Fabien Petitcolas

contact menu collection publications info hiding

 

Information hiding

History
MP3Stego
Downgrading
Stirmark benchmark
Mosaïc attack

 

mp3stego

When looking at the steganographic tools available on the Net, it occurred to me that nothing had been done to hide information in MP3 files, that is sound tracks compressed using the MPEG Audio Layer III format. There is a growing interest world-wide in MP3 or indeed WMA files because they offer near-CD quality at compression ratio of 11 to 1 (128 kilobits per second). This gives a very good opportunity for information hiding. Although WMA has better quality in general, I did not have access to code and only an implementation for MP3 is provided as a proof of concept.

MP3Stego will hide information in MP3 files during the compression process. The data is first compressed, encrypted and then hidden in the MP3 bit stream. Although MP3Stego has been written with steganographic applications in mind it might be used as a copyright marking system for MP3 files (weak but still much better than the MPEG copyright flag defined by the standard). Any opponent can uncompress the bit stream and recompress it; this will delete the hidden information – actually this is the only attack we know yet – but at the expense of severe quality loss.

The hiding process takes place at the heart of the Layer III encoding process namely in the inner_loop. The inner loop quantizes the input data and increases the quantiser step size until the quantized data can be coded with the available number of bits. Another loop checks that the distortions introduced by the quantization do not exceed the threshold defined by the psycho acoustic model. The part2_3_length variable contains the number of main_data bits used for scalefactors and Huffman code data in the MP3 bit stream. We encode the bits as its parity by changing the end loop condition of the inner loop. Only randomly chosen part2_3_length values are modified; the selection is done using a pseudo random bit generator based on SHA-1.

We have discussed earlier the power of parity for information hiding. MP3Stego is a practical example of it. There is still space for improvement but I thought that some people might be interested to have a look at it.

compilation

Full C code and binaries (Last update 13 June 2006):

usage example

encode -E hidden_text.txt -P pass svega.wav svega_stego.mp3
compresses svega.wav (mono, 44.1 kHz, 16bit encoded) and hides hidden_text.txt. The hidden text is encrypted using pass as a password. This produces the output called svega_stego.mp3. If no information was hidden, you would obtain this.
decode -X -P pass svega_stego.mp3
uncompresses svega_stego.mp3 into svega_stego.mp3.pcm and attempts to extract hidden information. The hidden message is decrypted, uncompressed and saved into svega_stego.mp3.txt.
 

feedback

Don’t forget to let me know your suggestions and comments: fabien@petitcolas.net

important notice

This computer program is based on:

  • 8hz-mp3 0.2b – 8Hz implementation of MP3 encoder;
  • MP3 Decoder (dist10) of the ISO MPEG Audio Subgroup Software Simulation Group;
  • ZLib 1.1.4 compression library by Jean-Loup Gailly’s ZLib;
  • Eric’s Young implementation of 3DES;
  • James J. Gillogly’s implementation of SHA-1;
  • ISO/IEC 11172-3:1993, Information technology – Coding of moving pictures and associated audio for digital storage media at up to about 1,5 Mbit/s – Part 3: Audio, with the permission of ISO. Copies of this standards can be purchased from the British Standards Institution, 389 Chiswick High Road, GB-London W4 4AL, Telephone:+ 44 181 996 90 00, Telefax:+ 44 181 996 74 00 or from ISO, postal box 56, CH-1211 Geneva 20, Telephone +41 22 749 0111, Telefax +4122 734 1079. Copyright remains with ISO.

Last update: Thursday, 29 August 2013 00:20:39 +0200

 
Copyright © 1997–2012 by Fabien Petitcolas