1 / 8

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems. Modern Cryptography. Steganography. Hiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent.

chava
Download Presentation

CIT 380: Securing Computer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIT 380: Securing Computer Systems Modern Cryptography CIT 380: Securing Computer Systems

  2. Steganography Hiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent. • Wax Tablets: In ancient times, messages were written in wax poured on top of a stone or wood tablet. Messages were hidden by engraving them in the stone then pouring wax over them. • Invisible Ink: Write message using lemon juice on paper. Write covertext in regular ink after dries. Heat to view hidden message. • Null Cipher: Hide message in ordinary text, using nth letter of each word, or every nth word of the message. CIT 380: Securing Computer Systems

  3. Digital Steganography • Choose a cover medium file. • JPEG, MP3, etc. • Identify redundant bits in cover medium. • Low order bits in image and audio files. • Replace subset of redundant data with secret message. • Send steganographic file to recipient. CIT 380: Securing Computer Systems

  4. JSteg: JPEG Steganography JPEG image format • For each color component, a discrete cosine transform (DCT) transforms successive 8x8 pixel blocks into 64 DCT coefficients. • Quantize DCT coefficients. Derek Upham’s JSteg algorithm • LSBs of DCT coefficients are redundancy. • Modification of a single DCT coef affects all 64 pixels. • Frequency domain changes are not visually observable. CIT 380: Securing Computer Systems

  5. Wikipedia • http://en.wikipedia.org/wiki/Steganography CIT 380: Securing Computer Systems

  6. Steganalysis Compare steganographic file with original. • 100% effective at identifying presence. • Original file is “secret key” of steganography. Statistical analysis • Inserting high entropy changes histogram of color frequencies in predictable ways. • Reduces frequency difference between adjacent colors. Countermeasures • Insert less information to reduce impact. • Choose DCT coefficients to modify at random. • Alternate +/- DCT coefficient value to encode bits. • Use parity of groups of DCT LSBs to encode a message. CIT 380: Securing Computer Systems

  7. Key Points • Two types of cryptosystems: • classical (symmetric) • public key (asymmetric) • Cryptographic checksums provide integrity check. • One-way functions. • Keyed hash functions. • Public Key Cryptography • One-way trapdoor functions. • Confidentiality: encipher with public, deciper with private • Integrity: encipher with private, decipher with public • Steganography • Hiding existence of message inside other data. CIT 380: Securing Computer Systems

  8. References • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005. • Cryptography Research, “Hash Collision FAQ,” http://www.cryptography.com/cnews/hash.html, 2005. • Paul Garrett, Making, Breaking Codes: An Introduction to Cryptology, Prentice Hall, 2001. • Steven Levy, Crypto, Penguin Putnam, 2002. • Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall, 2004. • Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, CRC Press, 1996. • Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996. • NIST, FIPS-198a, “The Keyed-Hash Message Authentication Code (HMAC)”,http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf • Niels Provos and Peter Honeyman, “Hide and Seek: An Introduction to Steganography,” IEEE Security & Privacy, May/June 2003. • John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2002. CIT 380: Securing Computer Systems

More Related