A Secure Steganographic Algorithm Based on Frequency Domain for the Transmission of Hidden Information

This contribution proposes a novel steganographic method based on the compression standard according to the Joint Photographic Expert Group and an Entropy Thresholding technique. The steganographic algorithm uses one public key and one private key to generate a binary sequence of pseudorandom numbers that indicate where the elements of the binary sequence of a secret message will be inserted. The insertion takes eventually place at the first seven AC coefficients in the transformed DCT domain. Before the insertion of themessage the image undergoes several transformations. After the insertion the inverse transformations are applied in reverse order to the original transformations.The insertion itself takes only place if an entropy threshold of the corresponding block is satisfied and if the pseudorandom number indicates to do so. The experimental work on the validation of the algorithm consists of the calculation of the peak signal-to-noise ratio (PSNR), the difference and correlation distortionmetrics, the histogram analysis, and the relative entropy, comparing the same characteristics for the cover and stego image. The proposed algorithm improves the level of imperceptibility analyzed through the PSNR values. A steganalysis experiment shows that the proposed algorithm is highly resistant against the Chi-square attack.


Introduction
1.1.Motivation.Nowadays, there is a risk that confidential information may be acceded by nonauthorized people, being consulted, divulged, modified, destroyed, or sabotaged, affecting its availability and legal access.Evidently, the information that transits through insecure channels can be easily intercepted.Therefore, the use of Cryptography and Steganography plays a significant role in information security management [1].
Cryptography is the science of protecting information by encryption techniques.As cryptography on its own does not hide the fact that a message is secret, to provide this steganography is used.
The ability to protect sensible information from adversaries, especially during their transmission through channels that are opposed to have leaks, is crucial in a world of emerging cyberwar.Nowadays, all electronic communications are being continuously and automatically monitored by both private and state-owned intelligent systems that have an enormous computer power.In particular, every transmission of cipher-text calls the attention of any of these systems and certainly is chosen to be analyzed, among others, by competitors and any sort of opposing forces.The use of electronic transmission media requires a method that calls less attention of the supervisory automatic systems.Modern Steganography offers a level of service that includes privacy, authenticity, integrity, and confidentiality of the transmitted data.

State of the Art.
Steganography is the art of hiding information by impeding the detection of hidden messages [2].Steganography involves communicating secret data in an appropriate multimedia carrier, like image [3], audio [4], or video files [5].The media with or without hidden information are called Stego Media and Cover Media, respectively.Thus, the cover image with the secret message embedded is called the stego image.
2 Security and Communication Networks 1.2.1.Embedding Capacity.The performance of steganographic algorithms can be measured by two main criteria, embedding capacity and detectability.Thus, novel steganographic algorithms are expected to increase the image capacity and the encryption strength of the message.The image capacity can be increased by adaptive strategies which decide where to insert best the message.For example, the Pixel-Value Differencing method [6] proposes to embed more data in edged areas than in smooth areas.
In steganography the embedding capacity is defined as the maximum number of bits that can be embedded in a given cover image.However, the steganographic capacity is the maximum number of bits that can be embedded in a given cover image with a negligible probability of detection by an adversary.Therefore, the embedding capacity is larger than the steganographic capacity [7].

Methods of Embedding Data.
There are two common methods of embedding data, which can be classified into two categories, namely, spatial-domain and frequency-domain methods.In the spatial domain method, the secret message is inserted directly into the least significant bit (LSB) of image pixels [8,9].In the frequency-domain method [10] the cover image is first transformed from the spatial to a frequency-domain using transformation methods such as discrete cosine transform (DCT) [11,12], discrete Fourier transform (DFT) [13], or discrete wavelet transform (DWT) [13][14][15].Then the secret message is embedded in the transformed coefficients [16], and finally the data are transformed back from the frequency-domain to the spatial domain.
There are different strategies to additionally encrypt hidden steganographic data, like permutation [17] or by a statistical threshold [18].One should not confuse cryptography with steganography: Cryptography modifies the data to make them incomprehensible, while steganography on its own simply hides them between other data.In many instances the combination of both techniques provide a high level security to the protected information; see, for instance, [3,[19][20][21][22][23].
In this contribution we adopt the two-dimensional discrete cosine transform [11] as the most common frequency domain method used in image processing.For a recent survey on steganography see [24], where our approach can be classified within DCT based steganography.A frequent method that uses the DCT is the Jpeg-Jsteg embedding method [25], where the secret message is embedded in those LSB of the quantized DCT coefficients whose values are not 0, 1, or −1.

Design Principles That Counter Steganalysis.
Westfeld [26] introduced the F5 steganographic algorithm, where, instead of replacing the LSB of the quantized DCT coefficients by the secret bits, the absolute value of the coefficients is reduced by 1.Since the F5 algorithm randomly chooses DCT coefficients to embed the secret bits it is strong against the Chi-square attack.
To counter the Chi-square attack, Provos [25,27] proposed the OutGuess steganographic algorithm.This method embeds data by a similar way as Jpeg-Jsteg, though its embedding capacity is much lower than that of Jpeg-Jsteg.
There are general design principles for less detectable stegosystems [28].However, some steganalyis concepts are specialized in the detection of data hidden in the least significant bits of a natural image [29].For recent improvements in LSB steganography approaches see [28,30].
In [31], Chang et al. presented a new steganography method based upon Joint Photographic Expert-Group (JPEG) and a quantization table modification.In this case, the secret message is first encrypted and then embedded in the 26 coefficients located in the middle-frequency area of the cover image.In [32], Noda et al. proposed two JPEG steganography schemes using a quantization index modulation in DCT domain.
In [33], Wong et al. presented a novel DCT based on a blind Mod4 steganography method for still images.In [34], Chang et al. proposed a lossless and reversible embedding of secret data in each block of DCT coefficients based on the compressed image technique JPEG.In this scheme, two successive zero coefficients of the medium-frequency components in each block are used to hide the secret data.Li and Wang [35] proposed a novel steganographic method, based on JPEG and the Particle Swarm Optimization algorithm.Here, the transformed messages are embedded in the 36 coefficients located in the middle-frequency components of the quantized DCT coefficients of the cover-image.

Embedding Strategies.
In [36], Velasco-Bautista et al. present the Entropy Thresholding method, where the secret message is inserted in the DCT domain.In [37], Lin and Shiu suggest a high capacity data hiding scheme, where the secret data are embedded in the middle frequency of the DCT coefficients.Narayana and Prasad [21] introduce two new methods wherein cryptography and steganography are combined to encrypt the secret message that is hidden.In [38], Lin proposes a reversible data hiding method which is based on the DCT of the cover image.The cover image is decomposed into different frequencies, where the secret messages are embedded into the high-frequency parts.Mali et al. propose a novel image steganographic method using a block level Entropy Thresholding technique where the secret message is embedded in the 26 coefficients located in the middlefrequency area of the cover image [16].Amin et al. present an efficient data hiding technique based on the DCT, where secret bits are embedded in all frequency components of the quantized DCT coefficient [11].Jaheel and Beiji combine two steganography algorithms, namely, Jpeg-Jsteg and OutGuess algorithms, with the purpose of enhancing a major security level [39].In [1], Soria et al. propose a new steganographic algorithm in the frequency domain.This method uses a private key of 64 bits that suggest the positions where the secret bits are inserted after applying the Entropy Thresholding method; the experimental analysis accomplishes a comparison of the results with respect to the Entropy Thresholding method proposed by Velasco-Bautista et al. [36].
In the present work, we show an experimental comparison of the proposed method with respect to the two previous methods.All three approaches use the Entropy Thresholding method.The Velasco-Bautista method does not use keys, the Soria method uses a private key of 64 bits, and the proposed method uses two keys, one public key and one private key of 64 bits.

Transformation of the Blocks.
A digital image is represented in computer systems as an array of pixels.In this paper, we work with a steganography algorithm for embedding a secret message into a RGB 24-bit color image, where each pixel has three color components: Red, Green, and Blue (RGB).Each RGB component is represented by a byte.The values range from 0 to 255, where zero represents the darkest and 255 the brightest shade of a color.
Since we consider a RGB 24-bit color image as three blocks of bytes corresponding to each color component, in the proposed method the cover image  of size  ×  is divided into 3/64 different blocks of 8 × 8 bytes such that the DCT transformation can be performed on each one of them.Here we assume that  and  are divisible by 8.
1.4.This Contribution.In this paper, two steganography methods are combined, namely, the JPEG steganography method and the Entropy Thresholding technique [36,39].This combination allows to hide secret messages in images while maintaining a high visual quality and a low detectability.The JPEG method divides the cover image into nonoverlapping blocks of 8 × 8 bytes and then applies the discrete cosine transform with the purpose of hiding the secret message in the DCT domain by modifying certain coefficients located in the low-frequency area of the cover image.
The Entropy Thresholding method decides whether or not to embed the secret message in a certain matrix of order 8 of transformed coefficients, depending on the entropy within that matrix.

Determination of Location of Message
In this section we describe how to determine the encrypted random locations where the secret message is inserted.It is assumed that  is the length of the binary sequence of the secret message where   is a bit containing 0 or 1.The locations where the secret message is hidden is determined by a pseudorandom sequence defined by We denote by || the number of bits of an array of bits  which are equal to 1.We continue to concatenate the pseudorandom sequence as long as we reach a cardinality |A| = ; that is, the length of the message is covered.
In the next subsections, first, we describe the generation of 15 subkeys, and then how the subkeys are used to determine a pseudorandom sequence of locations where the secret bits are inserted.

Creation of 15
Subkeys.There are two types of cryptography techniques, namely, private key and public key cryptography.Public key cryptography is an asymmetric cryptography technique which encrypts the message with a private key and decrypts the message with a public key.Private key cryptography is a symmetric cryptography technique which encrypts and decrypts a message with the same key.The DES (Data Encryption Standard) algorithm [40] is the most widely used symmetric encryption algorithm in the world and its design idea is still used in numerous block ciphers.
In this paper we use steps similar to those developed for the Data Encryption Standard (DES) algorithm to generate subkeys, but we only generate 15 new subkeys   of 96 bits, with  = 1, . . ., 15, using compressions (permutations) of 112 and 96 bits, respectively.
To generate the 15 subkeys we use one key of 128 bits (as defined in the first step of Section 2.2), by the following steps: (1) The 128-bit key is permuted according to the following permutation: 42  Notice that the first bit of   is the 44th bit of , the second bit is the 14th, and so on, ending with the 96th bit of   being the 57th bit of In summary, this procedure uses one key of 128 bits, to determine 15 subkeys of 96 bits, which, through the procedure that is described in continuation, generates a pseudorandom sequence that determines the location to insert the secret bits.

Generation of Pseudorandom Sequence of Locations.
In this subsection we describe how the location of the secret message is determined by using the subkeys as defined in Section 2.1.The generation of the pseudorandom sequence is realized according to the following steps: (1) Generate a public key of 64 bits.Concatenate the private key and the public key.Alternate its bytes to create a new key of 128 bits.The first element of the composed key of 128 bits is the first element of the private key and the second is the first element of the public key and so on.Extract the least significant bits of each byte of the composed key, getting this way a binary sequence  0 of 16 bits.
(2) From the newly concatenated key generate 15 new subkeys   of 96 bits, with  = 1, . . ., 15, according to the steps that were described in Section 2.1.
(5) If the length of the secret message exceeds the cardinality || then the set  is extended by adding another pseudorandom sequence obtained using the first 64 bits of Ĉ13 as private key and the last 64 bits of Ĉ14 as public key.This procedure continues until the desired length is obtained.

Proposed Algorithm
In this section we propose a new algorithm for steganography.Given a procedure for the determination of the possible locations of the sub-keys (as described in Section 2.2), the algorithm is mainly about the effective insertion of the message according to a threshold.The embedding algorithm has a sandwich structure, where first several transformations are applied subsequently.In the core of the algorithm the secret message is inserted respectively extracted whenever an entropy threshold criterion is satisfied.Finally, inverse transformations are applied in reverse order.See Algorithm 1 for a pseudocode, where the operating mode is switched to embedding or extraction by setting the parameter mode to EMBEDDING or EXTRACTION, respectively.
Roughly speaking, bits of the secret message are inserted at given locations whenever the entropy of a block is above a certain threshold value.Therefore, the proposed algorithm divides the cover image into nonoverlapping blocks of 8 × 8 bytes and then applies the discrete cosine transform to each matrix of them.The Entropy Thresholding method determines the matrices that will be quantized.The combined private-public key determines a binary sequence of pseudorandom numbers that indicate the first seven AC coefficients where the elements of the binary sequence of the secret image will be inserted.

Replacement Rule.
We denote by (,   ) the function that replaces a value  ∈ N by the corresponding secret message bit   .For   = 0 the rule (,   ) is defined by

Security and Communication Networks
Analogously, for   = 1 we define (,   ) as The effect of different values of  and   on (,   ) is shown in (7).The replacement rule is designed  even  odd   = 0  (,   ) even  (,   ) even   = 1  (,   ) odd  (,   ) odd (7) such that   = 0 corresponds to even and   = 1 to odd values of (,   ) and thus provides the rule for the inverse operation  −1 for the following extraction function defined by The process of extraction follows the same procedure as executed in the process of insertion, except that instead of inserting the least significant bit, the corresponding message bit is extracted.For both processes, embedding and extraction, the input consists of the stego image, private key, public key, and the quality factor.

Embedding Algorithm.
The secret message is inserted into the cover image by the embedding procedure described in Algorithm 1.
Input.Secret message, cover image, private key, public key, and quality factor.
Procedure.In the proposed algorithm, it is assumed that the emitter as well as the receiver holds the same system of private keys.Indeed, the receiver sends the public key to the emitter by an insecure channel.Then, the emitter generates the stego image with both keys and sends it through another insecure channel to the receiver, which can extract the secret message from the public and private key; see Figure 2.
The emitter generates the stego image according to Algorithm 1. Firstly, the proposed algorithm subtracts 128 from each byte of the image.Next, it splits the cover image up into nonoverlapping blocks of 8 × 8 bytes and then applies the discrete cosine transform to each one of them.From each transformed block it calculates the entropy.
By the Entropy Thresholding method it decides whether or not to embed the secret message in the transformed block.If the entropy of a block is greater than the overall average entropy then each selected block is quantified using the quantification matrix (9); the zigzag scan is applied, with the purpose to align frequency coefficients in ascending order; see Figure 3. Afterwards, the elements of the binary sequence of the secret message are inserted in the first seven AC coefficients whenever the elements  ℓ ∈ A are equal to 1. Since the replacement rule operates on natural numbers, the real valued coefficients have to be rounded.
After insertion of the secret message the back transformation is realized in reverse order: By the zigzag scan the matrix of order 8 is reconstructed, which afterwards is unquantified multiplying by the quantification matrix (10).Finally, the Inverse Discrete Cosine Transform (IDCT) is applied, and to each byte of the resultant image the value 128 is added in order to reconstruct the image, obtaining the expected stego image.

Details on Quantification
Procedure and Zig-Zag Scan.In the quantification procedure each block of 8×8 bytes selected by the Entropy Thresholding method is quantified using the given quantification matrix that scales the quantized values by a compression quality factor qF; see [36] for more details.The quantized DCT coefficients Θ  ,V are computed as where  qF is the matrix Here, the quantization matrix  50 is chosen to be the Lohscheller matrix: ) . (11) The transformation of the matrix (Θ  ,V ), with 0 ≤ , V ≤ 7, to a vector ]  = {]   : 1 ≤  ≤ 64} of length 64 is done by the zigzag order scan; see Figure 3, which aligns frequency coefficients in ascending order starting from frequency zero (DC coefficient) to nonzero frequency components (AC coefficients).Indeed, the DC coefficient contains a significant fraction of the image energy.In addition, the AC coefficients can be classified in three groups, those that occur at low (yellow color), at middle (green color), and at high (blue color) frequency, respectively.Out of the 9 low frequency AC coefficients (yellow color) only the first 7 AC coefficients are considered, whenever the pseudorandom sequence and the entropy threshold permits.
Usually, zero AC coefficients occur at middle and high frequency, so modifications to them break the structure of continuous zeros.Abrupt nonzero values give a hint of the existence of secret bits.The nonzero AC coefficients occur at low and middle frequency such that perturbations to them do not affect the visual quality [41].

Experimental Results
In this Section the experimental results of the proposed algorithm are presented.The proposed algorithm is implemented in Matlab.Five different images consisting of 784 × 512 pixels are used, with a quality factor equal to qF = 57.The cover images and the stego images are shown in Figure 1.
The used keys were taken randomly.We have tested our proposed algorithm by inserting the following message to each of the five images: Nec vero habere virtutem satis est quasi artem aliquam nisi utare; etsi ars quidem cum ea non utare scientia tamen ipsa teneri potest, virtus in usu sui tota posita est.(Cicero, "De re publica") In addition, a comparison of the proposed method with respect to the Entropy Thresholding method proposed by Velasco-Bautista et al. [36] and to the method proposed by Soria et al. [1] is included in this section.The performance of the proposed approach has been studied using different kinds of statistical measures.

Imperceptibility Test.
The information security through steganography depends in great part on the level of imperceptibility, since a steganographic system has to generate a sufficiently innocent stego image.Therefore, the degree of distortion or imperceptibility of a stego image in relation to the original image plays a fundamental role.Usually, the image distortion is measured by the peak signal-to-noise ratio (PSNR), which is given by where and  and  are the cover and stego image, respectively.The index set  = ( 1 ,  2 ,  3 ) sums over the set of bytes as where ,  account for the image size,  3 addresses the three colours, and ,  ∈ {0, 1, . . ., 255}.
In the first experiment, the PSNR values indicate the level of imperceptibility and distortion of those images.In this experiment, 128 randomly chosen pairs of different keys were used.The experimental results show that the proposed algorithm produces high quality stego images with appropriate PSNR values; see Figures 4-8, which is in correspondence with the heuristic values of PSNR (30 to 50 db) found in literature [42].Moreover, this experiment shows that the proposed method gives usually better results than the methods proposed by Soria et al. [1] and Velasco-Bautista et al. [36].

Image Quality Measures.
The relationship between the display and the human visual system can be quantitatively expressed by mathematical relationships of Image Quality Measures (IQMs).Steganographic schemes eventually leave statistical evidence that can be used to quantify the hidden content in the stego image relative to the cover image; see [43].The metrics measure the similarity between the cover image  and the stego image  after insertion of the message, summing over the set of all bytes Γ as defined by ( 14  The IQMs based on correlation of the content of the images include Correlation Quality (CQ) and Structure Content (SC); see [43,44].In addition, the IQMs based on difference distortion and pixel distance include Image Fidelity (IF) and Average Absolute Difference (AD), respectively; see [43,44].
In the case of the metrics CQ, SC, IF, and AD, the closer the value is to one, the higher the level of similarity is.However, in the case of the metric AD, the closer the value is to zero, the lower the global distortion of the stego image is with respect to the cover image.A large value of AD means that the stego image is very poor in quality.
In the second experiment, the values of CQ, SC, IF, and AD were found for seven pairs of different keys.It can be observed that CQ, SC, and IF tend to one (see Figures 9 and  10) while the AD values are small (see Table 1), which shows that between the cover image and the stego image there are no significant differences.

Histogram Analysis.
In the third experiment we use the Peppers image.The calculation of the previous quantities produced similar results (not shown).In Figure 11, the histograms for the red block of the analyzed image are shown.A distortion metric is the Histogram Similarity (HS), which is calculated as where   () is the relative frequency of level  in a 256level image; see [43,45].This measure is connected to the differences between each histogram pair.
where   and   represent the distribution of cover image and stego image, and RE(  ‖   ) is the relative entropy between the two probability distributions.Moreover, a steganographic system is called perfectly secure if RE(  ‖   ) = 0.In the fourth experiment we observe that the values of the relative entropy are close to zero, which affirms that the steganographic system obtained from the proposed algorithm is sufficiently secure; see Table 3 and Figure 12 corresponding to the City image.

Steganalysis Experiment: Chi-Square Attack Resistance
Test.Steganalysis is the science of detecting hidden information.In other words, steganalysis intends to find the secret information that carries some stego-information by attacking the security of the used steganography algorithm.During the design of secure steganographic algorithms, the simulation of attacks is essential to evaluate the security.In this work some of the stego images produced by the Soria-Lorente method, the Velasco-Bautista method, and the proposed method have been tested against the well-known Chi-square attack [47].The Chi-square attack is one of the algorithms to test the detectability of any secret data embedding algorithm.This test is based on the frequency with which pixel values appear.It is unusual for the frequency of pixel value 2 to be (nearly) equal to the frequency of pixel value 2 + 1 in a typical image with no embedded information.The Chi-squared attack was designed to detect these near-equal biases in images and bases the probability of embedding on how close to equal the even pixel values and their corresponding odd pixel values are in the test image.Indeed, in [48] it was shown that the Chi-square attack detects successfully the existence of the embedded secret bits in the first half of the DCT coefficients words, larger values of the  2 −1 mean a lower probability of embedding.However, when  2 −1 is small relative to −1, then 1− is near to zero and hence  is near to 1. Thus for relatively small  2 −1 , the probability of embedding is near 1.In the fifth experiment we verify that the stego images created by the Soria-Lorente method and the proposed method cannot be detected by the Chi-square attack; see Figures 13 and 14.This means that the proposed method is robust against the Chi-square attack.However, in Figure 14, one can observe that the Chi-square attack detects the existence of the embedded secret bits approximately in 1.02% of the

Figure 1 :
Figure 1: The images before and after embedding the secret message.The first row contains the cover images while the second contains the stego images.
The 37th bit of the original key becomes the second bit of the permuted key.The 67th bit of the original key is the last bit of the permuted key.Note that only 112 bits of the original key appear in the permuted key.
The first entry in the table being 42 means that the 42th bit of the original key becomes the first bit of Security and Communication Networks the permuted key.To do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the block.A double shift is twice a single shift.This means, for example,  L 9 and  R 9 are obtained from  L 8 and  R 8 , respectively, by one left shift, and  L 15 and  R 15 are obtained from  L 14 and  R 14 , respectively, by two left shifts.(4) In order to finish, we generate keys   of 96 bits, with 1 ≤  ≤ 15, by applying the following permutation to each of the concatenated pairs [ L  |  R

⊳
(9)tract 128 from each byte of image to produce a data range that is centered around zero, so that the modified range is [−128, 127].(i)Divide the cover image into 3/64 non-overlapping blocks of 8 × 8 bytes as indicated in Section 1.3.for∈Kdo⊳Calculate the Discrete Cosine Transform (DCT) coefficients B  ,V for each 8 × 8 byte matrix (  ,).  ← B  : Quantify (B  ,V ) according to(9).⊳]← Θ  : Apply the zigzag scan, see Figure3.Add to each byte 128 to reconstruct the image, obtaining the expected stego image.

Table 1 :
AD values for the Lenna image.

Table 2
shows that the values of HS are close to zero, which corresponds to the values calculated in the previous example.

Table 2 :
Values of histogram similarity.

Table 3 :
Values of relative entropy pairs.