Efficient Data Hiding Techniques with Enhanced Capacity

Mehdi Hussain and M. Hussain

Shaheed Zulfikar Ali Bhutto Institute of Science and Technology (SZABIST), Islamabad, Pakistan. mehdi141@hotmail.com, mhussain@szabist-isb.edu.pk
Abstract -- Digital communication has become more popular due to tremendous growth of internet. The digital communication has many advantages as it has brought new challenges and new opportunities for innovations. Information security is one of the most significant challenges. Mostly countermeasures of information security are achieved through encryption and data hiding techniques. This research discusses the available data hiding methods for digital information with respect to images and network communication protocols. It addresses both theoretical and practical aspects of information hiding methods for both types of digital media, and also proposes new data hiding methods. Firstly, we briefly discuss the literature review of existing best available method of data hiding with respect to communication and image domains. Various embedding methods target different aspects like perceptual transparency, capacity and robustness or etc. Our focused is based on two major aspects: transparency and capacity aspects based on available methods. For targeting to perceptual transparency, we have proposed an edge base data embedding with high (peak signal to noise ration) PSNR method, where stego-image (carrying hidden data) has very high resemblance to cover-image (original image). In communication protocol context, we have explored the utilization of the packet length and also the packet payload to achieve high rate of hidden data. The experimental results of proposed methods confirm our theoretical calculations and higher PSNR with data hiding in our proposed techniques. Keywords- data embedding ,image steganography, covert channel ;message length covert ; payload covert;

prevents to decode the communication from the unauthorized user. Encryption itself makes the communication as suspicious. On of the major concern in image steganography is to improve the capacity of hidden data into hosted carrier without causing any statistically significant modification. Many novel data hiding methods are based on Least Significant Bits (LSB), Pixel Value Differencing (PVD) and Modified Kekres Algorithm (MKA) [1, 2 and 3] to increase the hiding capacity has also been proposed with imperceptible quality. Generally, in image steganography, cover image has to sacrifice its originality to hide secret information. The distortion due to data hiding is not affordable in some applications like medical images, visual artifacts measuring application etc. On the other side, Covert Channels are secret communication paths, where its existence is not in the original design of the system. A covert channel is generally known as a communication channel that is neither designed nor intended to transfer hidden information [4]. This aim of covert channel was first introduced by Lampson in 1973. Girling extended it to network in 1987 [5]. The National Institute of Standards and Technology defines a covert channel as any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy [6]. Due to the tremendous growth of internet different protocols utilize the covert channel as a vehicle for covert communication. In this paper, we have proposed an object edge boundary based information hiding method with high PSNR and with highly perceptual transparency, as well as comparison with original cover image. Our next focus is to utilize the network protocol packet length and its payload to achieve a high rate of covert channels and also maintaining the normal network traffic behavior. Our proposed scheme is flexible that can easily be used with all network protocols. For experimental results, we achieved covert channel in NS2 with (transmission control protocol) TCP tahoe protocol. The rest of this paper is organized as follows. In section 2 has image steganography basics, and communication channel model,

I.

INTRODUCTION

Internet is the most popular medium that exchange information between parties. Information is transferred by different web, streaming of audio, videos and other authentication purpose based applications such as hotmail, yahoo for mailing and skype for conferencing or etc. The security of such information has become a major concern nowadays. There are number of methods which have been proposed so far to secure this type of information transmission or communication. Generally, data encryption and data hiding methods are most popular and used to secure information. Encryption is used to secure communication. However, encryption only

literature review for image based and packet length based covert channels techniques and other newly proposed mechanism for image and network protocol based covert communication. In section 3 we describe our proposed image steganography and covert channel based on packet length methods. In section 4 we discuss our experimental results, different scenarios. Finally, in section 5 we summarize our methodology and outline future work. II. RELATED WORKS

secret message bits from pixels. So according to [11], it has key management overhead.

In this section we describe the image steganography and covert channel communication model, related work done so far, and describe our proposed model for both image based data hiding and covert channel in network protocol. A. Image Based Steganography Image steganography contains the following terminology. Cover-Image: Original image which is used as a carrier for hidden information. Message: Actual information which is used to hide into images. Message could be a plain text or some other image. Stego-Image: After embedding message into cover image is known as stego-image. Stego-Key: A key is used for embedding or extracting the messages from cover-images and stego-images. Generally image steganography is method of data hiding into cover-image and generates a stego-image. This stego-image then sent to the other party by known medium, where the third party does not know that this stego-image has hidden message. After receiving stegoimage hidden message can simply be extracted with or without stego-key (depending on embedding algorithm) by the receiving end [7]. Basic diagram of image steganography is shown in Fig. 1 without stego-key, where embedding algorithm required a cover image with message for embedding procedure. Output of embedding algorithm is a stego image which simply sent to extracting algorithm, where extracted algorithm unhides the message from stego-image. In [8, 9 and 10] authors have introduced the Lease Significant Bit (LSB) methods. Where up to certain number of least significant bits of each pixel is overwrite or modify with hidden information bit until the end of the hidden message. The above same procedure is also required to unhide the hidden messages from the stegoimages. It could be a very risky for information hiding because sequential scanning based techniques [11] can easily be recovered the hidden messages with considering the neighboring pixel intensity variation. To resolve the above problem another method of embedding hidden bits using the random selection of pixels in an image. In this case it required a stego-key used to hide and recover the
Fig. 1. Image Steganography Overview.

Synchronization or updating phase of stego-key for both sender and receiver has a major concern. Another method of Stego Color Cycle (SCC) systematic orderly selection of pixels channel Red Green Blue (RGB) of coverimage used to embed the message bits. According to [11] if sequential scanning of pixel can identify some pixels hidden data then all remaining hidden data can easily detectable. In [12] authors introduced a pixel indicator technique, where for embedding data bits, select one channel from RGB and modify the data bits up to 2 LSB. But the selection criteria of method are sequential. Hidden capacity of this method totally depends on the cover image channel bits. In [13] introduced an enhanced scheme of the above method. It utilizes the variable number of bits of selected pixel channel (of RGB) for embedding. It increases the capacity of the scheme presented in [12]. In [14], authors have introduced a data hiding technique where it finds out the dark area of the image and used LSB to embed secret data in it. It converts dark area to binary image and labels each object using 8 pixel connectivity schemes for hiding data bits. In [15] method, it takes the difference of two consecutive pixels of cover-image for computing the size of the hidden data bits. In [16] histogram analysis method hacked the above [15] Pixel Value Differencing (PVD) method. This [15] approach can provide high embedding capacity. To best of our knowledge the authors of above papers have shown the range of PSNR of their stego-image around 50%. B. Edge Based Data Hiding Generally, edge based data hiding schemes utilize the edges as well as smooth region of the cover image to store hidden information. These schemes have good perceptual transparency (depending on the embedding capacity) and with good human visual quality. But as comparison with the cover image to stego-image has much variation. PSNR difference with respect to cover image is too high. In [17], author introduced a high capacity of hidden data utilizing the LSB and hybrid edge detection schemes. Edge detection is based on two types of canny and fuzzy edges

detectors. Based on these edge computations it used the LSB substitution to embed the hidden data. To achieve the perceptual transparency [18] has proposed a method which embeds the hidden data bits near edges area and itself edge pixel of the object. In [18], authors modify the original edge pixels of stego-image objects by hidden bits, so stego-image is not able to utilize for further processing e.g. segmentation of objects etc. This method utilized the feature of high variation of pixel intensity area (edges) to store data bits. It just modified the LSBs while keeping the unchanged most significant bits at sharper edges. It is an edge adaptive case of LSB replacement so cover and stego-images have much statistical difference. In [19] author have introduced a new adaptive data hiding method that used the edge area with k- LSB method and the smooth area of the image with PVD method. So [19] provides both larger capacity and high visual quality. On the other side in [20] method takes advantage over [19] method because it has almost same capacity and visual statistical results but with less computational complexity. C. Communication Channel Model In Simmons [21] introduced the prisoner problem that is de-facto standard of covert channel communication model. Two people Alice and Bob are prison and wanted to escape from jail. To agree on an escape plan they need to communicate but all their messages are monitored by Wendy the warden. If Wendy finds any signs of suspicious messages Wendy will place Alice and Bob into solitary confinement (making an escape impossible). Alice and Bob must exchange seamless communication containing hidden information, so they hope that Wendy should not be noticed. For practicality of scenario is explored by communication networks. Alice and Bob are using two networked computers to communicate. They run some innocuous looking overt communication between their computers with a hidden covert channel. For the time being Alice and Bob may well be the same person, for example hacker ex-filtrating restricted information. Wendy can monitor the passing traffic for covert channels or alter the passing traffic to eliminate or disrupt covert channels. Fig- 2 shows the communication model (Alice sending to Bob). Generally, covert channel is encoded in the unused or reserved bits of the packet header or protocol header when the protocol does not mandate the content of these bits. Around 1989, Wolf introduced covert channels in header fields of multiple protocols (Bus, Token Ring) [22] over LAN. (Internet protocol) IP header fields, (Type of Service) TOS, (dont fragment) DF fields, checksum and (time to live) TTL fields and traffic class flow label fields in IPv6 are utilized in [23], [24], [25], [26], [27] as covert channel. At TCP header fields like, (initial sequence number) ISN, TCP 16 bits Urgent Pointer, Flags and RST flag are utilized as covert channel in [28], [29], [30]. Packet sorting, reordering and permutation based

network covert channel on all type of reliable stream protocol is proposed in [31], [32]. In [33], [34] authors introduced scheme to achieved covert channel in the multiple connection (sockets) and artificial intelligent retransmission of packets also utilized.

Fig 2: Communication model

D. Available Packet Length Based Models The main advantage of packet length based covert channel scheme is its temper resistance, because these schemes are not tempering the content of the message except its length. It is hard to detect if the packet length distribution is same as normal or real network packet lengths of any application. Girling [5] and Padlipsky [35] used the link layer frames length for hidden communication. Where each byte of covert message is represent to a certain link layer frame length. So, the minimum 256 message lengths are required to represent single hidden byte. Both parties are agreed on predefine message length distributions. Hidden message is encrypted, where the receiver simple decode the covert byte from the received message length. This covert channel communication is vulnerable to network traffic detection, because predefine (byte mapping to certain length) dictionary encode or decode covert message is static, and its length are not belongs to normal network traffic distribution. This makes the easily vulnerable to statistically network traffic detection. Yao [36] also proposed a new scheme which is based on packet length, called LAWB. In his scheme the both parities (sender and receiver) has a share a secret matrix, where each element of matrix is representing a unique length. Sender choose row ID as a covert message then further randomly select a column in that row denote as L, than send packet length of L to the receiver. After receiving that packet, receiver search the matrix to find out which rows ID the element L lies in, so that row ID is the covert message. To remove statistical detection, author introduced the periodic matrix transformation on both sides (sender and receiver) simultaneously after predefined transmission. The above procedure is repeated until the whole secret message has been transmitted to the other end. Well, this above Yao [36] technique is still

vulnerable due to packet length distribution as compared to the normal or real network packet length distribution. In Ji [37] proposed a packet length based covert channel to consider the normal network traffic, where sender and receiver capture the normal communicating packet lengths as a record for Reference in covert communication. In this scheme current packet length is randomly selected from the Reference list and next packet length is generated with adding the covert message and sent to the receiver. Sender updates its Reference list with newly generated next packet length which has been sent to receiver. On the other side receiver deduce covert message from the received packet length from Reference list. So this method would decrease abnormal network traffic to some extent, because newly generated packet length vary from the normal traffic packet length and its Reference keeps being updated by appending either the sending lengths or increased lengths. So again the normal length distribution of the Reference would be destroyed. This approach is being also vulnerable to network traffic detection. In Ji [38] introduced another packet length based covert channel technique known as Normal Traffic Network Covert Channel (NTNCC). The author takes the real time packet lengths as references and uses these references to represent covert message on both side sender and receiver. First the reference packet lengths are sorted and generated equal size of buckets, where each bucket is representing a specific length of packet range. So, sender selects required bits of covert data and converts into decimal. Sender then selects equivalent decimal bucket in the reference packet length lists. When bucket found then randomly select a packet length from that bucket and sent to receiver. On the other side receiver simple get the packet length and search into the reference buckets ranges, founded buckets number is the covert data. The strength of this technique is its utilization of normal or real time packets length as references for covert data transmission. Only sender have to maintain the reference list which is further divided into equally partitioned buckets, and receiver just have to maintain the buckets ranges, which shows the efficiency in time and also in space. To our best knowledge the weakest part its reference list staticness, because once it has been initialized with up to (number) N packets length and throughout the transmission it remain constant, not updated. If covert data has minimum variations (homogenous type of data) in content like image or voice data, so specific type of bucket selection occur and same type of packet length ranges used to send covert message, because packets size are first sorted and then equally divided/partitioned into buckets. So this type of staticness can be easily detected by the network traffic detector. The

capacity of this packet length scheme is very minimum as compared to our proposed model. III. PROPOSED MODEL

A. Edge Based Data Embedding with High PSNR Proposed method utilizes the edge boundaries of an image as embedded data. First, we find the edge of the image is detected using Sobel mask filter. Now we find out the horizontal edges up to certain number of (edge length pixels) EDGE_LENGTH. (Currently, we fix the horizontal edge for experimental results). At this step, we computes the absolute difference of edge (pixel) with its upper (row1) boundary pixel that should be greater than (difference of pixel value) DIFF_THRESHOLD. If DIFF_THRESHOLD satisfy the condition, then LSBs substitution is used to embed the hidden data bit into the upper boundary of edge pixel. Table-1 shows the embedding cases and conditions. For further steps take again Sobel mask filtered of stego-image. If stego-image edges are not same as original cover edge image then update the DIFF_THRESHOLD value (with predefine procedure) and then repeat the whole procedure, until stego-image edge is as equal to the cover-edge image. Finally, we have a stego-image (having hidden bits, around the horizontal edge of the image). Both EDGE_LENGTH and DIFF_THRESHOLD may be embedded, or known by both parties. Now in extracting phase, take the Sobel mask filter of stego-image and generate the stego-edge binary image. Find the stego-image edges, where edge length should be greater or equal to EDGE_LENGTH. If this condition is satisfied then we take the absolute difference of all upper pixels (of edge) with edge pixels itself e.g. Diff = | Upper Pel Edge Pel | (1) If Diff value is greater than DIFF_THRESHOLD then simply take a least significant bit of upper pixel as an extracted bit. It would be 0 or 1. Otherwise skip upper pixel and move to next upper pixel for Diff calculation (1). Repeat the extracting process until reach to EDGE_LENGTH. Next find other edge area where stegoimage edge pixels are equal or greater than EDGE_LENGTH. We start again extracting procedure for this edge of stego-image. There is pseudo code of embedding and extracting procedure is as follows:Embedding Procedure Step 1: Compute Sobel mask filter of cover-image as CoverEdge binary image. Step 2: Copy the cover-image into the stego-image. Step 3: Find the horizontal edge length equal to EDGE_LENGTH in CoverEdge binary image. Step 4:

IF (Upper pixels values of horizontal edge are LESS than edge pixels values) AND (upper pixels do not belong to any other edge pixels) AND (Difference of upper pixels and edge pixel values are GREATER than DIFF_THRESHOLD) THEN IF (Upper pixel == Odd AND Hidden Bit == 0). Subtract 1 from stego-image upper pixel. Else IF (Upper pixel == Even AND Hidden Bit ==1) Subtract 1 from stego-image upper pixel Else Do not update the value. END END IF (Upper pixels values of horizontal edge are GREATER than edge pixels values) AND (Upper pixels do not belong to edge pixels) AND (Difference of upper pixels and edge pixel values are LESS than DIFF_THRESHOLD) THEN IF (Upper pixel == Odd AND Hidden Bit == 0). Add 1 in stego-image upper pixel Else IF (Upper pixel == Even AND Hidden Bit ==1) Add 1 in stego-image upper pixel Else Do not update the value. END END Step 5: Now take again Sobel mask filter of Stegoimage as StegoEdge binary image. IF (StegoEdge NOT Equal CoverEdge Image) THEN Update the DIFF_THRESHOLD + constant and repeat step 2: END Step 6: Stego-image contain the hidden bits of message. Extracting Procedure Step 1: Compute Sobel mask filter of stego-image as StegoEdge binary image.

Step 2: Find the horizontal edge length equal to EDGE_LENGTH in StegoEdge binary image. Step 3: Compute the Diff (equation 1) value from the edge of stego-image. Step 4: IF Diff greater or equal to DIFF_THRESHOLD than take a least significant bit of upper pixel of stego-image. Repeats step 3 until edge reach to the EDGE_LENGTH.

Step 5: Repeat step 2 for all edges of StegoEdge binary image, and store the least significant bits to a buffer, which indicate the uncover message.

Fig. 3. Shows hidden areas around edge boundaries

Every image computes its own DIFF_THRESHOLD depending on its texture during data embedding phase. It is strength of this proposed technique; it increases the complexity to uncover the hidden information. Both cover and stego images have same edges characteristic even after embedding hidden data into stego-image. Advantage of this scheme, It can iteratively repeat data embedding until fulfill the required PSNR of stego-image, just modifying its thresholds (EDGE_LENGTH, DIFF_THRESHOLD). Fig.-3 shows the zoom view of cameraman image. It identifies area of edges and boundaries of edges with the hidden data. Green color shows the hidden data area around the boundaries of edges. B. Packet Length Based Data Embedding. Another proposed technique is also based on packet length and payload to achieve high capacity for data embedding. To consider the normal traffic distribution, we utilize the real network packet length for covert communication. Mazurczyk [39] introduced the intelligent retransmission of protocol filled with (covert data) stego-data. In our proposed scheme also filled

covert data into payload of packet to increase the covert data capacity. A detailed scheme is as follows. In proposed model both (Alice and Bob) generate a reference M x N dimensional master matrix on both sides, where each element of matrix is filled with the real network packet lengths. Each cell is representing a unique length. M, N (integer values) is already known by Alice and Bob. Terminologies are as follows, C is the covert data bits, Alice want to transmit, Let C = c0 +c1 + c2. ck. k is the maximum number of bits in covert data. Further C is divided into sub-group of W-bits. Let C = Wi + Wi+1 Wi+q-1, where Wi be the ith subgroup of the C and q is the maximum length of subgroups of C and i is the simple integer counter for subgroup. Wd is the decimal value of Wi. V is the (covert) stego-column of matrix, pre shared by Alice and Bob. T is the number of packet transmitted to the other end and pre shared by both Alice and Bob. Len is the length of packet. Step1: Synchronization phase, where Alice and Bob filled the M x N matrix in (checker box, sequential) predefined order with the normal or real network traffic packet lengths. Step2: Alice selects Wi, the ith subgroup of C, and converts it into decimal Wd value. Find the equivalent Wd row ID into matrix and randomly select a cell in that row. So, a packet length denoted as Len is retrieved. Step3: If the column of selected cell is matched to V (stego) column, which indicate that sender will send the stego (covert) data of Len size in the payload of that packet. Step4: If Step 3 fails then, Sender sends the normal data packets of Len size to the receiver. Step5: Receiver simply find out in his matrix a cell which contain the equivalent size of the received packet length. Step6: If the column of selected cell is matched to V (stego) column, Receiver extracts the stego (covert) data directly from the packet payload. Step7: If Step 6 fails, then Stego data is extracted by the row ID of the selected cell. Step8: After up to T packet transmission, both Alice and Bob reshuffle their matrix in predefine (transposition, checker box) order.

Step9: Above steps repeat until the Alice has covert data to send. As describe above, main advantage of proposed scheme its capacity improvement. For covert data transmission both packet length and packet payload is used. Another use the normal or real network traffic packets size as references in our covert communication. To remove statistical detection by introducing the periodic (after T predefined packet transmission) matrix transformation or reshuffling simultaneously on both Alice and Bob sides. Each element of matrix has no correlation with its neighbor elements, like sorting or any other sequential ordering etc. So proposed scheme is equally efficient for homogenous (video or audio) or heterogeneous (contains maximum variations) type of covert data. Above scheme is achieving both high capacity and normal-traffic variation behavior efficiencies. IV. EXPERIMENTAL RESULTS

A. Image Based Data Hiding Results The experimental results presented in this section describe the performance of our proposed technique. To conduct our experiments, we have tested our scheme over more then 50 standard images of different resolutions including some of them with 256x256 grayscale images, cameraman, Tiffany, Lena and Baboon are shown in table-3 with their evaluated parameters. Generally, stego image quality is considered from two aspects. First, we use the Peak Signal-to-Noise Ratio (PSNR) measurement to evaluate the difference between the stego and cover images. Second, we compare the quality of the stego image with the cover image as seen by the Human Visual System (HVS). Mean Square Error (MSE) is between the cover and stego images. For a cover image width and height are m and n, where I denote the cover-image and K denotes the stego-image MSE is defined as:

(2) The general PSNR formula is defined as: (3) Where denotes the maximum value of a pixel in image 255 in grayscale image. A higher PSNR indicates that the quality of the stego image is better and more similar to the cover image. Table 3 shows the quality and PSNR, MSE, and Root Mean Square Error (RMSE) of images which is produced by our proposed method. Overall PSNR is around 84% to 93% range, even with hidden data. Cameraman second

column of table-3 shows the complete characteristics of it. First it shows the cover image, its edge detected image then stego image with its edge detected image and lastly difference of both edge images which are identical. Edge Difference Threshold (EDGE_THRESHOLD) of cameraman is 16, where data is embedded in boundaries of the image edges with minimum 16 and above threshold. Minimum of Edge Length shows the minimum length of edge is 4 to be considered for data embedding. Covert Bits number of hidden bits is 240 in cameraman case. MSE, RMSE, and PSNR are respectively shown. Table 2, shows even much higher PSNR with different threshold values, e.g. if we change the EDGE_LENGTH (minimum of required edge length) its PSNR is 96+% of stego-image. In table 2 shows different PSNR according to thresholds. Table-4 shows the different images (Rice, Lena, and etc) with their PSNR and other parameters. Table-4 shows that all images have above 70+ PSNR.

Differenc e Threshold Minimum of Edge Length Covert Bits MSE RMSE PSNR

4 240 9.7656 0.0313 88.2338

4 170 3.0518 0.0055 93.2853

4 158 2.5940 0.0161 83.9911

4 151 5.0354 0.224 89.1105

Image Rice Lena Woman Woman blonde Crowd Pirate Living room

TABLE- 4 SOBEL EDGE RESULTS WITH PROPOSED METHOD Covert DIF_THRESH EDGE_LEN Bits 32 4 384 16 4 58 80 4 312 128 64 112 64 4 4 4 4 293 487 374 1755

PSNR 75 83 96 90 82 92 80

B. Packet Length Based Results In our experiments, we use the NS2 simulator (nsallinone-2.31 version) to simulate our proposed model in TCP (tahoe) protocol. We compare proposed model with Ji[40], Ji[41], and Garling [5]. We also generate the synthetic data for study.
TABLE -1 EMBEDDING CASES Upper Pixel Upper Pixel Upper Pixel If Hidden Bit Less Greater of Edge of Message Edge Pixel Edge Pixel Even 0 x x Odd 0 -1 +1 Even 1 -1 +1 Odd 1 x x x: do not change. Upper Pixel: Upper pixel of edge. -1: Subtract -1 from upper pixel. +1: Add +1 in upper pixel. TABLE -2 PROPOSED METHOD WITH DIFFERENT EDGE LENGTH THRESHOLD Edge Difference 16 16 16 16 Threshold Minimum of Edge 4 8 12 16 Length Covert Bits 240 99 56 4 MSE 9.7656 3.2043 1.3733 0 RMSE 0.0313 0.0179 0.0117 0 93.073 96.753 PSNR 88.2338 99.99 4 2 TABLE -3 RESULTS OF PROPOSED SCHEME WITH MSE, PSNR Title Edge Camerama n 16 Tiffany 96 Lena 16 Baboon 80

We captured the SZABIST server dataset of TCP (protocol) packet sizes for specific hour to use real time packet size characteristics. Fig- 4 depicts the complete scenario, where node 0 and 4 are TCP and node 1 and 3 are UDP sender and receiver. Node 2 and 3 are behaving like routers. Data link between node 0 to 2 and 1 to 2 is 2Mbps, node 2 to 3 link 1.5 Mbps, and 3 to 4 and 3 to 5 has 1.7 Mbps, with 10 ms delay. To increase the packet dropping factor and creating real time router behavior, reduce the data link between 2 to 3 as compare to other data links. Fig- 5 depicts the average traffic variation of normal Ji[41] and proposed model, we have just plotted a one hour network traffic sizes, where around first 1000 packets taken as references of packet length. We use synthetic data through randomly covert data bits are generated and embedded in simulation, overall normal, previous, and proposed traffic lies in similar type of variation range. We have compared Ji[41] and proposed technique in different time duration and varying the W bit size 2 to 4.

We have generated 5.5, 2.5 and 1 hour traffic from node 1 to 4, for both schemes; fig 6 depict the capacity graph. We use W (bits of covert data) as 2-bit. In Ji [41] technique produced only 2 bits of covert data per packet throughout TCP transmission. Proposed technique is utilizing the packet payload as covert data, which increase data rate with minor effects of throughput of the data, as shown in the table-5. Overall TCP throughputs is shown in fig-7, which shows that proposed technique does not effect the overall TCP data throughputs of node 1 to 4, but actually application data is suffer from the covert data as depicted in table-5, because covert data is directly proportional to actual data. In fig-7 throughput graph is marked with normal TCP data and covert data with green and red color. Congestion window and (round trip time) RTT delay graphs verses time are shown in fig 8 and 9. Congestion window and RTT graphs are same for both Ji [41] and proposed technique, because both have same throughput and overall data transmission rate. In proposed technique internal use of packet payload for covert data, which is considering as normal TCP data and it is in-effective for TCP congestion window and RTT. In table-5, TCP Data, Covert Data, Throughput, Overall Throughput are in bytes. Table-5 shows the 1 hour traffic of TCP packet transmission, where V knows as stegocolumns as 3, which indicate to send covert data into packet payload. Simultaneously transposition time of matrix, T time is 360 seconds. Proposed covert data capacity is very high instead of Ji[41] approach. In table-6 shows the 5.5 hour TCP traffic transmission with W-bit 2. In Table-7 shows the 2.5 hour TCP traffic transmission with W-bit 2. In Table-8 shows the 1 hour TCP traffic transmission with W-bit 3. Table-9 shows the 1 hour TCP traffic transmission with W-bit 4. Overall throughput and all other characteristics are same as in previous technique. Where Ji [40] and Ji [41] techniques results are same, because Ji [41] is the improved version of Ji [40] in context of packet sizes, its covert data capacity is same. So indirectly our proposed technique has much higher capacity instead of Ji [40] and Ji [41]. Garling [5] uses maximum 8 bits to send covert data in each packet, because its packet range is 256. Its capacity is also very small as compared to our proposed model; quantitative figs are shown in table 10.

Fig-4 Simulation Scenario

Fig -5 Average Traffic Variations

Fig- 6 Capacity Graph

Fig- 7 Throughput Graph

TABLE 5. 1 HOUR TRAFFIC CHARACTERISTICS Parameter Proposed Ji [41] W-bits 2 2 NxM 4x100 400 V(Stego column) 3 X T(Transposition) 360 sec X Packet Range 1 to 1460 1 to 1460 Packet Sent 14400 14400 Traffic Time 3600sec1 hr 3600sec1 hr TCP Data 11097829 11097829 Covert Data 106233 3500 Throughput Except 10991596 11097829 Covert (99.42%) (100 %) Overall Throughput Packet Loss 11097829 (100%) 0.035 % 11097829 (100%) 0.035 %

TABLE 6. 5 .5 HOUR TRAFFIC CHARACTERISTICS Parameter Proposed Ji [41] W-bits 2 2 NxM 4x100 400 V(Stego column) 3 X T(Transposition) 360 sec X Packet Range 1 to 1460 1 to 1460 Packet Sent 80000 80000 Traffic Time Fig- 8 Congestion Window TCP Data Covert Data Throughput Except Covert Overall Throughput Packet Loss 20000 sec 5.5 hr 58208332 677662 57540670 (98.58%) 58208332 (100 %) 0.022 % 20000 sec 5.5 hr 58208332 19900 58208332 (100 %) 58208332 (100 %) 0.022 %

TABLE 7. 2 .5 HOUR TRAFFIC CHARACTERISTICS Parameter Proposed Ji [41] W-bits 2 2 NxM 4x100 400 V(Stego column) 3 X T(Transposition) 360 sec X Packet Range 1 to 1460 1 to 1460 Packet Sent 40000 40000 Fig -9 Round Turn Trip Time (RTT) Traffic Time TCP Data Covert Data Throughput Except Covert Overall Throughput Packet Loss 10000 sec 2.5 hr 29534246 416757 29117489 (98.58%) 29534246 (100 %) 0.026 % 10000 sec 2.5 hr 29534246 9900 29534246 (100 %) 29534246 (100 %) 0.026 %

TABLE 8.

1 HOUR TRAFFIC CHARACTERISTICS

Parameter W-bits NxM V(Stego column) T(Transposition) Packet Range Packet Sent Traffic Time TCP Data Covert Data Throughput Except Covert Overall Throughput Packet Loss

Proposed 3 8x50 3 360 sec 1 to 1460 14400 3600sec1 hr 10807092 215960 10591132 (98.00%) 10807092 (100 %) 0.027 %

Ji [41] 3 400 X X 1 to 1460 14400 3600sec1 hr 10807092 5250 10807092 (100 %) 10807092 (100 %) 0.027 %

protocol. Our proposed model utilized the normal packet length feature and also packet payload for covert data communication. It is temper resistance and time efficient. Due to after (predefine time) T packet transmission its reshuffling of normal traffic reference increase its temper resistance as compared to previous technique. Our proposed technique is also effective for homogeneous type of data (video/audio) as well as heterogeneous type data, because due to reshuffling of matrix after specific transmission, correlation between same types of covert data is removed to specific range of packet lengths. Our technique is temper resistance for network traffic detector. For image based data hiding, in future work, hiding capacity can be improved to utilize the multiple edge direction (vertical, diagonal or etc) can be further explored to hide data with high PSNR.

TABLE 9. 1 HOUR TRAFFIC CHARACTERISTICS Parameter Proposed Ji [41] W-bits 4 4 NxM 16x25 400 V(Stego column) 3 X T(Transposition) 360 sec X Packet Range 1 to 1460 1 to 1460 Packet Sent 14400 14400 Traffic Time 3600sec1 hr 3600sec1 hr TCP Data 10781094 10781094 Covert Data 215960 5250 Throughput Except 10404374 10781094 (100 %) Covert (96.50%) Overall Throughput Packet Loss 10781094 (100 %) 0.023 % 10781094 (100 %) 0.023 %

REFERENCE
[1] Cheng-Hsing Yang, Chi-Yao Weng, Shiuh-Jeng Wang, Member, IEEE, and Hung-Min Sun, Adaptive Data Hiding in Edge Areas of Images with Spatial LSB Domain Systems, IEEE Transactions on Information Forensics and Security, vol. 3, no. pp. 488-497. 3rd September 2008. H. B. Kekre, Archana Athawale, Pallavi N. Halarnkar, Performance Evaluation of Pixel Value Differencing and Kekres Modified Algorithm for Information Hiding in Images, International Conference on Advances in Computing, Communication and Control, pp 342-346, 2009. Hossain, M. Al Haque, S. Sharmin, F. Variable rate Steganography in gray scale digital images using neighborhood pixel, information Computers and Information Technology, ICCIT '09. 12th International Conference Dhaka, 2009. B. Lampson, A Note on the Confinement Problem, Commun. ACM, vol. 16, no. 10, Oct. 1973, pp. 613-615. C. G. Girling, Covert Channels in LANs, IEEE Trans. Software Engineering, vol. SE-I3, no. 2, Feb. 1987, pp. 292-296 National Institute of Standards and Technology. Trusted Computer System Evaluation Criteria. 1983. N. Johnson and S. Jajodia, Exploring steganography: seeing the unseen, IEEE Computer, 1998, pp. 26-34. G.C. Kessler, "An Overview of Steganography for the Computer Forensics Examiner", Forensic Science Communications, Vol. 6, No. 3, July 2004. D. Artz, "Digital Steganography: Hiding Data within Data", IEEE Internet Computing: Spotlight, pages 75-80, May-June 2001. [10] K. Bailey, K. Curran, "An Evaluation of Image Based Steganography Methods", Multimedia Tools & Applications, Vol. 30, No. 1, pages 55-88, July 2006. [11] S. Venkatraman, A. Abraham, M. Paprzycki, "Significance of Steganography on Data Security", International Conference on Information Technology: Coding and Computing (ITCC'04), 5-7 April 2004. [12] Adnan Gutub, Mahmoud Ankeer, Muhammad Abu- Ghalioun, Abdulrahman Shaheen, and Aleem Alvi, Pixel indicator high

[2]

[3]

[4] [5] [6] [7] [8]

TABLE 10. COMPARING CAPACITY WIHT MODELS Models Data Sent bytes Covert Data bytes Wbit-2 Proposed Ji [41] Ji [40] Garling [2] Wbit-8 58208332 58208332 58208332 58208332 677662 19900 19900 318949

V.

CONCLUSION

This paper has introduced a method of image steganography, hiding data into image while retaining higher PSNR of stego-image with its cover image. This technique is targeting the low rate of capacity but higher PSNR of stego-image. Proposed method embeds the data bits to edge boundary of stego-image, while both cover and stego-image have identical edges. So stego-image can further be utilized for processing depending on application (segmentation of objects or etc), because its edge pixel values are not modified. Proposed technique is hard to recover the hidden message due to its threshold which varies depending on image itself. Another proposed method has a high capacity covert channel in network

[9]

capacity technique for RGB image based Steganography, WoSPA 2008 5th IEEE International Workshop on Signal Processing and its Applications, University of Sharjah, Sharjah, U.A.E. 18 20 March 2008. [13] Mohammad Tanvir Parvez, Adnan Abdul-Aziz Gutub, "RGB Intensity Based Variable-Bits Image Steganography," apscc, pp.1322-1327, 2008 IEEE Asia-Pacific Services Computing Conference, 2008. [14] H.Motameni, M.Norouzi, M.Jahandar and A.Hatami, "Labeling Method in Steganography," World Academy of Science, Engineering and Technology, France. 2007. [15] D. C. Wu and W. H. Tsai, A steganographic method for images by pixel-value differencing", Pattern Recognition Letters, vol. 24, no. 9-10, pp. 1613-1626, 2003. [16] H.C. Wu, N.I Wu, C.S. Tsai and M.S. Hwang, Image Steganographic scheme based on pixel-value differencing and LSB replacement methods,VISP(152), No. 5, October 2005. [17] Chen, W. J., Chang, C. C. and Le, T. H. N., (2010): "High Payload Steganography Mechanism Using Hybrid Edge Detector," Expert Systems with Applications (ESWA 2010), Vol. 37, No. 4, Apr. 2010, pp. 3292-3301. [18] Kathryn Hempstalk, "Hiding Behind Corners: Using Edges in Images for Better Steganography", Proceedings of the Computing Women's Congress, Hamilton, New Zealand, 11- 19 February 2006. [19] Cheng-Hsing Yang, Chi-Yao Weng, Shiuh-Jeng Wang, Member, IEEE, and Hung-Min Sun, Adaptive Data Hiding in Edge Areas of Images with Spatial LSB Domain Systems, IEEE Transactions on Information Forensics and Security, VOL. 3, NO. 3, pp. 488497, September 2008. [20] Hussain, M. Hussain, M, Pixel intensity based high capacity data embedding method, IEEE International Conference Information and Emerging Technologies (ICIET), Pakistan, June 2010. [21] G. J. Simmons, The Prisoners Problem and the Subliminal Channel, in Proceedings of Advances in Cryptology (CRYPTO), pp. 5167, 1983. [22] M. Wolf, Covert Channels in LAN Protocols, Proc. Wksp. Local Area Network Security (LANSEC), 1989, pp. 91101. [23] T. Handel and M. Sandford, Hiding Data in the OSI Network Model, Proc. 1st Intl. Wksp. Information Hiding, 1996 pp. 23 38. [24] N. B. Lucena, G. Lewandowski, and S. J. Chapin, Covert Channels in IPv6, Proc. Privacy Enhancing Technologies (PET), May 2005, pp. 14766. [25] D. Kundur and K. Ahsan, Practical Internet Steganography: Data Hiding in IP, Proc. Texas Wksp. Security of Information Systems, Apr. 2003 [26] C. Abad, IP Checksum Covert Channels and Selected Hash Collision, tech. rep., UCLA, 2001. papers/ipccc.pdf [27] S. Zander, G. Armitage, and P. Branch, Covert Channels in the IP Time To Live Field, Proc. Australian Telecommunication Networks and Applications Conf. (ATNAC), Dec. 2006.

[28] G. Fisk et al., Eliminating Steganography in Internet Traffic with Active Wardens, Proc. 5th Intl. Wksp. Information Hiding, Oct. 2002. [29] A. Hintz, Covert Channels in TCP and IP Headers,2003,http://www.defcon.org/images/defcon-10/dc-10presentationsdc10-hintzovert.ppt [30] C. H. Rowland, Covert Channels in the TCP/IP Protocol Suite, First Monday, Peer Reviewed Journal on the Internet, July 1997. [31] J. Levy, J. Paduch, and B. Khan, "Superimposing permutational covert channels onto reliable stream protocols," in Proceedings of MALWARE 2008, Alexandria VA, Oct. 2008. [32] Adel El-Atawy, Ehab Al-Shaer: Building Covert Channels over the Packet Reordering Phenomenon. INFOCOM 2009: 21862194 [33] Mazurczyk W., Smolarczyk S., Szczypiorski K.: Hiding Information in Retransmissions, In: Computing Research Repository (CoRR), abs/0905.0363, arXiv.org E-print Archive, Cornell University, Ithaca, NY (USA), May 2009. [34] Hassan Khan, Yousra Javed, Fauzan Mirza and Syed Ali Khayam Embedding a covert channel in active network connections, Proceedings of the 28th IEEE conference on Global telecommunications, 2009 [35] M. A. Padlipsky, D. W. Snow, and P. A. Karger, Limitations of end-to-end encryption in secure computer networks, Tech. Rep. ESD-TR-78-158, Mitre Corporation, August 1978. [36] YAO Quan-zhu and ZHANG Peng, Coverting channel based on packet length, vol.34 No.3 Computer Engineering, February 2008. [37] Liping Ji, Wenhao Jiang, and Benyang Dai, A novel covert channel based on length of messages, International Conferenceon e-Business and Information System Security, 2009. [38] Liping Ji, Haijin Liang, Yitao Song, Xizmu Niu, A Normal Traffic Network Covert Channel, Computational Intelligence and Security, 2009. [39] Mazurczyk W., Smolarczyk S., Szczypiorski K.: Hiding Information in Retransmissions, In: Computing Research Repository (CoRR), abs/0905.0363, arXiv.org E-print Archive, Cornell University, Ithaca, NY (USA), May 2009. [40] Liping Ji, Wenhao Jiang, and Benyang Dai, A novel covert channel based on length of messages, International Conferenceon e-Business and Information System Security, 2009. [41] Liping Ji, Haijin Liang, Yitao Song, Xizmu Niu, A Normal Traffic Network Covert Channel, Computational Intelligence and Security, 2009.