How to:
This section is designed to help people not familiar with steganography or DIIT. Hopefully you will be able to run DIIT and use it without needing the extra guidance provided here, but if you need the help, here it is.
How to hide a file inside a picture:
To hide a file inside a picture, start up DIIT and ensure you are on the tab marked
"Encode". From here, click once on the button "Get Message" and on the file dialog
that appears, select the file that you want to be hidden inside a picture (by finding the file, clicking it once and then selecting "Open"). The name of the file will be displayed
in the box next to the button.
The next step is to select a image that the file will be hidden in. To do this, click the
button marked "Get Cover" and select an image file and click "Open". Again, the name of
the picture is displayed in the neighbouring box. You are able to view this picture by
clicking the button marked "View". Please close the viewing window when you are finished.
You can optionally select a password for hiding. If you choose to enter a password then you will be unable to retrieve the hidden file without the proper password. The password is hashed and turned into a number - meaning small passwords do not necessarily yield less security in the hiding process (but they may be easier to guess). To enter a password, type the password into the box "Enter a password", and again into "Re-enter password". If you do not wish to enter a password, leave both boxes blank.
Next an algorithm for hiding must be selected. By default, "BattleSteg" is selected. More information about algorithms can be found on the documentation pages. If you are interested in security, then BattleSteg or HideSeek is a good choice, if you want it to be well hidden, select FilterFirst.
Advanced: To customize the algorithms, click on the "Options" button next to the drop down list. The most important option is the number of bits to write to - the more bits written to, the more information you can hide in a picture - however, there is a tradeoff - the more you write, the less hidden it will be. The bits are numbered from LSB to MSB, so bit one is the very least significant bit, and bit 7 is the second-to-most significant bit. If you choose 1 and 4, then the 4 least significant bits of each colour will be used for hiding. There is no preference for particular colours. If you are using a filtered algorithm, the remaining bits will be used for the filter (although you can optionally choose to use less bits).
For filtered algorithms, you have the option to choose the filter you would like to use. For BattleSteg, you have the extra options that determine how the computer will play Battleships on the image. The range is how far it away from the pixel it will shoot if it scores a hit. The other options are self-explanatory.
Finally you must set a location to output the new image to. To do this, click the button "Set Image" and navigate the dialog box to the directory you wish to save to. Type in the new filename and click "Save". You can save in either Bitmap (BMP) or Portable Network Graphics (PNG) format. The file extension will be automatically added if you do not add it yourself.
If you are satisfied with your selections click "Go". If the message does not fit on the image you have selected, you will be prompted to change either the message or the image. Otherwise you will prompted with the success of the hiding, and given the option to view the picture. The stego-image (picture with the hidden file) will be saved onto your hard disk in the location you specified.
How to retrieve a file hidden inside a picture:
To retrieve a file from a stego-image (image with a file hidden inside it) - preferably a known stego-image - open DIIT and navigate across to the tab marked "Decode".
The first step is to select the image to retrieve the file from. Select the button marked "Get Image" and from the file dialog that opens pick the file and click "Open". The name of the file will be displayed next to the button. You have the option to view the selected file by clicking on the button marked "View". Please close the viewing window when you are done with it.
The next step is to enter any password that was entered when the file was encoded onto the picture. It must match exactly to what was entered otherwise you will get a rubbish file.
Next select the algorithm to use for decoding. This should be the same algorithm that was used for encoding, and any options changed from their defaults during encoding need to be changed here. For example, if you encoded the image with "FilterFirst" and the Sobel filter, you should select "FilterFirst" here, click on options and change the filter to Sobel.
Finally, select the file to output to by clicking "Set Output" and navigate to a place where you want to save the file to and pick a filename then press "Save". It helps if you know the extension of the file (and use it) because then your operating system will recognise it. For example, if the hidden file was an Adobe PDF, you would save the file as "something.pdf" because then the operating system would recognise the file as a PDF.
Once you are satisfied with your selections, click "Go" to try to retrieve the file from the picture. Please note: if there is actually nothing hidden in the picture, or if you haven't entered the same algorithm/options/password then it will still attempt to retrieve the image. However, it will not retrieve a file which is larger than the capacity of the image - so it will stop eventually if you get it wrong. If it thinks the message is corrupted, it will not retrieve the file. When it finishes retrieving, you will be prompted on screen and the file with the retrieved information will be saved onto your hard drive.
How to see where a file would be hidden with an algorithm:
To see where a file would be hidden with an algorithm, start up DIIT and navigate to the tab marked "Simulate". This is almost exactly like encoding (hiding a file), with a couple of differences. Firstly, you don't have to enter a password since you aren't really hiding anything. Secondly, the output picture is a black image covered with gray-to-white dots. The white dots represent where the file is hidden in the image. The whiter the dot, the more information hidden in that pixel. You aren't able to actually retrieve the message that's been hidden as this is just designed to show how the algorithms work. This area gives you the opportunity to play with the settings, or just generate some interesting looking pictures.
How to check how well your file has been hidden:
In steganography, checking the effectiveness of an algorithm can be done by performing steganalysis. Steganalysis is the art of detecting hidden information. To use the steganalysis algorithms in this tool, open DIIT and navigate over to the tab marked "Analysis". Here we are only interested in the first two buttons "Steganalysis" and "Benchmark".
Firstly, steganalysis. Click on the button marked "Steganalysis" and on the window that opens click "Pick Image". From the file dialog, select the image you want to analyse (it doesn't have to be a stego-image) and click "Open". Tick the analysis methods you would like to use. These are explained in the documentation section. Finally select where you would like the results sent. "To results window" puts the text in the box on the "Analysis" tab screen. "To file" will prompt you with a save dialog box when you click "Ok" - it will be a text file that the results are printed to. Select "Ok" to begin steganalysis (on success you will be prompted and then returned to the results window).
For RS Analysis and Sample Pairs, the lower the numbers the more effectively the message is hidden (for stego-images). For original images, the numbers represent the natural bias of the image. Normally images will have a natural bias of 1-3%.
Secondly, benchmarking. Click on the button marked "Benchmark" on the "Analysis" tab. This section includes methods of testing watermarked images (steganography is just invisible watermarking). Normally people do not have the original images available for benchmarking because comparing the original image to the suspected stego-image would quickly tell you whether there is something in the suspected image. Assuming you have the original image, click the button "Get Image" in the first box, and use the file dialog to find your file, select it then press "Open". The filename of the selected file will be displayed next to the button. Repeat the process with the (suspected) stego-image in the next box down. Both images should be the same size.
Next, select all the benchmarking methods you would like to use on these images. All the methods compare the two images against each other. As above with "Steganalysis", select the output location for the results. Press "Ok" to run the benchmarking. On success (or failure) you will be prompted, then returned to the results window. The first four benchmarks are on a range of 0->1. 0 means there is no difference, 1 means it is completely the opposite of this image. Normalised cross correlation (where 1 = the same and 0 = different), and (Peak) Signal to Noise/Correlation Quality increase in value as the difference between the images increases.
(Advanced) How to perform some large-scale steganalysis tests:
The testing of the various algorithms for the honours project that spawned DIIT involved large scale testing of images. The functionality used for this has been left in the program so that other people performing tests can use it. The idea behind it is a folder full of messages and a folder full of images are combined to obtain the cross-product (all the stego-images for every message, from combining that message with every image once), then the steganalysis methods are run over the cross-product, obtaining a comma separated (or arff) file with all the steganalysis values.
To run the bulk steganalysis, open DIIT and navigate to the "Analysis" tab and click the button "Bulk Steganalysis". First pick a folder containing all the messages by clicking the first button "Set Folder" and selecting the folder and pressing "Open". Please note, only txt files inside that folder will be considered messages. If you wish to generate text files - try invisibleinktoolkit.BulkBenchmarkRunner at the command line.
Next pick the folder containing the images using the same method as above. Only files with the extensions .jpg, .png or .bmp will be used from this folder. Now select the algorithm and any options required. This algorithm will be used for all messages/images. The cross-product output will need to be put into a temporary folder, so please make sure you have an appropriate place. Set the folder in the same manner as before. Please note: the temporary files are NOT deleted after they have been generated.
Select the analysis methods to run by ticking the appropriate boxes then pick the type of output file. CSV is a standard comma delimited file format that can be opened by most spreadsheet programs (such as Microsoft Excel, Open Office, KSpread). ARFF files are the standard format for the WEKA Machine Learning Workbench. The ARFF file format was used in this project, but most people will be interested in the CSV file.
Finally, select the location to write the output file to. Please note: this is a folder, not a file. The file name is automated and uses the date/time and algorithm as part of the name - ensuring unique names within a folder.
|
