Chaotic iterations versus Spread-spectrum: topological-security and stego-security

Chaotic iterations v ersus Spread-sp ectrum: top ological-securit y and stego-securit y Christophe Guy eux, Nicolas F riot, and Jacques M. Bahi Computer Science Lab orator y LIFC Univ ersit y of F ranc he-Comt ´ e rue Engel Gros, Belfort, F rance { c hristophe.guy eux, nicolas.friot, jacques.bahi } @lifc.univ-fcom te.fr June 11, 2021 Keyw ords: Information hiding; Chaotic iterations; Stego-securit y; T op ological-securit y; Spread-sp ectrum. Abstract A new framew ork for information hiding security , called top ological-security , has b een prop osed in a previous study . It is based on the ev aluation of unpredictabilit y of the sc heme, whereas existing notions of securit y , as stego-securit y , are more linked to information leaks. It has b een prov en that spread-sp ectrum tec hniques, a well-kno wn stego-secure scheme, are topologically-secure too. In this pap er, the links betw een the t wo notions of security is deep ened and the usability of top ological-security is clarified, b y presenting a nov el data hiding sc heme that is twice stego and top ological-secure. This last scheme has b etter scores than spread-sp ectrum when ev aluating qualitative and quan titative top ological-security prop erties. Inciden tally , this result sho ws that the new framew ork for security tends to improv e the ability to compare data hiding sc heme. 1 1 In tro duction Information hiding has recently b ecome a ma jor digital technology [6], [9], esp ecially with the increasing importance and widespread distribution of digital media through the In ternet. Spread-sp ectrum data-hiding tec hniques ha ve b een widely studied in recent years under the scop e of securit y . These techniques encompass several sc hemes, such as Improv ed Spread Sp ectrum (ISS), Circular W atermarking (CW), and Natural W atermarking (NW). Some of these sc hemes hav e rev ealed v arious security issues. On the contrary , it has b een prov en in [4] that the Natural W atermarking technique is stego-secure. This stego-security is one of the securit y classes defined in [4]. In this pap er, probabilistic models are used to categorize the securit y of data hiding algorithms in the W atermark Only A ttack (WO A) framework. W e will sho w that the securit y level of suc h algorithms can b e studied into a no v el framew ork based on unpredictabilit y , as it is understoo d in the theory of chaos [5]. T o do so, a new class of securit y will b e introduced, namely the top ological-security . This new class can be used to study some categories of attac ks that are difficult to in vestigate in the existing security approac h. It also enric hes the v ariet y of qualitativ e and quan titativ e to ols that ev aluate how strong the securit y is, th us reinforcing the confidence that can b e had in a giv en sc heme. In addition of b eing stego-secure, it has b een pro ven in [3] that Natural W atermarking tec hnique is top ologically-secure. Moreov er, this technique possesses additional prop erties of unpredictabilit y , namely , strong transitivit y , top ological mixing, and a constan t of sensitivit y equal to N 2 . Ho w ever NW are not expansive, which is problematic in the Constan t-Message A ttac k (CMA) and Kno wn Message A ttack (KMA) setups [3]. In this paper, it is pro ven b y using the new top ological-securit y framework, that a more secure sc heme than NW can b e found to withstand attac ks in these setups. This scheme, in tro duced in [2], is based on the so-called chaotic iterations. The aim of this work is to prov e that this algorithm is stego-secure and top ologically-secure, to study its qualitativ e and quantitativ e prop erties of unpredictabilit y , and then to compare it with Natural W atermarking. The rest of this pap er is organized as follo ws. In Section 2, basic definitions and termi- nologies in the field of top ology , c haos, and security are recalled. In Section 3 the stego- securit y of c haotic iterations is established in some cases, whereas in Section 4 is studied the top ological-securit y of c haotic iterations. Natural W atermarking and c haotic iterations are then compared in Section 5. The paper ends with a conclusion where our con tribution is summarized, and planned future w ork is discussed. 2 Basic recalls 2.1 Chaotic iterations In this section, the definition and main prop erties of c haotic iterations are recalled [1]. 2 2.1.1 Chaotic iterations In the sequel S n denotes the n th term of a sequence S and V i the i th comp onen t of a vector V . Finally , the following notation is used: [ [1; N ] ] = { 1 , 2 , . . . , N } . Let us consider a system of a finite n umber N of elements (or c el ls ), so that each cell has a b o olean state . A sequence of length N of bo olean states of the cells corresp onds to a particular state of the system . A sequence whic h elemen ts belong to [ [1; N ] ] is called a str ate gy . The set of all strategies is denoted b y S . Definition 1 The set B denoting { 0 , 1 } , let f : B N − → B N b e a function and S ∈ S b e a strategy . The so-called chaotic iter ations are defined b y x 0 ∈ B N and ∀ ( n, i ) ∈ N ∗ × [ [1; N ] ]: x n i =  x n − 1 i if S n 6 = i ( f ( x n − 1 )) S n if S n = i. 2.1.2 Dev aney’s c haotic dynamical systems Consider a metric space ( X , d ) and a con tin uous function f on X . f is said to be top olo gic al ly tr ansitive if, for any pair of op en sets U, V ⊂ X , there exists k > 0 suc h that f k ( U ) ∩ V 6 = ∅ . ( X , f ) is said to b e r e gular if the set of p erio dic p oints is dense in X . f has sensitive dep endenc e on initial c onditions if there exists δ > 0 such that, for an y x ∈ X and any neigh b orho o d V of x , there exists y ∈ V and n > 0 suc h that | f n ( x ) − f n ( y ) | > δ . δ is called the c onstant of sensitivity of f . Quoting Dev aney in [5], Definition 1 A function f : X − → X is said to b e chaotic on X if ( X , f ) is regular, top ologically transitiv e and has sensitive dep endence on initial conditions. 2.1.3 Chaotic iterations and Dev aney’s chaos In this section we give outline proofs of the prop erties on whic h our secure data hiding sc heme is based. The complete theoretical framew ork is detailed in [1]. Denote b y ∆ the discr ete b o ole an metric , ∆( x, y ) = 0 ⇔ x = y . Giv en a function f , define the function: F f : [ [1; N ] ] × B N − → B N suc h that F f ( k , E ) =  E j . ∆( k , j ) + f ( E ) k . ∆( k , j )  j ∈ [ [1; N ] ] . Let us consider the phase space X = [ [1; N ] ] N × B N and the map G f ( S, E ) = ( σ ( S ) , F f ( i ( S ) , E )), where σ is defined b y σ : ( S n ) n ∈ N ∈ S → ( S n +1 ) n ∈ N ∈ S , and i is the map i : ( S n ) n ∈ N ∈ S → S 0 ∈ [ [1; N ] ]. So the chaotic iterations can b e describ ed by the follo wing iterations: X 0 ∈ X and X k +1 = G f ( X k ) . W e hav e defined in [1] a new distance d b etw een tw o p oints ( S, E ) , ( ˇ S , ˇ E ) ∈ X by d (( S, E ); ( ˇ S , ˇ E )) = d e ( E , ˇ E ) + d s ( S, ˇ S ) , where: • d e ( E , ˇ E ) = N X k =1 ∆( E k , ˇ E k ) ∈ [ [0; N ] ] 3 • d s ( S, ˇ S ) = 9 N ∞ X k =1 | S k − ˇ S k | 10 k ∈ [0; 1] . It is then pro ven that, Prop osition 1 G f is a c ontinuous function on ( X , d ) . In the metric space ( X , d ), the vectorial negation f 0 : B N − → B N , ( b 1 , · · · , b N ) 7− → ( b 1 , · · · , b N ) satisfies the three conditions for Dev aney’s c haos: regularit y , transitivity , and sensitivit y [1]. So, Prop osition 2 G f 0 is a chaotic map on ( X , d ) ac c or ding to Devaney. 2.2 Using c haotic iterations as information hiding sc hemes 2.2.1 Presen tation of the scheme W e ha ve prop osed in [2] to use chaotic iterations as an information hiding scheme, as follows (see Figure 1). Let: • ( K , N ) ∈ [0; 1] × N b e an em b edding k ey , • X ∈ B N b e the N least significan t co efficients (LSCs) of a given cov er media C , • ( S n ) n ∈ N ∈ [ [1 , N ] ] N b e a strategy , which dep ends on the message to hide M ∈ [0; 1] and K , • f 0 : B N → B N b e the v ectorial logical negation. (a) Original Lena. (b) W atermarked Lena. Figure 1: Data hiding with c haotic iterations So the w atermark ed media is C whose LSCs are replaced by Y K = X N , where:  X 0 = X ∀ n < N , X n +1 = G f 0 ( X n ) . 4 In the following section, t w o w ays to generate ( S n ) n ∈ N are given, namely Chaotic It- erations with Indep endent Strategy (CI IS) and Chaotic Iterations with Dep endent Strat- egy (CIDS). In CI IS, the strategy is indep endent from the cov er media X , whereas in CIDS the strategy will b e dependent on X . Their stego-security are studied in Section 3 and their top ological-securit y in Section 4. 2.2.2 Examples of strategies CI IS strategy Let us first in tro duce the Piecewise Linear Chaotic Map (PLCM, see [7]), defined b y: Definition 2 (PLCM) F ( x, p ) =    x/p if x ∈ [0; p ] ( x − p ) / ( 1 2 − p ) if x ∈  p ; 1 2  F (1 − x, p ) else. where p ∈  0; 1 2  is a “con trol parameter”. Then, we can define the general term of the strategy ( S n ) n in CI IS setup by the follo wing expression: S n = b N × K n c + 1, where:    p ∈  0; 1 2  K 0 = M ⊗ K K n +1 = F ( K n , p ) , ∀ n ≤ N 0 in which ⊗ denotes the bitwise exclusiv e or (X OR) b et ween tw o floating part num b ers ( i.e. , b et w een their binary digits representation). Lastly , to b e certain to enter into the chaotic regime of PLCM [7] , the strategy can b e preferably defined b y: S n =  N × K n + D  + 1, where D ∈ N . CIDS strategy The same notations as ab o v e are used. W e define CIDS strategy as follo ws: ∀ k 6 N , • if k 6 N and X k = 1, then S k = k , • else S k = 1. In this situation, if N > N , then only t w o w atermarked con ten ts are p ossible with the sc heme prop osed in Section 2.2, namely: Y K = (0 , 0 , · · · , 0) and Y K = (1 , 0 , · · · , 0). 3 Ev aluation of the stego-securit y 3.1 Definition of stego-securit y Stego-securit y , defined in the Simmons’ prisoner problem [8], is the highest securit y class in W O A setup [4]. 5 Let K b e the set of embedding k eys, p ( X ) the probabilistic mo del of N 0 initial host con ten ts, and p ( Y | K 1 ) the probabilistic mo del of N 0 w atermark ed conten ts. W e supp ose that eac h host con tent has b een w atermarked with the same k ey K 1 and the same em b edding function e . Definition 3 The embedding function e is stego-secure if and only if: ∀ K 1 ∈ K , p ( Y | K 1 ) = p ( X ) 3.2 Ev aluation of the stego-securit y Let us no w study the stego-security of the scheme. W e will pro ve that, Prop osition 3 CIIS ar e ste go-se cur e. Pr oof Let us suppose that X ∼ U  B N  in a CIIS setup. W e will pro v e b y a math- ematical induction that ∀ n ∈ N , X n ∼ U  B N  . The base case is immediate, as X 0 = X ∼ U  B N  . Let us no w supp ose that the statemen t X n ∼ U  B N  holds for some n . Let e ∈ B N and B k = (0 , · · · , 0 , 1 , 0 , · · · , 0) ∈ B N (the digit 1 is in p osition k ). So P ( X n +1 = e ) = P N k =1 P ( X n = e + B k , S n = k ) . These t w o ev ents are indep endent in CI IS setup, th us: P ( X n +1 = e ) = P N k =1 P ( X n = e + B k ) × P ( S n = k ). According to the in- ductiv e hypothesis: P ( X n +1 = e ) = 1 2 N P N k =1 P ( S n = k ). The set of even ts { S n = k } for k ∈ [ [1; N ] ] is a partition of the universe of p ossible, so P N k =1 P ( S n = k ) = 1. Finally , P ( X n +1 = e ) = 1 2 N , which leads to X n +1 ∼ U  B N  . This result is true ∀ n ∈ N , w e th us hav e prov en that, ∀ K ∈ [0; 1] , Y K = X N 0 ∼ U  B N  when X ∼ U  B N  So CI IS defined in Section 2.2 are stego-secure. W e will now pro ve that, Prop osition 4 CIDS ar e not ste go-se cur e. Pr oof Due to the definition of CIDS, w e hav e P ( Y K = (1 , 1 , · · · , 1)) = 0. So there is no uniform repartition for the stego-con ten ts Y K . 4 Ev aluation of the top ological-securit y 4.1 Definition T o chec k whether an information hiding scheme S is top ologically-secure or not, S m ust b e written as an iterate pro cess x n +1 = f ( x n ) on a metric space ( X , d ). This form ulation is alw a ys p ossible, as it is prov en in [3]. So, 6 Definition 4 An information hiding scheme S is said to be top ologically-secure on ( X , d ) if its iterativ e pro cess has a chaotic b ehavior according to Dev aney . It can b e established that, Prop osition 5 CIIS and CIDS ar e top olo gic al ly-se cur e. Pr oof It has b een pro v en in [1] that c haotic iterations ha v e a c haotic b ehavior, as defined b y Dev aney . In the t wo follo wing sections, w e will study the qualitative and quantitativ e prop erties of topological-security for chaotic iterations. These prop erties can measure the disorder generated by our sc heme, giving b y doing so some imp ortant informations about the unpre- dictabilit y lev el of such a pro cess. 4.2 Quan titative prop ert y of c haotic iterations Definition 5 (Expansivit y) A function f is said to b e exp ansive if ∃ ε > 0 , ∀ x 6 = y , ∃ n ∈ N , d ( f n ( x ) , f n ( y )) > ε. Prop osition 6 G f 0 is an exp ansive chaotic dynamic al system on X with a c onstant of ex- p ansivity is e qual to 1. Pr oof If ( S, E ) 6 = ( ˇ S ; ˇ E ), then either E 6 = ˇ E , so at least one cell is not in the same state in E and ˇ E . Consequently the distance b etw een ( S, E ) and ( ˇ S ; ˇ E ) is greater or equal to 1. Or E = ˇ E . So the strategies S and ˇ S are not equal. Let n 0 b e the first index in which the terms S and ˇ S differ. Then ∀ k < n 0 , ˜ G k f 0 ( S, E ) = ˜ G k f 0 ( ˇ S , ˇ E ), and ˜ G n 0 f 0 ( S, E ) 6 = ˜ G n 0 f 0 ( ˇ S , ˇ E ). As E = ˇ E , the cell which has c hanged in E at the n 0 -th iterate is not the same as the cell which has changed in ˇ E , so the distance b etw een ˜ G n 0 f 0 ( S, E ) and ˜ G n 0 f 0 ( ˇ S , ˇ E ) is greater or equal to 2. 4.3 Qualitativ e prop ert y of c haotic iterations Definition 6 (T op ological mixing) A discrete dynamical system is said to b e top ologi- cally mixing if and only if, for any couple of disjoin t op en set U, V 6 = ∅ , n 0 ∈ N can b e found so that ∀ n > n 0 , f n ( U ) ∩ V 6 = ∅ . Prop osition 7 ˜ G f 0 is top olo gic al ly mixing on ( X 0 , d 0 ) . This result is an immediate consequence of the lemma b elo w. Lemma 1 F or any op en b al l B of X 0 , an index n c an b e found such that ˜ G n f 0 ( B ) = X 0 . Pr oof Let B = B (( E , S ) , ε ) b e an op en ball, which the radius can b e considered as strictly less than 1. All the elements of B hav e the same state E and are such that an in teger k (= − log 10 ( ε )) satisfies: 7 • all the strategies of B ha ve the same k first terms, • after the index k , all v alues are p ossible. Then, after k iterations, the new state of the system is ˜ G k f 0 ( E , S ) 1 and all the strategies are p ossible (all the p oin ts ( ˜ G k f 0 ( E , S ) 1 , ˆ S), with an y ˆ S ∈ S , are reachable from B ). W e will pro ve that all p oin ts of X 0 are reac hable from B . Let ( E 0 , S 0 ) ∈ X 0 and s i b e the list of the differen t cells b etw een ˜ G k f 0 ( E , S ) 1 and E 0 . W e denote by | s | the size of the sequence s i . So the point ( ˇ E , ˇ S ) of B defined b y: ˇ E = E , ˇ S i = S i , ∀ i 6 k , ˇ S k + i = s i , ∀ i 6 | s | , and ∀ i ∈ N , S k + | s | + i = S 0 i is such that ˜ G k + | s | f 0 ( ˇ E , ˇ S ) = ( E 0 , S 0 ). This concludes the pro ofs of the lemma and of the prop osition. 5 Comparison b et w een spread-sp ectrum and c haotic iterations The consequences of top ological mixing for data hiding are multiple. Firstly , security can b e largely impro ved b y considering the num b er of iterations as a secret k ey . An attack er will reach all of the p ossible media when iterating without this k ey . Additionally , he cannot b enefit from a KO A setup, by studying media in the neighborho o d of the original cov er. Moreo v er, as in a top ological mixing situation, it is p ossible that an y hidden message (the initial condition), is sen t to the same fixed watermark ed con tent (with differen t num b ers of iterations), the interest to b e in a KMA setup is drastically reduced. Lastly , as all of the w atermark ed con tents are p ossible for a given hidden message, depending on the n um b er of iterations, CMA attac ks will fail. The prop ert y of expansivity reinforces drastically the sensitivity in the aims of reducing the b enefits that Ev e can obtain from an attac k in KMA or K OA setup. F or example, it is imp ossible to ha ve an estimation of the watermark b y mo ving the message (or the cov er) as a cursor in situation of expansivit y: this cursor will be to o m uch sensitiv e and the c hanges will b e to o imp ortant to b e useful. On the con trary , a very large constan t of expansivity ε is unsuitable: the co ver media will b e strongly altered whereas the w atermark would b e undetectable. Finally , spread-sp ectrum is relev ant when a discrete and secure data hiding technique is required in WO A setup. Ho wev er, this tec hnique should not be used in K O A and KMA setup, due to its lac k of expansivity .sc hemes, whic h are expansive. 6 Conclusion and future w ork In this pap er, the links b etw een stego-securit y and top ological-security has been deep ened. The information hiding scheme presen ted in [2], whic h is based on c haotic iterations, has b een recalled and its level of securit y has b een studied. It has b een pro v en that this algo- rithm is t wice stego and top ologically-secure. This w as already the case for spread-sp ectrum 8 tec hniques, as it has b een established in [3]. Moreo v er, as for spread-sp ectrum, chaotic iter- ations p ossess the qualitative property of top ological mixing, which are useful to withstand attac ks. How ever, unlik e spread-sp ectrum, chaotic iterations are expansiv e, so this scheme is b etter than spread-sp ectrum in K O A and KMA setups. Incidentally , this result sho ws that the new framework for security tends to improv e the ability to compare data hiding scheme. In future w ork, w e will give a better understanding of the links b etw een these tw o securit y framew orks. Additionally , the comparison b et w een spread-sp ectrum and c haotic iterations outlined in this pap er will b e extended. The securit y of other existing schemes will be studied in the framew ork of top ological-security . Last, but not least, the wa y to understand these new to ols in terms of data hiding aims will b e enhanced: this study is required to make top ological-securit y framew ork truly useful in practice. 9 References [1] Jacques Bahi and Christophe Guy eux. Hash functions using c haotic iterations. Journal of A lgorithms & Computational T e chnolo gy , 4(2):167–181, 2010. [2] Jacques Bahi and Christophe Guyeux. A new chaos-based watermarking algorithm. In SECR YPT 2010, International c onfer enc e on se curity and crypto gr aphy , Athens, Greece, 2010. T o app ear. [3] Jacques M. Bahi and Christophe Guy eux. A c haos-based approac h for information hiding securit y . arXiv N o 0034939, April 2010. [4] F rancois Ca yre, Caroline F ontaine, and T eddy F uron. Kerc khoffs-based em b edding se- curit y classes for woa data hiding. IEEE T r ansactions on Information F or ensics and Se curity , 3(1):1–15, 2008. [5] Rob ert L. Dev aney . An Intr o duction to Chaotic Dynamic al Systems, 2nd Edition . W est- view Pr., Marc h 2003. [6] Andrew D. Ker, T om´ a ˇ s Pevn´ y, Jan Ko do vsk ´ y, and Jessica F ridrich. The square ro ot law of steganographic capacit y . In MMSe c ’08: Pr o c e e dings of the 10th ACM workshop on Multime dia and se curity , pages 107–116, New Y ork, NY, USA, 2008. ACM. [7] Li Sh ujun, Li Qi, Li W enmin, Mou Xuanqin, and Cai Y uanlong. Statistical prop erties of digital piecewise linear c haotic maps and their roles in cryptograph y and pseudo- random co ding. Pr o c e e dings of the 8th IMA International Confer enc e on Crypto gr aphy and Co ding , 1:205–221, 2001. [8] Gustavus J. Simmons. The prisoners’ problem and the subliminal c hannel. In A dvanc es in Cryptolo gy, Pr o c. CR YPTO’83 , pages 51–67, 1984. [9] F uch un Xie, T eddy F uron, and Caroline F ontaine. Better security levels for ‘broken arro ws’. In Pr o c. of SPIE Ele ctr onic Imaging on Me dia F or ensics and Se curity XII , San Jose, CA, USA, jan 2010. 10