Public-key image steganography using discrete
cosine transform and quadtree partition
vector quantization coding
Wen-Yuan Chen Chin-Hsing Chen
National Cheng Kung University Department of Electrical Engineering 1 University Road
Tainan 70101, Taiwan
E-mail: [email protected]
Abstract. A public-key image hiding scheme is proposed to offer safe exchange of a stego image on the Internet. In the proposed scheme, the secret image is first compressed by quadtree partition vector quantiza-tion (QPVQ) coding into the indices bit stream, which is then embedded into the discrete cosine transform (DCT) of the cover image. In the em-bedding process, adaptive quantization and appropriate DCT coefficients are used to enhance the imperceptibility of the stago image. On the other hand, the Rivest, Shamir, and Adleman (RSA) algorithm is hired to pro-vide the mechanism of a public-key system for secure communication on the Internet. Our proposed method has two advantages compared with other data hiding techniques. One is the high safety and convenience offered by the RSA system to exchange data on the Internet. The other is that the stego image can pass through high-quality Joint Photograph Experts Group (JPEG) compression without noticeable degradation. ©2003 Society of Photo-Optical Instrumentation Engineers.
[DOI: 10.1117/1.1604783]
Subject terms: public key; cover image; stego image; Joint Photograph Experts Group (JPEG); Rivest, Shamir, and Adleman algorithm; hamming code. Paper 030083 received Feb. 17, 2003; revised manuscript received Mar. 24, 2003; accepted for publication Mar. 25, 2003.
1 Introduction
The Internet provides a convenient and efficient tool for human life. A person can exchange data with other people in the world through the Internet. While people benefit greatly from the Internet, they also encounter many serious problems within it. One biggest concern is the security of data transmission. The secrecy of documents, products, and multimedia共including audio, image, video, or text兲 can be lost if attacked or tampered by illegal users.
To remedy the drawback of data communication on the Internet, many data security techniques have been pro-posed. In general, there are two types of data security schemes: steganography and watermarking. Steganography techniques1–5conceal secret data, so that no one can find it. Watermarking techniques6 –9 usually conceal a logo and publish it. We propose a data hiding scheme for image cam-ouflage, in which a secret image is concealed into a cover image of the same size.
A direct secret data hiding method usually conceals the secret bits into bits of each pixel of the cover image. Least-significant-bit 共LSB兲 substitution is a popular method for this purpose. Although embedding data in LSB is hard to be perceived in the cover image, it is easily lost under trunca-tion space processing.
Lie and Chang10proposed a method based on the human visual system to embed a series of secret data into a cover image. The embedding process is achieved via the adaptive number of least significant bits. In their approach, a higher hiding efficiency is obtained by using the concept of a self-contained number of LSB under the constraint of human
visual perception. In the extracting process, the secret data can be extracted without the knowledge of the original cover image.
Wang, Lin, and Lin11published a method of hiding data in images by optimal moderately significant bit共MSB兲 re-placement. They presented a scheme consisting of cipher-ing, optimal substitution, and pixel adjustment to imple-ment the hiding process. However, embedding secret data in the MSB is accompanied by paying the price of degra-dation of the cover image quality.
An approach using image binary tree encoding and im-age smoothing to obtain data hiding was proposed by Hou and Chiao.12They created a binary tree code for a smooth secret image and embedded them into the cover image by bit replacement. In their approach, concealing a bigger im-age in a smaller imim-age becomes possible, and data with different types共image, audio, video, and text兲 can be used as the secret data.
Wu and Tsai13 published an image data hiding method employing multiple-based number conversion and lossy data compression. A stego image is obtained by embedding secret data into selected pixels with a capacity determined by the difference of the cover image and the lossily pro-cessed cover image. In the extracting process, the original cover image is required to extract the secret data.
Chen, Chang, and Hwang,14 presented a vector quanti-zation method with a data encryption standard共DES兲 cryp-tosystem to hide the secret image. In this method the secret image and the cover image are first reorganized by vector quantization, then the indice bit stream is generated. For
In addition to the RSA public-key system, discrete cosine transform共DCT兲 and quadtree partition vector quantization 共QPVQ兲15 coding are employed to construct a secure and efficient data hiding scheme that can pass through high-quality Joint Photograph Experts Group共JPEG兲 compres-sion for the Internet.
The remainder of this work is organized as follows. In Sec. 2, the RSA public-key steganography system is sented. The proposed data-embedding algorithm is pre-sented in Sec. 3. The data extracting process from the stego image is illustrated in Sec. 4. Empirical tests and security analysis are presented in Sec. 5. Finally, Sec. 6 concludes this work.
2 RSA Public-Key Steganography System Pioneer research by Diffie and Hellman16introduced a new approach to cryptograph that met the requirements for public-key systems.17One of the first responses to the chal-lenge was the work by Rivest, Shamir, and Adleman 共RSA兲,18 published in 1978. The RSA scheme is a block cipher where plain text and cipher text are integers between 0 to no⫺1 for some no. In practice, the block size is 2h bits and 2h⬍no⭐2h⫹1. In encryption, the plain text mes-sage psw is translated into ciphertext rndsed by
rndsed⫽pswe mod no. 共1兲
In description, the cipher text rndsed is translated back to the plain text psw using
psw⫽rndsedd mod no,
⫽共pswe兲d mod no,
⫽pswed mod no. 共2兲
In Eqs. 共1兲 and 共2兲, the numbers e and no constitute the public key, and the numbers d and no constitute the private key, respectively. The RSA key pair (e,d) can be found as follows. First we choose two bigger strong prime numbers p, q, and no⫽pq. Then we find e such that gcd关(no),e兴⫽1 where 1⬍e⬍(no) and d
⫽e⫺1 mod(no). However, to find the key pair is
unfea-sible.
In our steganography system, the sender uses the pass-word psw to generate the three PN sequences used in the embedding process. On the other hand, the receiver uses
rndsed to recover the password psw used to generate the
same three PN sequences in the extracting process. The proposed steganography system is outlined in Fig. 1. In the sending end, the secret image S, the cover image X, the password psw, and the public key e are processed by the
system to generate the stego-image R and the random seed
rndsed. After the stego-image R is formed, it is
com-pressed by JPEG into Rc, which is sent along with rndsed
to the receiver, as shown in Fig. 1共a兲. At the receiving end, the received stego-image Rc
⬘
is decompressed into R⬘
. TheR
⬘
, the rndsed, and the private key d are processed by the system to generate the recovered secret image S⬘
, as shown in Fig. 1共b兲.3 Data Embedding Algorithm
A steganography scheme must be extremely secure to all kinds of attacks, and at the same time not reduce the visual quality of the cover image when the secret image is con-cealed. The overall concealing process of our proposed scheme is shown in Fig. 2. The secret image S was encoded by QPVQ into the bit stream 兵m其. A chaotic mechanism 共CM兲 in Ref. 8 was used to hash兵m其 into兵mc其 to enhance
security. The bit stream兵mc其 is transformed into its
corre-sponding hamming code兵mh其 with error correction power.
On the other hand, the cover image X is JPEG preprocessed to generate X
⬘
. The X⬘
is then forward discrete cosine transform 共FDCT兲 transformed to Xˆ, of which blocks are one-by-one randomly selected for the following parity check embedding共PCE兲 process. In PCE, 16 coefficients of a selected block B are used for embedding the same num-ber of secret bits from兵mh其. The resultant image Xˆ⬘
after embedding is then inversely transformed to obtain the stego-image Rˆ by inverse discrete cosine transform 共IDCT兲. The details of the blocks of Fig. 2 are described in the following.3.1 Quadtree Partition Vector Quantization Encoding
To conceal a big secret image into a cover image of the same size, compressing the secret image is necessary. Vec-tor quantization共VQ兲 coding is a good choice for this pur-pose due to its large compression ratio and high recon-structed image quality.15 Before VQ coding, an image partition is usually performed to improve the rate-distortion performance. We adopt the quadtree partition method15 to divide an image into blocks of difference sizes according to the activity in the blocks. Consider an image block of size
b⫻b expressed as X⫽兵x1,x2,...xj; j⫽b2其. Let X¯ , X¯H,
and X¯L represent the block mean, the upper mean, and the lower mean, respectively, defined as
Fig. 1 The proposed steganography system: (a) the embedding process and (b) the extracting process.
X ¯H⫽1 q
兺
for xi⭓X¯ xi, 共3兲 X ¯ L⫽ 1 j⫺qfor兺
x i⬍X¯ xi, 共4兲 S⫽兩X¯H⫺X¯L兩, 共5兲where q is the number of pixels whose intensity is equal to or greater than the block mean, and S is the quadtree par-tition decision threshold. In the top-down quadtree parpar-tition scheme, the original input image is first divided into blocks of size 16⫻16. The value of S of each block is then calcu-lated. If it is greater than the threshold value Sth, the block
is further subdivided into four blocks of size 8⫻8. By the rule, high-activity blocks will be finally divided into blocks of size 4⫻4. Smaller threshold values result in higher re-constructed image quality but lower compression ratio, while large threshold values do the opposite. According to our experience,15 threshold value Sth⫽20 is used in this
work. An example of the quadtree partition is given in Fig. 3.
In quadtree partition VQ coding, four separate code-books are designed. One for 16⫻16 blocks, one for 8⫻8 blocks, one for low-activity 4⫻4 blocks, and one for high-activity 4⫻4 blocks. For a secret image, four set indices
ind16, ind8, ind4, and ind4n are generated from the four
codebooks. Additionally, another set of indices indqis
gen-erated for encoding the quadtree information. Thus the out-put bit sequence兵m其 of the QPVQ block in Fig. 2 is given by兵indq, ind16, ind8, ind4, and ind4n其. The flow chart of the quadtree partition VQ scheme is shown in Fig. 4. 3.2 Chaotic Mechanism
In data hiding, we hope the data is chaotic. Because chaotic data is more protected from being stolen or attacked. The VQ indices obtained from the secret image by quadtree partition VQ are already in the encrypted form, and a Fig. 2 The flow chart of the embedding process.
Fig. 3 An example of the quadtree partition: (a) the original image,
hacker may still attack it. Therefore, a chaotic mechanism is hired to hash the VQ indices. Once the VQ indices are chaotic, it is difficult for a hacker to attack, and security is promoted. In this work, a fast pseudorandom number tra-versing method is used as the chaotic mechanism to per-mute the VQ indices. The bit sequence after permutation is related to the bit sequence before permutation by
mp共i兲⫽m共i
⬘
兲, 1⭐i,i⬘
⭐F, 共6兲i⫽permutation共i
⬘
兲, 共7兲where F is the length of the bit sequence. The permutation operation in Eq.共7兲 is accomplished by the PN1 sequence. 3.3 Hamming Error Correction Code
We hide the secret data bits in the DCT coefficients of the cover image. In the extracting process, bit errors occur due to the truncation error between FDCT and IDCT if the stego image is compressed. The errors reduce the quality of the reconstructed secret image, therefore decreasing the bit error is necessary.
The Hamming error correction code of a message con-sists of the message bits and the parity check bits, which are the products of the message and the generator matrix. The error correcting ability of a hamming code is achieved by inspecting the syndrome calculated by multiplying the received vector with the parity check matrix. The efficiency of a hamming code is given by
⫽2
r⫺1⫺r
2r⫺1 ⫽1⫺
r
n, 共8兲
where r and n denote the length of the message and the hamming code, respectively. In this paper, we use r⫽4 and
n⫽11 with efficiency ⫽7/11 to convert the secret bits
sequence 兵mc其 into its corresponding hamming code
se-quence兵mh其.
3.4 Parity Check Embedding
In the embedding process, the cover image X is first passed through the JPEG preprocessor to generate X
⬘
. X⬘
is then divided into nonoverlapping 8⫻8 blocks, each of which is transformed into a block of DCT coefficients of the same size. The DCT coefficients are quantized using the adaptive quantization table shown in Table 1, in which an appropri-ate value of Q is chosen for a cover image. The PN2 se-quence is used to hash the DCT blocks into random order for the following PCE processing. The PN2 sequence is generated by using the same random seed used in the PN1 sequence with an offset. An illegal user without the private key to generate the PN2 sequence could not extract the block order correctly even though he knows the embedded position exactly.The PCE process of each block embeds 16 secret bits in the 16 DCT coefficients selected by the zigzag-order pat-tern indicated in Table 2, in which a proper value of param-eter P is selected for a cover image. Since the selected 16
Fig. 5 The flowchart of the extracting process. Q⫹7 Q⫹8 Q⫹9 Q⫹10 Q⫹11 Q⫹12 Q⫹13 Q⫹14
coefficients are located in the lower and middle bands, the embedding scheme will pass the JPEG high-quality com-pression test.
In the PCE process, the parity check bit is located at the least significant bit共denoted as b1兲 of the 8-bit DCT coef-ficient. If the odd parity is adopted, the embedding process is as follows. If the secret bit mh is 1, then bits 4 to 7 are
configured as odd parity, and are otherwise configured as even parity. That is, when mh⫽1, then b1⫽1 if b7⫹b6
⫹b5⫹b4⫽0, and 0 if b7⫹b6⫹b5⫹b4⫽1. Similarly, when mh⫽0, then b1⫽0 if b7⫹b6⫹b5⫹b4⫽0, and 1 if
b7⫹b6⫹b5⫹b4⫽1. The parity of the previous embed-ding procedure is fixed. As a result, it is easy for a hacker to extract. To avoid this drawback, a sequence PN3 is used to generate a random number for each secret bit to be embed-ded. The secret bit is then embedded according to the parity of its associated random number.
4 Data Extracting Algorithm
A process that inverses the concealing process is used to recover the original secret image. The flow chart of the recovering process is shown in Fig. 5. The stego-image R
⬘
is transformed to Rˆ⬘
by FDCT. The PN sequence PN2 used in the concealing process is used to select the embedded block B⬘
from Rˆ⬘
for secret bit extracting 共SBE兲. All the secret bits extracted from the block sequence兵B⬘
其 in SBE are concatenated from the bit sequence兵mh⬘
其.兵mh⬘
其 is then contracted by an inverse hamming code共IHC兲 into兵mc⬘
其, followed by an inverse chaotic mechanism 共ICM兲 into兵m
⬘
其. By passing兵m⬘
其 through the inverse quadtree parti-tion vector quantizaparti-tion共IQPVQ兲 process, shown in Fig. 6, the secret image S⬘
is recovered.5 Empirical Test and Security Analysis 5.1 Empirical Test
According to the human visual system, some amount of distortion between the cover image and the stego image are allowed. We employ the PSNR to indicate the degree of transparency. The PSNR is given by
PSNR⫽10 log10 2552 1 N⫻Ni
兺
⫽0 N⫺1兺
j⫽0 N⫺1 共Xi, j⫺Ri, j兲2 , 共9兲where Xi, j and Ri, j, are the grayscale values of the cover image and the stego image of size N⫻N, respectively.
Figures 7共a兲 and 7共b兲 show the stego-image Lena and the extracted secret image F16, respectively. Figures 8共a兲 and 8共b兲 show the stego-image Baboon and the recovered secret image Lena, respectively. The PSNRs of the stego image and the recovered secret image for both cases are shown in Table 3. Table 4 shows the detail information of the secret images of the proposed scheme for both cases. Photoshop 6.0 was used in the JPEG preprocess for both cases. According to Table 4, we found that the number of error bits of the extracted secret image F16 within the stego-image Lena under a JPEG level-9-quality attack is four without the hamming code but only one with. Simi-larly, the number of error bits of the extracted secret image Lena within the stego-image Baboon under a JPEG level-Fig. 6 The flowchart of IQPVQ.
Fig. 7 (a) The stego-image Lena and (b) the recovered secret im-age F16.
Fig. 8 (a) The stego-image Baboon and (b) the recovered secret image Lena.
Table 3 The PSNR of the stego image and the recovered secret image. Cover image Secret image PSNR of the secret image before embedding PSNR of the secret image after extraction PSNR of the stego image Lena F16 30.27 30.22 34.36 Baboon Lena 30.61 30.57 32.22
9-quality attack is 17 without the hamming code but only three with. The degradation in PSNR of the extracted secret images F16 and Lena are only 0.05 and 0.04 db, respec-tively. Figure 9 shows the PSNRs of the secret images F16 and Lena extracted from the stego-image Baboon under JPEG attacks. Figure 10 shows the number of error bits of the secret images F16 and Lena extracted from the stego-image Baboon under JPEG attacks.
5.2 Security Analysis
In our scheme, a cover image is used to camouflage a secret image to form a stego image. Since the distortion between the cover image and the stego image is insignificant, an illicit user cannot sense any hint in the stego image, even if he possesses it. Besides, our system employs several secu-rity techniques to protect images from attacks. The secusecu-rity issue of our system is analyzed as follows.
1. The quadtree partition VQ coding technique is em-ployed to compress the secret image into indices and scramble them into chaotic data. This chaotic pro-cessing, like encryption of cryptology, promotes the security of the secret image. However, any illicit user wanting to break it would need to make 6500 runs of trial and error for a VQ of 6500 indices from a 512 ⫻512 image.
2. In the embedding process, the cover image was di-vided into 4096 nonoverlapping 8⫻8 DCT blocks. The proper block into which a secret bit is embedded is decided by the PN2 sequence. However, the PN2
sequence is generated by the random number seed of the secret key, and an illegal user would need 4096 tries to break the key.
3. In this work, the hamming code was used to correct one bit error. Parity check and message bits used to construct the hamming code is like another kind of cryptology system. As far as secrecy is concerned, an illegal user without knowing the rule is unlikely to decode the hamming code correctly.
4. The RSA algorithm is based on the factorization problem, which is very hard to solve even now. Therefore, the RSA algorithm sustains all kinds of attacks very well.19–21 The encryption decryption systems, digital signatures, and public systems usu-ally hire the RSA algorithm as a core skill. The RSA public-key algorithm, used in our method, enhances the convenience and security for the internet. This above analysis shows that the proposal method is strong in security, because if an illicit user wants to get the secret image, he must break through all of items listed. An illicit user without private keys needs a number of com-puter runs equal to the multiplication of all the individual numbers of the previous items to break the system. How hard it woule be!
6 Conclusion
We propose a data hiding scheme that is imperceptible when a big image is concealed in a cover image. As in other systems, imperceptibility and security are essentially compromised in ours. However, there are two advantages
Fig. 9 The PSNR of the secret images F16 and Lena extracted from the stego-image Baboon under JPEG attacks.
Fig. 10 The number of error bits of the secret images F16 and Lena extracted from the stego-image Baboon under JPEG attacks.
of our system over others. One is that the stego image generated by our method can pass through high-quality JPEG compression before being sent to customers. The other is that the RSA public key of our system provides a safe and convenient environment for the Internet. How to increase the stego-image compression ratio by JPEG with-out degradation and increase the number of secret bits con-cealed in the cover image imperceptibly are our next inves-tigations.
Acknowledgment
The authors would like to take this opportunity to thank the anonymous reviewers for their valuable suggestions. References
1. L. M. Marvel, C. G. Boncelet, Jr., and C. T. Retter, ‘‘Spread spectrum image steganography,’’ IEEE Trans. Image Process. 8共8兲, 1075–1083 共1999兲.
2. R. J. Anderson and F. A. P. Petitcolas, ‘‘On the limits of steganogra-phy,’’ IEEE J. Sel. Areas Commun. 16共4兲, 474–481 共1998兲. 3. J. Fridrich, M. Goljan, and R. Du, ‘‘Deteting LSB steganography in
color and gray-scale images,’’ IEEE Trans. Multimedia 8共4兲, 22–28 共2001兲.
4. R. Chandramouli and N. Memon, ‘‘Analysis of LSB based image steganography techniques,’’ Proc. Image Process. 3, 1019–1022 共2001兲.
5. G. Mastronardi, M. Castellano, and F. Marino, ‘‘Steganography ef-fects in various formats of images,’’ Int. Workshop Intell. Data
Acqui-sition Adv. Computing System: Technol. Appl., pp. 116 –119共2001兲.
6. I. J. Cox, J. Kilian, F. T. Leighton, and T. Shamoon, ‘‘Secure spread spectrum watermarking for multimedia,’’ IEEE Trans. Image Process. 6共12兲, 1673–1687 共1997兲.
7. C. D. Vleeschouwer, J. F. Delaigle, and B. Macq, ‘‘Invisibility and application functionalities in perceptual watermarking—An over-view,’’ Proc. IEEE 90共1兲, 64–77 共2002兲.
8. C. T. Hsu and J. L. Wu, ‘‘Hidden digital watermarks in images,’’ IEEE
Trans. Image Process. 8共1兲, 58–68 共1999兲.
9. H. M. Chao and Y. S. Tsai, ‘‘A bi-polar multiple-base data hiding technique on information security and authentication,’’ IPPR Conf.
Comput. Vison, Graphics Image Process., pp. 307–313共2000兲.
10. W. N. Lie and L. C. Chang, ‘‘Data hiding in image with adaptive numbers of least significant bits based on the human visual system,’’
IEEE Intl. Conf. Image Process., 28, 286 –290共Oct. 1999兲.
11. R. Z. Wang, C. F. Lin, and J. C. Lin, ‘‘Hiding data in images by optimal moderately-significant-bit replacement,’’ Electron. Lett.
36共25兲, 2069–2070 共2000兲.
12. Y. C. Hou and Y. F. Chiao, ‘‘Steganography: an efficient data hiding method,’’ J. Technol. 15共3兲, 363–372 共2000兲.
13. D. C. Wu and W. H. Tsai, ‘‘Data hiding in images via multiple-based number conversion and lossy compression,’’ IEEE Trans. Consum.
Electron. 44共4兲, 1406–1412 共1998兲.
14. T. S. Chen, C. C. Chang, and M. S. Hwang, ‘‘A virtual image cryp-tosystem based upon vector quantization,’’ IEEE Trans. Image
Pro-cess. 7共10兲, 1485–1488 共1998兲.
15. C. C. Wang and C. C. Chen, ‘‘Low-complexity fractal-based image compression using two-stage search strategy,’’ Opt. Eng. 38共6兲, 1006– 1013共June 1999兲.
16. W. Diffie and M. E. Hellman, ‘‘New directions in cryptograph,’’ IEEE
Trans. Inf. Theory IT-22, 644 – 654共Nov. 1976兲.
17. F. Hartung and B. Girod, ‘‘Fast public-key watermarking of com-pressed video,’’ IEEE Intl. Conf. Image Process. 1, 528 –531共Oct. 1997兲.
18. W. Stallings, ‘‘The RSA algorithm’’ in Cryptograph and Network
Se-curity Principle and Practice, 2nd ed., Prentice Hall International
Edi-tion, pp. 173–183, Prentice Hall, New York共1999兲.
19. H. Kuwakado and K. Koyama, ‘‘Security of RSA-type cryptoystem over elliptic curves against Hastad attack,’’ Electron. Lett. 30共22兲, 1843–1844共1994兲.
20. L. Shuguo, Z. Runde, and G. Yuanqing, ‘‘A 1024-bit RSA crypto-coprocessor for smart cards,’’ ASIC Proc. 4th Intl. Conf., pp. 352–355 共2001兲.
21. M. J. B. Robshaw, ‘‘Security estimates for 512-bit RSA,’’
WESCON’95 Conf. Record, pp. 409– 412共1995兲.
Wen-Yuan Chen received BS and MS degrees in electronic engi-neering from National Taiwan University of Science and Technology in 1982 and 1984, respectively. He is currently working towards the PhD degree in electrical engineering at National Cheng Kung Uni-versity, Tainan, Taiwan. Since 1985, he has been an instructor with the Department of Electronic Engineering at National Chin-Yi Insti-tute of Technology. His research interests include digital signal pro-cessing, image compression, and watermarking.
Chin-Hsing Chen received the BS degree in electrical engineering from National Taiwan University in 1980, and the MS and PhD de-grees in electrical and computer engineering from the University of California at Santa Barbara, in 1983 and 1987, respectively. Since 1988, he has been with the Department of Electrical Engineering at National Cheng Kung University in Taiwan, where he is now a pro-fessor. His current research interests include pattern recognition, image processing, and very large scale integration (VLSI) array de-sign. He has published more than 160 papers and given more than 80 technical presentations in more than 15 countries.
