Multi-image steganography and authentication using crypto-stego techniques

Abstract

It is a necessity to protect sensitive information in digital form from an adversary who may indulge in cyber-crimes such as modification, masquerading, and replaying of data. Security systems designed to counter such attacks must keep abreast of the adversary. In this paper, we have proposed a novel multi-image crypto-stego technique using Rabin cryptosystem and Arnold transform that provides a mechanism to hide digital data in the form of text, image, audio, and video. The proposed technique is a novel approach for (n,n) secret sharing that prevents attack by an intruder impersonating as a shareholder. In the proposed technique, the header information is created to retrieve data in the correct order. Randomized encrypted data and partial header information are camouflaged in the edges of multiple images in an adaptive manner. Minimal and distribution sequence keys distribute data in shares. Experimental results yield high values of PSNR and low values of MSE for the audio, image, video signals. Further, as the entropy values for original cover image coincide with the crypto-stego image up to the third place of decimal, the secret message will go unnoticed. Sensitivity analysis reveals that even a minor variation in a single share makes the recovery of the secret message infeasible. Comparison with the state of the art techniques indicates that the proposed technique either scores over its competitors or performs equally well in terms of standard evaluation metrics.

1 Introduction

Protecting sensitive information while sharing it among various stakeholders is an important aspect of information security. There are several techniques to protect the data. In cryptography, the message of interest is encrypted prior to communication across an insecure channel so that if the message is intercepted by an intruder during communication, it remains incomprehensible to him/her. Researchers have proposed various techniques for image encryption. Abuturab [4] proposed a scheme to decompose an image into three RGB channels and applied Discrete Cosine Transform (DCT) and gyrator transforms to secure the message. Several researchers have proposed modifications of DCT in various applications such as face and palm-print recognition [30, 31]. Hayat and Azam [19] presented a hybrid image encryption scheme based on substitution boxes and pseudo random number methods using elliptic curves. Luo et al. [38] proposed an improved chaotic algorithm for shuffling and substitution for encrypting images. Rabin [43] developed an asymmetric encryption scheme based on a variant of RSA using two as the exponent, thus making computations fast. Several schemes that were developed to correctly decipher roots for decryption, were vulnerable to chosen plaintext attack [9, 20, 39]. Many variants of the scheme were developed to address the issue of indistinguishability against chosen plaintext attack (IND-CPA) [27,28,29]. Recently, Rabin cryptosystem has been integrated with other techniques such as error correction codes [16] to provide resistance from forgery [15].

Steganography is a technique for evading detection by hiding secret digital messages in innocent looking multimedia files containing text, image, audio, or video, so that an intruder does not get any clue of a secret message being communicated. Main issues in steganography include capacity, security, and robustness [51]. Steganography may be applied in spatial, spectral, or adaptive domain. Researchers have worked on different aspects to improve the embedding capacity and security of data. Abdulla et al. [2] proposed a data hiding technique with improved stego-image quality by decomposing the pixel intensity value into 16 virtual bit planes suitable for embedding. Taking advantage of similarity between neighbouring pixels, Tang et al. [48] proposed a high capacity data hiding technique using multilayer embedding. Chen et al. [13] proposed a color image hiding scheme in which RGB components are first scrambled using Arnlod transform and subsequently hidden using Gerchberg–Saxton algorithm in fractional Fourier domain. Kim et al. [25] proposed a high capacity scheme using hamming code parity function to exploit embedding efficiency of encrypted halftoned image. By exploiting the bitmap coefficients of an image based on histogram modification, the authors proposed a lossless data hiding method for absolute moment block truncation coding compressed gray scale images [24]. Abdulla et al. [1, 3] proposed a technique to improve the security by Least Significant Bit Replacement (LSBR) method that increased the embedding efficiency by about 50%. They used a bit plane mapping technique instead of bit plane replacement, thus improving similarity between the secret image bit stream and the cover image.

Cryptography and steganography techniques, when combined, provide better security to the sensitive data [8, 41]. Enhanced imperceptibility is achieved by hiding secret data in edges of the cover image [7, 47]. Kim et al. [26] presented a novel data hiding method based on adaptive block truncation coding (BTC) that exploited edge quantization using optimal pixel adjustment process at the least significant bit (LSB) pixels to obtain a high image quality.

In this paper, we have proposed a multi-image authentication mechanism using crypto-stego techniques. Secret messages in the form of text, image, audio, or video are encrypted using Rabin cryptosystem and randomized using Arnold transform. Subsequently, the transformed messages are embedded in the edges of multiple images using adaptive LSBMR technique [37]. The proposed technique is an (n,n) secret sharing technique that yields high quality shares. The proposed approach is suitable for sharing highly sensitive information where all the shareholders’ information are necessary to retrieve the secret message. Due to its large storage capacity, it is also suitable for securing large data.

1.1 Road map of the paper

The rest of this paper is organized as follows: in Section 2, we discuss related work. In Section 3, we briefly describe Rabin cryptosystem and Arnold transform as these serve as the foundation of the proposed technique. In Section 4, we provide the details of the proposed technique for securing sensitive files using multi-image steganography. In Section 5, we present the results of experimentations and compare the proposed technique with some of the relevant techniques, and finally we conclude the paper by summarizing the research outcomes in Section 6.

2 Related work

To enhance the security of sensitive secret information, we resort to secret sharing, by way of segmenting the secret information and sharing among several members [46]. For (k,n) secret sharing, the secret message is revealed only when at least k out of n shares are present. (n,n) Secret sharing is a special case of the general secret sharing and it requires all the shares to unlock the secret.

Researchers have developed several mechanisms to achieve secret sharing. Shamir’s interpolation method [46] was extended for sharing secret images, also called visual secret sharing (VSS) without any cryptographic computation [42]. In VSS, an image is broken into n shares/shadows, any k of the n users stack their shares to reveal the secret, but any (k − 1) or fewer users do not get any advantage. VSS can also be used for multiple images [17]. Although initially binary images were used for VSS, schemes for sharing the color images were developed subsequently [11, 21, 50].

Some techniques used for share generation are based on Chinese remainder theorem [23, 45]. Wu et al. [53] gave secret image reversible sharing scheme based on cellular automata. While some authors proposed that the shares generated were embedded in multiple images to give an appearance of a meaningful shadow so that no one gets suspicious about the secret message [34, 35], others came up with the concept of secret sharing with steganography and authentication to provide meaningful shares [33, 52]. Chang et al. [10] improved secret sharing using steganography by increasing capacity by hiding only t − 3 secret bits, a significant improvement over proposals that involved hiding t − 1 bits. Some works proposed invertible secret image sharing with steganography [34, 48, 52]. In these works, cover image was retrieved without distortion along with secret image. Tripathi et al.[49] proposed a sorted index code and a polynomial-based threshold secret sharing scheme to produce relevant shadows to achieve higher embedding capacity, yielding complete recovery of the cover image.

Chen and Wu [12] proposed a Boolean-based multi-secret image sharing scheme. It uses a random image generating function to generate random images from the secret images and boolean calculations are applied to share n secret images among n shared image. In Chen and Wu’s scheme, partial secret information is revealed from n − 1 or fewer shares, Yang et al. [57] proposed a more secure modified (n,n) multi secret image sharing scheme. The proposed technique that included a permutation function to enhance randomness of the shared images. Using steganography, Wu and Yang provided authentication and reversible cover image recovery for compressed images [52]. Wu et al. [54] proposed a scheme that achieved authentication and secret image sharing. Their schemes deployed a polynomial-based technique that generated secret shares which were concealed in the color palettes of the cover image. Liao et al. [32] proposed an adaptive payload distribution based on texture features among multiple images to achieve enhanced security.

Kabirirad and Eslami [22] proposed a technique to generate pseudo-random shares using boolean operations to hide multiple images. Thus, it assured that no information about the secret image is revealed from the knowledge of n − 1 or fewer shares unlike in earlier boolean approaches. Logeshwari and Parvathy [36] proposed a secure (n, n) multi-secret sharing scheme based on the logistic chaotic sequence generated using a secret geometric pattern that was XORed with the image, thus providing enhanced security against unauthorized users. Gutub and Al-Ghamdi [18] proposed image based steganography to hide (n,n) secret shares produced using a counting-based technique. In a subsequent paper, Alkhodaidi and Gutub [6] proposed another counting-based secret sharing scheme which dynamically selects locations to embed secret shares based on share key size and cover image size. Using univariate and bivariate polynomials for secret sharing, Meng et al. [40] proposed a scheme, that thwarts the illegal participant attack. Secret could be recovered only if all the participants had valid shares. Using polynomial interpolation, Sardar and Adhikari [44] proposed a secret sharing approach for gray scale images. Further, to ensure that there is no leakage of secret information, the polynomial coefficient corresponding to the highest exponent was chosen randomly for introducing randomness within the shadow images. This also obviated the need for pre-processing to introduce randomness. Agarwal et al. [5] detected all the objects present in an image and applied (n,n) secret sharing scheme over the detected objects instead of the entire image, thus reducing the cost of secret sharing which is achieved using strict skewed binary tree.

3 Background

In the proposed approach for securing digital information, Rabin cryptosystem is applied for encrypting data and Arnold transform is used for randomizing the encrypted data. In this section, we briefly describe Rabin cryptosystem and Arnold transform.

3.1 Rabin cryptosystem modified

Unique prime factorization theorem says that any integer n, where n > 1 is either prime number or a product of prime factors. This factorization is unique in the sense that any two such factorizations differ only in the order in which the primes are multiplied. If the number has only small factors, then it is not hard to factorize. But it is well known that if the number is very large (for example 512 bits or longer) and has only a few large factors, then there is no efficient algorithm available to factorize. So, we have used the concept of factorization of positive integer in two-dimensional data for security. Rabin cryptosystem, is a variant of RSA wherein the value of exponential factor is fixed as two [43].

3.1.1 Encryption at sender’s side

We first divide the secret data into chunks (M) based on the size of the public key (N). The size of one chunk is less than half of the key length. Pre-padding of the message is to be done so that the message size remains consistent. Each chunk is concatenated with itself, and the encrypted message (C_t) is obtained using (1).

$$ C_{t} = M^{2} \pmod N $$

(1)

3.1.2 Decryption at receiver’s end

While decrypting the cipher message, we pre-pad the cipher text based on the key length and then divide the cipher text into chunks. Next, we apply decryption formula to obtain four possible candidates, and select the one whose left side matches the right side when divided into two halves. Suppose, p and q are two large prime numbers whose product is the public key N. The primes p and q are distinct and satisfy the following equations¹:

$$ \begin{array}{@{}rcl@{}} p &\equiv& 3 \pmod{4} \end{array} $$

(2)

$$ \begin{array}{@{}rcl@{}} q &\equiv& 3 \pmod{4} \end{array} $$

(3)

Now, integers a and b are calculated using extended Euclidean algorithm using the equation

$$ a*p + b*q = 1 $$

(4)

Decryption is carried out as follows:

$$ x = c^{(p+1)/4} \pmod{p} $$

(5)

$$ y = c^{(q+1)/4} \pmod{q} $$

(6)

$$ r_{1} = (a*p*s + b*q*r) \pmod{N} $$

(7)

$$ r_{2} = (a*p*s - b*q*r) \pmod{N} $$

(8)

$$ r_{3} = -r_{1} \pmod{N} $$

(9)

$$ r_{4} = -r_{2} \pmod{N} $$

(10)

3.2 Arnold transform

Arnold transform works on the principle of shearing i.e. shifting rows or columns from one position to another so as to obtain the scrambled data. The number of iterations, applied to displace data positions each time act as the key required to be known at the receiver end. Initially, digital data in one dimensional form is taken from the user and the size of data is stored in the first 32 bits. Next, we apply padding (if required) to make the size of data a perfect square of an integer. Now we transform the data in the form of a square matrix and apply Arnold transform using (11), (12), (16).

$$ {\left[ \begin{array}{c} xTransf \\ yTransf \end{array} \right]} = \left[ \begin{array}{cc} 2 & 1 \\ 1 & 1 \end{array} \right] \left[ \begin{array}{c} x \\ y \end{array} \right] \mod l $$

(11)

$$ {\left[ \begin{array}{c} xTransf \\ yTransf \end{array} \right]} = \left[ \begin{array}{cc} 1 & 1 \\ 0 & 1 \end{array} \right] \left[ \begin{array}{cc} 1 & 0 \\ 1 & 1 \end{array} \right] \left[ \begin{array}{c} x \\ y \end{array} \right] \mod l $$

(12)

At the time of decryption, inverse Rabin cryptosystem is applied to retrieve the binary vector, which is transformed into a square matrix and inverse Arnold transform is applied as per (13) and (17). We retrieve length of data from first thirty two bits and obtain the original data after discarding the extra bits.

$$ {\left[ \begin{array}{c} x \\ y \end{array} \right]} = \left[ \begin{array}{cc} 1 & -1 \\ -1 & 2 \end{array} \right] \left[ \begin{array}{c} xTransf \\ yTransf \end{array} \right] \mod l $$

(13)

3.3 Transforming coordinates

To implement Arnold transform, initially we create two matrices xTrans₀ and yTrans₀ and represent initial matrix indices, each of size l × l.

$$ xTrans_{0} = {\begin{bmatrix} 0& 0& 0& 0& ..& \\ 1& 1& 1& 1& ..& \\ 2& 2& 2& 2& ..& \\ 3& 3& 3& 3& ..& \\ :& :& :& :& ..& \\ \end{bmatrix}}_{l \times l} $$

(14)

$$ yTrans_{0} = {\begin{bmatrix} 0& 1& 2& 3& ..& \\ 0& 1& 2& 3& ..& \\ 0& 1& 2& 3& ..& \\ 0& 1& 2& 3& ..& \\ :& :& :& :& ..& \\ \end{bmatrix}}_{l \times l} $$

(15)

In each iteration x and y coordinate positions are transformed as:

$$ \begin{array}{@{}rcl@{}} (xTrans_{i+1},yTrans_{i+1}) \rightarrow (((2.xTrans_{i} + yTrans_{i})\mod l), \\ ((xTrans_{i} + yTrans_{i})\mod l)) \end{array} $$

(16)

where xTrans_i+ 1 and yTrans_i+ 1 represent the values at x and y coordinate positions obtained after (i + 1)^th iterations of Arnold transformation respectively. xTrans_i and yTrans_i represent values at x and y coordinates obtained after i^th iteration of Arnold transformation respectively. Finally, the values are assigned to the final positions obtained after applying the specified Arnold transformations.

Similarly, for Inverse Arnold transform, with each iteration x and y coordinate positions are transformed as:

$$ \begin{array}{@{}rcl@{}} (x'Trans_{i+1},y'Trans_{i+1}) \rightarrow (((x'Trans_{i}- y'Trans_{i})\mod l), \\ ((- x'Trans_{i} + 2.y'Trans_{i})\mod l)) \end{array} $$

(17)

where \(x^{\prime }Trans_{i+1}\) and \(y^{\prime }Trans_{i+1}\) represent values of x and y coordinate positions obtained after (i + 1)^th inverse iterations of Arnold transformation. \(x^{\prime }Trans_{i}\) and \(y^{\prime }Trans_{i}\) represent values of x and y coordinates obtained after i^th inverse iterations of Arnold transformation. So, final values are assigned to the positions after specific number of iteration key.

4 Proposed approach based on multi-image steganography

The input data is first encrypted using the public key of the receiver by employing the Rabin cryptosystem which works on the principle of asymmetric public key encryption mechanism.

The multi-image steganography enables hiding the data in the edges of multiple images. A threshold is chosen depending on the size of data to be hidden and the variation in pixel intensity values which determines the capacity of image. Each image hides an image header segment and payload. Each image header segment consists of its sequence number and a part of the randomized header information (partial header). Each partial header consists of a part of randomized header, where header consists of data length (32 bits) and part of message digest obtained from MD5(64 bits) and some random bits (salt) as shown in Fig. 1. Data portions to be hidden in different images are created using minimal key and distribution sequence key. Minimal key is the minimum data to be hidden in every image and thus, ensures some portion of the secret data is distributed in each stego image. Distribution sequence key is a sequence of numbers which represents the maximum contiguous data that can be hidden in each image at a time. Data portions are hidden in each image according to the distribution key in round robin fashion.

Fig. 1

Creating header information for each image

Figure 2 demonstrates an example of multi-image steganography. In this example, we have taken 3 cover images. Header segment for each image is 40 bit long and includes sequence number and partial header. Minimal key is taken as 3 to ensure that minimum 3 bits of data are hidden in each image. Distribution sequence key is taken as sequence of: 10, 15, 20, 5. To retrieve and authenticate data in multi-image steganography scheme, partial header is extracted from each image and arranged according to the obtained sequence numbers to obtain randomized header segment. It is rearranged, according to the PRNG used in the hiding phase, to get the header segment. Data length and message digest are extracted from this header segment. Data is extracted from the edges of the images and rearranged using minimal key and distribution sequence key as mentioned above. Message Digest is calculated from the retrieved data and authenticated with the message digest retrieved from the header sequence. In the proposed technique, all shares are required to extract the data. This technique also detects any share that is corrupted.

Fig. 2

An example to demonstrate multi-image steganography using 3 cover images

4.1 Sequence of operations to encrypt and hide in multiple images

Initially, we read the the secret file that may be in text, image, audio or video form. Public key encryption mechanism — Rabin cryptosystem is used to encrypt it using public key (N) of the receiver. Encrypted data is padded suitably and randomized using Arnold transform. Arnold transform shifts rows and columns to displace data iteratively for specified number of iterations. Length and message digest of this randomized encrypted data are concatenated and further randomized to create header information. Thus, header for each image is composed of its sequence number and part of this header information, as shown in Fig. 1. Header information for each image along with randomized encrypted data are hidden, first using the minimal key and then using the distribution key in the edges of the multiple images using adaptive edge technique using the LSBMR technique [37]. Thus, information is shared among several images. Procedure to encrypt and hide the secret data shares in multiple images is given in Fig. 3. Algorithmic description for multi-image steganography and authentication is given in Algorithms:1 and 4.

Fig. 3

Procedure to encrypt and hide the original data in multiple images

4.2 Sequence of operations to retrieve decrypted data from multiple images

At the receiver end, user retrieves payload from the edges of each image and then arranges them according to the original data sequence in correspondence to distribution sequence indexes obtained by minimal data key and distribution sequence key. Message digest of the data obtained is calculated and matched with decrypted message digest to detect any manipulation of data, thus keeping a check on authenticity of data. Inverse Arnold transform is applied to rearrange the data properly and then inverse Rabin cryptosystem using private key of receiver as in asymmetric public key system is applied to decrypt the data in original form. Procedure to extract data from multiple images and decrypt the secret data is given in Fig. 4. Algorithmic description for decryption is given in Algorithms 3 and 4.

Fig. 4

Procedure to extract data from multiple images and decrypt to obtain the original Information

5 Experimental results

To evaluate the proposed authentication scheme, we carried out extensive experimentation using audio, video, and image data. Based on histogram analysis, pixel intensity correlation graphs, and MSE, PSNR, and correlation coefficient values, we demonstrate that presented technique is suitable for safe transmission of digital data.

5.1 Embedding an audio clip

In this section, we have shown the results of experiments for a sample audio file. We have used a small audio clip of size 10.6Kb (Fig. 5a) as the secret information and Fig. 5b, c, and d as the cover images. On hiding the encrypted audio file in the cover images, we obtain the crypto-stego images shown in Fig. 6a, b, c respectively. The recovered audio file showed no perceptible distortion.

Fig. 5

Data used in experiments: a Original audio data b Cover image 1 c Cover image 2 d Cover image 3

Fig. 6

Experimental results of audio data: a Crypto-stego image 1 b Crypto-stego image 2 c Crypto-stego image 3 d Recoverd audio

Histogram Analysis

Histogram of the cover images in Fig. 5b, c, and s (see Fig. 7a, b, c respectively) resemble histogram of crypto-stego images Fig. 6b, c, and d (see Fig. 8a, b, and c). It is evident that the pair of the histograms of images before and after embedding the secret information show so much similarity that one can not guess that any data is hidden in cover images.

Fig. 7

Histograms of cover images: a Cover image 1 b Cover image 2 c Cover image 3

Fig. 8

Histograms of crypto-stego images: a Crypto-stego image 1 b Crypto-stego image 2 c Crypto-stego image 3

Pixel intensity Correlation Graphs

Pixel intensity correlation graphs of cover images match the corresponding pixel intensity correlation graphs of crypto-stego images. For example, pixel intensity correlation graphs of cover image 1 in horizontal, vertical and diagonal direction shown in Fig. 9a, b, and c respectively are quite similar to the pixel intensity correlation graphs of crypto-stego image 1 in horizontal, vertical and diagonal direction shown in Fig. 11a, b, and c respectively. Similar trend was seen for the correlation graphs of cover images 2 and cover image 3 (Figs. 9 and 10), and their respective crypto-stego images (Figs. 11 and 12).

Fig. 9

Pixel intensity distribution of cover images of audio data: a At Horizontal direction of cover image 1 b At vertical direction of cover image 1 c At Diagonal direction of cover image 1 d At Horizontal direction of Cover image 2 e At Vertical direction of Cover image 2 f At Diagonal direction of Cover image 2

Fig. 10

Pixel Intensity Distribution of cover image of Audio data: a At Horizontal direction of cover image 3 b At Vertical direction cover image 3 c At Diagonal direction of cover image 3

Fig. 11

Pixel Intensity Distribution of crypto-stego image of Audio data: a At Horizontal direction of crypto-stego image 1 b At Vertical direction of crypto-stego image 1 c At Diagonal direction of crypto-stego image 1 d At Horizontal direction of crypto-stego image 2 e At Vertical direction of crypto-stego image 2 f At Diagonal direction of crypto-stego image 2

Fig. 12

Pixel Intensity Distribution of crypto-stego image of Audio data: a At Horizontal direction of crypto-stego image 3 b At Vertical direction of crypto-stego image 3 c At Diagonal direction of crypto-stego image 3

MSE, PSNR, Correlation Coefficient

In Table 1, we present the correlation coefficient, MSE, and PSNR values between the pairs or original cover images and the corresponding crypto-stego images. Table shows that the correlation coefficient values are 1 (up to four places of decimal), MSE values are low, and PSNR values are high for all pairs of original cover images and the corresponding crypto-stego images, implying that detection of the presence of any significant information is unlikely.

Table 1 Statistical analysis for Audio data at edge threshold 26

5.2 Embedding a video clip

In this section, we have shown the results of experiments for a sample video file. We have used a small video clip of size 285Kb and 00:00:12 (Fig. 13a) as the secret information and Fig. 13b, c, and d as the cover images. On hiding the encrypted audio file in the cover images, we obtain the crypto-stego images which resemble original cover images. The recovered video file showed no perceptible distortion (Fig. 14).

Fig. 13

Data used in experiments: a Original video data b Cover image 1 c Cover image 2 d Cover image 3

Fig. 14

Experimental results of Video data: a Crypto-stego image 1 b Crypto-stego image 2 c Crypto-stego image 3 d Recoverd video

Histogram Analysis

Histogram of the cover images in Fig. 13b, c, and d (see Fig. 15a, b, c respectively) resemble histogram of crypto-stego images Fig. 16a, b, and c. It is evident that the pair of the histograms of images before and after embedding the secret information show so much similarity that one can not guess that any data is hidden in cover images. Similar to audio results, for video data also pixel intensity correlation graphs obtained for cover image in horizontal, vertical and diagonal direction resemble the pixel intensity correlation graphs in horizontal, vertical and diagonal direction respectively of crypto-stego image. This shows robustness to any kind of attack as the adversary is not aware of presence of any external data.

Fig. 15

Histogram for cover image of Video data : a Cover image 1 b Cover image 2 c Cover image 3

Fig. 16

Histogram for crypto-stego image of Video data : a Crypto-stego image 1 b Crypto-stego image 2 c Crypto-stego image 3

MSE, PSNR, Correlation Coefficient

In Table 2, we present the correlation coefficient, MSE, and PSNR values between the pairs of original cover images and the corresponding crypto-stego images. The table shows that the correlation cofficient values are 1 (up to four places of decimal), MSE values are low, and PSNR values are high for all pairs of original cover images and the corresponding crypto-stego images, implying that detection of the presence of any significant information is unlikely.

Table 2 Statistical details relating to Video data at threshold 4

5.3 Embedding images

In this section, we have shown the results of hiding hidden images in multiple cover images. Images used as cover images and secret data are taken from SIPI database: http://sipi.usc.edu/database/database.php?volume=misc and Peticolas database: https://www.petitcolas.net/watermarking/image_database/. Figure 17a, b, and c show average PSNR, MSE and SSIM graphs respectively on varying number of cover images in the range 3 to 15 for hiding five color images from dataset bear (394 × 600(9,00,111 bits)), opera (695 × 586 (16,81,429 bits)), papermachine (200 × 132(1,08,826 bits)), wildflowers (200 × 135(1,14,318 bits)) and baboon (512 × 512(11,34,554 bits)). As the number of cover images increases, the size of the data to be hidden in edges also increases as more space is available. The cover images resemble camouflage images produced and imperceptibility is higher as the number of cover images is more. In Fig. 17d, a set comprising three randomly chosen images is used as the cover to hide an image (Pills of size 200 × 130 from the Peticolas database). The experiment is repeated ten times with different sets of cover images and the PSNR value is calculated each time. Images are selected from peticolas dataset with different features like bright color, high texture, fine details, lines and edges. Although the boxplot of PSNR values (Fig. 17d) shows some variation for different choices of cover images, nevertheless PSNR values remain high (> 53).

Fig. 17

Data characteristics set a Average PSNR graph b Average MSE graph c Average SSIM graph d Boxplot for different cover images

5.4 Security issues

The proposed technique is CPA and CCA secure as initially asymmetric Rabin cryptosystem and then Arnold transform are applied, no extra information is required for correct decryption. Thus, the proposed technique does not reveal any information about roots that may lead to recovery of the prime numbers used. Further, Rabin cryptosystem key is as hard to break as factoring of large positive integer. The encrypted data is hidden behind random RGB color of a color image to veil the presence of any important data.

5.4.1 Key sensitivity

Key sensitivity is an important attribute to determine the strength of any security system. High key sensitivity is needed for secure cryptosystems, i.e. one should not be able to recover the original data without the exact keys. In the proposed technique, if any discrepancy is found at decryption stage, then the data cannot be recovered. If the used key differs from the original key even sightly, then the data cannot be recovered from crypto-stego image.

5.4.2 Entropy analysis

For a true random system that generates 256 symbols with an equal probability, the entropy is equal to 8. In image security, entropy for output image is closed to the entropy of the input image then information of output image is similar to the original data. If the entropy of encrypted data is smaller than the ideal value 8, the proposed cryptosystem is free from attack. Figure 18a, b, c are entropy graph of audio data for red, green and blue components respectively for each of the cover image and crypto-stego image. Figure 19a, b, c are entropy graph of video data for red, green and blue components respectively, for each of the cover image and crypto-stego image. In both audio and video entropy graphs, the values obtained for cover image are shown in red color and crypto-stego image are shown in light blue color. As the two graphs nearly coincide with each other, the presence of information in stego-images will go unnoticed. In Tables 3 and 4, we summarize the entropy values for hidden audio data and video data in different RGB Components of each cover image and crypto-stego image. As the entropy values obtained for cover image red component are quite close to that of crypto-stego image, it is very difficult to judge any change in cover image. So, the proposed cryptosystem is appropriate for audio and video data.

Fig. 18

Entropy Graph of Audio data: a Red Component b Green Component c Blue Component

Fig. 19

Entropy Graph of Video data : a Red Component b Green Component c Blue Component

Table 3 Entropy values for Hidden Audio Data in cover image and crypto-stego image

Table 4 Entropy values for Hidden Video Data in cover image and crypto-stego image

5.5 Comparison with competing techniques

• Proposed technique provides functionality for applications such as shared passwords, where all the members are required to open the locked password. Secret can be digital information in form of text, image, audio or video. However, several state-of-the-art schemes [10, 11, 56, 57] are applicable for images only.

• The proposed technique is applicable as(n,n)secret sharing technique. Secret information is shared among all the shareholders, any one member cannot reveal any partial information until he/she gets access to all the multiple images and decryption, and hiding keys and algorithm to retrieve them. In [12] multi-image secret sharing scheme, partial secret information can be revealed from n − 1 or fewer shared images [57].

• Proposed technique provides authentication of data. Even if there is any manipulation of data over insecure network, message digest of received data would not match the message digest created at sending time. Techniques [48, 55, 57] do not provide authentication of data.

• Most of the earlier developed techniques provide steganography [13, 48, 56] for image data. The schemes [4, 4, 14] provide security through cryptographic approach only. The proposed crypto-stego technique provides multi-layer security to large data in multiple images based on cryptographic and steganographic approach.

• The proposed technique uses Rabin cryptosystem for encryption which is considered as hard to break as factoring a number. Further bit operations for encryption in cryptographical part is O((logN)²), where N is public key for encryption and logN represents minimum length of its bitwise representation. In this approach, the cryptographical part is fast as the algorithm used is simple and has low complexity.

• It is chosen ciphertext attack secure as it does not require delivery of any information at receiver’s side. Also, there is no need to pass any known string of bits in data itself as it makes data prone to give some information regarding key on attack. Further, no need for any semantic analysis to identify the correct root. But earlier techniques [9, 20, 39], required delivery of information at receivers side or semantic analysis of root to retrieve the correct root. Thus, these techniques were vulnerable to chosen plaintext attack and chosen ciphertext attack.

• Proposed technique produces high quality image as data is hidden edges of cover images adaptively. Crypto-stego images produced are highly imperceptible.

The Tables 5, 6 and 7 show the comparison of the proposed approach with [49] and [6] respective to various images in Fig. 20 on quantitative measures like PSNR, SSIM, effect of different data sizes on PSNR. Results are obtained on average values of shadow images produced for (3,3) secret sharing. It is observed that proposed approach outperforms other state of the art techniques.

Table 5 Comparison of PSNR Values

Table 6 Comparison of SSIM Values

Table 7 Effect of data size on a sample image (Monarch: Fig. 20d) on PSNR values

Fig. 20

Figures used for comparison a Tank b Truck c Zelda d Monarch

Table 8 shows comparison of the proposed techniques with its competitors on various parameters. Researchers have used different approaches to achieve secret sharing as shown in the table. It shows how the respective schemes work for different parameters. The column Technique used document the techniques used for secret sharing (SS). The column Meaningful shares depicts whether the secret shares are represented as meaningful images. The column Authentication depicts whether a scheme supports authentication. The column PSNR depicts imperceptibility level. The column Secure provides information about security level (leakage if any, immunity to attacks like RS steganalysis) and applicability. Finally, the column sensitivity indicates level of robustness to identify minor modifications. It may be observed that the proposed technique passes all the requirements of meaningful shares, authentication, high PSNR, applicability to various forms of data like audio, video, and images, infeasibility of recovery from partial shares, resistant to RS detection and high sensitivity.

Table 8 Comparison of the proposed crypto-stego system with relevant papers

6 Conclusion

The proposed (n,n) secret sharing scheme secures secret information in the form of text, image, audio, or video as shares hidden in multiple images. The secret information cannot be revealed even if the shares are compromised. Sensitive information is encrypted using Rabin cryptosystem and scrambled. Cipher message is hidden in multiple images using minimal and distribution sequence keys. The proposed technique ensures uniform distribution of secret information across multiple shares. Using the evaluation metrics PSNR, MSE, SSIM, and entropy, we have demonstrated a high level of imperceptibility achieved using the proposed technique. It has been successfully demonstrated that the proposed technique can withstand known plaintext and chosen ciphertext attacks. Sensitivity analysis reveals that even a minor variation in a single share makes the recovery of the secret message infeasible. Comparison with the state of the art techniques indicates that the proposed technique either scores over its competitors or performs equally well in terms of the standard evaluation metrics.