Breaking a Steganography System
Breaking a steganography system can be grouped into three types; detecting, extracting and disabling.
A steganography system already becomes insecure if an attacker could prove the existence of the hidden message.
While developing a formal security model for steganography, it is then important or more precisely, is a must to assume that an attacker has unlimited computation power and is able and motivated to perform a variety of attacks.
If an attacker could not confirm that a hidden message exists, then the steganography system is theoretically secure.
Passive attacker: Detecting a secret message
The purpose here is decide whether a cover message (c) contains a hidden message or not.
This can be formally defined as a test function, f:c->{0,1}
The covers are classified as they are passed through the insecure channel. In some cases, covers will be correctly classified. In other cases, the covers will not be detected for hidden messages. This is called a type-II error of the test function.
There are also possibilities that the test function falsely detects a hidden message in a cover which does not contain any message. This is called a type-I error.
A good steganography system tries to maximize to probability that a passive attacker makes a type-II error.
Active attacker: A need for Robust Steganography
Steganographic systems are highly sensitive to cover modifications. Even simple image processing techniques can destroy the message entirely. Some examples of modifications are like smoothing, filtering, cropping, image transformations, etc.
A lossy compression could also result in total loss of information. The nature of lossy compression techniques is to reduce the amount of information by removing the imperceptible signal components. This in turn can also cause the hidden information to be removed.
An active attacker whom could not prove or extract the existence of a secret message can simply add random noise to the transmitted cover. This is an attempt to destroy or disable the hidden information.
