1 / 16

Steg in the Real World

Steg in the Real World. Two examples that move the work of steganalysis out of the lab The massive data survey of Provos et al. 2003 The Stegi@work distributed steganalysis framework. Steg on the Web?. Provos et al. 2003* 2 million JPEG images from 1 million JPEG images from Usenet

ena
Download Presentation

Steg in the Real World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Steg in the Real World • Two examples that move the work of steganalysis out of the lab • The massive data survey of Provos et al. 2003 • The Stegi@work distributed steganalysis framework

  2. Steg on the Web? • Provos et al. 2003* • 2 million JPEG images from • 1 million JPEG images from Usenet • Images restricted in size between 20KB and 400KB • stegdetect • Identified potential hidden content in 1% of the images *N. Provos and P. Honeyman, IEEE Security and Privacy Magazine, May/June 2003

  3. Steg on the Web? • Percentage of (false) positives • JPHide “detected” most often

  4. Steg on the Web? • Verifying hidden content • Stegbreak • Dictionary attack against Jsteg, JPHide, and Outguess • Ebay: multi-lingual dictionary of 850,000 words • Usenet: short PIN numbers and pass phrases; 1.8 millions words

  5. Steg on the Web? • Performance of Stegbreak 1.2 GHz PIII JPHide: 10 days Outguess: ? Jsteg: 8 days

  6. Towards a larger steganalysis framework • Disconcert - a distributed computing framework for loosely coupled workstations • Distribute indices into stegbreak’s dictionary • Ebay: 60 nodes, 200,000 per second for JPHide • Usenet: 230 nodes, 870,000 keys per second

  7. Is anything out there??? • Conclusions of Provos et al. 2003 • All steganographic systems users carefully choose passwords that are not susceptible to dictionary attacks • Images from sources not analyzed carry steganographic content • Images carried content embedded by tools that stegdetect does not consider • Messages are too small for detection

  8. Distributed Steganalysis: Stegi@Work • Objective • The development of an architecture for an extensible distributed application for steganalsyis • User alerts • Facility for content destruction of quarantine • SOA to facilitate the inclusion of new and improved steganalysis algorithms

  9. Overall Architecture

  10. Stegi@Work Communications

  11. Flexible Network Architectures

  12. Flexible Network Architectures

  13. User Interface

  14. Steganalysis Support • Publicly available wrapped tools • Stegdetect (JPEG) • Digital Invisible Ink Toolkit (BMP, PNG) • Detects LSB methods • Custom “supertool” • Detects via signatures: • In Plain View, S-Tools, Mandelsteg, Hide and Seek v.4 And v.5, Hide4PGP • Statistical tests: • 2 and 2 histogram

  15. Steganalysis Tool Wrapping Support • Full featured tool wrapping API • Tool wrapping support for C/C++, Java, and Matlab programs • Network communication with XML messages between worker clients and Stegi@Work server

  16. Implementation Details • Entire framework written in Java 5 • Tool support in a variety of languages • JNI low-level system support for Linux and Windows • JBOSS backend server • EJB 3 Object Model

More Related