Introduction
-
The communicating parties are not known: there is no direct link between them during the communication process. One uploads files in the cloud storage while the second exploits these files;
-
The transferred files are not altered for secret insertion: each file implicitly holds a part of the secret data;
-
The exchange files are robust against steg analysis: the proposed technique focuses on maximum resiliency against secret detection and extraction.
-
The ability to use any file extension to establish the covert channel while maintaining their integrity.
Classical steganography
Distributed steganography
Classical Steganography | |||||
---|---|---|---|---|---|
References | Text | Image | Audio | Video | Covert Media Modification |
Liu et al. [51] Lee et al. [19] Ekodeck et al. [4] Khosravi et al. [17] | ✓ | × | × | × | ✓ |
Sahu et al. [5] Su et al. [52] | × | ✓ | × | × | ✓ |
Jiang et al. [6] Ali et al. [53] | × | × | ✓ | × | ✓ |
Pilania et al. [7] Baziyad et al. [54] | × | × | × | ✓ | ✓ |
Distributed Steganography | |||||
References | Text | Image | Audio | Video | Covert Media Modification |
Gutub et al. [45] Gutub et al. [46] | ✓ | × | × | × | ✓ |
Yang et al. [14] Liao et al. [34] Gutub et al. [47] Gutub et al. [48] | × | ✓ | × | × | ✓ |
Our proposal | ✓ | ✓ | ✓ | ✓ | × |
The proposed scheme
Overview
The covert channel model
The covert object
The embedded message
The key
-
The cloud order c0, c1, ..., cn-1;
-
The authentication accounts (user name and password) for cloud access named as:w0, w1, ..., wn-1;
-
A set of disjointed lists L(0), L(1), ..., L(k-1), where each list i contains exactly B files: \( {L}_0^{(i)},{L}_1^{(i)},\dots, {L}_{B-1}^{(i)} \), i = 0,1, ..., k-1. These files can take any format type such as text, image, audio, video, application, archive, ...
-
The base B such that: |L(0)| = |L(1)| = … = |L(k − 1)| = B.
Notations and hypothesis
-
s: the input secret formatted in base 2 or 10;
-
B: the base used such that: B ≥ 2;
-
(zq − 1 … z1z0) B: is the secret representation in base B;
-
Mat [i]: is the ith block of the secret;
-
Mat [i,j]: is the value at position j of the block number i;
-
n: is the number of clouds handled;
-
k: is the secret bloc number or the number of lists used;
-
L(i): is the ith files list. Each secret block uses a distinct list i, 0 ≤ i ≤ k-1;
-
\( {L}_j^{(i)} \): is the jth file in the list number i, 0 ≤ i ≤ k-1 and 0 ≤ j ≤ B-1;
-
Lists:L(0), L(1), …, L(k-1) are disjointed:∀i1, i2 designating Lists, 0 ≤ i1, i2 ≤ k-1,∀j1, j2 designating files, 0 ≤ j1, j2 ≤ B-1,if i1 ≠ i2 then \( {L}_{j_1}^{\left({i}_1\right)}\ne {L}_{j_2}^{\left({i}_2\right).} \)
Embedding algorithm
Extraction algorithm
Time complexity analysis
Evaluation
Hidden secret bits estimation in the clouds storage
Example
Code | Cloud Name | Login | Password |
---|---|---|---|
c0 | SugarSync | userlogin0@gmail.com | User-pwd0 |
c1 | Dropbox | userlogin1@gmail.com | User-pwd1 |
c2 | OneDrive | userlogin2@gmail.com | User-pwd2 |
c3 | Google Drive | userlogin3@gmail.com | User-pwd3 |
(a) L(1) | (b) L(2) | (c) L(3) | (d) L(4) | ||||
---|---|---|---|---|---|---|---|
0 | thesis.docx | 0 | scheduling.xlsx | 0 | conference.pptx | 0 | dataHiding.pdf |
1 | article.docx | 1 | statistics.xlsx | 1 | results.pptx | 1 | cryptography.pdf |
2 | balanceSheet.docx | 2 | budget.xlsx | 2 | slideshow.pptx | 2 | deepLearning.pdf |
3 | report.docx | 3 | data.xlsx | 3 | marketing.pptx | 3 | linearAlgebra.pdf |
4 | meeting.docx | 4 | bill.xlsx | 4 | management.pptx | 4 | dataScience.pdf |
5 | opportunities.docx | 5 | Evaluation.xlsx | 5 | slides.pptx | 5 | publications.pdf |
6 | lesson.docx | 6 | gradebook.xlsx | 6 | animation.pptx | 6 | sourceCode.pdf |
7 | chapter.docx | 7 | stocks.xlsx | 7 | overview.pptx | 7 | dataAnalysis.pdf |
8 | introduction.docx | 8 | simulation.xlsx | 8 | speech.pptx | 8 | modelingLife.pdf |
9 | tutorial.docx | 9 | project.xlsx | 9 | seminar.pptx | 9 | cloudComputing.pdf |
10 | redaction.docx | 10 | analysis.xlsx | 10 | symposium.pptx | 10 | masterDegree.pdf |
11 | news.docx | 11 | curves.xlsx | 11 | resume.pptx | 11 | bachelorDegree.pdf |
12 | book.docx | 12 | quotation.xlsx | 12 | shopping.pptx | 12 | bithdayCerti cate.pdf |
13 | exercise.docx | 13 | finance.xlsx | 13 | accounts.pptx | 13 | passport.pdf |
14 | anthem.docx | 14 | classes.xlsx | 14 | clinical.pptx | 14 | human.pdf |
15 | journal.docx | 15 | salaries.xlsx | 15 | aviation.pptx | 15 | contacts.pdf |
16 | editor.docx | 16 | phonebook.xlsx | 16 | audition.pptx | 16 | awards.pdf |
Case 1: s = 1,111,101,101,000,001, n = 4 and B = 2
-
Step 1: The secret is already represented in base 2, s = (1111101101000001)2;
-
Step 2: The secret is subdivided into groups of 4 bits, because of the four clouds available. From right to left this gives 4 blocks: 0001 0100 1011 1111;
-
Step 3: For each block, each bit is linked to a distinct cloud in the order c0, c1, c2 and c3:
Bloc #0 | Bloc #1 | Bloc #2 | Bloc #3 | ||||||||||||
0 | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 1 | 0 | 1 | 1 | 1 | 1 | 1 | 1 |
↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ |
c3 | c2 | c1 | c0 | c3 | c2 | c1 | c0 | c3 | c2 | c1 | c0 | c3 | c2 | c1 | c0 |
c0 | c1 | c2 | c3 |
1 | 0 | 0 | 0 |
0 | 0 | 1 | 0 |
1 | 1 | 0 | 1 |
1 | 1 | 1 | 1 |
-
Step 5: The four lists of Table 3 are used to hide the four secret blocks. Hide respectively the 1st, 2nd, 3rd and 4th row of the matrix obtained in step 4 with the list L(0), L(1), L(2) and L(3). More specifically, each value is replaced by the file having this index in the corresponding list. These files act as pointers to the data to be kept secret. The stego files to be uploaded in each cloudare allocated as follows:
List | Cloud c0 | Cloud c1 | Cloud c2 | Cloud c3 |
L
(0)
| article.docx | thesis.docx | thesis.docx | thesis.docx |
L
(1)
| scheduling.xlsx | scheduling.xlsx | statistics.xlsx | scheduling.xlsx |
L
(2)
| results.pptx | results.pptx | conference.pptx | results.pptx |
L
(3)
| cryptography.pdf | cryptography.pdf | cryptography.pdf | cryptography.pdf |
-
Step 6: The last embedding step is to transfer the files article.docx, scheduling.xlsx, results.pptx and cryptography.pdf to the cloud c0; thesis.docx, scheduling.xlsx, results.pptx and cryptography.pdf to the cloud c1; thesis.docx, statistics.xlsx, conference.pptx and cryptography.pdf to the cloud c2; thesis.docx, scheduling.xlsx, results.pptx and cryptography.pdf to the cloud c3.
-
Step 1: The files of each cloud are compared to those available in the four lists L(0), L(1), L(2) and L(3). When the names are identical, these files are retrieved and sorted in ascending order of list numbering. The files extracted by cloud and by list are as follows:
Cloud | L(0) | L(1) | L(2) | L(3) |
c0 | article.docx | scheduling.xlsx | results.pptx | cryptography.pdf |
c1 | thesis.docx | scheduling.xlsx | results.pptx | cryptography.pdf |
c2 | thesis.docx | statistics.xlsx | conference.pptx | cryptography.pdf |
c3 | thesis.docx | scheduling.xlsx | results.pptx | cryptography.pdf |
-
Step 2: The files in each list are then replaced by their number. The sequence of each cloud obtained is:
Cloud |
L
(0)
|
L
(1)
|
L
(2)
|
L
(3)
|
c
0
| 1 | 0 | 1 | 1 |
c
1
| 0 | 0 | 1 | 1 |
c
2
| 0 | 1 | 0 | 1 |
c
3
| 0 | 0 | 1 | 1 |
-
Step 3: Each binary sequence belonging to a cloud is stored in column inside a matrix called Mat:$$ Mat=\left(\begin{array}{cccc}1& 0& 0& 0\\ {}0& 0& 1& 0\\ {}1& 1& 0& 1\\ {}1& 1& 1& 1\end{array}\right) $$
-
Step 4: Compute m, the secret in decimal using the base value (B = 2). The variables i and j respectively scan the rows and columns of the matrix Mat. The conversion is done as follows:$$ m=\sum \limits_{i=0}^3\sum \limits_{j=0}^3 Mat\left[i,j\right]\times {2}^{\left(i\times 4\right)+j} $$
-
Step 5: The secret s is obtained by converting m to base 2: (64321)10 = (1111101101000001)2
-
Step 6: All the files retrieved in step 1 of extraction are removed from the cloud storage.
Case 2: s = 1,111,101,101,000,001, n = 4 and B = 4
-
Step 1: The secret is converted to base 4:
-
Step 2:The secret is subdivided into groups of 4 values, because of the four clouds available. From right to left this gives 2 blocks: 1001 3323
-
Step 3:For each block, each value is linked to a distinct cloud in the order c0, c1, c2 and c3:
Bloc #0 | Bloc #1 | ||||||
1 | 0 | 0 | 1 | 3 | 3 | 2 | 3 |
↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ | ↓ |
c
3
|
c
2
|
c
1
|
c
0
|
c
3
|
c
2
|
c
1
|
c
0
|
c0 | c1 | c2 | c3 |
1 | 0 | 0 | 1 |
3 | 2 | 2 | 3 |
-
Step 5: Two lists of Table 3 are used to hide the two secret blocks. Hide respectively the 1st and 2nd row of the matrix obtained in step 4 with the list L(0) and L(1). Each value is replaced by the file having this index in the corresponding list. The stego files to be uploaded in the clouds are allocated as follows:
List | Cloud c0 | Cloud c1 | Cloud c2 | Cloud c3 |
L
(0)
| article.docx | thesis.docx | thesis.docx | article.docx |
L
(1)
| data.xlsx | budget.xlsx | data.xlsx | data.xlsx |
-
Step 6: The last embedding step is to transfer the files article.docx and data.xlsx to the cloud c0; thesis.docx and budget.xlsx to the cloud c1; thesis.docx and data.xlsx to the cloud c2; article.docx and data.xlsx to the cloud c3.
-
Step 1: The files of each cloud are compared to those available in the two lists L(0)andL(1). When the names are identical, these files are retrieved and sorted in ascending order of list numbers. The files extracted by cloud and by list is as follows:
Cloud | L(0) | L(1) |
c0 | article.docx | data.xlsx |
c1 | thesis.docx | budget.xlsx |
c2 | thesis.docx | data.xlsx |
c3 | article.docx | data.xlsx |
-
Step 2: The files in each list are then replaced by their number. The sequence of each cloud obtained is:
Cloud |
L
(0)
|
L
(1)
|
c
0
| 1 | 3 |
c
1
| 0 | 2 |
c
2
| 0 | 3 |
c
3
| 1 | 3 |
-
Step 3: Each sequence belonging to a cloud is stored in column inside the matrix Mat:$$ Mat=\left(\begin{array}{cccc}1& 0& 0& 1\\ {}3& 2& 3& 3\end{array}\right) $$
-
Step 4: Compute m, the secret in decimal using the base value (B = 4). The conversion is done as follows:$$ m=\sum \limits_{i=0}^1\sum \limits_{j=0}^3 Mat\left[i,j\right]\times {4}^{\left(i\times 4\right)+j} $$
-
Step 5: The secret s is obtained by converting m to base 2: s = (64321)10 = (1111101101000001)2
-
Step 6: All the files retrieved in step 1 of extraction are removed from the cloud storage.
Case 3: s = 1,111,101,101,000,001, n = 4 and B = 9
-
Step 1: The secret is converted to base 9:
-
Step 2: The secret is subdivided into groups of 4 values, because of the four clouds available. From right to left this gives 2 blocks: 7207 10.
-
Step 3: For each block, each value is linked to a distinct cloud in the order c0, c1, c2 and c3:
Bloc #0 | Bloc #1 | ||||
7 | 2 | 0 | 7 | 1 | 0 |
↓ | ↓ | ↓ | ↓ | ↓ | ↓ |
c
3
|
c
2
|
c
1
|
c
0
|
c
1
|
c
0
|
-
Step 4: Values of the same cloud are grouped together. Therefore, the secret parts of each cloud are:
c
0
|
c
1
|
c
2
|
c
3
|
7 | 0 | 2 | 7 |
0 | 1 |
-
Step 5: Two lists of Table 3 are used to hide the two secret blocks. Hide respectively the 1st and 2nd row of the matrix obtained in step 4 with the list L(0) and L(1). Each value is replaced by the file having this index in the corresponding list. The stego files to be uploaded in the clouds are allocated as follows:
List | Cloud c0 | Cloud c1 | Cloud c2 | Cloud c3 |
L
(0)
| chapter.docx | thesis.docx | balanceSheet.docx | chapter.docx |
L
(1)
| scheduling.xlsx | statistics.xlsx |
-
Step 6: The last embedding step is to transfer the files chapter.docx and scheduling.xlsx to the cloud c0; thesis.docx and statistics.xlsx to the cloud c1; balanceSheet.docx to the cloud c2 and chapter.docx to the cloud c3.
-
Step 1: The files of each cloud are compared to those available in the two lists L(0) and L(1). When the names are identical, these files are retrieved and sorted in ascending order of list numbers. The files extracted by cloud and by list is as follows:
Cloud | L(0) | L(1) |
c0 | chapter.docx | scheduling.xlsx |
c1 | thesis.docx | statistics.xlsx |
c2 | balanceSheet.docx | |
c3 | chapter.docx |
-
Step 2: The files in each list are then replaced by their number. The sequence of each cloud obtained is:
Cloud |
L
(0)
|
L
(1)
|
c
0
| 7 | 0 |
c
1
| 0 | 1 |
c
2
| 2 | |
c
3
| 7 |
-
Step 3: Each sequence belonging to a cloud is stored in column inside the matrix Mat. Empty entries in the matrix are replaced by zeros. The resulting matrix looks like this:$$ Mat=\left(\begin{array}{cccc}7& 0& 2& 7\\ {}0& 1& 0& 0\end{array}\right) $$
-
Step 4: Compute m, the secret in decimal using the base value (B = 9). The conversion is done as follows:$$ m=\sum \limits_{i=0}^1\sum \limits_{j=0}^3 Mat\left[i,j\right]\times {9}^{\left(i\times 4\right)+j} $$
-
Step 5: The secret s is obtained by converting m to base 2:$$ s={(64321)}_{10}={(1111101101000001)}_2 $$
-
Step 6: All the files retrieved in step 1 of extraction are removed from the cloud storage.
Case 4: s = 1,111,101,101,000,001, n = 4 and B = 17
-
Step 1: The secret is converted to base 17:
-
Step 2: The secret is subdivided into groups of 4 values, because of the four clouds available. This gives one block: D19A.
-
Step 3: For each block, each value is linked to a distinct cloud in the order c0, c1, c2 and c3:
Bloc #0 | |||
D | 1 | 9 | A |
↓ | ↓ | ↓ | ↓ |
c
3
|
c
2
|
c
1
|
c
0
|
-
Step 4: Values of the same cloud are grouped together. Letters in the block are also replaced by their equivalent: D = 13 and A = 10. Therefore, the secret parts of each cloud are:
c
0
|
c
1
|
c
2
|
c
3
|
10 | 9 | 1 | 13 |
-
Step 5: As the subdivision gave one block, just one list is used. Hide the vector value obtained in step 4 with the list L(0). The stego files to be uploaded in the clouds are allocated as follows:
List | Cloud c0 | Cloud c1 | Cloud c2 | Cloud c3 |
L
(0)
| redaction.docx | tutorial.docx | article.docx | exercise.docx |
-
Step 6: The last embedding step is to transfer the files redaction.docxto the cloud c0; tutorial.docx to the cloud c1; article.docx to the cloud c2 and exercise.docx to the cloud c3.
-
Step 1: The files of each cloud are compared to those available in the list L(0). When the names are identical, these files are retrieved and sorted in the order in which the lists were created. The files extracted by cloud and by list is as follows:
Cloud | L(0) |
c0 | redaction.docx |
c1 | tutorial.docx |
c2 | article.docx |
c3 | exercise.docx |
-
Step 2: The files in each list are then replaced by their number. The sequence of each cloud obtained is:
Cloud |
L
(0)
|
c
0
| 10 |
c
1
| 9 |
c
2
| 1 |
c
3
| 13 |
-
Step 3: The sequence stored in column in the matrix Mat. The resulting vector looks like this:$$ Mat=\left(10\kern0.5em 9\kern0.5em 1\kern0.5em 13\right) $$
-
Step 4: Compute m, the secret in decimal using the base value (B = 17). The conversion is done as follows:$$ m=\sum \limits_{i=0}^0\sum \limits_{j=0}^3 Mat\left[i,j\right]\times {17}^{\left(i\times 4\right)+j} $$
-
Step 5: The secret s is obtained by converting m to base 2:$$ s={(64321)}_{10}={(1111101101000001)}_2 $$
-
Step 6: All the files retrieved in step 1 of extraction are removed from the cloud storage.
Discussion
Security analysis
-
Hypothesis 1:an attack by an adversary who doesn’t have the ability to access the cloud accounts. This adversary has the following limits:
-
He doesn’t know the key (the cloud user name and password, the files lists, the base);
-
He doesn’t know the clouds storage content;
-
He doesn’t know that a secret communication is taking place by observing only the files transfer between the clouds. Nothing can reveal the secret communication existence because there is no addition of special information in the exchange files.
-
-
Hypothesis 2: an attack by an adversary who can partially or fully access the accounts of the different clouds. This adversary has the following limits:
-
• He doesn’t know the key (the files lists and the base). If the adversary gets the file lists by accessing the cloud accounts, he must find the correct order of the secret distribution in the clouds as well as the numbering of the lists and files contained in these lists. Therefore, he must perform B ! ∗ k ! ∗ n! permutations in a case of exhaustive search for a successful attack. Unfortunately, this number of permutations is exponential.
-
• He can’t make a link between Alice and Bob. The only connection between Alice and Bod is during the key exchange. After that, there is no direct communication between them. In the proposed steganographic scheme, there is only communication between each party and the cloud. As presented in the Fig. 6, the secret channel doesn’t make a direct connection between Alice and Bob. Thus, the usual security model as mentioned in the Fig. 1 is broken.