Distributed data hiding in a single cloud storage environment

Distributed steganography is an approach to concealing the secret in several files, leaving fewer traces than the classical approach. Recent work proposed by Moyou and Ndoumdan have improved this approach by preserving the integrity of these files in a multi-cloud storage environment. However, the approach requires a large size of the stego-key and the management of several cloud storage environments. Our contribution consists is to improve this approach by using a single cloud storage environment and reducing the size of the stego-key. In this work, a single cloud storage environment is used to solve the problems of managing several credentials, monetary costs and data controls associated with multi-cloud storage environments. The comparisons showed interesting results with simpler operations to be performed by the participants during the process.

The protection of information has know a growing expansion over time, with the multiplicity of intrusions and thefts of information by the entities and institutions [1, 2]. Thus, many security techniques have been set up to counter these attacks[3]. Two main techniques are associated: Cryptography and steganography. Cryptography aims to make an information unintelligible by transformation [4], while steganography seeks to conceal an information in an inconspicuous way[5]. Steganography is mainly used in secret communications through an unsecured communication channel and a cover media. The most commonly used cover media are texts, images, sounds and videos[6–9].

When the scheme uses several cover media for the embedding of the secret, the approach is called distributed steganography[10]. In this approach, the secret is split into several shares that are then embedded into multiple carrier files. The main interest being to make the detection of the entire secret message extremely difficult. The embedding strategies used are based on the modification of each carrier file. However, these modifications can reveal the presence of a secret, through methods of steganalysis[11]. The carrier files of the secret are generally stored in a cloud storage environment for integrity and confidentiality requirements after embedding of the secret[12].

Moyou and Ndoundam[13] have proposed a new paradigm of steganography transparent to any attacker and resistant to the detection and extraction of the secret. The secret was distributed in a multi-cloud storage environment through several file extensions, and the use of a multi-cloud storage environment allowed to mask the presence of a communication channel between the communicating parties. The different files used were considered as a pointer to the secret data and constituted elements of the stego-key. Thus the proposed approach considered: the management of several cloud storage environments, a large size of the stego-key due to different lists of files and different credentials in the cloud accounts.

In this paper, our contribution consists is to propose a new distributed data hiding scheme in a single cloud storage environment, that improves the work done by Moyou and Ndoundam[13]. The goal is to avoid the management problems of multi-cloud storage environments and to reduce the large size of the stego-key. The technique uses a single cloud storage environment that provides a service of authenticity and confidentiality of files present in the cloud and masks the presence of a communication channel. The files do not undergo any modification during the steganographic process. The contribution of this work is focused on the following points: ∙ Problem management of multi-cloud storage environments using a single cloud storage environment. ∙ Reducing of large size of the stego-key. ∙ Simple operations to be performed by the participants during the embedding and extraction of the secret.

The rest of this paper is organized as follows: “Presentation of distributed models in steganography” section presents related work on distributed steganography models and their limits. “Our contribution” section is devoted to our contribution on a new distributed data hiding scheme in a single cloud storage environment. The experimental results are done in “Experimentation” section and finally “Conclusion” section is devoted to the conclusion.

Distributed steganography

Distributed steganography refers to the distribution of the secret into several parts which are then embedded into several cover media. In this approach, the secret is shared between several independent senders and a single receiver which receives the union of secret inputs in the communication[14]. The most commonly used cover media are images for their large data redundancy. The process requires meticulous modifications of these images, in order to go unnoticed to an unauthorized user in the communication[15]. The success of this approach lies in a good visual imperceptibility and a sufficient amount of payload[16].

Visual imperceptibility lies in the undetectability of a communication, while the payload guarantees a great capacity of secret that can be concealed[17]. Several approaches transit with visual imperceptibility as an indicator of images distortion to avoid detection of a secret message concealed[18, 19]. Others approaches use the distribution of the payload in the images[20, 21]. While hybrid approaches merge the features of several images[22] or combine the texture and payload associated with several images [23]. The interest of these approaches lies in a better resistance of the blind universal pooled steganalysis compared to other existing approaches.

The intervention of several human resources in a distributed steganography process is also applied to secret sharing[24]. In this secret sharing scheme, the secret key is divided into several parts, among a set of participants such that only a subset of these participants can reconstruct the secret key[25]. Thus, the system must define an efficient key sharing strategy between the participants in order to recover the target key. Counting-based secret sharing is presented as this promising approach to secret sharing that generates its sharing using simple specific bit replacement operations. This has several application domains in securing bank sensitive accounts and error tracking, voting systems trust, medical agreements, wills and inheritance authentication management[26]. Several security improvements of the secret key have been proposed, modifying the sharing generation process[27–29]. The generated share thus obtained, improves the security of access to the system[30, 31]. The generated secret keys are generally concealed in texts[32–34] and images[35, 36] using steganographic schemes.

Distributed steganography presents an improvement on classical steganography by concealing the secret in multiple cover media, making detection of the secret extremely difficult. However, modifications made to the cover media present limitations when setting up a process of steganalysis of these media. Indeed, several works in steganalysis on images are able to detect the presence of a secret and extract it. In general, the process is categorized into two types. One is targeted while the other is blind. Targeted steganalysis refers to an attack on a specific secret embedding algorithm[37, 38]. Blind steganalysis refers to an attack on several types of secret embedding algorithms, in which the goal is to classify the original files and stego files[39, 40].

Distributed model of Moyou and Ndoundam

The distributed data hiding model in a multi-cloud storage environment proposed by Moyou and Ndoundam [13], presents a new paradigm of distributed steganography that preserves the integrity of the files carrying the secret. In this model, the secret is distributed in different multimedia files that carry information of the secret message without being modified. The different multimedia files are stored in different cloud environments that mask the presence of a communication channel. The sender conceals the secret in different cloud storage environments, while the receiver retrieves the secret based on the stego-key elements. The integrity of the files being preserved, the model is more robust against steganalysis processes.

Concretely, the secret message is encoded in a specific base. To each value of the encoded secret message is associated a file in a list contained in the stego-key, the associated files carry the information of the value of the encoded secret message without being modified. Then the files are deposited in different cloud storage environments by the sender. Each file thus deposited constitutes a pointer to the encoded secret message. Finally, the two communicating parties having the same lists of files contained in the stego-key. It will be enough for the receiver to retrieve the positions of the different files in the different cloud storage environments based on these lists. Thus, the receiver reconstitutes the encoded secret message and the initial secret message.

In this model, the elements contained in the stego-key are: ∙ Cloud environments c₀,c₁,…,c_n−1. ∙ Authentication for access to each cloud account W_i(user name and password), such that 0≤i≤n−1. ∙ An ordered set of disjoint lists, L⁽⁰⁾,L⁽¹⁾,…,L^(k−1) where each list i contains B files: \(L^{(i)}_{0},L^{(i)}_{1},\ldots,L^{(i)}_{B-1}\), such that i=0,1,…,k−1, each file can take any type of format. ∙ The base B, such that |L⁽⁰⁾|=|L⁽¹⁾|=…=|L^(k−1)|=B and B≥2.

In view of the elements contained in the stego-key, the limits listed in this scheme are based on the large size of the stego-key related to the management of several cloud account credentials and several disjointed lists, the problems of managing several cloud storage environments such that: management of several cloud account credentials, monetary costs associated with cloud storage environments, data controls in different multi-cloud environments[41–43]. The problems listed can result from: a difficulty of data controls by the participants due to the distribution of multimedia files in several cloud environments, high cost for the acquisition of different cloud accounts. So we are motivated to design a steganographic scheme, that reduces the large size of the stego-key and uses a single cloud storage environment. In our scheme, the real need to use this proposition lies in management of the problems of multi-cloud storage environments and in the size reduced of the stego-key. Indeed, in our proposed scheme, a single credential is used instead of several credentials, the cost associated with the cloud environments is reduced to one, the control of data in the cloud storage environments is reduced to a single cloud.

The purpose of the proposed scheme is to improve the work done by Moyou and Ndoundam[13], while preserving the integrity aspect of multimedia files and the masking of a communication channel. This objective is achieved through the use of a single cloud storage environment and a reduced number of elements contained in the stego-key. The proposed scheme is declined into 3 approaches with modification of receiver information, in order to make difficult the detection of the secret in the cloud, by an attacker possessing the stego-key. The cloud allows to conceal a secret message and to mask the presence of a communication channel, while the reduced number of elements in the stego-key allows to reduce the operations performed by the participants.

The stego-key consists of the credential of a single cloud storage environment and the base used. This is exchanged before the start of the process during an encrypted communication or a physical meeting. An example of real use of the proposed scheme is in a process of secret communication between two entities or institutions. Concretely, if we consider two entities A and B. Entity A uses the stego-key consisted of the credential of a cloud storage environment and a base, to conceal a secret in several multimedia files contained in the cloud. The multimedia files preserving their integrity. Entity B logs to the cloud storage environment and extracts the secret using the stego key.

Notations and hypothesis

The Table 1 gives the different symbols and their representations in the 3 proposed approaches

Hypothesis

The cloud storage environment consists of a set of cover folders containing several multimedia files. The number of cover folders is at least equal to the size of the secret. The number of files in each folder is at least equal to the value of the base. The following relationships are checked in the cloud storage environment:

First approach

Overview

In this scheme proposed in Fig. 1, the secret communication process presented is described according to the following steps: ∙ The sender and receiver share the credential of a cloud account and the base used, before the communication. ∙ The sender encodes the secret in the base described in the secret key. ∙ For each value of the encoded secret, the file corresponding to this value in the position folder of this index is copied in a folder representing the stego-folder. ∙ Since the receiver shares the same secret key with the sender, it logs to the cloud storage environment and searches the correspondence between the files in the stego-folder and the files in the different cover folders. The receiver reconstructs thus the secret message based on this match.

Overview of a first approach

Full size image

The embedding and extraction algorithms are performed through the following elements: ∙ The cover object represents any multimedia files extension located in the cover folders of cloud storage environment. ∙ The cover folders represents a set of multimedia files. ∙ The stego folder represents a set of multimedia files that conceal the secret. ∙ The secret message represents any message format encoded in a specific base. ∙ The secret key represents the elements shared between the sender and the receiver.

Embedding

The embedding algorithm of the secret message performed by the sender is defined as follows:

Input:C: the cloud account;s: the secret message;B: the base used; F⁽⁰⁾,F⁽¹⁾,…,F⁽ⁿ⁻¹⁾: the cover folders in the cloud account; F⁽ⁱ⁾: the folder number i in the cloud account;\(\tilde {F}\): the stego folder in the cloud account;\(F^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from folder number i in cloud account;W: access for authentication in the cloud account;

Output:\(\tilde {C}\): the modified cloud account;

Begin

1. I

   Create an empty folder \(\tilde {F}\) that represents the stego folder;

2. II

   Convert the secret message s in base B such that s=(s_n−1s_n−2…s₀)_B, where 0≤s_i<B;

3. III

   For each position i of the secret message s: i=0,1,…,n−1

   • Find the file with index s_i in the folder F⁽ⁱ⁾;

   • Select and copy the file \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\);

End

Extraction

The extraction algorithm of the secret message performed by the receiver is defined as follows:

Input:\(\tilde {C}\): Cloud account modified;W: access for authentication in the cloud account;B: the base used; F⁽⁰⁾,F⁽¹⁾,…,F⁽ⁿ⁻¹⁾: the cover folders in the cloud account; F⁽ⁱ⁾: the folder number i in the cloud account;\(\tilde {F}\): the stego folder in the cloud account;\(\tilde {F}_{i}\): the file i in the stego folder;\(F^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from folder number i in cloud account; tab[0,…,n−1]: integer array that retrieves each index s_i of the folder number i;

Output:s: the secret message;

Begin

1. I

   i=0; // first file of the stego folder \(\tilde {F}\)

2. II

   while(i<n) // i browse each file in the stego folder \(\tilde {F}\)

   • For each folder j in the cloud account : j=0,1,…,n−1

     • For each file k in the current folder F^(j): k=0,1,…,B−1

       • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(F^{(j)}_{k}\);

       • if (\(\tilde {F}_{i} = F^{(j)}_{k}\)) then

         • tab[j]=k;

         • i=i+1; // next file of the stego folder \(\tilde {F}\)

         • go to instruction II);

3. III

   Compute \(m = \sum _{j=0}^{n-1}(tab[j] \times B^{j})\);

4. IV

   Convert m to binary and get the secret message s;

5. V

   Delete the stego folder \(\tilde {F}\);

End

Second approach

Overview

In this scheme proposed in Fig. 2, the receiver logs to the cloud storage environment and copies the files from the cover folders in different lists before the secret communication. These lists of files will allow to perform the correspondence with the files of the stego-folder, because the files in the cloud storage environment that conceal the secret are cut during the process. The interest is to prevent an attacker to perform any correspondence of the files of the stego-folder, in case of access of this one in the cloud storage environment. The secret communication process is described according to the following steps: ∙ The sender and receiver share the credential of a cloud account and the base used, before the communication. ∙ The sender encodes the secret in the base described in the secret key. ∙ For each value of the encoded secret, the file corresponding to this value in the position folder of this index is cut in a folder representing the stego-folder. ∙ Since the receiver shares the same secret key with the sender, it logs to the cloud storage environment and searches the correspondence between the files in the stego-folder and the files in the different lists. The receiver reconstructs thus the secret message based on this match.

Overview of a second approach

Full size image

The embedding and extraction algorithms are performed through the following elements: ∙ The cover object represents any multimedia files extension located in the cover folders of cloud storage environment. ∙ The cover folders represents a set of multimedia files. ∙ Lists of files held by the receiver. ∙ The stego folder represents a set of multimedia files that conceal the secret. ∙ The secret message represents any message format encoded in a specific base. ∙ The secret key represents the elements shared between the sender and the receiver.

Embedding

The embedding algorithm of the secret message performed by the sender is defined as follows:

Input:C: the cloud account;s: the secret message;B: the base used; F⁽⁰⁾,F⁽¹⁾,…,F⁽ⁿ⁻¹⁾: the cover folders in the cloud account; F⁽ⁱ⁾: the folder number i in the cloud account;\(\tilde {F}\): the stego folder in the cloud account;\(F^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from folder number i in cloud account;W: access for authentication in the cloud account;

Output:\(\tilde {C}\): the modified cloud account;

Begin

1. I

   Create an empty folder \(\tilde {F}\) that represents the stego folder;

2. II

   Convert the secret message s in base B such that s=(s_n−1s_n−2…s₀)_B, where 0≤s_i<B;

3. III

   For each position i of the secret message s: i=0,1,…,n−1

   • Find the file with index s_i in the folder F⁽ⁱ⁾;

   • Select and cut the file \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\);

End

Extraction

The extraction algorithm of the secret message performed by the receiver is defined as follows:

Input:\(\tilde {C}\): Cloud account modified;W: access for authentication in the cloud account;B: the base used; L⁽⁰⁾,L⁽¹⁾,…,L⁽ⁿ⁻¹⁾: the lists of files of the receiver; L⁽ⁱ⁾: the list number i;\(\tilde {F}\): the stego folder in the cloud account;\(\tilde {F}_{i}\): the file i in the stego folder;\(L^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from list number i; tab[0,…,n−1]: integer array that retrieves each index s_i of the list number i;

Output:s: the secret message;

Begin

1. I

   i=0; // first file of the stego folder \(\tilde {F}\)

2. II

   while(i<n) // i browse each file in the stego folder \(\tilde {F}\)

   • For each list j: j=0,1,…,n−1

     • For each file k in the list L^(j): k=0,1,…,B−1

       • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(L^{(j)}_{k}\);

       • if(\(\tilde {F}_{i} = L^{(j)}_{k}\)) then

         • tab[j]=k;

         • i=i+1; // next file of the stego folder \(\tilde {F}\)

         • go to instruction II);

3. III

   Compute \(m = \sum _{j=0}^{n-1}(tab[j] \times B^{j})\);

4. IV

   Convert m to binary and get the secret message s;

5. V

   Delete the stego folder \(\tilde {F}\);

End

Third approach

Overview

In this scheme proposed in Fig. 3, The lists of files held by the receiver are stored in an intermediate cloud storage environment. These lists of files will allow to perform the correspondence with the files of the stego-folder, because the files in the cloud storage environment that conceal the secret are cut during the process. The interest is to secure the files held by the receiver in the intermediate cloud account. The secret communication process is described according to the following steps: ∙ The sender and receiver share the credential of a cloud account and the base used, before the communication. ∙ The sender encodes the secret in the base described in the secret key. ∙ For each value of the encoded secret, the file corresponding to this value in the position folder of this index is cut in a folder representing the stego-folder. ∙ Since the receiver shares the same secret key with the sender and holds the credential of the intermediate cloud account, it logs to the cloud storage environment and searches the correspondence between the files in the stego-folder and the files in the lists of the intermediate cloud account. The receiver reconstructs thus the secret message based on this match.

Overview of a third approach

Full size image

The embedding and extraction algorithms are performed through the following elements: ∙ The cover object represents any multimedia files extension located in the cover folders of cloud storage environment. ∙ The cover folders represents a set of multimedia files. ∙ The credential of the intermediate cloud account held by the receiver. ∙ The lists of files in the intermediate cloud environment held by the receiver. ∙ The stego folder represents a set of multimedia files that conceal the secret. ∙ The secret message represents any message format encoded in a specific base. ∙ The secret key represents the elements shared between the sender and the receiver.

Embedding

The embedding algorithm of the secret message performed by the sender is defined as follows:

Input:C: the cloud account;s: the secret message;B: the base used; F⁽⁰⁾,F⁽¹⁾,…,F⁽ⁿ⁻¹⁾: the cover folders in the cloud account; F⁽ⁱ⁾: the folder number i in the cloud account;\(\tilde {F}\): the stego folder in the cloud account;\(F^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from folder number i in cloud account;W: access for authentication in the cloud account;

Output:\(\tilde {C}\): the modified cloud account;

Begin

1. I

   Create an empty folder \(\tilde {F}\) that represents the stego folder;

2. II

   Convert the secret message s in base B such that s=(s_n−1s_n−2…s₀)_B, where 0≤s_i<B;

3. III

   For each position i of the secret message s: i=0,1,…,n−1

   • Find the file with index s_i in the folder F⁽ⁱ⁾;

   • Select and cut the file \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\);

End

Extraction

The extraction algorithm of the secret message performed by the receiver is defined as follows:

Input:\(\tilde {C}\): Cloud account modified;W: access for authentication in the cloud account;B: the base used; L⁽⁰⁾,L⁽¹⁾,…,L⁽ⁿ⁻¹⁾: the lists of files of the receiver in the intermediate cloud environment; L⁽ⁱ⁾: the list number i in the intermediate cloud environment;\(\tilde {F}\): the stego folder in the cloud account;\(\tilde {F}_{i}\): the file i in the stego folder;\(L^{(i)}_{j}\) : 0≤i<n and 0≤j<B, file j from list number i in the intermediate cloud environment; tab[0,…,n−1]: integer array that retrieves each index s_i of the list number i;

Output:s: the secret message;

Begin

1. I

   i=0; // first file of the stego folder \(\tilde {F}\)

2. II

   while(i<n) // i browse each file in the stego folder \(\tilde {F}\)

   • For each list j in the intermediate cloud environment: j=0,1,…,n−1

     • For each file k in the list L^(j): k=0,1,…,B−1

       • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(L^{(j)}_{k}\);

       • if(\(\tilde {F}_{i} = L^{(j)}_{k}\)) then

         • tab[j]=k;

         • i=i+1; // next file of the stego folder \(\tilde {F}\)

         • go to instruction II);

3. III

   Compute \(m = \sum _{j=0}^{n-1}(tab[j] \times B^{j})\);

4. IV

   Convert m to binary and get the secret message s;

5. V

   Delete the stego folder \(\tilde {F}\);

End

Time complexity

In this subsection, we evaluate the time complexity of the 3 proposed approaches. We have a secret message s distributed between n cover folders, each folder contains at least B files. For the embedding of the secret message. Each index s_i of the secret message s encoded in base B, corresponds to a file in the cover folder i. The secret message s comprising n index position. Moreover, the formatted secret message s is converted into base B in O(log_B(s)). Therefore, the time complexity of the approaches is O(n).

For the extraction of the secret message, the correspondence between the files in the stego folder and the cover folders or lists is done at O(n²∗B). The lists comprising the same files as the cover folders. Moreover, the formatted secret message is obtained in O(log₂(s)). Therefore, the time complexity of the approaches is O(n²∗B).

In this section we present an evaluation of the hidden bits capacity of our proposed schemes and the execution through 3 examples. Then we present a discussion of our work and finally a security analysis of our proposed schemes.

Evaluation of hidden bits capacity

The idea is to make an estimation of the number of bits hidden in the cloud storage environment. Each folder in the cloud has a value in base B and this value varies from 0 to B−1, so we have B possibilities by folder. For the set of n folders in the cloud, we have Bⁿ possibilities, so the number of hidden bits is:

log₂(Bⁿ)=n×log₂(B).

Examples

In this subsection, we describe in detail the processes of embedding and extraction of the secret on 3 examples for each approach presented. In these examples, the formatted secret messages have the values 1010100,10101100,10011 with the respective bases B=8,4,3. The credentials of the cloud accounts used for each example are given in the Table 2. In each example presented, the secret key consists of the credential of a cloud account and the base used.

Example 1

In this example for the first approach, the formatted secret message is s=1010100 and the base used is B=8. The cloud storage environment presented in the Table 3 consists of 3 folders(F⁽²⁾,F⁽¹⁾,F⁽⁰⁾), with 8 mutimedia files for each folder.

The steps for the embedding of the secret message are as follows: ∙ Step 1: Create an empty folder \(\tilde {F}\) that represents the stego folder:

∙ Step 2: Convert the secret message s=1010100 in base 8: s=(124)₈; ∙ Step 3: For each position i of the secret s: i = 0,1,2

• Find the file with the index s_i in the folder F⁽ⁱ⁾:

  s2	s1	s0
  1	2	4
  ↓	↓	↓
  article.txt	french.pdf	learning.docx

∙ Step 4: Select and copy each file found \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\):

The steps for extraction of the secret message are as follows: ∙ Step1: i=0; // first file of the stego folder \(\tilde {F}\) ∙ Step2: while(i<n) // i browse each file in the stego folder \(\tilde {F}\)(learning.docx, french.pdf, article.txt)

• For each folder j in the cloud account : j=0,1,2

  • For each file k in the current folder F^(j): k=0,1,2,3,4,5,6,7

    • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(F^{(j)}_{k}\);

    • if(\(\tilde {F}_{i} = F^{(j)}_{k}\)) then

      • tab[j]=k;

      • i=i+1; // next file of the stego folder \(\tilde {F}\)

      • go to Step 2;

∙ Step 3: Compute \(m = \sum _{j=0}^{2}(tab[j] \times 8^{j})\) = tab[0]×8⁰ + tab[1]×8¹ + tab[2]×8² = 4×8⁰ + 2×8¹ + 1×8² = 84; ∙ Step 4: Convert m to binary and get the secret message s: m=84=(1010100)₂, the secret message s=(1010100)₂ is retrieved; ∙ Step 5: Delete the stego folder \(\tilde {F}\);

Example 2

In this example for the second approach, the formatted secret message is s=10101100 and the base used is B=4. The cloud storage environment presented in the Table 4 consists of 4 folders(F⁽³⁾,F⁽²⁾,F⁽¹⁾,F⁽⁰⁾), with 4 mutimedia files for each folder.

The steps for the embedding of the secret message are as follows: ∙ Step 1: Create an empty folder \(\tilde {F}\) that represents the stego folder:

∙ Step 2: Convert the secret message s=10101100 in base 4: s=(2230)₄; ∙ Step 3: For each position i of the secret s

1. A)

   Find the file with the index s_i in the folder F⁽ⁱ⁾:

∙ Step 4: Select and cut each file found \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\):

The steps for the extraction of the secret message are as follows:

The receiver holds a copy of the files of the cover folders located in the cloud environment OneDrive. Table 5 presents the lists of files resulting of this copy. The correspondence between the files in the stego folder is made on these lists, because these files had been cut in the cover folders of the cloud environment.

∙ Step1: i=0; // first file of the stego folder \(\tilde {F}\) ∙ Step2: while(i<n) // i browse eachfile in the stego folder \(\tilde {F}\)(steganalysis.pdf, statistics.xlsx, english.pptx, presentation.pptx)

• For each list j: j=0,1,2,3

  • For each file k in the list L^(j): k=0,1,2,3

    • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(L^{(j)}_{k}\);

    • if(\(\tilde {F}_{i} = L^{(j)}_{k}\)) then

      • tab[j]=k;

      • i=i+1; // next file of the stego folder \(\tilde {F}\)

      • go to Step 2;

∙ Step 3: Compute \(m = \sum _{i=0}^{3}(tab[i] \times 4^{i})\) = tab[0]×4⁰ + tab[1]×4¹ + tab[2]×4² + tab[3]×4³ = 0×4⁰ + 3×4¹ + 2×4² + 2×4³ = 172; ∙ Step 4: Convert m to binary and get the secret message s: m=172=(10101100)₂, the secret message s = (10101100)₂ is retrieved; ∙ Step 5: Delete the stego folder \(\tilde {F}\);

Example 3

In this example for the third approach, the formatted secret message is s=10011 and the base used is B=3. The cloud storage environment presented in the Table 6 consists of 3 folders(F⁽²⁾,F⁽¹⁾,F⁽⁰⁾), with 3 mutimedia files for each folder.

The steps for the embedding of the secret message are as follows: ∙ Step 1: Create an empty folder \(\tilde {F}\) that represents the stego folder:

∙ Step 2: Convert the secret message s=10011 in base 3: s=(201)₃; ∙ Step 3: For each position i of the secret messages

• Find the file with index s_i in the folder F⁽ⁱ⁾:

  s2	s1	s0
  2	0	1
  ↓	↓	↓
  php.xlsx	java.pdf	css.pdf

∙ Step 4: Select and cut the file \(F^{(i)}_{s_{i}}\) and paste in the stego folder \(\tilde {F}\):

The steps for the extraction of the secret message are as follows:

the receiver holds the credential of an intermediate cloud account (Dropbox), which contains a copy of the files of the cover folders of the cloud environment Google Drive. Dropbox cloud has for login user4@gmail.com and for password password4. Table 7 presents the lists of files in the intermediate cloud environment resulting from this copy. The correspondence between the files in the stego folder is made on these lists, because these files had been cut in the cover folders of the cloud environment.

• ∙ Step 1: i=0; // first file of the stego folder \(\tilde {F}\)

• ∙ Step2: while(i<n) // i browse each file in the stego folder \(\tilde {F}\)(css.pdf, java.pdf, php.xlsx)

  • For each list j in the intermediate cloud environment: j=0,1,2

    • For each file k in the list L^(j): k=0,1,2

      • Compare the file \(\tilde {F}_{i}\) in the stego folder with the file \(L^{(j)}_{k}\);

      • if(\(\tilde {F}_{i} = L^{(j)}_{k}\)) then

        • tab[j]=k;

        • i=i+1; // next file of the stego folder \(\tilde {F}\)

        • go to Step 2;

  Folder \(\tilde {F}\)	php.xlsx #2	java.pdf #1	css.pdf #0
  j	2	1	0
  	↓	↓	↓
  tab[j]	2	0	1

• ∙ Step 3: Compute \(m = \sum _{i=0}^{2}(tab[i] \times 3^{i})\) = tab[0]×3⁰ + tab[1]×3¹ + tab[2]×3² = 1×3⁰ + 0×3¹ + 2×3² = 19;

• ∙ Step 4: Convert m to binary and get the secret message s:

  m=19=(10011)₂, the secret message s = (10011)₂ is retrieved;

• ∙ Step 5: Delete the stego folder \(\tilde {F}\);

Discussion

The different approaches proposed present steganographic schemes of secret distribution in a single cloud storage environment. The cloud environment presents a set of files distributed by folder that allows to conceal a secret message, preserving the integrity of the files that conceal the secret. The set of files distributed by cover folder and the single cloud environment allow to reduce the size of the key and the management of several cloud environments in the approach proposed by Moyou and Ndoundam[13].

Tables 8 and 9 give a comparison between our 3 approaches and Moyou and Ndoundam’s approach[13] based on keys, management of the cloud storage environment and receiver elements.

In these tables, the common elements to each approach represent the key shared between the sender and the receiver before the process. In Moyou and Ndoundam’s approach[13], the key consists of k lists, n cloud accounts credentials and the base B used. Each list comprising B files. We denote n+k∗B+1 elements in the key. In our proposed approaches, a single cloud account credential and base B are the elements of the key. Therefore, the size of the key is reduced to 2 elements in our approaches.

The files duplicated in the same cloud represent the copy of the files that conceal the secret in the same cloud environment. In approach 1, a copy of the files that conceal the secret is made in the cloud environment while in approaches 2 and 3 the files are cut in the cloud environment. These files copied or cutted after a series of correspondence with the encoded secret represent the operations performed by the sender. In Moyou and Ndoundam’s approach[13], the operations performed by the sender represent: the encoding of the secret in a base, the partitioning of the secret according to different cloud environments, identification in different cloud environments, transmission of a set of files in different cloud environments based on lists of files in the key. Therefore, if we denote the following elements: a secret message s distributed among n cloud storage environments or cover folders, a base B, k file lists each with B files per list. Moyou and Ndoundam’s approach[13] requires a time complexity of O(n∗k) on the sender side with n representing the different cloud storage environments, while in our approaches a time complexity of O(n) is required with n representing the different cover folders.

The files duplicated at the receiver represent a copy of a set of files of cloud environment in different lists and in an intermediate cloud environment. In approach 1, no copy of the files is made at the receiver because the files that conceal the secret are duplicated in the cloud environment for matching. In approaches 2 and 3, a copy of the files is made at the receiver for matching because the files have been cut in the cloud environment. In Moyou and Ndoundam’s approach[13], the operations performed by the receiver represent: the identification in different cloud environments, the matching of each file in the cloud environments with the lists of the files of the key, the calculation of the formatted secret message. Thus in our approaches, the operations of correspondence and calculation of the formatted secret message being also performed, the main gain lies in the identification of a single cloud account at the receiver.

Security analysis

In this subsection, we present different attack schemes of a spy on the proposed approaches based on two main hypothesis. Hypothesis 1 describes the fact that the spy does not have access to the key and therefore cannot access the cloud environment, while in hypothesis 2 the spy has access to the key and therefore to the cloud environment.

Hypothesis 1:In the 3 approaches presented, no detection or extraction of a secret is possible, because access to the cloud environment is impossible for the spy.

Hypothesis 2:In the first approach, the spy has access to the cloud environment and will be able to perform the correspondance between the files of the stego folder and the files of cover folders. This matching is possible, because the files that conceal the secret are duplicated in the cloud environment. For each file listed in the stego folder, the spy will have to perform O(n∗B) browse and comparisons in the files of the cover folders in the case of an exhaustive search.

In the second approach, the spy has access to the cloud environment but will not be able to perform the correspondence between the files of the stego folder and the files of cover folders. This matching is not possible because the files that conceal the secret have been cut in the cloud environment. For each file listed in the stego folder, the spy will have to perform O(n∗(B−1)) browse and comparisons without succes in the files of the cover folders in the case of an exhaustive search. The matching is only performed by the receiver that holds the files of cover folders in different lists.

In the third approach, the spy has access to the cloud environment but will not be able to perform the correspondance between the files of the stego folder and the files of cover folders. This matching is not possible, because the files that conceal the secret have been cut in the cloud environment. For each file listed in the stego folder, the spy will have to perform O(n∗(B−1)) browse and comparisons without succes in the files of the cover folders in the case of an exhaustive search. The matching is only performed by the receiver that holds the files of cover folders in an intermediate cloud environment.

In this paper, we proposed three steganographic schemes distributed in a single cloud environment, which improves the work proposed by Moyou and Ndoundam[13] on the management of the problems of multi-cloud environments and the large size of the key used in the approach. In this work, the single cloud storage environment presents a set of files distributed by folder allowing to: conceal a secret message while preserving the integrity of the files that conceal the secret message, mask the presence of a communication channel during the process, reduce the size of the key by using a single cloud account credential and no file in the parameters of the key. The experiments showed that for k lists of files, n cloud accounts and a base B used, we denote n+k∗B+1 elements in the key for Moyou and Ndoundam’s approach[13], while 2 elements are only required in our approaches which are the base used and the credential of a cloud account. The work showed interesting comparisons with simpler operations to be performed by the participants during the embedding and extraction of the secret.

This work is part of the research of a distributed steganography paradigm using the concept of indirection on different multimedia files. Future improvements of the scheme will be to take no element in the key and to propose other more robust schemes in case of access of a spy in the cloud environment.

No data or models were generated during the study. However, a code wrote in C language was used to distribute the secret in the cloud handled.

This work was supported by UMMISCO and the University of Yaounde I.

This work has no funding.

Authors and Affiliations

1. Team GRIMCAPE, Yaounde, Cameroon

   Stéphane Willy Mossebo Tcheunteu, Leonel Moyou Metcheka & René Ndoundam

2. University, IRD, UMMISCO, Bondy, F-93143, France

   Stéphane Willy Mossebo Tcheunteu, Leonel Moyou Metcheka & René Ndoundam

3. Department of computer Science, University of Yaounde I, Yaounde, 812, Cameroon

   Stéphane Willy Mossebo Tcheunteu, Leonel Moyou Metcheka & René Ndoundam

Contributions

René Ndoundam conceived, designed and directed this research. Mossebo Tcheunteu Stéphane Willy and Leonel Moyou Metcheka have investigated, implemented and wrote the paper. All authors reviewed and approved the final manuscript.

Corresponding author

Correspondence to René Ndoundam.

Competing interests

The authors declare that they have no competing interests.

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

Reprints and permissions