M. Goljan and D. Hogea, Proc. SPIE, Electronic Imaging, Security, Steganography, and Watermarking of Multimedia Contents V, Santa Clara, California, pp. 143-155, 2003 [3] N. F. Johnson and S. Katzenbeisser, “A survey of steganographic techniques,” in Information Hiding, S. Katzenbeisser and F. Petitcolas,Eds. Norwood, MA: Artech House, 2000, pp. 43–78. [4] Christian Cachin. An information-theoretic model for steganography. Information and Computation, 192(1):41-56, July 2004. Parts of this paper appeared in Proc. 2nd Workshop on Information Hiding, Springer, 1998 [5] R.E. Newman, I.S. Moskowitz, LiWu Chang, and M.M. Brahmadesam. A steganographic embedding undetectable by JPEG-compatibility steganalysis. In F.A.P. Petitcolas, editor, Information Hiding, 5 th International Workshop, volume 2578 of Lecture Notes in Computer Science, pages 258–277. Springer, New York. [6] K. Sullivan, U. Madhow, B.S. Manjunath, and S. Chandrasekaran. Steganalysis for Markov cover data with applications to images. IEEE Transactions on Information Security and Forensics, 1(2):275–287, June 2006. [7] Fridrich, J., Goljan, M., Hogea, D.: Steganalysis of JPEG Images: Breaking the F5 Algorithm. In: Petitcolas, F.A.P. (Ed.): Inf. Hiding: 5th Intl. Workshop. LNCS, 2578. Springer-Verlag, Berlin Heidelberg (2003) 310–323 [8] Phil Sallee, Model-Based Steganography, Lecture Notes in Computer Science, Volume 2939/2004, 254-260 [9] N.J. Hopper, J. Langford, L. von Ahn, Provably secure steganography, in: M. Yung (Ed.), Advances in Cryptology: CRYPTO 2002, vol. 2442, Lecture Notes in Computer Science, Springer, Berlin, 2002, pp. 77–92. [10] S. Katzenbeisser, F.A.P. Petitcolas, Defining security in steganographic systems, in: E.J. Delp, P.W. Won (Eds.), Security and Watermarking of Multimedia Contents IV, vol. 4675, Proceedings of SPIE, 2002, pp. 260–268. 9