发送方可否认图像隐写

徐勇; 夏志华

doi:10.11834/jig.220541

信息隐藏 | 浏览量 : 0 下载量: 0 CSCD: 1

PDF
导出
分享
收藏
专辑

发送方可否认图像隐写
Sender-deniable image steganography
2023年28卷第3期页码：760-774
纸质出版日期： 2023-03-16 ，

录用日期： 2022-09-14
DOI： 10.11834/jig.220541
稿件说明：

移动端阅览

徐勇, 夏志华. 发送方可否认图像隐写[J]. 中国图象图形学报, 2023,28(3):760-774.

Yong Xu, Zhihua Xia. Sender-deniable image steganography[J]. Journal of Image and Graphics, 2023,28(3):760-774.
徐勇, 夏志华. 发送方可否认图像隐写[J]. 中国图象图形学报, 2023,28(3):760-774. DOI： 10.11834/jig.220541.

Yong Xu, Zhihua Xia. Sender-deniable image steganography[J]. Journal of Image and Graphics, 2023,28(3):760-774. DOI： 10.11834/jig.220541.

摘要

目的

图像隐写是指将秘密信息隐藏到载体图像中，生成含密图像并在公共信道中传输。隐写分析旨在识别图像中是否隐藏秘密信息。不论何种隐写方案，都会在一定程度上被隐写分析识破，从而导致胁迫攻击，即攻击者找到发送方或接收方，胁迫其提交经过验证的秘密信息。为了保护秘密信息的隐蔽通信，对抗胁迫攻击的可否认方案亟待研究。在密码学领域，为了对抗胁迫攻击，已经提出了可否认加密的概念及相关方案并受到关注与研究。而在隐写领域，有研究提出可否认隐写的概念并设计了接收方可否认隐写的框架，但没有发送方可否认隐写的相关研究。对此，本文讨论发送方可否认隐写。

方法

设计方案的通用框架，并构造两个方案：基于可逆网络的发送方可否认图像隐藏方案和基于可否认加密的发送方可否认图像隐写方案。在发送方可否认隐写的框架下，发送方可使用虚假的秘密信息生成与攻击者手中相同的含密图像，以欺骗攻击者，逃脱胁迫攻击，保护真实的秘密信息。

结果

实验结果表明，两个方案都是可行且有效的，与原始隐写方案相比，可否认方案达到了发送方可否认功能的同时，均不会显著降低含密图像的视觉质量(峰值信噪比(peak signal-to-noise ratio，PSNR)值均超过37 dB)，与秘密信息的提取精度(图像隐藏方案的秘密图像恢复效果与原始方案效果相当，图像隐写方案的秘密信息提取错误率为0)。由于构造发送方可否认隐写方案本身的困难性，进一步地，本文讨论了所提出两个方案的局限性以及其他潜在方案。

结论

本文提出的发送方可否认图像隐写框架及在此框架下构造的两个方案，赋予发送方可否认的能力，能够抵抗胁迫攻击，同时在含密图像质量、信息提取精度上均可保持原始隐写方案的效果。

Abstract

Objective

Steganography is to hide secret messages into an irrelevant cover

generate a stego and transmit it in the public channel without arousing suspicion. As the antithesis

steganalysis is to identify whether the secret message is hidden in the data

which always brings security risks to steganography. As a result

adversaries can carry out coercive attacks on the sender or receiver during the covert communication: finding the sender or receiver and coercing him to submit the verified secret message. In order to resist coercive attacks and protect information security

the concept of deniable steganography has been proposed

and a general framework of the receiver-deniable steganography scheme (based on deep neural networks) has been designed. While the research on sender-deniable steganography still is in its infancy due to the difficulty of generating the same stego with a different secret message as the original one does. In this paper

sender-deniable steganography is considered extensively. First

the related works and development trends of deniable schemes and image steganography are introduced on the two aspects of attack and defense

including 1) coercive attack vs. sender-deniable schemes and 2) image steganography vs. steganalysis. Next

we clarify the coercive attack on the sender

the requirement of information-communicated submission

and the possibility of identical stego verification.

Method

We develop a framework for sender-deniable image steganography and two schemes are designed as well: the invertible neural networks based sender-deniable image hiding (Scheme 1) and the deniable encryption based sender-deniable image steganography (Scheme 2). The proposed schemes are identified that the sender can use fake secret messages to generate the identical stego image as the image in the hands of the adversary

which can be used to deceive the adversary

escape the coercive attack and protect the security of the real secret message. In Scheme 1

we reuse the invertible neural network twice for image concealing and revealing. The secret image is concealed into a cover image and generates a stego image

and this stego image is concealed into another cover image

generating a second stego image for covert communication. Once the adversary coerces the sender

the sender can reproduce the second stego image with the first stego image. Simultaneously

the adversary will be taken in by the first stego image and the secret image still remains private. In Scheme 2

we coordinate steganography with deniable encryption for a generic sender-deniable steganography scheme. For instance

the secret message is encrypted into a ciphertext by XOR (exclusive OR) operation with a real key. Reversely

a fake key can be constructed by the very ciphertext and another piece of different fake message. The sender is required to embed the ciphertext into the cover as usual. When the coercive attack happens

the sender has the choice to dishonestly open the ciphertext with the fake message and fake key. The adversary verifies the fake message and the real one is unknown to him.

Result

The experimental results show that the two schemes can achieve the deniability of the sender and maintain the visual quality of stego images in terms of peak signal-to-noise ratio (PSNR) (exceeds 37 dB)

structural similarity (SSIM) (exceeds 0.9). And

the message extraction error rate remains zero in Scheme 2. Nonetheless

a malicious coercive attack-oriented sender-deniable steganography scheme has not been achieved yet. The limitations and challenges of the proposed two schemes are discussed on the basis of the secret forms

extraction accuracy

encryption efficiency

and the security against coercive attack during verification process.

Conclusion

The proposed sender-deniable image steganography framework is capable for sender to deceive the adversary

ensure the security of secret against coercive attack

and the two constructed schemes basically maintain steganography performance and achieve the deniability. We predict that steganography and neural networks (e.g.

repeatable data hiding

equivariant convolutional networks) are potential to feasible constructions in the future.

关键词

信息隐藏隐写隐蔽通信胁迫攻击可否认加密可逆神经网络

Keywords

information hidingsteganographycovert communicationcoercive attackdeniable encryptioninvertible neural network

references

Agustsson E and Timofte R. 2017. NTIRE 2017 challenge on single image super-resolution: dataset and study//Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops. Honolulu, USA: IEEE: 1122-1131 [DOI: 10.1109/CVPRW.2017.150http://dx.doi.org/10.1109/CVPRW.2017.150]

Baluja S. 2017. Hiding images in plain sight: deep steganography//Proceedings of the 31st International Conference on Neural Information Processing Systems. Long Beach, USA: Curran Associates Inc. : 2066-2076

Boneh D, Ding X H, Tsudik G and Wong C M. 2001. A method for fast revocation of public key certificates and security capabilities//The 10th Conference on USENIX Security Symposium. Washington, USA: The USENIX Association: #22

Boroumand M, Chen M and Fridrich J. 2019. Deep residual network for steganalysis of digital images. IEEE Transactions on Information Forensics and Security, 14(5): 1181-1193 [DOI: 10.1109/TIFS.2018.2871749]

Bose R C and Ray-Chaudhuri D K. 1960. On a class of error correcting binary group codes. Information and Control, 3(1): 68-79 [DOI: 10.1016/S0019-9958(60)90287-4]

Canetti R, Dwork C, Naor M and Ostrovsky R. 1997. Deniable encryption//Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology. Santa Barbara, USA: Springer: 90-104

Chi P W and Chang Y L. 2021. Do not ask me what I am looking for: index deniable encryption. Future Generation Computer Systems, 122: 28-39 [DOI: 10.1016/J.FUTURE.2021.04.004]

Cohen T S, Geiger M, Köhler J and Welling M. 2018. Spherical CNNs//Proceedings of the 6th International Conference on Learning Representations. Vancouver, Canada: OpenReview. net

Cohen T S and Welling M. 2016. Group equivariant convolutional networks//Proceedings of the 33rd International Conference on Machine Learning. New York, USA: JMLR. org: 2990-2999

Fridrich J and Kodovský J. 2012. Rich models for steganalysis of digital images. IEEE Transactions on Information Forensics and Security, 7(3): 868-882 [DOI: 10.1109/TIFS.2012.2190402]

Guan Z Y, Jing J P, Deng X, Xu M, Jiang L, Zhang Z and Li Y P. 2022. DeepMIH: deep invertible network for multiple image hiding. IEEE Transactions on Pattern Analysis and Machine Intelligence [DOI: 10.1109/TPAMI.2022.3141725http://dx.doi.org/10.1109/TPAMI.2022.3141725]

Holub V and Fridrich J. 2012. Designing steganographic distortion using directional filters//Proceedings of 2012 IEEE International Workshop on Information Forensics and Security. Costa Adeje, Spain: IEEE: 234-239 [DOI: 10.1109/WIFS.2012.6412655http://dx.doi.org/10.1109/WIFS.2012.6412655]

Holub V, Fridrich J and Denemark T. 2014. Universal distortion function for steganography in an arbitrary domain. EURASIP Journal on Information Security: #1 [DOI: 10.1186/1687-417X-2014-1]

Ibrahim M H. 2009. A method for obtaining deniable public-key encryption. International Journal of Network Security, 8(1): 1-9

Jacobsen J H, Smeulders A and Oyallon E. 2018.i-RevNet: deep invertible networks//Proceedings of the 6th International Conference on Learning Representations. Vancouver, Canada: OpenReview. net

Jing J P, Deng X, Xu M, Wang J Y and Guan Z Y. 2021. HiNet: deep image hiding by invertible network//Proceedings of 2021 IEEE/CVF International Conference on Computer Vision (ICCV). Montreal, Canada: IEEE: 4713-4722 [DOI: 10.1109/iccv48922.2021.00469http://dx.doi.org/10.1109/iccv48922.2021.00469]

Kingma D P and Ba J. 2015. Adam: a method for stochastic optimization//Proceedings of the 3rd International Conference on Learning Representations. San Diego, USA: [s. n.]

Klonowski M, Kubiak P and Kutyłowski M. 2008. Practical deniable encryption//Proceedings of the 34th International Conference on Current Trends in Theory and Practice of Computer Science. Nový Smokovec, Slovakia: Springer: 599-609 [DOI: 10.1007/978-3-540-77566-9_52http://dx.doi.org/10.1007/978-3-540-77566-9_52]

Le Y and Yang X. 2015. Tiny ImageNet visual recognition challenge [EB/OL]. [2022-05-28].http://cs231n.stanford.edu/reports/2015/pdfs/yle_project.pdfhttp://cs231n.stanford.edu/reports/2015/pdfs/yle_project.pdf

Li H G, Zhang F G and Fan C I. 2017. Deniable searchable symmetric encryption. Information Sciences, 402: 233-243 [DOI: 10.1016/j.ins.2017.03.032]

Lu S P, Wang R, Zhong T and Rosin P L. 2021. Large-capacity image steganography based on invertible neural networks//Proceedings of 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Nashville, USA: IEEE: 10811-10820 [DOI: 10.1109/CVPR46437.2021.01067http://dx.doi.org/10.1109/CVPR46437.2021.01067]

Miller F. 2014. One-time pad [EB/OL]. [2022-05-28].http://www.idc-online.com/technical_references/pdfs/information_technology/One_Time_Pad.pdfhttp://www.idc-online.com/technical_references/pdfs/information_technology/One_Time_Pad.pdf

Moldovyan A A, Moldovyan N A and Shcherbacov V A. 2014. Bi-deniable public-key encryption protocol which is secure against active coercive adversary. Buletinul Academiei de Stiinte a Republicii Moldova. Matematica, 76(3): 23-29

Pevný T, Bas P and Fridrich J. 2010a. Steganalysis by subtractive pixel adjacency matrix. IEEE Transactions on Information Forensics and Security, 5(2): 215-224 [DOI: 10.1109/TIFS.2010.2045842]

Pevný T, Filler T and Bas P. 2010b. Using high-dimensional image models to perform highly undetectable steganography//Proceedings of the 12th International Workshop on Information Hiding. Calgary, Canada: Springer: 161-177 [DOI: 10.1007/978-3-642-16435-4_13http://dx.doi.org/10.1007/978-3-642-16435-4_13]

Tancik M, Mildenhall B and Ng R. 2020. StegaStamp: invisible hyperlinks in physical photographs//Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Seattle, USA: IEEE: 2114-2123 [DOI: 10.1109/CVPR42600.2020.00219http://dx.doi.org/10.1109/CVPR42600.2020.00219]

Wang X T, Yu K, Wu S X, Gu J J, Liu Y H, Dong C, Qiao Y and Loy C C. 2018. ESRGAN: enhanced super-resolution generative adversarial networks//Proceedings of 2018 European Conference on Computer Vision. Munich, Germany: Springer: 63-79 [DOI: 10.1007/978-3-030-11021-5_5http://dx.doi.org/10.1007/978-3-030-11021-5_5]

Wang Z C, Feng G R and Zhang X P. 2022. Repeatable data hiding: towards the reusability of digital images. IEEE Transactions on Circuits and Systems for Video Technology, 32(1): 135-146 [DOI: 10.1109/TCSVT.2021.3057599]

Xu Y, Xia Z H, Wang Z C, Zhang X P and Weng J. 2022. Deniable steganography [EB/OL]. [2022-05-28].https://arxiv.org/pdf/2205.12587.pdfhttps://arxiv.org/pdf/2205.12587.pdf

You W K, Zhang H and Zhao X F. 2021. A siamese CNN for image steganalysis. IEEE Transactions on Information Forensics and Security, 16: 291-306 [DOI: 10.1109/TIFS.2020.3013204]

Zhang K A, Cuesta-Infante A, Xu L and Veeramachaneni K. 2019. SteganoGAN: high capacity image steganography with GANs [EB/OL]. [2022-05-28].https://arxiv.org/pdf/1901.03892.pdfhttps://arxiv.org/pdf/1901.03892.pdf

Zhang R, Zhu F, Liu J Y and Liu G S. 2020. Depth-wise separable convolutions and multi-level pooling for an efficient spatial CNN-based steganalysis. IEEE Transactions on Information Forensics and Security, 15: 1138-1150 [DOI: 10.1109/TIFS.2019.2936913]

Zhang W M, Wang H X, Li B, Ren Y Z, Yang Z L, Chen K J, Li W X, Zhang X P and Yu N H. 2022. Overview of steganography on multimedia. Journal of Image and Graphics, 27(6): 1918-1943

张卫明, 王宏霞, 李斌, 任延珍, 杨忠良, 陈可江, 李伟祥, 张新鹏, 俞能海. 2022. 多媒体隐写研究进展. 中国图象图形学报, 27(6): 1918-1943 [DOI: 10.11834/jig.211272]

Zheng G, Hu D H, Ge H and Zheng S L. 2021. End-to-end image steganography and watermarking driven by generative adversarial networks. Journal of Image and Graphics, 26(10): 2485-2502

郑钢, 胡东辉, 戈辉, 郑淑丽. 2021. 生成对抗网络驱动的图像隐写与水印模型. 中国图象图形学报, 26(10): 2485-2502 [DOI: 10.11834/jig.200404]

Zhu J R, Kaplan R, Johnson J and Li F F. 2018. HiDDeN: hiding data with deep networks//Proceedings of the 15th European Conference on Computer Vision. Munich, Germany: Springer: 682-697 [DOI: 10.1007/978-3-030-01267-0_40http://dx.doi.org/10.1007/978-3-030-01267-0_40]

文章被引用时，请邮件提醒。

提交

利用跨模态信息检索的鲁棒隐蔽通信

3D网格隐写与隐写分析回顾与展望

基于Markov链安全性的二阶统计保持隐写算法

联合多重对抗与通道注意力的高安全性图像隐写

人工智能模型水印研究进展