CHAOTIC ITERATIONS FOR STEGANOGRAPHY

Stego-security and Chaos-security

Nicolas Friot, Christophe Guyeux and Jacques M. Bahi

Computer Science Laboratory LIFC, University of Franche-Comt´e, 16 route de Gray, Besanc¸on, France

Keywords:

Steganography, Chaos, Security, Chaotic iterations.

Abstract:

In this paper is proposed a novel steganographic scheme based on chaotic iterations. This research work takes

place into the information hiding security ﬁelds. We show that the proposed scheme is stego-secure, which is

the highest level of security in a well deﬁned and studied category of attack called “watermark-only attack”.

Additionally, we prove that this scheme presents topological properties so that it is one of the ﬁrsts able to

face, at least partially, an adversary when considering the others categories of attacks deﬁned in the literature.

1 INTRODUCTION

Robustness and security are two major concerns in in-

formation hiding (Katzenbeisser and Dittmann, 2004;

Domingo-Ferrer and Bras-Amor´os, 2008). These two

concerns have been deﬁned in (Kalker, 2001) as fol-

lows. “Robust watermarking is a mechanism to cre-

ate a communication channel that is multiplexed into

original content [...]. It is required that, ﬁrstly, the per-

ceptual degradation of the marked content [...] is min-

imal and, secondly, that the capacity of the watermark

channel degrades as a smooth function of the degra-

dation of the marked content. [...]. Watermarking se-

curity refers to the inability by unauthorized users to

have access to the raw watermarking channel. [...] to

remove, detect and estimate, write or modify the raw

watermarking bits.” We will focus in this research

work on security.

In the framework of watermarking and steganog-

raphy, security has seen several important develop-

ments since the last decade (Barni et al., 2003; Cayre

et al., 2005; Ker, 2006; Bras-Amor´os and Domingo-

Ferrer, 2008). The ﬁrst fundamental work in secu-

rity was made by Cachin in the context of steganogra-

phy (Cachin, 1998). Cachin interprets the attempts of

an attacker to distinguish between an innocent image

and a stego-content as a hypothesis testing problem.

In this document, the basic properties of a stegosys-

tem are deﬁned using the notions of entropy, mutual

information, and relative entropy. Mittelholzer, in-

spired by the work of Cachin, proposed the ﬁrst theo-

retical framework for analyzing the security of a wa-

termarking scheme (Mittelholzer, 1999).

These efforts to bring a theoretical framework

for security in steganography and watermarking have

been followed up by Kalker, who tries to clarify

the concepts (robustness vs. security), and the clas-

siﬁcations of watermarking attacks (Kalker, 2001).

This work has been deepened by Furon et al., who

have translated Kerckhoffs’ principle (Alice and Bob

shall only rely on some previously shared secret for

privacy), from cryptography to data hiding (Furon,

2002). They used Difﬁe and Hellman methodology,

and Shannon’s cryptographic framework (Shannon,

1949), to classify the watermarking attacks into cat-

egories, according to the type of information Eve

has access to (Cayre et al., 2005; Perez-Freire et al.,

2006), namely: Watermarked Only Attack (WOA),

Known Message Attack (KMA), Known Original At-

tack (KOA), and Constant-Message Attack (CMA).

Levels of security have been recently deﬁned in these

setups. The highest level of security in WOA is called

stego-security (Cayre and Bas, 2008), whereas chaos-

security tends to improve the ability to withstand at-

tacks in KMA, KOA, and CMA setups (Guyeux et al.,

2010).

To the best of our knowledge, there exist only two

information hiding schemes that are both stego-secure

and chaos-secure (Guyeux et al., 2010). The ﬁrst one

is based on a spread spectrum technique called Nat-

ural Watermarking. It is stego-secure when its pa-

rameter η is equal to 1 (Cayre and Bas, 2008). Un-

fortunately, this scheme is neither robust, nor able

to face an attacker in KOA and KMA setups, due

to its lack of a topological property called expansiv-

ity (Guyeux et al., 2010). The second scheme both

218

Friot N., Guyeux C. and M. Bahi J..

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security.

DOI: 10.5220/0003545002180227

In Proceedings of the International Conference on Security and Cryptography (SECRYPT-2011), pages 218-227

ISBN: 978-989-8425-71-3

 2011 SCITEPRESS (Science and Technology Publications, Lda.)

chaos-secure and stego-secure is based on chaotic it-

erations (Bahi and Guyeux, 2010b). However, it al-

lows to embed securely only one bit per embedding

parameters. The objective of this research work is to

improvethe scheme presented by authors of (Bahi and

Guyeux, 2010b), in such a way that more than one bit

can be embedded.

The remainder of this document is organized as

follows. In Section 2, some basic recalls concerning

both chaotic iterations and Devaney’s chaos are given.

In Section 3 are presented results and information hid-

ing scheme on which our work is based. Classes of at-

tacks considered in this paper are detailed in Section

4. Stego-security and chaos-security are recalled too

in this section. The new information hiding scheme

is given in Section 5. Its stego-security is studied

in the next section. The topological framework mak-

ing it possible to evaluate chaos-security is introduced

in Section 7. Then the topological properties of our

scheme are investigated in the next section, leading

to the evaluation of its chaos-security. This research

work ends by a conclusion section where our contri-

bution is summarized and intended future researches

are presented.

2 BASIC RECALLS

2.1 Chaotic Iterations

In the sequel S

denotes the n

term of a sequence S

and V

is for the i

component of a vector V. Finally,

the following notation is used: J0;NK = {0, 1,...,N}.

Let us consider a system of a ﬁnite number N of

elements (or cells), so that each cell has a boolean

state. A sequence of length N of boolean states of the

cells corresponds to a particular state of the system. A

sequence that elements belong into J0;N − 1K is called

a strategy. The set of all strategies is denoted by S.

Deﬁnition 1. The set B denoting {0,1}, let f :

−→ B

be a function and S ∈ S be a strategy. The

so-called chaotic iterations are deﬁned by x

∈ B

and ∀(n,i) ∈ N

∗

× J0;N − 1K:



n−1

if S

6= i,



f(x

n−1

)



if S

= i.

2.2 Devaney’s Chaotic Dynamical

Systems

Some topological deﬁnitions and properties taken

from the mathematical theory of chaos are recalled

in this section.

Let (X , d) be a metric space and f a continuous

function on (X ,d).

Deﬁnition 2. f is said to be topologically transitiveif,

for any pair of open sets U,V ⊂ X , there exists k > 0

such that f

(U) ∩V 6= ∅.

Deﬁnition 3. (X , f ) is said to be regular if the set of

periodic points is dense in X .

Deﬁnition 4. f has sensitive dependence on initial

conditionsif there exists δ > 0 such that, for any x ∈ X

and any neighborhood V of x, there exist y ∈ V and

n > 0 such that | f

(x) − f

(y)| > δ.

δ is called the constant of sensitivity of f.

It is now possible to introduce the well-established

mathematical deﬁnition of chaos (Devaney, 1989),

Deﬁnition 5. A function f : X −→ X is said to be

chaotic on X if:

1. f is regular,

2. f is topologically transitive,

3. f has sensitive dependence on initial conditions.

When f is chaotic, then the system (X , f) is

chaotic and quoting Devaney: “it is unpredictable be-

cause of the sensitive dependence on initial condi-

tions. It cannot be broken down or simpliﬁed into two

subsystems which do not interact because of topo-

logical transitivity. And in the midst of this random

behavior, we nevertheless have an element of regu-

larity”. Fundamentally different behaviors are conse-

quently possible and occur in an unpredictable way.

Let us ﬁnally remark that,

Theorem 1 ((Banks et al., 1992)). If a function is

regular and topologicaly transitive on a metric space,

then the function is sensitive on initial conditions.

3 INFORMATION HIDING BASED

ON CHAOTIC ITERATIONS

3.1 Topology of Chaotic Iterations

In this section, we give the outline proofs establish-

ing the topological properties of chaotic iterations. As

our scheme is inspired by the work of Guyeux et al.

(Guyeux et al., 2010; Bahi and Guyeux, 2010b; Bahi

and Guyeux, 2010a), the proofs detailed at the end of

this document will follow a same canvas.

Let us ﬁrstly introduce some notations and termi-

nologies.

Deﬁnition 6. Let k ∈ N

∗

. A strategy adapter is a se-

quence which elements belong into J0, k − 1K. The set

of all strategies with terms in J0,k − 1K is denoted by

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

219

Deﬁnition 7. The discrete boolean metric is the ap-

plication δ : B −→ B deﬁned by δ(x,y) = 0 ⇔ x = y.

Deﬁnition 8. Let k ∈ N

∗

. The initial function is the

map i

deﬁned by:

: S

−→ J0,k − 1K

)

n∈N

7−→ S

Deﬁnition 9. Let k ∈ N

∗

. The shift function is the

map σ

deﬁned by:

: S

−→ S

)

n∈N

7−→ (S

n+1

)

n∈N

Deﬁnition 10. Given a function f : B

→ B

, the

function F

is deﬁned by:

: J0;N −1K × B

−→ B

(k, E) 7−→



.δ(k, j) + f (E)

.δ(k, j)



j∈J0;N−1K

Deﬁnition 11. The phase space used for chaotic iter-

ations is denoted by X

and deﬁned by X

= S

×B

Deﬁnition 12. Given a function f : B

→ B

, the

map G

is deﬁned by:

: X

−→ X

(S,E) 7−→ (σ

(S),F

(S),E))

With these deﬁnitions, chaotic iterations can be

described by the following iterations of the discret dy-

namical system:



∈ X

∀k ∈ N

∗

k+1

= G

)

Finally, a new distance d

between two points has

been deﬁned by:

Deﬁnition 13 (Distance d

on X

). ∀(S,E),(

E) ∈

, d

((S,E);(

E)) = d

(E,

E) + d

(S,

S),

where:

• d

(E,

E) =

N−1

∑

k=0

δ(E

) ∈ J0;NK

• d

(S,

S) =

∞

∑

k=1

−

∈ [0;1].

are respectively two distances on B

and S

(∀N ∈

∗

Remark 1. This new distance has been introduced

by authors of (Bahi and Guyeux, 2010a) to satisfy

the following requirements. When the number of dif-

ferent cells between two systems is increasing, then

their distance should increase too. In addition, if two

systems present the same cells and their respective

strategies start with the same terms, then the distance

between these two points must be small, because the

evolution of the two systems will be the same for a

while. The distance presented above follows these

recommendations.

It is then proven that,

Proposition 1. G

is a continuous function on

), for all f : B

→ B

Let us now recall the iteration function used by

authors of (Bahi and Guyeux, 2010b).

Deﬁnition 14. The vectorial negation is the function

deﬁned by:

: B

−→ B

,·· · , b

N−1

) 7−→ (b

,·· · , b

N−1

)

In the metric space (X

), G

satisﬁes the three

conditions for Devaney’s chaos: regularity, transitiv-

ity, and sensitivity. So,

Theorem 2. G

is a chaotic map on (X

) accord-

ing to Devaney.

Finally, it has been stated in (Bahi and Guyeux,

2010a) that,

Proposition 2. The phase space X

has, at least, the

cardinality of the continuum.

3.2 Chaotic Iterations for Data Hiding

To explain how to use chaotic iterations for informa-

tion hiding, we must ﬁrstly deﬁne the signiﬁcance of

a given coefﬁcient.

3.2.1 Most and Least Signiﬁcant Coefﬁcients

We ﬁrst notice that terms of the original content x that

may be replaced by terms issued from the watermark

y are less important than other: they could be changed

without be perceived as such. More generally, a signi-

ﬁcation function attaches a weight to each term deﬁn-

ing a digital media, depending on its position t.

Deﬁnition 15. A signiﬁcation function is a real se-

quence (u

)

k∈N

Example 1. Let us consider a set of grayscale images

stored into portable graymap format (P3-PGM): each

pixel ranges between 256 gray levels, i.e., is mem-

orized with eight bits. In that context, we consider

= 8 − (k mod 8) to be the k-th term of a signi-

ﬁcation function (u

)

k∈N

. Intuitively, in each group

of eight bits (i.e., for each pixel) the ﬁrst bit has an

importance equal to 8, whereas the last bit has an im-

portance equal to 1. This is compliant with the idea

that changing the ﬁrst bit affects more the image than

changing the last one.

Deﬁnition 16. Let (u

)

k∈N

be a signiﬁcation func-

tion, m and M be two reals s.t. m < M.

• The most signiﬁcant coefﬁcients (MSCs) of x is

the ﬁnite vector





k ∈ N and u

> M and k ≤| x |



;

SECRYPT 2011 - International Conference on Security and Cryptography

220

• The least signiﬁcant coefﬁcients (LSCs) of x is the

ﬁnite vector





k ∈ N and u

≤ m and k ≤| x |



;

• The passive coefﬁcients of x is the ﬁnite vector





k ∈ N and u

∈]m;M[ and k ≤| x |



For a given host content x, MSCs are then ranks of

x that describe the relevant part of the image, whereas

LSCs translate its less signiﬁcant parts. These two

deﬁnitions are illustrated on Figure 1, where the sig-

niﬁcance function (u

) is deﬁned as in Example 1,

M = 5, and m = 6.

(a) Original Lena.

(b) MSCs of Lena. (c) LSCs of Lena (×17).

Figure 1: Most and least signiﬁcant coefﬁcients of Lena.

3.2.2 Presentation of the Scheme

Authors of (Bahi and Guyeux, 2010b) have proposed

to use chaotic iterations as an information hiding

scheme, as follows. Let:

• (K,N) ∈ [0;1] × N be an embedding key,

• X ∈ B

be the N LSCs of a cover C,

• (S

)

n∈N

∈ J0,N − 1K

be a strategy, which de-

pends on the message to hide M ∈ [0;1] and K,

• f

: B

→ B

be the vectorial logical negation.

So the watermarked media is C whose LSCs are

replaced by Y

= X

, where:



= X

∀n < N,X

n+1

= G

Two ways to generate (S

)

n∈N

are given by these

authors, namely Chaotic Iterations with Independent

Strategy (CIIS) and Chaotic Iterations with Depen-

dent Strategy (CIDS). In CIIS, the strategy is inde-

pendent from the cover media C, whereas in CIDS the

strategy will be dependent on C. As we will use the

CIIS strategy in this document, we recall it below. Fi-

nally, MSCs are not used here, as we do not consider

the case of authenticated watermarking.

3.2.3 CIIS Strategy

Let us ﬁrstly give the deﬁnition of the Piecewise Lin-

ear Chaotic Map (PLCM, see (Shujun et al., 2001)):

F(x, p) =







x/p if x ∈ [0; p],

(x− p)/(

− p) if x ∈





F(1 − x, p) else,

where p ∈





is a “control parameter”.

Then, the general term of the strategy (S

)

CIIS setup is deﬁned by the following expression:

= ⌊N × K

⌋ + 1, where:







p ∈





= M ⊗ K

n+1

= F(K

, p),∀n ≤ N

in which ⊗ denotes the bitwise exclusive or (XOR)

between two ﬂoating part numbers (i.e., between their

binary digits representation).

4 DATA HIDING SECURITY

4.1 Classiﬁcation of Attacks

In the steganography framework, attacks have been

classiﬁed in (Cayre and Bas, 2008) as follows.

Deﬁnition 17. Watermark-Only Attack (WOA) occurs

when an attacker has only access to several water-

marked contents.

Deﬁnition 18. Known-Message Attack (KMA) occurs

when an attacker has access to several pairs of water-

marked contents and corresponding hidden messages.

Deﬁnition 19. Known-Original Attack (KOA) is when

an attacker has access to several pairs of water-

marked contents and their corresponding original

versions.

Deﬁnition 20. Constant-Message Attack (CMA) oc-

curs when the attacker observes several watermarked

contents and only knows that the unknown hidden

message is the same in all contents.

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

221

4.2 Stego-Security

In the prisoner problem of Simmons (Simmons, 1984;

Bergmair and Katzenbeisser, 2006), Alice and Bob

are in jail, and they want to, possibly, devise an escape

plan by exchanging hidden messages in innocent-

looking covercontents. These messages are to be con-

veyed to one another by a common warden, Eve, who

over-drops all contents and can choose to interrupt the

communication if they appear to be stego-contents.

The stego-security, deﬁned in this framework, is

the highest security level in WOA setup (Cayre and

Bas, 2008). To recall it, we need the following nota-

tions:

• K is the set of embedding keys,

• p(X) is the probabilistic model of N

initial host

contents,

• p(Y|K

) is the probabilistic model of N

water-

marked contents.

Furthermore, it is supposed in this context that

each host content has been watermarked with the

same secret key K

and the same embedding function

It is now possible to deﬁne the notion of stego-

security:

Deﬁnition 21 (Stego-Security). The embedding func-

tion e is stego-secure if and only if:

∀K

∈ K, p(Y|K

) = p(X).

To the best of our knowledge, until now, only two

schemes have been proven to be stego-secure. On the

one hand, the authors of (Cayre and Bas, 2008) have

established that the spread spectrum technique called

Natural Watermarking is stego-secure when its distor-

tion parameter η is equal to 1. On the other hand, it

has been proven in (Guyeux et al., 2010) that:

Proposition 3. Chaotic Iterations with Independent

Strategy (CIIS) are stego-secure.

4.3 Chaos-Security

To check whether an information hiding scheme S is

chaos-secure or not, S must be written as an iterate

process x

n+1

= f(x

) on a metric space (X ,d). This

formulation is always possible (Bahi and Guyeux,

2010c). So,

Deﬁnition 22 (Chaos-Security). An information hid-

ing scheme S is said to be chaos-secure on (X ,d) if

its iterative process has a chaotic behavior according

to Devaney.

In the approach presented by Guyeux et al., a data

hiding scheme is secure if it is unpredictable. Its iter-

ative process must satisfy the Devaney’s chaos prop-

erty and its level of chaos-security increases with the

number of chaotic properties satisﬁed by it.

This new concept of security for data hiding

schemes has been proposed in (Bahi and Guyeux,

2010c) as a complementary approach to the existing

framework. It contributesto the reinforcement of con-

ﬁdence into existing secure data hiding schemes. Ad-

ditionally, the study of security in KMA, KOA, and

CMA setups is realizable in this context. Finally,

this framework can replace stego-security in situa-

tions that are not encompassed by it. In particular,

this framework is more relevant to give evaluation of

data hiding schemes claimed as chaotic.

5 THE IMPROVED ALGORITHM

In this section is introduced a new algorithm that gen-

eralize the scheme presented by authors of (Bahi and

Guyeux, 2010b).

Let us ﬁrstly introduce the following notations:

• x

∈ B

is the N least signiﬁcant coefﬁcients of a

given cover media C.

• m

∈ B

is the watermark to embed into x

• S

∈ S

is a strategy called place strategy.

• S

∈ S

is a strategy called choice strategy.

• Lastly, S

∈ S

is a strategy called mixing strat-

egy.

Our information hiding scheme called Steganog-

raphy by Chaotic Iterations and Substitution with

Mixing Message (SCISMM) is deﬁned by ∀(n,i, j) ∈

∗

× J0;N − 1K × J0;P − 1K:













n−1

if S

6= i

if S

= i.











n−1

if S

6= j

n−1

if S

= j.

where m

n−1

is the boolean negation of m

n−1

The stego-content is the boolean vector y = x

∈

6 STUDY OF STEGO-SECURITY

Let us prove that,

SECRYPT 2011 - International Conference on Security and Cryptography

222

Proposition 4. SCISMM is stego-secure.

Proof. Let us suppose that x

∼ U





and m

∼





in a SCISMM setup. We will proveby a math-

ematical induction that ∀n ∈ N,x

∼ U





. The

base case is obvious according to the uniform reparti-

tion hypothesis.

Let us now suppose that the statement x

∼





holds for some n. For a given k ∈ B

, we de-

note by

∈ B

the vector deﬁned by: ∀i ∈ J0;N − 1K,

if k = (k

,.. .,k

N−2

N−1

then



,.. .,k

N−2

N−1



Let E

i, j

be the following events:

∀(i, j) ∈ J0;N − 1K × J0;P − 1K,E

i, j

n+1

= i∧ S

n+1

= j ∧ m

n+1

= k

∧



= k∨ x



and p = P



n+1

= k



. So,

p = P





i∈J0;N−1K, j∈J0;P−1K

i, j





We now introduce the following notation: P

(i) =



n+1

= i



, P

( j) = P



n+1

= j



, P

(i, j) =



n+1

= k



, and P

(i) = P



= k∨ x



These four events are independent in SCISMM

setup, thus:

p =

∑

i∈J0;N−1K, j∈J0;P−1K

(i)P

(i, j)P

(i).

According to Proposition 3, P



n+1

= k



. As

the two events are incompatible:



= k∨ x



= P(x

= k) + P





Then, by using the inductive hypothesis:

P(x

= k) =

, and P





Let S be deﬁned by

S =

∑

i∈J0;N−1K, j∈J0;P−1K

(i)P

( j).

Then p = 2×

× S =

× S.

S can now be evaluated:

S =

∑

i∈J0;N−1K, j∈J0;P−1K

(i)P

( j)

∑

i∈J0;N−1K

(i) ×

∑

j∈J0;P−1K

( j).

The set of events



n+1

= i



for i ∈ J0;N − 1K and

the set of events



n+1

= j



for j ∈ J0;P−1K are both

a partition of the universe of possible, so S = 1.

Finally, P



n+1

= k



, which leads to x

n+1

∼





. This result is true ∀n ∈ N, we thus have

proven that the stego-content y is uniform in the set

of possible stego-content, so y ∼ U





when x ∼





7 TOPOLOGICAL MODEL

In this section, we prove that SCISMM can be mod-

eled as a discret dynamical system in a topological

space. We will show in the next section that SCISMM

is a case of topological chaos in the sense of Devaney.

7.1 Iteration Function and Phase Space

Let

F : J0;N − 1K × B

× J0;P − 1K × B

−→ B

(k, x,λ,m) 7−→



δ(k, j).x

+ δ(k, j).m



j∈J0;N−1K

where + and . are the boolean addition and product

operations.

Consider the phase space X

deﬁned as follow:

= S

× B

× S

× B

× S

where S

and S

are the sets introduced in Section 5.

We deﬁne the map G

: X

−→ X

by:

,x,S

,m,S

) =

(σ

),F(i

),x,i

),m),σ

),G

(m,S

),σ

))

Then SCISMM can be described by the iterations of

the following discret dynamical system:



∈ X

k+1

= G

7.2 Cardinality of X

By comparing X

and X

, we have the following re-

sult.

Proposition 5. The phase space X

has, at least, the

cardinality of the continuum.

Proof. Let ϕ be the map deﬁned as follow:

ϕ : X

−→ X

(S,x) 7−→ (S,x,0,0, 0)

ϕ is injective. So the cardinality of X

is greater than

or equal to the cardinality of X

. And consequently

has at least the cardinality of the continuum.

Remark 2. This result is independent on the number

of cells of the system.

7.3 A New Distance on X

We deﬁne a newdistance on X

as follow: ∀X,

X ∈ X

if X = (S

,x,S

,m,S

) and

X = (

, ˇx,

, ˇm,

), then:

(X,

X) = d

(x, ˇx) + d

(m, ˇm)

+ d

) +d

where d

, d

, and d

are the same distances

than in Deﬁnition 13.

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

223

7.4 Continuity of SCISMM

To prove that SCISMM is another example of topo-

logical chaos in the sense of Devaney, G

must be

continuous on the metric space (X

Proposition 6. G

is a continuous function on

Proof. We use the sequential continuity.

Let ((S

)

,(S

)

,(S

)

n∈N

be a se-

quence of the phase space X

, which con-

verges to (S

,x,S

,m,S

). We will prove that

((S

)

,(S

)

,(S

)

))

n∈N

converges to

,x,S

,m,S

). Let us recall that for all n, (S

)

and (S

)

are strategies, thus we consider a

sequence of strategies (i.e., a sequence of sequences).

As d

(((S

)

,(S

)

,(S

)

),(S

,x,S

,m,S

))

converges to 0, each distance d

,x), d

,m),

((S

)

), d

((S

)

), and d

((S

)

converges to 0. But d

,x) and d

,m) are

integers, so ∃n

∈ N,∀n > n

,x) = 0 and

∃n

∈ N,∀n > n

,m) = 0.

Let n

= Max(n

). In other words, there exists

a threshold n

∈ N after which no cell will change its

state: ∃n

∈ N,n > n

=⇒ (x

= x) ∧ (m

= m).

In addition, d

((S

)

) −→ 0,

((S

)

) −→ 0, and d

((S

)

) −→ 0,

so ∃n

∈ N,

• ∀n > n

((S

)

) < 10

−1

• ∀n > n

((S

)

) < 10

−1

• ∀n > n

((S

)

) < 10

−1

Let n

= Max(n

). For n > n

, all the strate-

gies (S

)

, (S

)

, and (S

)

have the same ﬁrst term,

which are respectively(S

)

,(S

)

and (S

)

:∀n > n

((S

)

= (S

)

) ∧ ((S

)

= (S

)

) ∧ ((S

)

= (S

)

Let n

= Max(n

). After the n

−th term, states

of x

and x on the one hand, and m

and m on the other

hand, are identical. Additionally, strategies (S

)

and

, (S

)

and S

, and (S

)

and S

start with the same

ﬁrst term.

Consequently, states of

((S

)

,(S

)

,(S

)

) and

,x,S

,m,S

) are equal, so, after the (n

)

term, the distance d

between these two points is

strictly smaller than 3.10

−1

, so strictly smaller than

We now prove that the distance be-

tween (G

((S

)

,(S

)

,(S

)

)) and

,x,S

,m,S

)) is convergent to 0. Let

ε > 0.

• If ε > 1, we have seen that distance be-

tween G

((S

)

,(S

)

,(S

)

) and

,x,S

,m,S

) is strictly less than 1 af-

ter the (n

)

term (same state).

• If ε < 1, then ∃k ∈ N,10

−k

> 10

−(k+1)

. As

((S

)

), d

((S

)

) and d

((S

)

converges to 0, we have:

– ∃n

∈ N,∀n > n

((S

)

) < 10

−(k+2)

– ∃n

∈ N,∀n > n

((S

)

) < 10

−(k+2)

– ∃n

∈ N,∀n > n

((S

)

) < 10

−(k+2)

Let n

= Max(n

) thus after n

, the k+

2 ﬁrst terms of (S

)

and S

, (S

)

and S

, and

)

and S

, are equal.

As a consequence, the k + 1 ﬁrst entries of

the strategies of G

((S

)

,(S

)

,(S

)

) and

,x,S

,m,S

) are the same (due to the shift of

strategies) and following the deﬁnition of d

and

((S

)

,(S

)

,(S

)

);G

,x,S

,m,S

))

is equal to :

((S

)

) + d

((S

)

) + d

((S

)

which is smaller than 3.10

−(k+1)

6 3.

= ε.

Let N

= max(n

). We can claim that

∀ε > 0,∃N

∈ N,∀n > N

((S

)

,(S

)

,(S

)

);G

,x,S

,m,S

)) 6 ε.

is consequently continuous on (X

8 SCISMM IS CHAOTIC

To prove that we are in the framework of Devaney’s

topological chaos, we have to check the regularity,

transitivity, and sensitivity conditions.

8.1 Regularity

Proposition 7. Periodic points of G

are dense in X

Proof. Let (

, ˇx,

, ˇm,

) ∈ X

and ε > 0. We are

looking for a periodic point (

, ex,

, em,

) satisfying

((

, ˇx,

, ˇm,

);(

, ex,

, em,

)) < ε.

As ε can be strictly lesser than 1, we must

choose ex = ˇx and em = ˇm. Let us deﬁne k

(ε) =

⌊log

(

)⌋ + 1 and consider the set: S

(ε)

S ∈ S

× S

/((S

)

) ∧ ((S

)

))

∧((S

)

)),∀k 6 k

(ε)

SECRYPT 2011 - International Conference on Security and Cryptography

224

Then, ∀(S

) ∈ S

(ε)

((S

, ˇx,S

, ˇm,S

);(

, ˇx,

, ˇm,

)) < 3.

= ε.

It remains to choose (

) ∈ S

(ε)

such

that (

, ex,

, em,

) = (

, ˇx,

, ˇm,

) is a periodic

point for G

Let J = {i ∈ J0;N − 1K/x

6= ˇx

, where

,x,S

,m,S

) = G

(

, ˇx,

, ˇm,

)

λ = card(J ), and j

< j

< ... < j

λ−1

the ele-

ments of J .

1. Let us ﬁrstly build three strategies: S

∗

, S

∗

, and S

∗

as follows.

(a) (S

∗

)

, (S

∗

)

, and (S

∗

)

, if

k 6 k

(ε).

(b) Let us now explain how to replace ˇx

, ∀q ∈

J0;λ − 1K:

First of all, we must replace ˇx

i. If ∃λ

∈ J0;P − 1K/ ˇx

= m

, then we

can choose (S

∗

)

= j

, (S

∗

)

= λ

∗

)

= λ

, and so I

will be equal to 1.

ii. If such a λ

does not exist, we choose:

∗

)

= j

, (S

∗

)

= 0, (S

∗

)

= 0,

∗

)

= j

, (S

∗

)

= 0, (S

∗

)

= 0,

and I

= 2.

All of the ˇx

are replaced similarly. The other

terms of S

∗

, S

∗

, and S

∗

are constructed iden-

tically, and the values of I

are deﬁned in the

same way.

Let γ =

∑

λ−1

q=0

∗

)

= (S

∗

)

, (S

∗

)

= (S

∗

)

, and

∗

)

= (S

∗

)

, where j 6 k

(ε)+ γ is satisfying

j ≡ k [mod (k

(ε) + γ)], if k > k

(ε) + γ.

So, G

(ε)+γ

∗

, ˇx,S

∗

, ˇm, S

∗

) = (S

∗

, ˇx,S

∗

,m,S

∗

Let K = {i ∈ J0;P − 1K/m

6= ˇm

, where

(ε)+γ

∗

, ˇx,S

∗

, ˇm,S

∗

) = (S

∗

, ˇx,S

∗

,m,S

∗

)

µ = card(K ), and r

< r

< ... < r

µ−1

the ele-

ments of K .

2. Let us now build the strategies

(a) Firstly, let

= (S

∗

)

= (S

∗

)

, and

∗

)

, if k 6 k

(ε) + γ.

(b) How to replace ˇm

,∀q ∈ J0;µ − 1K:

First of all, let us explain how to replace ˇm

i. If ∃µ

∈ J0;N − 1K/ˇx

= m

, then we

can choose

+γ+1

= µ

+γ+1

= r

+γ+1

= r

In that situation, we deﬁne J

= 1.

ii. If such a µ

does not exist, then we can choose:

+γ+1

= 0,

+γ+1

= r

+γ+1

= r

+γ+2

= 0,

+γ+2

= r

+γ+2

= 0,

+γ+3

= 0,

+γ+3

= r

+γ+3

= 0.

Let J

= 3.

Then the other ˇm

are replaced as previously,

the other terms of

, and

are con-

structed in the same way, and the values of J

are deﬁned similarly.

Let α =

∑

µ−1

q=0

, and

where j 6 k

(ε) + γ + α is satisfying j ≡

k [mod (k

(ε) + γ+ α)], if k > k

(ε) + γ+ α.

So, G

(ε)+γ+α

(

, ˇx,

, ˇm,

) = (

, ˇx,

, ˇm,

)

Then, (

) ∈ S

(ε)

deﬁned as pre-

vious is such that (

, ˇx,

, ˇm,

) is a periodic

point, of period k

(ε) + γ + α, which is ε−close to

(

, ˇx,

, ˇm,

As a conclusion, (X

) is regular.

8.2 Transitivity

Proposition 8. (X

) is topologically transitive.

Proof. Let us deﬁne X : X

→ B

, such that

X (S

,x,S

,m,S

) = x and M : X

→ B

such that M (S

,x,S

,m,S

) = m. Let

= B (X

) and B

= B (X

)

be two open balls of X

, with

= ((S

)

,(S

)

,(S

)

) and X

((S

)

,(S

)

,(S

)

). We are look-

ing for

X = (

, ex,

, em,

) in B

such that

∃n

∈ N,G

(

X) ∈ B

X must be in B

and r

can be strictly lesser than 1, so

ex = x

and em = m

. Let k

= ⌊log

(

) + 1⌋. Let us

notice S



) ∈ S

× (S

)

/∀k 6 k

= (S

)

) ∧ (S

= (S

)

) ∧ (S

= (S

)

))



Then ∀(S

) ∈ S

,(S

, ex,S

, em,S

) ∈ B

Let J = {i ∈ J0,N − 1K/ ˇx

6= X (X

)

, where

(

, ˇx,

, ˇm,

) = G

)

, λ = card(J ),

and j

< j

< ... < j

λ−1

the elements of J .

1. Let us ﬁrstly build three strategies: S

∗

, S

∗

, and S

∗

as follows.

(a) (S

∗

)

= (S

)

, (S

∗

)

= (S

)

, and (S

∗

)

, if k 6 k

(b) Let us now explain how to replace X (X

)

∀q ∈ J0;λ − 1K:

First of all, we must replace X (X

)

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

225

i. If ∃λ

∈ J0;P − 1K/X (X

)

= ˇm

, then we

can choose (S

∗

)

= j

, (S

∗

)

= λ

∗

)

= λ

, and so I

will be equal to 1.

ii. If such a λ

does not exist, we choose:

∗

)

= j

, (S

∗

)

= 0, (S

∗

)

= 0,

∗

)

= j

, (S

∗

)

= 0, (S

∗

)

= 0

and so let us notice I

= 2.

All of the X (X

)

are replaced similarly. The

other terms of S

∗

, S

∗

, and S

∗

are constructed

identically, and the values of I

are deﬁned

on the same way.

Let γ =

∑

λ−1

q=0

∗

)

= (S

∗

)

, (S

∗

)

= (S

∗

)

and (S

∗

)

= (S

∗

)

where j 6 k

+ γ is satisfying j ≡ k [mod (k

γ)], if k > k

+ γ.

So,G

+γ

((S

∗

)) = (S

∗

,m,S

∗

)

Let K =



i ∈ J0;P − 1K/m

6= M (X

)

, where

∗

,m,S

∗

) = G

+γ

((S

∗

))

µ = card(K ) and r

< r

< ... < r

µ−1

the elements

of K .

2. Let us secondly build three other strategies:

as follows.

(a)

= (S

∗

)

= (S

∗

)

, and

= (S

∗

)

, if

k 6 k

+ γ.

(b) Let us now explain how to replace

M (X

)

,∀q ∈ J0;µ − 1K:

First of all, we must replace M (X

)

i. If ∃µ

∈ J0;N − 1K/M (X

)

= (x

)

, then

we can choose

+γ+1

= µ

+γ+1

= r

+γ+1

= r

, and J

will be equal to 1.

ii. If such a µ

does not exist, we choose:

+γ+1

= 0,

+γ+1

= r

+γ+1

= r

+γ+2

= 0,

+γ+2

= r

+γ+2

= 0,

+γ+3

= 0,

+γ+3

= r

+γ+3

= 0,

and so let us notice J

= 3.

All the M (X

)

are replaced similarly. The

other terms of

, and

are constructed

identically, and the values of J

are deﬁned

on the same way.

Let α =

∑

µ−1

q=0

∗

+γ+α+k

= (S

)

+γ+α+k

)

, and

+γ+α+k

= (S

)

So, G

+γ+α

(

) = X

, with

(

) ∈ S

. Then

X = (

) ∈

is such that

X ∈ B

and G

+γ+α

(

X) ∈ B

. Finally

we have proven the result.

8.3 Sensitivity on Initial Conditions

Proposition 9. (X

) has sensitive dependence on

initial conditions.

Proof. G

is regular and transitive. Due to Theo-

rem 1, G

is sensitive.

8.4 Devaney’s Chaos

In conclusion, (X

) is topologically transitive,

regular, and has sensitive dependence on initial con-

ditions. Then we have the result.

Theorem 3. G

is a chaotic map on (X

) in the

sense of Devaney.

So we can claim that:

Theorem 4. SCISMM is chaos-secure.

9 CONCLUSIONS

In this research work, a new information hiding

scheme has been introduced. It is chaos-secure and

stego-secure, and thus is able to withstand attacks

in Watermark-Only Attack (WOA) and Constant-

Message Attack (CMA) setups. These results have

been obtained after having studied the topological be-

havior of this data hiding scheme. To the best of our

knowledge, this algorithm is the third scheme that has

been proven to be secure, according to the informa-

tion hiding security ﬁeld.

In future work, we intend to study the robust-

ness of this scheme, and to compare it with the two

other secure algorithms. Additionally, we will inves-

tigate the topological properties of our scheme, to see

whether it is secure in KOA and KMA setups.

REFERENCES

Bahi, J. and Guyeux, C. (2010a). Hash functions us-

ing chaotic iterations. Journal of Algorithms &

Computational Technology, 4(2):167–181. Accepted

manuscript. To appear.

Bahi, J. and Guyeux, C. (2010b). A new chaos-based wa-

termarking algorithm. In SECRYPT’10, Int. conf. on

security and cryptography, pages 455–458, Athens,

Greece. SciTePress.

Bahi, J. M. and Guyeux, C. (2010c). A chaos-based

approach for information hiding security. arXiv

0034939.

SECRYPT 2011 - International Conference on Security and Cryptography

226

Banks, J., Brooks, J., Cairns, G., and Stacey, P. (1992). On

devaney’s deﬁnition of chaos. Amer. Math. Monthly,

99:332–334.

Barni, M., Bartolini, F., and Furon, T. (2003). A general

framework for robust watermarking security. Signal

Processing, 83(10):2069–2084. Special issue on Se-

curity of Data Hiding Technologies, invited paper.

Bergmair, R. and Katzenbeisser, S. (2006). Content-aware

steganography: About lazy prisoners and narrow-

minded wardens. In (Camenisch et al., 2007), pages

109–123.

Bras-Amor´os, M. and Domingo-Ferrer, J. (2008). On over-

lappings of digitized straight lines and shared stegano-

graphic ﬁle systems. Transactions on Data Privacy,

1(3):131–139.

Cachin, C. (1998). An information-theoretic model for

steganography. In Information Hiding, volume 1525

of Lecture Notes in Computer Science, pages 306–

318. Springer Berlin / Heidelberg.

Camenisch, J., Collberg, C. S., Johnson, N. F., and Sallee,

P., editors (2007). Information Hiding, 8th Interna-

tional Workshop, IH 2006, Alexandria, VA, USA, July

10-12, 2006. Revised Selcted Papers, volume 4437 of

Lecture Notes in Computer Science. Springer.

Cayre, F. and Bas, P. (2008). Kerckhoffs-based embedding

security classes for woa data hiding. IEEE Transac-

tions on Information Forensics and Security, 3(1):1–

15.

Cayre, F., Fontaine, C., and Furon, T. (2005). Watermarking

security: theory and practice. IEEE Transactions on

Signal Processing, 53(10):3976–3987.

Devaney, R. L. (1989). An Introduction to Chaotic Dynam-

ical Systems. Addison-Wesley, Redwood City, CA,

2nd edition.

Domingo-Ferrer, J. and Bras-Amor´os, M. (2008). A shared

steganographic ﬁle system with error correction. In

Torra, V. and Narukawa, Y., editors, MDAI, volume

5285 of Lecture Notes in Computer Science, pages

227–238. Springer.

Furon, T. (2002). Security analysis. European Project IST-

1999-10987 CERTIMARK, Deliverable D.5.5.

Guyeux, C., Friot, N., and Bahi, J. (2010). Chaotic itera-

tions versus spread-spectrum: chaos and stego secu-

rity. In IIH-MSP’10, 6-th Int. Conf. on Intelligent In-

formation Hiding and Multimedia Signal Processing,

pages 208–211, Darmstadt, Germany.

Kalker, T. (2001). Considerations on watermarking security.

pages 201–206.

Katzenbeisser, S. and Dittmann, J. (2004). Malicious at-

tacks on media authentication schemes based on in-

vertible watermarks. In Delp, E. J. and Wong, P. W.,

editors, Security, Steganography, and Watermarking

of Multimedia Contents, volume 5306 of Proceedings

of SPIE, pages 838–847. SPIE.

Ker, A. D. (2006). Batch steganography and pooled ste-

ganalysis. In (Camenisch et al., 2007), pages 265–

281.

Mittelholzer, T. (1999). An information-theoretic approach

to steganography and watermarking. In Pﬁtzmann,

A., editor, Information Hiding, volume 1768 of Lec-

ture Notes in Computer Science, pages 1–16, Dresden,

Germany. Springer.

Perez-Freire, L., Prez-gonzalez, F., and Comesaa, P. (2006).

Secret dither estimation in lattice-quantization data

hiding: A set-membership approach. In Delp, E. J.

and Wong, P. W., editors, Security, Steganography,

and Watermarking of Multimedia Contents, San Jose,

California, USA. SPIE.

Shannon, C. E. (1949). Communication theory of secrecy

systems. Bell Systems Technical Journal, 28:656–715.

Shujun, L., Qi, L., Wenmin, L., Xuanqin, M., and Yuan-

long, C. (2001). Statistical properties of digital piece-

wise linear chaotic maps and their roles in cryptogra-

phy and pseudo-random coding. Proceedings of the

8th IMA International Conference on Cryptography

and Coding, 1:205–221.

Simmons, G. J. (1984). The prisoners’ problem and the

subliminal channel. In Advances in Cryptology, Proc.

CRYPTO’83, pages 51–67.

CHAOTIC ITERATIONS FOR STEGANOGRAPHY - Stego-security and Chaos-security

227