1 / 10

Investigation by Steganalysis

Investigation by Steganalysis. Paper By: Neil F. Johnson and Sushil Jajodia Center for Secure Information Systems, George Mason University, MS:4A4, Fairfax, Virginia 22030-4444 Presented By: Mahesh Narayan Internet Security Principles CSE691 Fall 2001. What is Steganography?.

prem
Download Presentation

Investigation by Steganalysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Investigation by Steganalysis Paper By: Neil F. Johnson and Sushil Jajodia Center for Secure Information Systems, George Mason University, MS:4A4, Fairfax, Virginia 22030-4444 Presented By: Mahesh Narayan Internet Security Principles CSE691 Fall 2001

  2. What is Steganography? • Steganography is the science of transmitting covert messages like plaintext or ciphertext through innocuous carriers like images, audio, video or any such digital transmission media. The covert message is usually some form of bit stream. • Steganography is used commercially in watermarking, but has the potential to become a deadly menace when used for wrong purposes.

  3. Steganographic Methods • LSB or noise insertion – Information is added such that it is not sensed by human senses. - small echoes • Manipulation of algorithms, e.g compression • Modification of image properties – Luminance • Employing various transform domains to hide information – e.g using the Discrete Cosine Transform (DCT) to hide information. Such methods are very resistant to attacks like compression, cropping etc

  4. Methods (contd..) • Taking advantage of unused or reserved spaces. For example, in FAT16 systems, the minimum space allocated to files is 32K. Smaller files waste memory. This extra memory can be used to hide information. • Another form of hiding is creating hidden file system partitions. They are visible by running disk configuration utilities. • Sometimes, protocols like TCP/IP have unused bits in the packet header that can be used to embed information.

  5. Steganalysis • Hiding information usually requires altering the media properties, which sparks off unusual characteristics or behaviours. • Steganalysis or information detection can be broadly segregated into two categories: 1) Detecting hidden information 2) Disabling hidden information

  6. Detecting Hidden Information • Embedded covert text that appear invisible to human eye can be detected by using word processors. • Images also can be distorted by embedding information. Usually, such distortions are not visible to the human eye unless numerous comparisons of original and stego images are made. Comparisons usually bring to light differences and give out signatures that give information about the tool used for embedding.

  7. Detecting (contd…) • A number of disk analysis utilities are available that report and filter out hidden information in unused clusters or partitions. • TCP/IP packets can also be filtered for secret information. Firewalls are being built that scan and detect whether a packet originated outside or inside of the network and also report on hidden information.

  8. Disabling Hidden Information • Sometimes it is necessary to transcend mere detection and resort to disabling information. • For LSB methods, using compressing techniques like JPEG is enough to render embedded messages useless. • Tools exist that automate techniques like warping, cropping, rotating and blurring. These can be used in watermarking.

  9. Disabling (contd..) • One other way of disabling hidden information is overwriting it with additional data. Audio and Video signal manipulation can cause embedded data to be destroyed. • For file systems, file headers and reserved spaces typically contain covert information. The OS usually over-writes data in clusters. Several utilities also exist that do the same. • Packet filters can be designed to catch covert information. Spoofed IP addresses can be detected by comparison against DNS lookups and such packets terminated.

  10. Comments and Conclusion • To date, a general detection techniques for steganography have not been devised and methods beyond visual analysis are being explored. • The ease in use and availability of stego tools has raised concerns about transmission of information through digital media. • More information about securing systems against corruption is being put on the net and users need to become more aware of problems and their solutions

More Related