An Epistemological Approach to Steganography

Steganography has been studied extensively in the light of information, complexity, probability and signal processing theory. This paper adds epistemology to the list and argues that Simmon’s seminal prisoner’s problem has an empirical dimension, which cannot be ignored (or defined away) without simplifying the problem substantially. An introduction to the epistemological perspective on steganography is given along with a structured discussion on how the novel perspective fits into the existing body of literature. 1 Steganography and steganalysis as empirical sciences A broad definition of steganography includes all endeavours to communicate in such a way that the existence of the message cannot be detected. A more specific problem description that triggered research in modern digital steganography is given in the prisoner’s problem formulated by Gustavus Simmons [1] in 1983: Two prisoners want to cook up an escape plan together. They may communicate with each other, but all their communication is monitored by a warden. As soon as the warden gets to know about an escape plan, or any kind of scrambled communication in which he suspects one, he would punish them severely. Therefore the inmates must hide their secret messages in inconspicuous cover text. Adapting this metaphor to information technology, a steganographic system builds upon an open communication system and is defined by the set of permissible communication objects (i. e., cover and stego objects as messages to be transmitted on the underlying channel), modelled as sequences x = (x1, . . . , xn) over a discrete alphabet X , the set of possible secret messagesM, a pair of publicly known functions to embed and extract secret messages in/from communication objects, and a key space K [2]. Keys k ∈ K parametrise the embedding and extraction function to bind successful extraction to the knowledge of the correct key. The protection goal undetectability [3] is satisfied if stego objects x ∈ X ∗ are indistinguishable from plain covers x ∈ X ∗, i. e., when the distribution of stego objects x ∼ P1 matches the distribution P0 of typical cover objects on the channel [4]. In other words, the goal of steganographic systems is to generate output that is equal to something outside the steganographic system. This implies that we Proceedings of Information Hiding 2009 Last revision: July 16, 2009 Darmstadt, Germany, June 7–10 c © Springer Verlag, Berlin Heidelberg cannot succeed in designing secure steganography without studying the outside of the system! So we conclude and argue that steganography, according to its common definition and in the predominant setting, should be considered as genuinely empirical discipline; unlike cryptology and related fields of information security. This may sound inconvenient from a purely mathematical or theoretical standpoint, but it makes both steganography and steganalysis particularly interesting engineering problems. Nevertheless, it is not wise to abandon the realm of theory entirely in approaching steganography and steganalysis as mere inductive disciplines. So in this paper, we recur to basic information theory as well as statistical theory and combine them with epistemology to lay theoretical foundations on which the engineering problems can be formulated. The foundations also allow to deduct when and under which assumptions we can expect solutions in terms of security guarantees, and where rather not. Such insight helps to reappraise prior art on theoretical and practical steganography and steganalysis. Since we focus on undetectability, this exposition is limited to passive adversaries [5] and it is further organised as follows: Section 2 proposes a classification system for approaches to secure steganography based on the assumptions behind their security analysis. This allows us to organise discoveries and results in the literature and helps to identify cases, in which our epistemological approach applies. The ideas behind our approach draw on the theory of Karl Popper [6]. They are further elaborated in Section 3. Section 4 is devoted to a reflection on the existing body of knowledge and shows ways to integrate it in our approach. Unlike typical ‘related work’ chapters, this discussion is intended to form an equally important part of our contribution. Section 5 concludes the paper. 2 Classification of approaches to secure steganography A cursory view on the steganography literature must leave a confusing picture. There exists a stark contrast between, on the one hand, constructions with strong security claims, embodied in titles such as “Provably” [7] or “Perfectly Secure Steganography” [8] that can be found even in conjunction with the attribute “Efficient” [9], and, on the other hand, successful steganalysis against virtually every embedding method that offers noteworthy capacity: “Attacks on Steganographic Systems” [10], “Breaking [. . . ] Steganography with First Order Statistics” [11] or “Universal Detection” [12]. This list of examples can be continued arbitrarily. The roots of this apparent contradiction lie in different assumptions, which are (too) often only implicit. This paper aims at making them explicit, and we have identified two dimensions along which they can be structured, namely: 1. assumptions on the limits of the adversary (short: adversary assumptions), 2. assumptions on the cover source (short: cover assumptions). The first dimension corresponds to the classical distinction in cryptography, where information-theoretic security denotes security against computationally unconstrained adversaries, complexity-theoretic security assumes bounds on the