The document provides an overview of steganography and steganalysis techniques. It discusses image file formats like BMP, JPEG and GIF and how they can be used to hide data. Common data hiding methods include least significant bit substitution and palette manipulation. Steganalysis techniques to detect hidden data include least significant bit analysis, chi-square tests and histogram analysis. Encrypting data before hiding can help prevent detection by statistical analysis.

7. Pixel: The building block of Image

14. The BMP header This is intel Processor so Use little Endian system

15. The DIB header Offset # Size Purpose Eh 4 the size of this header (40 bytes) 12h 4 the bitmap width in pixels 16h 4 the bitmap height in pixels. 1Ah 2 the number of color planes being used. Must be set to 1. 1Ch 2 the number of bits per pixel, which is the color depth of the image. Typical values are 1, 4, 8, 16, 24 and 32. 1Eh 4 the compression method being used. 22h 4 the image size. This is the size of the raw bitmap data , and should not be confused with the file size. 26h 4 the horizontal resolution of the image. (pixel per meter, signed integer) 2Ah 4 the vertical resolution of the image. (pixel per meter, signed integer) 2Eh 4 the number of colors in the color palette, or 0 to default to 2 n . 32h 4 the number of important colors used, or 0 when every color is important; generally ignored.

18. JPEG File structure (JFIF) Source: Wikipedia Bytes Payload Name Comments 0xFFD8 none Start Of Image 0xFFC0 variable Start Of Frame (Baseline DCT) Indicates that this is a baseline DCT-based JPEG, and specifies the width, height, number of components, and component subsampling (e.g., 4:2:0). 0xFFC2 variable Start Of Frame (Progressive DCT) Indicates that this is a progressive DCT-based JPEG, and specifies the width, height, number of components, and component subsampling (e.g., 4:2:0). 0xFFC4 variable Huffman Table(s) Specifies one or more Huffman tables. 0xFFDB variable Quantization Table(s) Specifies one or more quantization tables. 0xFFDD 2 bytes Define Restart Interval Specifies the interval between RST n markers, in macroblocks. This marker is followed by two bytes indicating the fixed size so it can be treated like any other variable size segment. 0xFFDA variable Start Of Scan Begins a top-to-bottom scan of the image. In baseline DCT JPEG images, there is generally a single scan. Progressive DCT JPEG images usually contain multiple scans. This marker specifies which slice of data it will contain, and is immediately followed by entropy-coded data. 0xFFD0 … 0xFFD7 none Restart Inserted every r macroblocks, where r is the restart interval set by a DRI marker. Not used if there was no DRI marker. The low 3 bits of the marker code, cycles from 0 to 7. 0xFFE n variable Application-specific For example, an Exif JPEG file uses an APP1 marker to store metadata, laid out in a structure based closely on TIFF . 0xFFFE variable Comment Contains a text comment. 0xFFD9 none End Of Image

19. The Compression Process Colour space transformation from RGB to YCbCr (Optional) Down Sampling (4:4:4 or 4:2:2 or 4:2:0) (Optional) Block Splitting (8X8, 16 X8 or 16X16) Discrete Cosine transform Quantization Entropy Coding Final JPEG image data Results in higher values at top left of the matrix and a lot of low value at the bottom right The division table resulting in actual compression with lot of zero values at the bottom right corner Arranging the values in zig zag manner to get all the zero values at the end. Thus using a single byte to represent them Data hiding in LSB’s here

21. Cont…. Round off quantized DCT Coefficients DCT Coefficients of the block Quantization table

34. LSB Enhancement File: test.bmp (Contains no hidden data) File: test1.bmp (Contains hidden data)

37. Why this pattern emerge (Nature of the ASCII ) Char Decimal Binary Hex a 97 011 00001 61 b 98 011 00010 62 c 99 011 00011 63 d 100 011 00100 64 e 101 011 00101 65 f 102 011 00110 66 g 103 011 00111 67 h 104 011 01000 68 I 105 011 01001 69 j 106 011 01010 6A k 107 011 01011 6B l 108 011 01100 6C m 109 011 01101 6D Char Decimal Binary Hex n 110 011 01110 6E o 111 011 01111 6F p 112 011 10000 70 q 113 011 10001 71 r 114 011 10010 72 s 115 011 10011 73 t 116 011 10100 74 u 117 011 10101 75 v 118 011 10110 76 w 119 011 10111 77 x 120 011 11000 78 y 121 011 11001 79 z 122 011 11010 7A

39. Same text with various encryption and LSB enhanced images Text encrypted as ASCII Text encrypted as Binary with IDEA encryption (S-Tools) Image with no data hidden

40. Which is the better option for hiding the data 1 2 3 4

44. Lets see the chi square result of the images shown

53. Check these palettes Palette of complete black image original Palette of complete black image as changed by S-tools after hiding the data