280 likes | 512 Views
Data Hiding. Acknowledgments to Dr. David Dampier and the Center for Computer Security Research (CCSR). Obfuscating Data. Encryption Hides through changing data according to an algorithm…must be decrypted to see it Compression
E N D
Data Hiding Acknowledgments to Dr. David Dampier and the Center for Computer Security Research (CCSR)
Obfuscating Data • Encryption • Hides through changing data according to an algorithm…must be decrypted to see it • Compression • Hides through removing extraneous information in the file, making it unreadable and unsearchable …look for decompression programs
How to beat it? • In plain sight • Find the code and determine type of file • Within a file system in a file • Steganography –locate method then decipher • Invisible, misleading or obscure names – keyword search on file system • No names – unique to UNIX and zero link files • locate the files before shutting down the system or they will be lost
Blinding the Investigator • Data is not hidden, but tools are modified so that suspect data is not seen • Change system commands • Changing dir or ls to not see certain kinds of files • Modifying windows applications like "my Computer" • Modify the Operating System • Changing the O.S. so that certain areas of the disk are not looked at
How to beat it? • Change behavior of the system commands • Reload system commands or move data to a new system • Compare hash values of known system files
Computer Steganography • Changes are made to images or sounds • Changes represent the hidden image • Successful if not noticeable • Emphasis on detecting hidden communications since September 11
Steganography vs. Watermarking • Steganography • Message that we are hiding is a secret • Not generally related to what we hide in it • Watermarks • Message that we are hiding might not be a secret • Does relate to what we put it in • Example: $20 bill watermark shows authenticity, company logos show ownership
Playfair Cipher • The Playfair Cipher is used to hide messages • Block cipher that uses a 5 by 5 table containing a keyword • The keyword is entered into the table from left to right, starting in row 1 and moving on to row 2, etc. • Duplicate letters are not entered • When the keyword is complete, the remainder of the alphabet fills in • Q may be left out, or I and J combined (parties must agree to conventions)
Playfair cipher rules • The message is broken into groups of two letters (digraphs) • The two letters form the corner of a rectangle • The original message digraph is replaced with the letters at the opposite end of the rectangle • If the letters are on the same row as each other, replace them with the letters to their immediate right (wrapping) • If the letters are on the same column as each other, replace them with the letters immediately below them • Insert an X after a repeated letter
Null Ciphers • A real message is camouflaged in an innocent sounding message • Examples: • Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday. (third letter) • Apparently neutral’s protest is thoroughly discounted and ignored. Isam hard hit. Blockade issue affects pretext for embargo on byproducts, ejecting suets and vegetable oils. (second letter, sent by German spy in WWII)
Others • Word shifting algorithms • Example: slight shifts up and down • Microdots • Image or text reduced as to not be noticeable • http://en.wikipedia.org/wiki/Microdot
Summary of Hidden Data • In plain sight • Shows up in a directory listing, but not as what we are looking for..change file extension • Within a file system in a file • Steganography • Invisible names, misleading names, obscure names • No names • Within a file system, but not in a file • slack space • free space • swap space • Outside the computer • Floppy disks • CDs • zip disks • thumb drives
Common ways of hiding data • Embedded in files as noise • Properties of images like luminescence, contrast and color can be manipulated • Audio files can be manipulated by introducing small echoes or slight delays • Signals can be masked with sounds of higher amplitude • In documents by manipulating positions of the lines of the words • Ciphers (e.g. taking the second letter of each word) • Web browsers ignore spaces, tabs, certain characters and extra line breaks
More common ways of hiding data • Unused or reserved space on a disk • Unused space that is allocated by O.S. for a file • Unused space in file headers, TCP/IP packet headers • Spread spectrum techniques can be used by placing audio signal over a number of different frequencies
Digital Imaging • Most common type of carrier used • Produced by camera, scanner or other devices • Approximation of the original image • System producing image focuses a two-dimensional pattern of varying light intensity and color onto a sensor • http://en.wikipedia.org/wiki/Steganography
Image Structure and Image Processing • Pattern has a coordinate system • Origin is in upper left corner • Image can be described as an array of numbers which represents light intensities at various points • The light intensities are called pixels
Image Structure and Image Processing • Digital imaging • Size of the image is given in pixels • e.g. 640 by 480 (rows by columns) is 307,200 pixels • Spatial resolution of an image is the physical size of the pixel in the image • Pixels are indexed by their x and y coordinates • Spatial frequency is the rate of change of f(x,y) value as we move across the image • Gradual changes in f(x,y) corresponds to low spatial frequencies (coarsely sampled image) • Rapid changes correspond to high (must be represented by densely sampled image) • Dense sampling produces high-resolution image • many pixels contribute a small part of the scene
RGB color • Color is represented by the relative intensity of the 3 colors: red, green and blue • Absence of three colors yields black • Presence of full intensity of all 3 colors yields white • Cyan: 100% blue and 100% green • Magenta: 100% blue and 100% red • Yellow: 100% green and 100% red
RGB color • Each RGB component is specified by a single byte (8 bits) • Each color can have an intensity of 0 – 255 • Each pixel uses 24 bits to represent a color (Called 24 bit true-color: 8 bits for red, 8 bits for green and 8 bits for blue), 224 colors • A pixel could also be represented by 32 bits • Extra bits used for transparency: 0 transparent -> 255 opaque • Some use 8 bit true-color (28 different colors)
Image Formats • 8-bit color is used with Graphics Interchange Format (GIF) and Bitmap (BMP) image formats • The value of the pixel points to a color in the palette? • When a GIF image is displayed, the software paints color from the palette to the screen • This method offers lossless compression because the image is recovered after encoding and compression is bit-for-bit identical to the original image
Digital carrier methods • Image and audio files are the easiest and most common carriers • Least significant bit substitution or overwriting • Simple method of hiding • Given the following 8 bytes of a carrier file 10010101 00001101 11001001 10010110 00001111 11001011 10011111 00010000 • We can insert the ASCII value of F (70 or 01000110) 10010100 00001101 11001000 10010110 00001110 11001011 10011111 00010000 • Not all of the bytes get changed from the original, so not likely to be detected by human eye
Detecting Steganography • Principles of Steganography • Digital files can be altered to a certain degree without losing functionality • Human senses are not acute enough to distinguish minor changes in altered files
Masking • In audio files, one sound could interfere with (mask) another sound • Humans may not be able to pick up on the subtleties
Detecting and Cracking Steganography • Compare the cover file to the suspicious file, looking for distortions • Work with people who have analyzed steganography tools…
US Government steps to counter Stegano • US Patriot Act signed in 2001 allows the Federal Government and Corporations to scan and intrude into employees networks to verify suspected images • Former NSA instructor had evidence that terrorists of 9/11 used images of paintings and posters to hide their message • But failed to show proof regarding the use of Steganography
Steganography used for: • Hiding watermarks • Authenticating information • Proving ownership • Copy control (e.g. downloading free music from the Internet) • Terrorism