## An Information-Theoretic Model for Steganography (1998)

### Cached

### Download Links

- [www.simovits.com]
- [www.ussrback.com]
- [eprint.iacr.org]
- [www.zurich.ibm.com]
- [eprint.iacr.org]
- DBLP

### Other Repositories/Bibliography

Citations: | 207 - 3 self |

### BibTeX

@INPROCEEDINGS{Cachin98aninformation-theoretic,

author = {Christian Cachin},

title = {An Information-Theoretic Model for Steganography},

booktitle = {},

year = {1998},

pages = {306--318},

publisher = {Springer}

}

### Years of Citing Articles

### OpenURL

### Abstract

An information-theoretic model for steganography with passive adversaries is proposed. The adversary's task of distinguishing between an innocentcover message C and a modified message S containing a secret part is interpreted as a hypothesis testing problem. The security of a steganographic system is quantified in terms of the relative entropy (or discrimination) between PC and PS . Several secure steganographic schemes are presented in this model; one of them is a universal information hiding scheme based on universal data compression techniques that requires no knowledge of the covertext statistics.

### Citations

11248 |
Computers and Intractability. A Guide to the Theory of NP-Completeness. W.H.Freeman and co
- Garey, Johnson
- 1979
(Show Context)
Citation Context ...problem. For instance, if we find an efficient embedding algorithm for the above one-bit stegosystem that achieves perfect security whenever possible, we have solved the NP-complete PARTITION problem =-=[8]-=-. 5 Universal Stegosystems The stegosystems described above require that the covertext distribution is known to its users. This seems not realistic for many applications. In this section, we describe ... |

8945 | Elements of information theory - Cover, Thomas - 1991 |

6595 |
The Mathematical Theory of Communication
- Shannon, Weaver
- 1949
(Show Context)
Citation Context ... using this model: On the one hand, informationtheoretic methods have been applied with great success to the problems of information encoding and transmission, starting with Shannon's pioneering work =-=[Sha48]-=-. Messages to be transmitted are modeled as random processes and the systems developed in this model perform well in practice. For information hiding on the other hand, the relation between the model ... |

1320 |
Statistical Decision Theory and Bayesian Analysis. Second Edition
- Berger
- 1985
(Show Context)
Citation Context ...nography as well. For example, if one introduces valuations for the possible decisions, then statistical decision theory can be applied and allows for reasoning about the cost of the involved actions =-=[5-=-]. Another direction would be to model steganography with the security notions of modern cryptography [12], and to dene a secure stegosystem such that the stegotext is computationally (or statisticall... |

1227 | Probabilistic Encryption - Goldwasser, Micali - 1984 |

1191 | A universal algorithm for sequential data compression
- Ziv, Lempel
- 1977
(Show Context)
Citation Context ...ished by learning the statistics of the data during compression as more and more data is observed. The best-known examples of universal data compression are the practical algorithms by Lempel and Ziv =-=[25, 24, 3]-=-. The method of types. One of the fundamental concepts of information theory is the method of types [10, 9]. It leads to simple proofs for the asymptotic equipartition property (AEP) and many other im... |

901 |
Information Theory: Coding Theorems for Discrete Memoryless Systems
- Csiszar, Korner
- 1981
(Show Context)
Citation Context ...wn examples of universal data compression are the practical algorithms by Lempel and Ziv [25, 24, 3]. The method of types. One of the fundamental concepts of information theory is the method of types =-=[10, 9]-=-. It leads to simple proofs for the asymptotic equipartition property (AEP) and many other important results. The AEP states that the set of possible outcomes of n independent, identically distributed... |

844 |
Communication theory of secrecy systems
- Shannon
- 1949
(Show Context)
Citation Context ...PC kP S ) = 0 and we have a perfectly secure stegosystem; Eve has no information at all about the presence of an embedded message. This parallels Shannon's notion of perfect secrecy for cryptosystems =-=[2-=-2]. Note how our model diers from the scenario sometimes considered for steganography, where Alice uses a covertext that is known to Eve and modies it for embedding hidden information. Such schemes ca... |

635 | Text Compression - Bell, Cleary, et al. - 1990 |

469 | Techniques for data hiding - Bender, Gruhl, et al. - 1996 |

321 | On the limits of Steganography
- Anderson, Petitcolas
- 1998
(Show Context)
Citation Context ... protection only against the detection of a message by a passive adversary and hiding a message such that not even an active adversary can remove it. A survey of current steganography can be found in =-=[AP98]. Ste-=-ganography with a passive adversary is perhaps best illustrated by Simmons' \Prisoners' Problem" [Sim84]. Alice and Bob are in jail and wish to devise an escape plan. All their communication is o... |

312 |
Principles and practice of information theory
- Blahut
- 1987
(Show Context)
Citation Context ...anations for the observed data that is investigated in statistics and in information theory as \hypothesis testing." We follow the information-theoretic (non-Bayesian) approach as presented by Bl=-=ahut [Bla87]-=- using the relative entropy function as the basic measure of the information contained in an observation. Thus, we use the relative entropy D(PCkPS) between PC and PS to quantify the security of a ste... |

277 |
Foundations of Cryptography: Basic Tools
- Goldreich
- 2000
(Show Context)
Citation Context ...ication scheme. It would be interesting to extend our model for this scenario. Another possible extension, taken up in [10], is to model steganography with the security notions of modern cryptography =-=[9]-=-, and to define a secure stegosystem such that the stegotext is computationally indistinguishable from the covertext. Acknowledgment I am grateful to Thomas Mittelholzer for interesting discussions an... |

205 |
The prisoners’ problem and the subliminal channel
- Simmons
- 1983
(Show Context)
Citation Context ...t even an active adversary can remove it. A survey of current steganography can be found in [AP98]. Steganography with a passive adversary is perhaps best illustrated by Simmons' \Prisoners' Problem&q=-=uot; [Sim84]-=-. Alice and Bob are in jail and wish to devise an escape plan. All their communication is observed by the adversary (the warden), who will thwart their plan by transferring them to a high-security pri... |

187 | Visual cryptography
- Naor, Shamir
- 1994
(Show Context)
Citation Context ...ing stegotext S is uniformly distributed in the set of n-bit strings and therefore D(PC kP S ) = 0. Incidentally, the one-time pad stegosystem is equivalent to the basic scheme of visual cryptography =-=[17-=-]. This technique hides a monochrome picture by splitting it into two random layers of dots. When these are superimposed, the picture appears. Using a slight modication of the basic scheme, it is also... |

186 |
Bloom “Digital Watermarking
- Cox, Miller, et al.
- 2002
(Show Context)
Citation Context ..., or video data, these domains have received the most attention so far. A large number of hiding techniques and domain-specific models have been developed for robust, imperceptible information hiding =-=[4]-=-. Ettinger [7] models active adversaries with game-theoretic techniques. We are aware of only two related information-theoretic models for steganography. Zöllner et al. [17] define steganography using... |

147 | Tracing traitors - Chor, Fiat, et al. - 1994 |

136 | A secure, robust watermark for multimedia
- Cox, Kilian, et al.
- 1996
(Show Context)
Citation Context ...use the techniques described below for embedding information; however, to achieve robustness against active adversaries who modify the image, more sophisticated coding methods are necessary (see e.g. =-=[CKLS96]-=-). It may be the case that external events in uence the covertext distribution; for example, news reports or the local weather if we think of the prisoners' problem. This external information is denot... |

135 | Watermarking as communication with side information
- Cox, Miller, et al.
- 1999
(Show Context)
Citation Context ...of audio or image data, these domains have received the most attention so far. A number of hiding techniques and domain-specic models have been developed for robust, imperceptible information hiding [=-=4, 8, 14]-=-. Ettinger [11] models active adversaries with game-theoretic techniques. A general model for information hiding with active adversaries was formulated by Mittelholzer [16], but its hiding property al... |

101 | M.Kuhn. Information Hiding–A Survey
- Petitcolas, Anderson
- 1999
(Show Context)
Citation Context ...nd by the threat of a ban for encryption technology, interest in techniques for information hiding has been rising recently [1, 2, 19]. A survey of current steganography is given by Petitcolas et al. =-=[18]-=-. Two general directions can be distinguished within information hiding scenarios: protection only against the detection of a message by a passive adversary and hiding a message such that not even an ... |

99 | The method of types
- Csiszar
- 1998
(Show Context)
Citation Context ...wn examples of universal data compression are the practical algorithms by Lempel and Ziv [25, 24, 3]. The method of types. One of the fundamental concepts of information theory is the method of types =-=[10, 9]-=-. It leads to simple proofs for the asymptotic equipartition property (AEP) and many other important results. The AEP states that the set of possible outcomes of n independent, identically distributed... |

77 |
The Codebreakers: The Story of Secret Writing
- Kahn
- 1996
(Show Context)
Citation Context ...a uniformly random key with at least as many values as there are verses. Then Alice can embed a codeword in a message to Bob by mentioning a particular verse, determined by applying the Caesar cipher =-=[13]-=- to the codeword and interpreting the result as a verse. Since we assume the distribution of verses mentioned by Alice to be uniform, this yields a perfectly secure stegosystem. Example 2. In a world ... |

61 | Coin-based anonymous fingerprinting - Pfitzmann, Sadeghi - 1999 |

54 |
Information hiding terminology
- Pfitzmann
- 1996
(Show Context)
Citation Context ...matical sense, because it is not symmetric and does not satisfy the triangle inequality, it is useful to think of it as a distance. Stegosystems. We use the standard terminology of information hiding =-=[14]-=-. There are two parties, Alice and Bob, who are the users of the stegosystem. Alice wishes to send an innocentlooking message with a hidden meaning over a public channel to Bob, such that the presence... |

51 | Dijk, “Analysis of the sensitivity attack against electronic watermarks in images
- Linnartz, van
- 1998
(Show Context)
Citation Context ...of audio or image data, these domains have received the most attention so far. A number of hiding techniques and domain-specic models have been developed for robust, imperceptible information hiding [=-=4, 8, 14]-=-. Ettinger [11] models active adversaries with game-theoretic techniques. A general model for information hiding with active adversaries was formulated by Mittelholzer [16], but its hiding property al... |

47 | Provably secure steganography
- Hopper, Ahn, et al.
- 2009
(Show Context)
Citation Context ...he authentication scheme. It would be interesting to extend our model for this scenario. Another possible extension, taken up by Katzenbeisser and Petitcolas [10] and by Hopper, Langford, and von Ahn =-=[9]-=-, is to model steganography with the complexity-theoretic security notions of modern cryptography, and to define a secure stegosystem such that the stegotext is computationally indistinguishable from ... |

43 | Modeling the security of steganographic systems
- Zöllner, Federrath, et al.
- 1998
(Show Context)
Citation Context ... hiding with active adversaries was formulated by Mittelholzer [16], but its hiding property also relies on the similarity of stegodata and coverdata in terms of a distortion measure. Zollner et al. [=-=26]-=- use information-theoretic methods to conclude that the embedding process in steganography must involve uncertainty. A discussion of these models with respect to ours is included in Section 6. Another... |

40 | Interval and recency rank source coding: Two on-line adaptive variable length schemes
- Elias
- 1987
(Show Context)
Citation Context ... by Lempel and Ziv [ZL77, BCW90]. We describe a universal data compression algorithm based on the concept of repetition times due to Willems [Wil89], which is related to Elias' interval length coding =-=[Eli87]-=-. Then we modify the algorithm to illustrate that a stegosystem can be constructed without knowledge of the covertext distribution. The performance of Willems' algorithm is inferior to the Lempel-Ziv ... |

29 |
Authentication theory/coding theory
- Simmons
- 1985
(Show Context)
Citation Context ...ions and use the methods of statistical decision theory [Ber85]. Related to this work is a paper by Maurer [Mau96] on unconditionally secure authentication [Mas91, Sim91]. It shows how Simmons' bound =-=[Sim85]-=- and many other lower bounds in authentication theory can be derived and generalized using the hypothesis testing approach. Another information-theoretic approach to steganography is [ZFK + 98]. The p... |

27 | Defining Security in Steganographic Systems
- Katzenbeisser, Petitcolas
- 2002
(Show Context)
Citation Context ...may give rise to a subliminal channel in the authentication scheme. It would be interesting to extend our model for this scenario. Another possible extension, taken up by Katzenbeisser and Petitcolas =-=[10]-=- and by Hopper, Langford, and von Ahn [9], is to model steganography with the complexity-theoretic security notions of modern cryptography, and to define a secure stegosystem such that the stegotext i... |

26 |
An information-theoretic approach to steganography and watermarking
- Mittelholzer
- 1999
(Show Context)
Citation Context ...le information hiding [4, 8, 14]. Ettinger [11] models active adversaries with game-theoretic techniques. A general model for information hiding with active adversaries was formulated by Mittelholzer =-=[16-=-], but its hiding property also relies on the similarity of stegodata and coverdata in terms of a distortion measure. Zollner et al. [26] use information-theoretic methods to conclude that the embeddi... |

20 | Authentication theory and hypothesis testing
- Maurer
- 2000
(Show Context)
Citation Context ...to conclude that the embedding process in steganography must involve uncertainty. A discussion of these models with respect to ours is included in Section 6. Another related work is a paper of Maurer =-=[15]-=- on unconditionally secure authentication in cryptography, which demonstrates the generality of the hypothesis testing approach. A large number of techniques for undetectable communication originate i... |

18 | Steganalysis and Game Equilibria
- Ettinger
- 1998
(Show Context)
Citation Context ... also as a starting point for further work to formalize active adversaries or computational security. (A game-theoretic approach to information hiding with active adversaries is presented by Ettinger =-=[Ett98]-=-.) A rst extension would be to model the covertext source as a stochastic process and consider statistical estimation and decision techniques. Another idea would be to value the possible decisions and... |

14 | A unified and generalized treatment of authentication theory
- Maurer
(Show Context)
Citation Context ...istical estimation and decision techniques. Another idea would be to value the possible decisions and use the methods of statistical decision theory [Ber85]. Related to this work is a paper by Maurer =-=[Mau96]-=- on unconditionally secure authentication [Mas91, Sim91]. It shows how Simmons' bound [Sim85] and many other lower bounds in authentication theory can be derived and generalized using the hypothesis t... |

6 | Contemporary cryptography: An introduction,” in Contemporary Cryptology: The Science of Information Integrity - Massey - 1999 |

5 |
Statistical decision theory and Bayesian
- Berger
- 1985
(Show Context)
Citation Context ...xt source as a stochastic process and consider statistical estimation and decision techniques. Another idea would be to value the possible decisions and use the methods of statistical decision theory =-=[Ber85]-=-. Related to this work is a paper by Maurer [Mau96] on unconditionally secure authentication [Mas91, Sim91]. It shows how Simmons' bound [Sim85] and many other lower bounds in authentication theory ca... |

4 |
Information hiding terminology
- P
- 1996
(Show Context)
Citation Context ...atical sense, because it is not symmetric and does not satisfy the triangle inequality, it may be useful to think of it as a distance. Setting. We adopt the standard terminology of information hiding =-=[20]-=- for our model of a stegosystem. There are two parties, Alice and Bob, who are the users of the stegosystem. Alice wishes to send an innocent-looking message with a hidden meaning over a public channe... |

3 |
Information hiding terminology, Information Hiding
- Pfitzmann
- 1996
(Show Context)
Citation Context ...ing by data transformations that essentially conserve its contents [CKLS96, BGML96]. A common model and terminology for information hiding has been established at the 1996 Information Hiding Workshop =-=[Pfi96]-=-. An original, unaltered message is called covertext; the sender Alice tries to hide an embedded message by transforming the covertext using a secret key. The resulting message is called the stegotext... |

1 |
A uni ed and generalized treatment of authentication theory
- Maurer
- 1996
(Show Context)
Citation Context ...istical estimation and decision techniques. Another idea would be to value the possible decisions and use the methods of statistical decision theory [Ber85]. Related to this work is a paper by Maurer =-=[Mau96]-=- on unconditionally secure authentication [Mas91, Sim91]. It shows how Simmons' bound [Sim85] and many other lower bounds in authentication theory can be derived and generalized using the hypothesis t... |

1 | and Electrical Engineering of the University of New Mexico. Xvision 3.0. Also known as the Visualization Workbench from Paragon Imaging - unknown authors - 1989 |

1 |
On the role of pattern matchning in information theory
- Wyner, Ziv, et al.
- 1998
(Show Context)
Citation Context ...ished by learning the statistics of the data during compression as more and more data is observed. The best-known examples of universal data compression are the practical algorithms by Lempel and Ziv =-=[25, 24, 3]-=-. The method of types. One of the fundamental concepts of information theory is the method of types [10, 9]. It leads to simple proofs for the asymptotic equipartition property (AEP) and many other im... |