Meaningful Secret Image Sharing Scheme with High Visual Quality Based on Natural Steganography

Abstract

The $(k,n)$-threshold Secret Image Sharing scheme (SISS) is a solution to image protection. However, the shadow images generated by traditional SISS are noise-like, easily arousing deep suspicions, so that it is significant to generate meaningful shadow images. One solution is to embed the shadow images into meaningful natural images and visual quality should be considered first. Limited by embedding rate, the existing schemes have made concessions in size and visual quality of shadow images, and few of them take the ability of anti-steganalysis into consideration. In this paper, a meaningful SISS that is based on Natural Steganography (MSISS-NS) is proposed. The secret image is firstly divided into n small-sized shadow images with Chinese Reminder Theorem, which are then embedded into RAW images to simulate the images with higher $ISO$ parameters with NS. In MSISS-NS, the visual quality of shadow images is improved significantly. Additionally, as the payload of cover images with NS is larger than the size of small-sized shadow images, the scheme performs well not only in visual camouflage, but also in other aspects, like lossless recovery, no pixel expansion, and resisting steganalysis.

1. Introduction

1.1. Secret Image Sharing

Nowadays, the acquisition and transmission of information exist in all aspects and all the time, so that information protection is increasingly important. In order to perform well in this field, various methods are used for this purpose, such as cryptography, steganography, secret sharing, and so on. Among these methods, secret sharing scheme (SSS) has attracted a lot of attentions. The $(k,n)$-threshold SSS is a method that secret information is divided into n portions, called shares or shadows. Only k or more than k portions are accessed that the secret can be reconstructed correctly, and there will be no information leakage without sufficient shares.

Based on the characteristics of SSS, it has the advantages of unconditional security, loss tolerance, access control, and so on. Moreover, secret image sharing scheme (SISS) can also be applied to improvement of the security levels by exploiting the images and in general content retrieval based on user preferences [1].

Since Shamir [2] firstly proposed SSS in 1979, many researchers have paid lots of attentions to this aspect. Additionally, SSS also has different research directions according to techniques used. With the development of technology, other secret sharing schemes, including SSS based on polynomial (PSSS) [3], SSS based on Chinese Reminder Theorem (CRT-SSS) [4], visual cryptography or visual secret sharing (VC or VSS) [5], SSS based on boolean operation [6], have been proposed. Among these schemes, CRT-SSS has attracted the interests of researchers.

CRT is a method of solving a group of congruences in ancient China. Mignotte [7], Asmuth and Bloom [8] proposed a SSS based on CRT in 1982. When compared with P-SSS, this scheme has moderate computational complexity and lossless recovery. Yan et al. [9] and Li et al. [10] introduced CRT to $(k,n)$-threshold secret image sharing scheme, which has the advantages of lossless recovery and high decryption efficiency. However, the value of n is generally limited to six because it is necessary to select the $p,m_1,\dots ,m_n$ that meets the requirements and only several thresholds can be implemented. The shadow images of these schemes are the same size as the secret images. Chen et al. [11] exhibited a SISS based on CRT with small-sized shadow images by adding random bits to binary representations of random parameters in CRT. This scheme can not only make the shadow images flexible, but also has no leakage of secret information. In this paper, Chen et al.’s scheme will be employed to generate the small-sized shadow images.

1.2. Meaningful Secret Image Sharing Schemes

In the traditional SISS, the shares are noise-like, which is useful to avoid information leakage. However, on the one hand, noise-like shares are easily suspected by attackers, which may be destroyed or intercepted during transmission process. On the other hand, shares and public values need to correspond one-by-one in recovery process and noise-like ones will lead to problems in the management of shares. All in all, it is necessary that the shares seems the same as meaningful images without any additional information and it is our initial purpose.

Meaningful secret image sharing scheme (MSISS), also called extended secret image sharing scheme (ESISS) in some articles, is a kind of SISS that the generated shadow images are with natural meaning. This concept was first proposed by Ateniese et al. [12]. To achieve this purpose, two solutions have been proposed, SISS with coverless images [13] and SISS with cover images.

“Coverless” does not mean that no cover is needed, but directly driven by secret information to “generate” or “acquire” the stego images. Coverless SISS is to focus more on the secret sharing principle itself. With this thinking mind, the sharing sequences similar to the pixel value of the cover images are generated under the constraint of the secret pixel value and the corresponding pixel value of cover images, which makes the shadow image have the comprehensible property. For example, Yan et al. [14] gave a general secret scheme that shadow images can be understood by using the characteristics of random elements, which included the meaningful secret sharing scheme based on polynomial, $(2,n)$-threshold random grids, and CRT. In the sharing process, appropriate screening operations were added to make the pixels in each grayscale shadow images as close as possible to the cover images. This kind of MSISS may take plenty time to filter the qualified sharing values, the embedding rate is relatively low and the quality of results is not always satisfactory. These lead to a certain distance from the practical application of this aspect.

Another solution is SISS with cover images, embedding the noise shadow images into meaningful cover images by steganography, which is not constrained by the sharing principle and all kinds of SS schemes can be exploited. Lin et al. [15] introduced a $(k,n)$-threshold SSS with authentication function, which divided the image into n shadow images, hid the shadow images into the corresponding camouflage images of n participants, and then embedded watermarking into stego images. Li et al. [16] proposed a SISS with authentication. The secret image is shared based on PSNR estimation and then hidden in ordinary cover images, so as to be transmitted securely with the meaningful images. The new scheme optimized the visual quality and the size of the stego images in some degree. In 2014, Yuan et al. [17] introduced a SISS with multi-cover adaptive steganography. While the two above schemes exist pixel expansion. The shadow images are almost four times larger than secret image in [16]. The secret image in [17] is two-tone or four-tone image, and shadow images are grayscale. Derya [18] showed up a meaningful secret image sharing method based on Arabic letters. In the proposed method, secret shares were embedded into R, G, and B channels, respectively, and Arabic letters were used for camouflage. Cheng et al. [19] applied the Absolute Moment Block Truncation Coding (AMBTC) to compress transmission bit rate. In 2017, He et al. [20] put forward an image sharing scheme based on steganography with the use of LOCO-I compression to reduce the size and statistical correlations between neighboring pixels. In recent years, more methods about MSISS based on VSS have appeared. Chiu et al. [21] put forward a $(2,n)$ progressive VSS with meaningful shares. Besides, Maurya et al. [22] mainly focused on medical image security through EVSS and the sharing and recovering process were lossless and had less complexity. These two methods above are limited by the threshold.

All of the above schemes focus on getting meaningful shadow images. However, there are still several problems. Many schemes are based on VSS and it is not easy to reconstruct secret losslessly and the visual quality needs to be improved. What is more, due to the embedding rate of steganography, the designers have to reduce the size of shadow images, which may be not able to achieve unconditional security. At the same time, the stego images are often several times larger than original secret images in order to achieve high visual quality, leading to large pixel expansion. Besides, steganalysis can be adopted to distinguish the stego images embedded into shadow images by LSB or other information hiding technologies easily and, thus, new steganography should be considered.

1.3. Motivations

To summarize, the existing MSISS remains several aspects to be improved. Firstly, the frequently-used VSS in MSISS may lead to the loss of recovered results and in some specific areas, like medical or military, lossless recovery is indispensable. Additionally, then it is better that the stego images are the same size as secret image so that unnecessary storage space and transmission bandwidth can be reduced. Last but not least, as a MSISS, the visual quality of shadow images is the most significant factor in measuring the scheme and visual quality. The higher the visual quality, the better the scheme is, so that the concealment and security of shadow image can be enhanced.

In addition, in the era of big data, the Internet is full of information, so it is hard to distinguish the true from the false [23]. Although MSISS seems like natural images, there are still differences with those images. The identification and supervision of network media content makes the hidden information more easily discovered. Therefore, MSISS should be able to resist similar attacks as much as possible, such as steganalysis, etc.

1.4. The Proposed Method

In this paper, a meaningful SISS based on Natural Steganography (MSISS-NS) is proposed. This scheme combines SSS and steganography in order to improve the visual quality of shadow images. The cover images of MSISS-NS are RAW images, which contain data processed from an image sensor of a digital camera or scanner. They are so named, because they have not been processed, printed, or used for editing. Therefore, RAW images will record the detail data, such as the exposure time, white balance, $ISO$ sensitivity, and others about taking pictures. In other words, all relevant information is stored in RAW images without loss or with slight loss.

In a nutshell, MSIS-NS utilizes CRTSIS-SSI [11] (the details will be introduced in Section 2.1) to generate small-sized shadow images that will be embedded into the RAW images to imitate the higher $ISO$ ones by Natural Steganography (NS will be explained in Section 2.2). The payload of the cover images with NS is high enough to embed the shadow images without other extra encoding or compressing operations. Additionally, the shadow images are meaningful and have no pixel expansion. Besides, no previous work has ever reported its capability to resist steganalysis except [17]. Our scheme performs well in resisting steganalysis through experiments.

The arrangement of this article is as follows. Section 2 introduces the preliminaries crucial to understand the scheme. Section 3 presents the detail sharing and recovering algorithm of MSISS-NS. In Section 4, the experimental results and summaries about the scheme are illustrated. Additionally, Section 5 focuses on the conclusion of MSISS-NS and future work.

2. Preliminaries

For better understanding the method proposed, some background knowledge is introduced in this section, including some notations of symbols and the classifier this paper used.

2.1. Chinese Remainder Theorem-Based Secret Image Sharing with Small-Sized Shadow Images

Even for the most advanced steganography scheme, it cannot embed a secret image with the same size to the cover image. Chinese Remainder Theorem-Based Secret Image Sharing with Small-Sized Shadow Images (abbreviated as CRTSIS-SSI [11]) realized sharing a secret image losslessly incorporating the advantages of small-sized shadow images, no auxiliary encryption, and low computation complexity [9].

To share a secret image S with the size of $W\times H$, there are always two processes, named the sharing process and the recovery process. The sharing process of CRTSIS-SSI is carried, as follows:

Step 1: set the initial parameters $(k,n)$ threshold, and a set of integers $m_1,m_2,\cdots ,m_n$ subject to:

• $128\le p<m_1<m_2\cdots <m_n\le 256$.
• $gcd\left(m_i,m_j\right)=1,i\ne j$.
• $gcd\left(m_i,p\right)=1$ for $i=1,2,\cdots ,n$.
• $M>pN.$

Here, p is usually fixed at 128 or 131 [9].

Step 2: Compute $M,N,T$ according to the above parameters and the following formulas.

• $M={\prod }_{i=1}^k{m}_i$.
• $N={\prod }_{i=1}^{k-1}{m}_{n-i+1}$.
• $T=\left[\frac{⌊\frac{M}{p}-1⌋-⌈\frac{N}{p}⌉}{2}+⌈\frac{N}{p}⌉\right]$.

$p,N$, and T are public among all the participants. $m_1,m_2,\cdots ,m_n$ are the privacy modular integers corresponding to the shadow images $SS{C}_1,SS{C}_2,\cdots ,SS{C}_n$ held by each participant.

Step 3: binarize the secret image S to a string of binary data D. Divide D into blocks of size $8k-1-r$, where $r\in \left[1,7\right]$.

Step 4: for each block, the first 8 bits are transformed to a decimal number x, and the next $8(k-1)-1-r$ bits of D plus r random bits totally $8(k-1)-1$ to express a decimal integer $A^{*}$. Subsequently, if $0\le x<p$, $A=A^{*}+(T+1),y=x+Ap$; otherwise, $A=A^{*}+⌈\frac{N}{p}⌉,y=x-p+Ap$.

Step 5: for each block, compute $a_i\equiv y\left(mod{m}_i\right)$ and let $SS{C}_i=a_i$ for $i=1,2,\cdots ,n$. $SS{C}_i$ represents the pixel value of the $ith$ shadow corresponding to the same block.

Through the sharing process, the secret image S is divided into n shadow images, and any k ones of them can reconstruct S. Subsequently, the recovery process is described below:

Step 1: collect k shadow images $SS{C}_{i_1},SS{C}_{i_2},\cdots SS{C}_{i_k}$ with size of $L\times F$, corresponding privacy modular integers $m_{i_1},m_{i_2},\cdots m_{i_k}$, and public parameters $p,T,N,r$.

Step 2: for $(l,f)\in \left\{\right(l,f\left)\right|1\le l\le L,1\le f\le F\}$, let $a_{i_j}=SS{C}_{i_j}(l,f)$ for $j=1,2,\cdots ,k$. Get the unique solution y, which is part of the original secret image S by solving the following linear equations.

$$\begin{gathered} \mathrm{y}\equiv a_{i_1}\left(mod{m}_{i_1}\right). \\ \mathrm{y}\equiv a_{i_2}\left(mod{m}_{i_2}\right). \\ \cdots \\ \mathrm{y}\equiv a_{i_k}\left(mod{m}_{i_k}\right). \end{gathered}$$

Repeat Step 2 until all of the pixels in shadow images have been solved.

Step 3: compute $T^{*}=⌊\frac{y}{p}⌋$. If $T^{*}\ge T$, let $x\equiv y\left(modp\right)$, $A^{*}=\frac{y-x}{p}-(T+1)$. Else, let $x=y\left(modp\right)+p$, $A^{*}=\frac{y-x}{p}-⌈\frac{N}{p}⌉$. Binarize x and A, then, 8 bits of x and $8(k-1)-1-r$ ($r\in \left[1,7\right]$) bits of A are added in sequence to a binary string $D^{\prime }$, which is empty initially.

Step 4: convert the binary data $D^{\prime }$ per 8 bits to a string of decimal numbers. Shape and output the recovered secret image $S^{\prime }$.

In CRTSIS-SSI, r random bits are the crucial factors that will affect the security of the shadow images. The reduction of shadow image size in CRTSIS-SSI is $\frac{1}{k-\left(1+r\right)/\phantom{\left(1+r\right)8}8}$. As mentioned above, the range of r is $\left[1,7\right]$. With the increase of r, the security of the scheme CRTSIS-SSI is enhanced. For natural images, $r=2$ performs well, as, for images with lots of consecutive pixels, $r=7$ is adequate. The bigger r is, the larger the size of the shadow images is. It is even the same as the original secret image when k = 2 and r = 7.

2.2. Natural Steganography

Natural Steganography (NS) [24] is a model-based image steganography scheme that relies on simulating the noise naturally exists in the RAW images captured by a monochrome sensor. The concepts are elaborated below.

The scene of NS is first described. As we all know, cover-source mismatch is one of the most serious challenges in steganalysis. It refers to the discrepancy between training and testing images [25]. In the case of NS, it is the possible cover-source mismatch that is used to improve steganographic security. Actually, NS is a kind of side-informed steganography [26] utilizing the precover that is a cover with a higher quality to embed secret messages. The empirical security of steganographic schemes can be improved by embedding in the process of converting the high quality precover to a lower quality image. The RAW image produced straight from the camera sensor is taken as the precover in NS. The procedure of outputing a RAW image from the camera is depicted, as follows.

There are four basic steps in the RAW image generation process. And Figure 1 shows the general procedure of a RAW image.

(1)

Choose the scene to capture, including landscape, portrait, illumination and so on.

(2)

Decide the camera to use. The sensor of the camera may be CCD or CMOS. The mode of the sensor can be color or monochrome.

(3)

Set the acquisitions of the camera, such as $ISO$ sensitivity, exposure time, white balance, etc.

(4)

Develop the original RAW image. Many developing steps can be done before the image output from the camera, containing quantization, downsampling, gamma correction, lossy coding, and so on.

When capturing a scene using a camera with linear sensors, such as CCD or CMOS sensors, the photos will contain fixed noises. Additionally, the amount of noise will increase accompanied by the higher $ISO$. The noise model can be approximated as normally and independently distributed satisfying Equation (1).

$$N\sim \mathcal{N}(0,a{\mu }_{i,j}+b)$$

(1)

N is the global sensor noise of the image captured at a given $ISO$ setting. $\mathcal{N}$ represents the normal and independent distribution. Parameters $(a,b)$ are obtained by the protocol proposed in [27] to estimate the noise model. ${\mu }_{i,j}$ is the expectation of the photo-site at location $(i,j)$. Consequently, the pixel value $x_{i,j}$ is given by Equation (2):

$$x_{i,j}={\mu }_{i,j}+n_{i,j}$$

(2)

where $n_{i,j}$ is the sensor noise at position $(i,j)$ and $X\sim \mathcal{N}({\mu }_{i,j},a{\mu }_{i,j}+b)$.

For a given scene and a given camera, two images are captured at $IS{O}_2>IS{O}_1$. All of the other acquisition parameters remain the same, including focus, white balance, and aperture, except the exposure time. According to Equations (1) and (2), for $IS{O}_1$ the pixel value at position $i,j$ and the sensor noise is

$$x_{i,j}^{\left(1\right)}={\mu }_{i,j}+n_{i,j}^{\left(1\right)}{N}^{\left(1\right)}\sim \mathcal{N}(0,a_1{\mu }_{i,j}+b_1)$$

(3)

For $IS{O}_2$, the equivalents are:

$$x_{i,j}^{\left(2\right)}={\mu }_{i,j}+n_{i,j}^{\left(2\right)}{N}^{\left(2\right)}\sim \mathcal{N}(0,a_2{\mu }_{i,j}+b_2)$$

(4)

Because the sum of two normally and independently distributed signals is also normal, it gains that:

$$S=N^{\left(2\right)}-N^{\left(1\right)}\sim \mathcal{N}(0,(a_2-a_1){\mu }_{i,j}+b_2-b_1)$$

(5)

Thus, the relational expression of $x_{i,j}^{\left(1\right)}$ and $x_{i,j}^{\left(2\right)}$ is deduced as:

$$x_{i,j}^{\left(2\right)}={\mu }_{i,j}+n_{i,j}^{\left(2\right)}={\mu }_{i,j}+n_{i,j}^{\left(1\right)}+s_{i,j}=x_{i,j}^{\left(1\right)}+s_{i,j}$$

(6)

Subsequently, the model-based steganography scheme of NS is built on Equation (6). The secret messages are converted to mimic the noise signal $s_{i,j}$ and added on the pixel value of the image captured at $IS{O}_1$. Hence, the generated stego image is similar to the image captured at $IS{O}_2$. It is also named to be Cover-Source Switching [24]. The model of NS is shown as Equation (6), and steganography is based on Syndrome-Trellis Codes (STC) [28]. Meanwhile, this scheme can enhance the difficulty in dealing with cover-source mismatch and improve the safety of steganography further.

3. The Proposed Meaningful Secret Image Sharing Based on Natural Steganography

In this section, the proposed meaningful secret image sharing scheme based on Natural Steganography (abbreviated as MSISS-NS) is demonstrated. Section 3.1 displays the model of the scheme. Section 3.2 describes the detail algorithms of the sharing and recovery processes. In Section 3.3, we will discuss the remarkable tips and relevant questions regarding MSISS-NS.

3.1. The Proposed Model

The proposed model is a combination of SISS and steganography. The SISS adopted is CRTSIS-SSI, which incorporates the advantages of small-sized shadow images, lossless recovery, low computation complexity, and ($k,n$) threshold. The steganography scheme is based on NS with the priorities of large payload and excellent anti-steganalysis ability.

The proposed scheme MSISS-NS can be separated to two parts, including the sharing and recovery process. The flow of the model is described, as follows.

3.1.1. Sharing Process

The sharing model of MSISS-NS is shown in Figure 2.

The sharing process can be roughly divided into two steps. The first step is to share the secret image S into several small-sized shadow images $SSC$ using CRTSIS-SSI. The second step is to embed the shadow image $SS{C}_i$ into a cover image $C_l$, which is chosen from the database of the cover images C separately by using STC. Consequently, the generated images are called the meaningful shadow images $MSC$ similar to the covers. It is noteworthy that the small-sized shadow images produced in step 1 can be embedded directly without additional operations, such as encryption or compression. And there are no strict restrictions on the content of the cover images even an image that looks blank. All in all, the wide selection range of cover images avoids the detection of steganalysis to some extent. Although the cover images are not limited by the content, it is better to select meaningful images in order to avoid suspicion from stego cover images and it is also the initial purpose of MSISS-NS.

3.1.2. Recovery Process

The sharing model of MSISS-NS is shown in Figure 3.

The reconstruction of the secret image is an inverse procedure of the sharing process. Accounting for the proposed scheme with the threshold $(k,n)$, any k of the meaningful shadow images $MS{C}_1,MS{C}_2,\cdots MS{C}_k$ can recover the secret image. First, the k recovered small-sized shadow images $SS{C}_1^{\prime },SS{C}_2^{\prime },\cdots SS{C}_k^{\prime }$ are extracted from $MS{C}_1,MS{C}_2,\cdots MS{C}_k$. Second, the recovered secret image $S^{\prime }$ are reconstructed from $SS{C}_1^{\prime },SS{C}_2^{\prime },\cdots SS{C}_k^{\prime }$ while using CRTSIS-SSI.

3.2. Algorithms

The details of sharing and recovery algorithms are described in the following sections of this part. The steps, formulas, and symbols are all included in the Algorithms 1 and 2.

When $MS{C}_l(1\le l\le n)$ are generated through Algorithm 1, they will be distributed to n participants and $MS{C}_l$ are transmitted by various paths and means as general RAW images.

3.3. Discussions

For the two algorithms, there are several tips that need to be remarked.

• The threshold of MSISS-NS is limited by CRTSIS-SSI, and more details can be referred to [11]
• The embedding rate of NS is larger than other steganography method, and there are various options for embedding. The further experiments and results will be displayed in Section 4.
• The secret image is grayscale image, its file name extension is ‘.bmp’, and the shadow images are also grayscale with ‘.pgm’ as extension. For the same size image, the spaces occupied by the two images are almost the same. For example, when the image is $(512\times 512)$, the ‘.bmp’ image is 257 kb and ‘.pgm’ image is 256 kb.
• In Step 2 of Algorithm 1, the choice of r and k is related to the size of shadow images, which is also restricted by the embedding rate of cover images.
• The embedding method NS comes from [24], but, in Algorithm 1 Step 4, the cost function ${\rho }_{ij}\left(q\right)$ has been changed, which leads to different embedding rate and detectability results.
• STC is utilized in NS, it approaches the theoretical limit of coding and more details are described in [28].
• In practical operation, it is a challenging issue to capture two images differing only in $ISO$.

Algorithm 1 The sharing process of $(k,n)$ threshold meaningful secret image sharing scheme based on Natural Steganography

Input: 1. The secret image S with the size of W$\times$H. 2. The set of cover images C with each size of W$\times$H. Output: 1. n meaningful shadow images $MS{C}_1,MS{C}_2,\cdots MS{C}_n$ with corresponding privacy modular integers $m_1,m_2,\cdots m_n$. Step 1: set the initial parameters $(k,n)$ threshold, a set of integers $\left\{128\le p<m_1<m_2\cdots <m_n\le 255\right\}$, and the number of random bits r. Step 2: share the secret image S using CRTSIS-SSI. Get the small-sized shadow $SS{C}_l(1\le l\le n)$ images whose size is $\frac{1}{k-(1+r)/8}$ of S with corresponding privacy modular integers $m_1,m_2,\cdots m_n$. The parameters $p,N,r$, and T produced in the sharing process are all public among all the participants. Step 3: set the initial parameters $a,b$ and $IS{O}_1$ of the cover images. Compute the modifications probabilities $p_{ij}\left(q\right),(1\le i\le W,1\le j\le H,1\le q\le Q)$ of each pixel in the cover image for a Q-array embedding. Meanwhile, the embedding rate $e{r}_t,t\in C$ of each cover image can be output for further selection on the steganography scheme. Step 4: compute the cost ${\rho }_{ij}\left(q\right)$ on cover image pixels according to ${\rho }_{ij}\left(q\right)$ subject to: $${\rho }_{ij}\left(q\right)=ln\frac{{\rho }_{ij}\left(0\right)}{{\rho }_{ij}\left(q\right)},q\in Q,1\le i\le W,1\le j\le H$$ (7) Step 5: embed the small-sized shadow images $SS{C}_l,(1\le l\le n)$ into the proper cover images $C_l,(1\le l\le n)$ using STC. The shadow images $S{C}_l$ embedded $SS{C}_l$ should satisfy the conditions, as follows: $$Emb(C_l,SS{C}_l)=arg\underset{MS{C}_l}{min}{\rho }_{ij}\left(q\right)$$ (8) If the size of the shadow image $SS{C}_l$ is far less than the payload of the cover image $C_l$, the embedding process can be executed directly. If the size of $SS{C}_l$ is close to the payload of the cover image $C_l$, the small-sized shadow image $SS{C}_l$ should be embedded into the cover $C_l$ together with additional random binary bits, in order to achieve a close approximation of the payload of $C_l$. Step 6: output n meaningful shadow images $MS{C}_1,MS{C}_2,\cdots MS{C}_n$ and their corresponding privacy modular integers $m_1,m_2,\cdots m_n$.

Algorithm 2 The recovery process of $(k,n)$ threshold meaningful secret image sharing scheme based on Natural Steganography

Input: 1. The k meaningful shadow images $MS{C}_1,MS{C}_2,\cdots MS{C}_k$, corresponding privacy modular integers $m_1,m_2,\cdots m_k$ and the number of bits hidden in every layer $b_{tr},0\le t<\lceil \frac{Q}{2}\rceil ,0<r<k$. 2. Public parameters p, T and N. Output: The W × H recovered secret image $S^{\prime }$. Step 1: for k meaningful shadow images $MS{C}_1,MS{C}_2,\cdots MS{C}_k$, repeat Step 2. Step 2: extract the small-sized shadow image $SS{C}_r^{\prime }$ from the meaningful shadow image $MS{C}_r,r=1,2,\cdots ,k$, using the extraction method of STC with the parameters $b_{tr}$. $$Ext\left(MS{C}_l\right)=\mathrm{H}P\left(MS{C}_l\right)$$ (9) where $\mathrm{H}\in {\left\{0,1\right\}}^{m\times n}$ is a parity-check matrix and $P\left(MS{C}_l\right)$ is the function between cover images and stego images. Step 3: reconstruct the secret image $S^{\prime }$ from the k extracted small-sized shadow image $SS{C}_r^{\prime },r=1,2,\cdots ,k$ using CRTSIS-SSI with the public parameters p, T, and N.

What is more, as an image protection method, the efficiency of MSISS-NS should be taken into consideration. As for SSS, one of the efficiency factors is recovery complexity. Additionally, in the recovery process, the cost of time can be divided into two parts, the time of extracting $SS{C_l}^{\prime }$ from k or more than k $MS{C}_l$ and the time of recovering $SS{C_l}^{\prime }$ by CRTSIS-SSI. The complexity of these two parts will be analyzed separately.

The steganographic applications of CRT have been approved that the time and space complexity are $O\left(e\right)$, where e is the number of cover elements [28]. Additionally, the recovery process of CRTSIS-SSI requires only $O\left(k\right)$ operations of modular method based on $(k,n)$–CRTSIS [8,11]. As these two parts are calculated serially and the time and space complexity can be seen as the superposition of two steps and MSISS-NS has linear time and space complexity.

4. Experimental Results and Summaries

In this section, the experimental results and discussions will be introduced in order zto show the effectiveness of our proposed scheme. Firstly, the shadow images and recovered results will be displayed, including the quality of shadow images. Additionally, then, the steganalysis experimental results between cover images and stego images will be exhibited to prove the undetectability and safety of the scheme. The comparisons with other related works will be presented. At last, brief summaries of the experiments will be given.

4.1. Image Illustration

The database used to embed shares comes from [29] called MonoBase and the initial parameter of sensitivity $ISO$ is 1000. The initial parameters of cover images are set: $a=2.5\times {10}^{-5},b=8.0\times {10}^{-7}$.

Figure 4 illustrates the histogram of embedding rate for MonoBase with cover sources switching $ISO$ from 1000 to 1250 and $E\left[E_r\right]=1.30$ pbb. The embedding rate in [24] under the same condition is $E\left[E_r\right]=1.24$ pbb. When xonsidering the size of shadow images, it can be inferred that the payload of cover images is more than the shadow images and the small-sized shadow images need no extra encoding or compressing operations to guarantee the safety.

In Figure 5, the sharing results of $(2,4)$-threshold MSISS-NS are presented. Figure 5a is the secret image with size $(512\times 512)$. Figure 5b–e represent the shadow images after CRTSIS-SSI where $r=2,p=131$ and the size of (b)–(e) is $\frac{5}{13}$ of (a). Figure 5f–i exhibits the meaningful shadow images embedded (b)–(e) with size $(512\times 512)$ and Figure 5j is the recovered image without loss. The cover images are RAW images with 1000 $ISO$ and the corresponding stego images $MSC$ are generated by imitating ones with 1250 $ISO$.

As for the recovering process of MSISS-NS, the shadow images $SS{C}_i$ are extracted from $MS{C}_i$ and the recovery image is lossless.

Here, the quality of the shadow images is evaluated by peak signal to noise ratio ($PSNR$) and structural similarity ($SSIM$) to demonstrate the camouflage effect of the secret image. PSNR is defined as Equation (10).

$$PSNR=10{log}_{10}\left(\frac{{MA{X}_S}^2}{MSE}\right)dB$$

(10)

where

$$MSE=\frac{1}{W\times H}\sum _{i=1}^W\sum _{j=1}^H{\left[S^{\prime }\left(i,j\right)-S\left(i,j\right)\right]}^2$$

(11)

SSIM is defined as Equation (12).

$$SSIM(x,y)={\left[l(x,y)\right]}^{\alpha }·{\left[c(x,y)\right]}^{\beta }·{\left[s(x,y)\right]}^{\gamma }$$

(12)

where

$$\begin{array}{c}l(x,y)=\frac{2{\mu }_x{\mu }_y+C_1}{{{\mu }_x}^2{{\mu }_y}^2+C_1}\hfill \\ c(x,y)=\frac{2{\sigma }_x{\sigma }_y+C_2}{{{\sigma }_x}^2{{\sigma }_y}^2+C_2}\hfill \\ s(x,y)=\frac{2{\sigma }_{xy}+C_3}{{\sigma }_x{\sigma }_y+C_3}\hfill \end{array}$$

(13)

In

Table 1. The visual quality of the sharing images in Figure 5.

	Compared with Cover Images with 1000 $\mathit{ISO}$		Compared with Cover Images with 1250 $\mathit{ISO}$
	PSNR	SSIM	SPNR	SSIM
$MS{C}_1$	71.75	0.9999	27.79	0.9995
$MS{C}_2$	79.93	0.9999	30.79	0.9989
$MS{C}_3$	76.75	0.9999	45.94	0.9999
$MS{C}_4$	78.66	0.9999	39.50	0.9977
Means	76.77	0.9999	36.01	0.9990

, the visual quality of sharing images in Figure 5 is illustrated. Although NS is adopted to simulate the images with higher $ISO$, the high embedding rate of cover images leads to the similarity to cover images with 1000 $ISO$.

Several examples cannot absolutely show off the feasibility of MSIS-NS and more experiments are expected. [24] provides the cover images database MonoBase, including 10,320 images captured at 1000 $ISO$. However, some of these can be embedded successfully and the intersection of all methods is 9933, in other words, 96.25% RAW images provided can be adopted to contain secret information $SSC$. The visual quality of all meaningful shadow images is presented in

Table 2. The visual quality of the sharing images in MonoBase.

	Compared with Cover Images with 1000 $\mathit{ISO}$		Compared with Cover Images with 1250 $\mathit{ISO}$
	PSNR	SSIM	SPNR	SSIM
Means	78.0787	0.9999	38.4145	0.9952

. It turned out that the stego images are quite similar to cover images with 1000 $ISO$.

4.2. Anti-Steganalysis Experiments

The sharing and recovering processes are displayed in Section 4.1, which just exhibits the visual quality of the sharing images. As the shadow images are hidden into the MonoBase, it is necessary and significant for steganalysis, while seldom previous work paid attention to that.

The spatial rich model (SRM) [30] is recognized as the most successful spatial steganalysis algorithm in the traditional steganalysis field because of its superior feature extraction method. It should be noted that the SRM feature sets combined with the Ensemble Classifier [31] (EC) are adopted for the following experiments. The performance of schemes is evaluated by detection error $P_E$, which is defined in Equation (14).

$$P_E\stackrel{\Delta }{=}\underset{P_{FA}}{min}\frac{1}{2}\left(P_{FA}+P_{MD}\right)$$

(14)

Table 3. The undetectability results between cover images with NS and MSISS-NS.

		Stego-NS	Stego-MSISS
$P_E$	Cover-1250	44.33%	30.23%
	Cover-1000	23.50%	45.12%

displays the undetectability results of MSISS-NS and NS. There are two databases of cover images, consisting of 9933 RAW images captured at 1250 $ISO$(Cover-1250) and 9933 RAW images captured at 1000 $ISO$(Cover-1000). The database of stego images with MSISS-NS (denoted by Stego-MSISS) involves the 9933 RAW images that have been embedded with $SSC$ to simulate the ones with 1250 $ISO$. The stego images embedded with shadow imagesby NS (denoted by Stego–NS) will be compared with Stego–MSISST to confirm the effect of MSISS-NS. From the results, $P_E$ between Stego-MSISS and Cover-1250 is lower than that of Stego-NS and the value of $P_E$ is higher between Stego–MSISS and Cover-1000, which means that Stego–MSISS is more similar to Cover-1000 than Cover-1250. Although NS is adopted in the scheme to simulate higher $ISO$ images, the payload is sufficient to embed shadows so that stego images cannot be distinguished from Cover-1000 easily. And the more information is hidden into the cover images, the more resemble the stego images are to Cover-1250.

From above experiments, the cover images can be embedded with more information, how to deal with the redundant space also remains to be solved. One method is to attach random bits to the binary data string of shadow images, so that the embedded secret information is close to the maximum payload of each cover images and the stego images will be more alike to Cover-1250; another is to ignore extra space and operate as Stego-MSISS. What is more, pure random binary data strings are generated with the size close to the payload of each cover images and then embedded into covers, which is used to verify whether our shadow image is a random binary string, and whether it will affect the experimental results.

In

Table 4. The comparison of undetectability results between Cover-1250, Cover-1000 with different embedding contents.

		Stego-Add	Stego-Ran
$P_E$	Cover-1250	39.44%	39.57%
	Cover-1000	20.64%	20.44%

, we compare the different results between two cover images databases and the above embedding contents. In this table, Stego-add represents the stego images that the steganography information is attached with random bits; Stego-ran is the stego images where random data is embedded.

The results presented in Table 4 prove that our shadow images, which have no influence on the results, are random, and with the increasing of embedded information, the stego images are closer to cover images with higher ISO.

Through above experiments, we have got 6 kinds of databases: the cover images with 1000 $ISO$ (Cover-1000), the cover images with 1250 $ISO$ (Cover-1250), the stego images embedded into information with [24] (Stego-NS), the stego images embedded into secret images directly by MSISS-NS (Stego-MSISS), the stego images embedded into secret images with random bits added by MSIS-NS (Stego-add), the stego images embedded into pure random bits by MSISS-NS (Steo-ran).

In the above Table 3 and Table 4, the steganalysis results between the initial two cover images databases are exhibited. Additionally the steganalysis results among the stego images will be presented in

Table 5. The comparison of undetectability possibility results between Stego-NS and other stego images with different embedding contents.

Stego-NS	Stego-MSISS	Stego-Add	Stego-Ran
$P_E$	27.7%	44.84%	43.97%

,

Table 6. The comparison of undetectability possibility results between Stego-MSISS with other embedding contents.

Stego-MSISS	Stego-Add	Stego-Ran
$P_E$	24.46%	24.33%

and

Table 7. The comparison of undetectability possibility results between embedding contents.

Stego-Add	Stego-Ran
$P_E$	50.01%

.

The above steganalysis results can be more intuitively observed in the Figure 6. The higher the bar is, the higher the undetectability possibility is, and the more similar the stego images are to the cover images. When the bar is near or even higher than the dotted line, it is considered that the stego images can hardly be separated from the cover images. Consequently, Stego-MSISS cannot be distinguished from cover images Cover-1000 and the remaining images are more similar to each other.

4.3. Comparison with Other Works

In Section 1.2, several MSISS have been illustrated and MSISS-NS will be compared with them.

Table 8. The comparison on characteristics among different schemes.

Methods	Threshold	Secret Images	Shadow Images	Lossless Recovery	Pixel Expansion	Anti-Steganalysis
Li [16]	$(k,n)$	Grayscale	Grayscale	Yes	Yes	Not referred
Yuan [17]	$(n,n)$	Two-tone or four-tone image	Grayscale	Yes	Yes	Yes
He [20]	$(k,n)$	Grayscale	Grayscale	Yes	Yes	Not referred
Cheng [19]	$(n,n)$	Grayscale	Grayscale	No	No	Not referred
Chiu [21]	$(2,n)$	Binary Image	Binary Image	Progressive	No	Not referred
Maurya [22]	$(3,3)$	Grayscale	Grayscale or color images	Yes	Yes	Not referred
Our Method	$(k,n)$	Grayscale	Grayscale	Yes	No	Yes

shows the comparison on characteristics among MSISS-NS and others works. Threshold, type of cover images and stego images, lossless recovery, pixel expansion, and steganalysis resistance will all be considered.

Additionally, in

Table 9. The comparison on visual quality among different schemes.

Method	MPSNR (dB)	MSSIM
Li [16]	41.52	0.99
Yuan [17]	51.25	0.99
He [20]	54.01	0.99
Cheng [19]	42.44	0.98
Chiu [21]	12.84	0.19
Maurya [22]	43.42	0.29
Our Method	78.07	0.99

, the visual quality of related schemes will be measured by the means of PSNR and SSIM (MPSNR and MSSIM).

From the comparison results in Table 8 and Table 9, we can conclude that our MSISS-NS scheme not only performs better in the visual quality than other methods, but also makes a good balance in lossless recovery and pixel expansion.

4.4. Summaries

Moreover, according to the above results, several points can be summarized and explained, as follows.

(1)

The shadow images generated in sharing process by CRTSIS-SSI are random and safe and the detail inference and proof can be accessed in [11].

(2)

The shadow images generated by our MSISS-NS are understandable and the visual quality of sharing images is quite better than other similar schemes.

(3)

The capability of cover images, which is larger than that in [24], is actually enough to contain the generated small-sized shadow images. Thus no pixel expansion will occur.

(4)

Through the experiments above, two kinds of stego images are generated: Stego-MSISS, more similar to Cover-1000; and Stego-add, more similar to Cover-1250. According to the steganalysis results, Stego-MSISS compared with Stego-NS is more similar to Cover-1000. In the two pairs it is difficult to distinguish with each other. It may be because that the payload of NS with STC is really sufficient, and it is difficult to steganalyze the little change.

(5)

Nowadays, one of the serious challenges of steganalysis is mismatching. When we put four kinds of images, Cover-1000, Cover-1250, Stego-MSIS and Stegoadd, on the Internet at the same time, it will lead to a more serious mismatch problem and better confuse the judgment of steganalyzers to achieve the purpose of covert communication better.

5. Conclusions

In this paper, a $(k,n)$-threshold meaningful secret image sharing scheme that is based on Natural Steganography (MSISS-NS) is proposed. The scheme divides the secret image into n small-sized shadow images, which will be embedded into RAW images to simulate the ones with higher $ISO$ parameters by STC. Additionally the computation complexity of MSISS-NS is approximately linear increasing. From the experimental results, the visual quality of the scheme is better than other methods. Besides, in the secret sharing process of MSISS-NS, the payload of NS is larger than the size of generated shadow images and as a result, which makes it possible for new embedding mode by adding random bits. When the two stego images and cover images can be accessed together, it will arouse mismatching problem to confuse steganalysis.

In addition, there are still some problems worthy for further study and discussion. There are other types of pictures besides RAW images and whether MSISS-NS can be extended to other types of images, e.g., JPEG images, is of great significance in practical application.