Encode

1 i n p u t: s t r i n g [ ] p l a i n t e x t , s t r i n g s e e d , s t r i n g key

2 o u t p u t: s t r i n g [ ]

3 b e g i n

4 i f p l a i n t e x t . l e n g t h > MAX_PLAINTEXT_LENGTH

5 throw ERR_PT_TOO_LONG

6

7 c s p r n g ← new c s p r n g ( s e e d + key )

8 p l a i n t e x t L e n g t h ← l e f t P a d ( p l a i n t e x t . l e n g t h o r random 3 c h a r s , ’ 0 0 0 ’)

9 n o i s e ← g e n e r a t e N o i s e ( p l a i n t e x t L e n g t h + p l a i n t e x t )

10

11 b l o c k ← p l a i n t e x t L e n g t h . c o n c a t ( p l a i n t e x t ) . c o n c a t ( n o i s e )

12 s h u f f l e ( c s p r n g , b l o c k )

13

14 return b l o c k

15 end

Algorithm 4.1: Encode.

1 i n p u t: s t r i n g [ ] p l a i n t e x t

2 o u t p u t: s t r i n g [ ]

3 b e g i n

4 n o i s e ← s t r i n g [ ]

5 d i c t ← new D i c t i o n a r y

6

7 foreach c h a r p t c i n p l a i n t e x t

8 i f d i c t [ p t c ] n o t i n i t i a l i z e d

9 d i c t [ p t c ] = 0

10 d i c t [ p t c ]++

11 end

12

13 foreach c h a r c i n FREQUENCY_ALPHABET

14 c h a r C o u n t ← round (MAX_BLOCK_LENGTH / 100 ∗ FREQUENCY_ALPHABET[ c

] )

15 c h a r C o u n t ← c h a r C o u n t − d i c t [ c ]

16

17 i f c h a r C o u n t < 0

18 c h a r C o u n t = 0

19

20 foreach c h a r i n c h a r C o u n t

21 n o i s e . push ( c )

22 end

23 s h u f f l e ( n o i s e )

24

25 return n o i s e

26 end

Algorithm 4.2: GenerateNoise.

Let us first examine ourencodealgorithm. Refer to Algorithm 4.1 for pseudo code, Figure 4.1 for a sequence diagram and Figure 4.2 for a visual representation of an example shuffle of the block. The example shuffle is performed with a considerably smaller max block length than usual, for clarity. Encode accepts a plaintext to be encoded, along with aseed and stego-key. When a user has composed an email and scheduled it for sending, this function will be run. Either the entered StegoBlock message or a randomly generated string, if no message

4.1 Components 49

User StegoBlock CSPRNG

Encode(pt, seed, key)

seedRandom(seed + key)

generateNoise(plaintext) noise

shuffle(csprng, block)

csprng.get(0, i) j

block.swap(i, j)

forifromplaintext.length−1downto1 forifromplaintext.length−1downto1

block

Figure 4.1: Encode, sequence diagram.

0 0 5 h e l l o t p 5 b y t r 1 a

Step 0MessageLength Message Noise

0 0 5 h a l l o t p 5 b y t r 1 e

Step 1 (0≤j≤16, j= 4)

0 0 5 h a l l o t 1 5 b y t r p e

Step 2 (0≤j≤15, j= 9)

0 0 5 h a l l o t 1 5 b y r t p e

Step 3 (0≤j≤14, j= 13)

0 0 r h a l l o t 1 5 b y 5 t p e

Step 4 (0≤j≤13, j= 2)

0 0 r h a y l o t 1 5 b l 5 t p e

Step 5 (0≤j≤12, j= 5)

0 0 b h a y l o t 1 5 r l 5 t p e

Step 6 (0≤j≤11, j= 2)

0 0 b h a y l 5 t 1 o r l 5 t p e

Step 7 (0≤j≤10, j= 7)

0 0 b h a y l 5 t 1 o r l 5 t p e

Step 8 (0≤j≤9, j= 9)

t 0 b h a y l 5 0 1 o r l 5 t p e

Step 9 (0≤j≤8, j= 0)

t 0 5 h a y l b 0 1 o r l 5 t p e

Step 10 (0≤j≤7, j= 2)

t 0 5 h l y a b 0 1 o r l 5 t p e

Step 11 (0≤j≤6, j= 4)

t y 5 h l 0 a b 0 1 o r l 5 t p e

Step 12 (0≤j≤5, j= 1)

t y 5 h l 0 a b 0 1 o r l 5 t p e

Step 13 (0≤j≤4, j= 4)

t h 5 y l 0 a b 0 1 o r l 5 t p e

Step 14 (0≤j≤3, j= 1)

t 5 h y l 0 a b 0 1 o r l 5 t p e

Step 15 (0≤j≤2, j= 1)

5 t h y l 0 a b 0 1 o r l 5 t p e

Step 16 (0≤j≤1, j= 0)

Figure 4.2: Shuffle example run

4.1 Components 51

was written, will be encoded. The seed will be set to the current timestamp, with millisecond precision.

Initializing The seed serves the purpose of introducing entropy over several messages with the same key. Our StegoBlock application features a simple database for storing stego-keys, hereby encouraging key reuse, for the same receiver/sender. When reusing keys, an adversary has an easy, or at least easier, time learning the key, should he identify two or more messages with the same plaintext. Introducing the seed, which is not itself a secret, will add enough entropy to the system to allow key reuse.

The key is used for seeding the Cryptographically Secure Pseudo Random Num-ber Generator (CSPRNG), but is first concatenated with the seed. A stego- or crypto key should always be of sufficient strength.

encode will first check if the provided plaintext length is longer than the al-lowed. StegoBlock allows messages of maximum 200 characters. If it is longer, an exception will be thrown and execution halted (the email is not sent). Oth-erwise execution will proceed to initialize a CSPRNG with the seed and key.

This ensures a deterministic sequence of "random" integers. It will then left pad the message length with 3 zeros. This is to ensure a 3 digit message length.

Next, we generate a string ofnoise. The noise is essentially a string of charac-ters in some alphabet, that adheres to some frequency for each letter. We then concatenate message length, message and noise into one big array, the block.

Before returning, the block is shuffled with the Knuth shuffle.

GenerateNoise Refer to Algorithm 4.2 for a textual representation of the algorithm. Before inserting the plaintext into the block, generateNoise gen-erates a string of letters that adhere to some distribution. It accepts the plaintext as argument, as both plaintext, plaintext length and noise combined, must adhere to said distribution. We start off by initializing a new empty array for the noise and a dictionary for fast access to the counts of each in-serted character in the noise array. In our StegoBlock application, the distri-bution of characters should resemble that of a predefined distridistri-bution in FRE-QUENCY_ALPHABET.

We will iterate all characters of the plaintext. Each character is looked up in said dictionary. If the value is uninitialized, it will be initialized to 0. The value for the current char is then incremented by one. One sees how the dictionary effectively keeps a count of each character in the plaintext. These counts are used later, when calculating how many of each character should be prepended

the string of noise.

FREQUENCY_ALPHABET is a predefined dictionary of characters and their desired frequency, in the resulting StegoBlock. We will proceed to iterate all its values,cf. For each character, we calculate how many of each there should be in the final StegoBlock of provided size and frequency. The result is kept in the variable charCount. We will retrieve the number of times, we counted the same character in the plaintext, and subtract this from charCount. As charCount may then become less than 0, we set it to 0, if that is the case. This problem and others will be treated later - but if charCount becomes less than 0, it means the plaintext has one or more characters exceeding their max. They will not be able to hide within the block, e.g. maintaining the target distribution. The algorithms generally postpone these checks until last minute, instead of halting, so a full error report can be provided.

We will then add the character ofcf, charCountamount of times to the noise array. Notice that we shuffle the noise before returning. Otherwise it would be alphabetically ordered. An adversary would otherwise be able to validate a keys correctness. We will detail on this in the later steganalysis.

After concatenatingM essageLength+M essage+N oiseand encoding, checking the character distribution of the block, should result in a perfect distribution matching our targetFREQUENCY_ALPHABET. If it does not, an error report is shown to the client, and execution halted.

In document A System for Hiding Steganography in Plain Sight (Sider 58-62)