This contribution proposes a novel steganographic method based on the compression standard according to the Joint Photographic Expert Group and an Entropy Thresholding technique. The steganographic algorithm uses one public key and one private key to generate a binary sequence of pseudorandom numbers that indicate where the elements of the binary sequence of a secret message will be inserted. The insertion takes eventually place at the first seven AC coefficients in the transformed DCT domain. Before the insertion of the message the image undergoes several transformations. After the insertion the inverse transformations are applied in reverse order to the original transformations. The insertion itself takes only place if an entropy threshold of the corresponding block is satisfied and if the pseudorandom number indicates to do so. The experimental work on the validation of the algorithm consists of the calculation of the peak signal-to-noise ratio (PSNR), the difference and correlation distortion metrics, the histogram analysis, and the relative entropy, comparing the same characteristics for the cover and stego image. The proposed algorithm improves the level of imperceptibility analyzed through the PSNR values. A steganalysis experiment shows that the proposed algorithm is highly resistant against the Chi-square attack.

1. Introduction

1.1. Motivation

Nowadays, there is a risk that confidential information may be acceded by nonauthorized people, being consulted, divulged, modified, destroyed, or sabotaged, affecting its availability and legal access. Evidently, the information that transits through insecure channels can be easily intercepted. Therefore, the use of Cryptography and Steganography plays a significant role in information security management [1].

Cryptography is the science of protecting information by encryption techniques. As cryptography on its own does not hide the fact that a message is secret, to provide this steganography is used.

The ability to protect sensible information from adversaries, especially during their transmission through channels that are opposed to have leaks, is crucial in a world of emerging cyberwar. Nowadays, all electronic communications are being continuously and automatically monitored by both private and state-owned intelligent systems that have an enormous computer power. In particular, every transmission of cipher-text calls the attention of any of these systems and certainly is chosen to be analyzed, among others, by competitors and any sort of opposing forces. The use of electronic transmission media requires a method that calls less attention of the supervisory automatic systems. Modern Steganography offers a level of service that includes privacy, authenticity, integrity, and confidentiality of the transmitted data.

1.2. State of the Art

Steganography is the art of hiding information by impeding the detection of hidden messages [2]. Steganography involves communicating secret data in an appropriate multimedia carrier, like image [3], audio [4], or video files [5]. The media with or without hidden information are called Stego Media and Cover Media, respectively. Thus, the cover image with the secret message embedded is called the stego image.

1.2.1. Embedding Capacity

The performance of steganographic algorithms can be measured by two main criteria, embedding capacity and detectability. Thus, novel steganographic algorithms are expected to increase the image capacity and the encryption strength of the message. The image capacity can be increased by adaptive strategies which decide where to insert best the message. For example, the Pixel-Value Differencing method [6] proposes to embed more data in edged areas than in smooth areas.

In steganography the embedding capacity is defined as the maximum number of bits that can be embedded in a given cover image. However, the steganographic capacity is the maximum number of bits that can be embedded in a given cover image with a negligible probability of detection by an adversary. Therefore, the embedding capacity is larger than the steganographic capacity [7].

1.2.2. Methods of Embedding Data

There are two common methods of embedding data, which can be classified into two categories, namely, spatial-domain and frequency-domain methods. In the spatial domain method, the secret message is inserted directly into the least significant bit (LSB) of image pixels [8, 9]. In the frequency-domain method [10] the cover image is first transformed from the spatial to a frequency-domain using transformation methods such as discrete cosine transform (DCT) [11, 12], discrete Fourier transform (DFT) [13], or discrete wavelet transform (DWT) [1315]. Then the secret message is embedded in the transformed coefficients [16], and finally the data are transformed back from the frequency-domain to the spatial domain.

There are different strategies to additionally encrypt hidden steganographic data, like permutation [17] or by a statistical threshold [18]. One should not confuse cryptography with steganography: Cryptography modifies the data to make them incomprehensible, while steganography on its own simply hides them between other data. In many instances the combination of both techniques provide a high level security to the protected information; see, for instance, [3, 1923].

In this contribution we adopt the two-dimensional discrete cosine transform [11] as the most common frequency domain method used in image processing. For a recent survey on steganography see [24], where our approach can be classified within DCT based steganography. A frequent method that uses the DCT is the Jpeg-Jsteg embedding method [25], where the secret message is embedded in those LSB of the quantized DCT coefficients whose values are not 0, 1, or −1.

1.2.3. Design Principles That Counter Steganalysis

Westfeld [26] introduced the F5 steganographic algorithm, where, instead of replacing the LSB of the quantized DCT coefficients by the secret bits, the absolute value of the coefficients is reduced by 1. Since the F5 algorithm randomly chooses DCT coefficients to embed the secret bits it is strong against the Chi-square attack.

To counter the Chi-square attack, Provos [25, 27] proposed the OutGuess steganographic algorithm. This method embeds data by a similar way as Jpeg-Jsteg, though its embedding capacity is much lower than that of Jpeg-Jsteg.

There are general design principles for less detectable stegosystems [28]. However, some steganalyis concepts are specialized in the detection of data hidden in the least significant bits of a natural image [29]. For recent improvements in LSB steganography approaches see [28, 30].

In [31], Chang et al. presented a new steganography method based upon Joint Photographic Expert-Group (JPEG) and a quantization table modification. In this case, the secret message is first encrypted and then embedded in the 26 coefficients located in the middle-frequency area of the cover image. In [32], Noda et al. proposed two JPEG steganography schemes using a quantization index modulation in DCT domain.

In [33], Wong et al. presented a novel DCT based on a blind Mod4 steganography method for still images. In [34], Chang et al. proposed a lossless and reversible embedding of secret data in each block of DCT coefficients based on the compressed image technique JPEG. In this scheme, two successive zero coefficients of the medium-frequency components in each block are used to hide the secret data. Li and Wang [35] proposed a novel steganographic method, based on JPEG and the Particle Swarm Optimization algorithm. Here, the transformed messages are embedded in the 36 coefficients located in the middle-frequency components of the quantized DCT coefficients of the cover-image.

1.2.4. Embedding Strategies

In [36], Velasco-Bautista et al. present the Entropy Thresholding method, where the secret message is inserted in the DCT domain. In [37], Lin and Shiu suggest a high capacity data hiding scheme, where the secret data are embedded in the middle frequency of the DCT coefficients. Narayana and Prasad [21] introduce two new methods wherein cryptography and steganography are combined to encrypt the secret message that is hidden. In [38], Lin proposes a reversible data hiding method which is based on the DCT of the cover image. The cover image is decomposed into different frequencies, where the secret messages are embedded into the high-frequency parts. Mali et al. propose a novel image steganographic method using a block level Entropy Thresholding technique where the secret message is embedded in the 26 coefficients located in the middle-frequency area of the cover image [16]. Amin et al. present an efficient data hiding technique based on the DCT, where secret bits are embedded in all frequency components of the quantized DCT coefficient [11]. Jaheel and Beiji combine two steganography algorithms, namely, Jpeg-Jsteg and OutGuess algorithms, with the purpose of enhancing a major security level [39]. In [1], Soria et al. propose a new steganographic algorithm in the frequency domain. This method uses a private key of 64 bits that suggest the positions where the secret bits are inserted after applying the Entropy Thresholding method; the experimental analysis accomplishes a comparison of the results with respect to the Entropy Thresholding method proposed by Velasco-Bautista et al. [36].

In the present work, we show an experimental comparison of the proposed method with respect to the two previous methods. All three approaches use the Entropy Thresholding method. The Velasco-Bautista method does not use keys, the Soria method uses a private key of 64 bits, and the proposed method uses two keys, one public key and one private key of 64 bits.

1.3. Transformation of the Blocks

A digital image is represented in computer systems as an array of pixels. In this paper, we work with a steganography algorithm for embedding a secret message into a RGB 24-bit color image, where each pixel has three color components: Red, Green, and Blue (RGB). Each RGB component is represented by a byte. The values range from 0 to 255, where zero represents the darkest and 255 the brightest shade of a color.

Since we consider a RGB 24-bit color image as three blocks of bytes corresponding to each color component, in the proposed method the cover image of size is divided into different blocks of bytes such that the DCT transformation can be performed on each one of them. Here we assume that and are divisible by .

Let be the th block of bytes of the image, with , and let be its two dimensional discrete cosine transform, with . The relationship between and its inverse is given by where for and otherwise. A DCT of a integer matrix becomes a matrix of real numbers. By definition, the coefficient is the DC coefficient (zero frequency) and all others are called the AC coefficients.

1.4. This Contribution

In this paper, two steganography methods are combined, namely, the JPEG steganography method and the Entropy Thresholding technique [36, 39]. This combination allows to hide secret messages in images while maintaining a high visual quality and a low detectability. The JPEG method divides the cover image into nonoverlapping blocks of bytes and then applies the discrete cosine transform with the purpose of hiding the secret message in the DCT domain by modifying certain coefficients located in the low-frequency area of the cover image.

The Entropy Thresholding method decides whether or not to embed the secret message in a certain matrix of order of transformed coefficients, depending on the entropy within that matrix.

2. Determination of Location of Message

In this section we describe how to determine the encrypted random locations where the secret message is inserted. It is assumed that is the length of the binary sequence of the secret message where is a bit containing or . The locations where the secret message is hidden is determined by a pseudorandom sequence defined by We denote by the number of bits of an array of bits which are equal to . We continue to concatenate the pseudorandom sequence as long as we reach a cardinality ; that is, the length of the message is covered.

In the next subsections, first, we describe the generation of 15 subkeys, and then how the subkeys are used to determine a pseudorandom sequence of locations where the secret bits are inserted.

2.1. Creation of 15 Subkeys

There are two types of cryptography techniques, namely, private key and public key cryptography. Public key cryptography is an asymmetric cryptography technique which encrypts the message with a private key and decrypts the message with a public key. Private key cryptography is a symmetric cryptography technique which encrypts and decrypts a message with the same key. The DES (Data Encryption Standard) algorithm [40] is the most widely used symmetric encryption algorithm in the world and its design idea is still used in numerous block ciphers.

In this paper we use steps similar to those developed for the Data Encryption Standard (DES) algorithm to generate subkeys, but we only generate 15 new subkeys of 96 bits, with , using compressions (permutations) of 112 and 96 bits, respectively.

To generate the 15 subkeys we use one key of 128 bits (as defined in the first step of Section 2.2), by the following steps:

The 128-bit key is permuted according to the following permutation:

The first entry in the table being means that the 42th bit of the original key becomes the first bit of the permuted key. The 37th bit of the original key becomes the second bit of the permuted key. The 67th bit of the original key is the last bit of the permuted key. Note that only 112 bits of the original key appear in the permuted key.(2)Next, split this key into a left and a right half, and , where each half contains 56 bits.(3)Then, with and defined, we now create fifteen blocks and , . Each pair of blocks and is formed from the previous pair and , respectively, for , using the following schedule of “left shifts” of the previous block: To do a left shift, move each bit one place to the left, except for the first bit, which is cycled to the end of the block. A double shift is twice a single shift. This means, for example, and are obtained from and , respectively, by one left shift, and and are obtained from and , respectively, by two left shifts.

In order to finish, we generate keys of 96 bits, with , by applying the following permutation to each of the concatenated pairs :

Notice that the first bit of is the 44th bit of , the second bit is the 14th, and so on, ending with the 96th bit of being the 57th bit of .

In summary, this procedure uses one key of 128 bits, to determine 15 subkeys of 96 bits, which, through the procedure that is described in continuation, generates a pseudorandom sequence that determines the location to insert the secret bits.

2.2. Generation of Pseudorandom Sequence of Locations
In this subsection we describe how the location of the secret message is determined by using the subkeys as defined in Section 2.1. The generation of the pseudorandom sequence is realized according to the following steps:
(1)Generate a public key of 64 bits. Concatenate the private key and the public key. Alternate its bytes to create a new key of 128 bits. The first element of the composed key of 128 bits is the first element of the private key and the second is the first element of the public key and so on. Extract the least significant bits of each byte of the composed key, getting this way a binary sequence of 16 bits.(2)From the newly concatenated key generate 15 new subkeys of 96 bits, with , according to the steps that were described in Section 2.1.

Apply the permutation.

to the binary sequence , with , expanding it to a binary sequence of 128 bits. Here, the symbol defines the binary operation and . Then, apply the operation between the 16 bits of sequence and each of the 8 blocks of 16 bits of the binary sequence of 128 bits, creating a new binary sequence of 128 bits.(4)Concatenate . If the cardinality of concatenated keys is , then the subsequence of is extracted such that the cardinality covers the whole secret message being the first bit of and so on.(5)If the length of the secret message exceeds the cardinality then the set is extended by adding another pseudorandom sequence obtained using the first 64 bits of as private key and the last 64 bits of as public key. This procedure continues until the desired length is obtained.

3. Proposed Algorithm

In this section we propose a new algorithm for steganography. Given a procedure for the determination of the possible locations of the sub-keys (as described in Section 2.2), the algorithm is mainly about the effective insertion of the message according to a threshold. The embedding algorithm has a sandwich structure, where first several transformations are applied subsequently. In the core of the algorithm the secret message is inserted respectively extracted whenever an entropy threshold criterion is satisfied. Finally, inverse transformations are applied in reverse order. See Algorithm 1 for a pseudocode, where the operating mode is switched to embedding or extraction by setting the parameter mode to EMBEDDING or EXTRACTION, respectively.

Subtract 128 from each byte of image to produce a data range that is centered around zero, so that the modified
range is .
(i) Divide the cover image into non-overlapping blocks of bytes as indicated in Section 1.3.
for do
Calculate the Discrete Cosine Transform (DCT) coefficients for each byte matrix .
 (i) Compute the entropy
end for
(i) Calculate mean entropy of all transformed blocks.
(ii) .
(iii) .
for do
if then
   : Quantify according to (9).
   : Apply the zigzag scan, see Figure 3.
  for do
   if then
    if mode = EMBEDDING then
     if then
       : Apply the replacement rule according to (5) and (6).
     end if
     : Apply extraction rule (8).
    end if
    : Goto next bit of secret message.
   end if
   : Goto next index of location indicator.
  end for
   : Reorganize the vector with the secret message to a matrix of order , taking into account the zigzag
  scan order.
   : Multiply the previous matrix by the quantification matrix (10).
   : Apply the Inverse Discrete Cosine Transform (IDCT).
   : Copy the matrix.
end if
end for
Add to each byte 128 to reconstruct the image, obtaining the expected stego image.

Roughly speaking, bits of the secret message are inserted at given locations whenever the entropy of a block is above a certain threshold value. Therefore, the proposed algorithm divides the cover image into nonoverlapping blocks of bytes and then applies the discrete cosine transform to each matrix of them. The Entropy Thresholding method determines the matrices that will be quantized. The combined private-public key determines a binary sequence of pseudorandom numbers that indicate the first seven AC coefficients where the elements of the binary sequence of the secret image will be inserted.

3.1. Replacement Rule

We denote by the function that replaces a value by the corresponding secret message bit . For the rule is defined byAnalogously, for we define asThe effect of different values of and on is shown in (7). The replacement rule is designed such that corresponds to even and to odd values of and thus provides the rule for the inverse operation for the following extraction function defined byThe process of extraction follows the same procedure as executed in the process of insertion, except that instead of inserting the least significant bit, the corresponding message bit is extracted. For both processes, embedding and extraction, the input consists of the stego image, private key, public key, and the quality factor.

3.2. Embedding Algorithm

The secret message is inserted into the cover image by the embedding procedure described in Algorithm 1.

Input. Secret message, cover image, private key, public key, and quality factor.

Procedure. In the proposed algorithm, it is assumed that the emitter as well as the receiver holds the same system of private keys. Indeed, the receiver sends the public key to the emitter by an insecure channel. Then, the emitter generates the stego image with both keys and sends it through another insecure channel to the receiver, which can extract the secret message from the public and private key; see Figure 2.

The emitter generates the stego image according to Algorithm 1. Firstly, the proposed algorithm subtracts 128 from each byte of the image. Next, it splits the cover image up into nonoverlapping blocks of bytes and then applies the discrete cosine transform to each one of them. From each transformed block it calculates the entropy.

By the Entropy Thresholding method it decides whether or not to embed the secret message in the transformed block. If the entropy of a block is greater than the overall average entropy then each selected block is quantified using the quantification matrix (9); the zigzag scan is applied, with the purpose to align frequency coefficients in ascending order; see Figure 3. Afterwards, the elements of the binary sequence of the secret message are inserted in the first seven AC coefficients whenever the elements are equal to 1. Since the replacement rule operates on natural numbers, the real valued coefficients have to be rounded.

After insertion of the secret message the back transformation is realized in reverse order: By the zigzag scan the matrix of order is reconstructed, which afterwards is unquantified multiplying by the quantification matrix (10). Finally, the Inverse Discrete Cosine Transform (IDCT) is applied, and to each byte of the resultant image the value 128 is added in order to reconstruct the image, obtaining the expected stego image.

3.3. Details on Quantification Procedure and Zig-Zag Scan

In the quantification procedure each block of bytes selected by the Entropy Thresholding method is quantified using the given quantification matrix that scales the quantized values by a compression quality factor ; see [36] for more details. The quantized DCT coefficients are computed aswhere is the matrixHere, the quantization matrix is chosen to be the Lohscheller matrix: The transformation of the matrix , with , to a vector of length 64 is done by the zigzag order scan; see Figure 3, which aligns frequency coefficients in ascending order starting from frequency zero (DC coefficient) to nonzero frequency components (AC coefficients). Indeed, the DC coefficient contains a significant fraction of the image energy. In addition, the AC coefficients can be classified in three groups, those that occur at low (yellow color), at middle (green color), and at high (blue color) frequency, respectively. Out of the 9 low frequency AC coefficients (yellow color) only the first 7 AC coefficients are considered, whenever the pseudorandom sequence and the entropy threshold permits.

Usually, zero AC coefficients occur at middle and high frequency, so modifications to them break the structure of continuous zeros. Abrupt nonzero values give a hint of the existence of secret bits. The nonzero AC coefficients occur at low and middle frequency such that perturbations to them do not affect the visual quality [41].

4. Experimental Results

In this Section the experimental results of the proposed algorithm are presented. The proposed algorithm is implemented in Matlab. Five different images consisting of pixels are used, with a quality factor equal to . The cover images and the stego images are shown in Figure 1.

The used keys were taken randomly. We have tested our proposed algorithm by inserting the following message to each of the five images:

Nec vero habere virtutem satis est quasi artem aliquam nisi utare; etsi ars quidem cum ea non utare scientia tamen ipsa teneri potest, virtus in usu sui tota posita est. (Cicero, “De re publica”)

In addition, a comparison of the proposed method with respect to the Entropy Thresholding method proposed by Velasco-Bautista et al. [36] and to the method proposed by Soria et al. [1] is included in this section. The performance of the proposed approach has been studied using different kinds of statistical measures.

4.1. Imperceptibility Test

The information security through steganography depends in great part on the level of imperceptibility, since a steganographic system has to generate a sufficiently innocent stego image. Therefore, the degree of distortion or imperceptibility of a stego image in relation to the original image plays a fundamental role. Usually, the image distortion is measured by the peak signal-to-noise ratio (PSNR), which is given bywhere and and are the cover and stego image, respectively. The index set sums over the set of bytes aswhere , account for the image size, addresses the three colours, and .

In the first experiment, the PSNR values indicate the level of imperceptibility and distortion of those images. In this experiment, 128 randomly chosen pairs of different keys were used. The experimental results show that the proposed algorithm produces high quality stego images with appropriate PSNR values; see Figures 48, which is in correspondence with the heuristic values of PSNR (30 to 50 db) found in literature [42]. Moreover, this experiment shows that the proposed method gives usually better results than the methods proposed by Soria et al. [1] and Velasco-Bautista et al. [36].

4.2. Image Quality Measures

The relationship between the display and the human visual system can be quantitatively expressed by mathematical relationships of Image Quality Measures (IQMs). Steganographic schemes eventually leave statistical evidence that can be used to quantify the hidden content in the stego image relative to the cover image; see [43]. The metrics measure the similarity between the cover image and the stego image after insertion of the message, summing over the set of all bytes as defined by (14): The IQMs based on correlation of the content of the images include Correlation Quality (CQ) and Structure Content (SC); see [43, 44]. In addition, the IQMs based on difference distortion and pixel distance include Image Fidelity (IF) and Average Absolute Difference (AD), respectively; see [43, 44].

In the case of the metrics CQ, SC, IF, and AD, the closer the value is to one, the higher the level of similarity is. However, in the case of the metric AD, the closer the value is to zero, the lower the global distortion of the stego image is with respect to the cover image. A large value of AD means that the stego image is very poor in quality.

In the second experiment, the values of CQ, SC, IF, and AD were found for seven pairs of different keys. It can be observed that CQ, SC, and IF tend to one (see Figures 9 and 10) while the AD values are small (see Table 1), which shows that between the cover image and the stego image there are no significant differences.

4.3. Histogram Analysis

In the third experiment we use the Peppers image. The calculation of the previous quantities produced similar results (not shown). In Figure 11, the histograms for the red block of the analyzed image are shown. A distortion metric is the Histogram Similarity (HS), which is calculated as where is the relative frequency of level in a 256-level image; see [43, 45]. This measure is connected to the differences between each histogram pair. Table 2 shows that the values of HS are close to zero, which corresponds to the values calculated in the previous example.

4.4. Security Test

The security of a steganographic system can be evaluated beyond examining the distribution of the cover and stego image. Cachin [46] proposed a statistical measure for steganographic systems, which is called -secure and given by where and represent the distribution of cover image and stego image, and RE is the relative entropy between the two probability distributions. Moreover, a steganographic system is called perfectly secure if .

In the fourth experiment we observe that the values of the relative entropy are close to zero, which affirms that the steganographic system obtained from the proposed algorithm is sufficiently secure; see Table 3 and Figure 12 corresponding to the City image.

4.5. Steganalysis Experiment: Chi-Square Attack Resistance Test

Steganalysis is the science of detecting hidden information. In other words, steganalysis intends to find the secret information that carries some stego-information by attacking the security of the used steganography algorithm. During the design of secure steganographic algorithms, the simulation of attacks is essential to evaluate the security. In this work some of the stego images produced by the Soria-Lorente method, the Velasco-Bautista method, and the proposed method have been tested against the well-known Chi-square attack [47]. The Chi-square attack is one of the algorithms to test the detectability of any secret data embedding algorithm. This test is based on the frequency with which pixel values appear. It is unusual for the frequency of pixel value to be (nearly) equal to the frequency of pixel value in a typical image with no embedded information. The Chi-squared attack was designed to detect these near-equal biases in images and bases the probability of embedding on how close to equal the even pixel values and their corresponding odd pixel values are in the test image. Indeed, in [48] it was shown that the Chi-square attack detects successfully the existence of the embedded secret bits in the first half of the DCT coefficients of the stego image created by the Jpeg-Jsteg method; see also [32].

The Chi-square statistic with degrees of freedom is given as where and are the total pixels in image sample of gray value and , respectively. The values of the Chi-square statistic are always positive. The expectation is that, for a stego image, is relatively small because should be near , by the hypothesis, and for a non-stego image, is relatively large because should be far from . The final step of the process is calculating , the probability of embedding, by integrating the density function with as its upper limit: This probability of embedding is the probability of under the condition that for . The density function, , converges to as approaches infinity, so approaches as approaches infinity. Therefore, for large , the probability of embedding is near . In other words, larger values of the mean a lower probability of embedding. However, when is small relative to , then is near to zero and hence is near to . Thus for relatively small , the probability of embedding is near .

In the fifth experiment we verify that the stego images created by the Soria-Lorente method and the proposed method cannot be detected by the Chi-square attack; see Figures 13 and 14. This means that the proposed method is robust against the Chi-square attack. However, in Figure 14, one can observe that the Chi-square attack detects the existence of the embedded secret bits approximately in 1.02% of the stego images created by the Velasco-Bautista method, with a probability of embedding of .

5. Conclusions and Discussion

In this contribution, we propose a new steganographic algorithm which uses two keys, one public and another private, in order to reduce the detectability. According to the analyses of PSNR, of histograms and IQMs values, it is demonstrated that in the stego image there are no detectable anomalies with respect to the cover image. Moreover, the obtained values for the relative entropy show that the steganographic system obtained by the proposed algorithm is sufficiently secure. In addition, by the values of embedding probability it was demonstrated that the proposed algorithm is highly resistant against the Chi-square attack.

Competing Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.


The authors wish to thank the Clavemat project, financed by the European Union, the University of Granma, and Fundación EPAS. The Universidad Católica de Temuco supported the authors through the project DGIPUCT no. 2015CA-SF-04 (supported by the “Dirección General de Investigación y Postgrado”) and through the Master Program of Applied Mathematics.