370 likes | 395 Views
This paper explores a transmission scheme based on Confused Document Encrypting Scheme (CDES) and proposes a method to overcome suspicion. It includes modules for compression, encryption, and image hiding.
E N D
Overcoming the suspicion in transmission scheme based on CDES Speaker : Po-Kang Chen Advisor : Quincy Wu
Outline • Introduction • Related work • A Confused Document Encrypting Schemes and its Implementation (Lin & Lee ,1998) • System model • CDES module • Compression module • Encryption module • Image hiding module • Implementation • Environment • Experiment • Conclusion & Future work
The “Personal Privacy” becomes a popular section in information security over Internet. • Information Hiding ( Steganography ) and Cryptography accomplish secret communication between you and me.
Motivation • Provide a secret communication service for Email over Internet and demonstrate how Email services can be protected in my system • CDES (Confused Document Encrypting Scheme) is a technique for data hiding, which sends a meaningful message to deceive the eavesdropper and increase the security • Add the image hiding technique
Plaintext + Transmitting many cheating text files Plaintext index file (PIF) An encrypted file From : weishin.pan@gmail.com To : magicpanx@gmail.com Subject: Hello ! Body--------------------------------------------------------------------------- Confused Document Encrypting Scheme Attachments----------------------------------------------------------------- (1) ID-0005.txt (2) ID-0019.txt (3) ID-5597.txt (4) ID-2468.txt (5) ID-9870.txt (5) Encrypted plaintext index file + (Encrypted-ID 0019) Eavesdropper A Confused Document Encrypting Scheme and its Implementation (Lin & Lee ,1998)
Information Hiding • Use any media to hide secret information. • the hacker cannot sense something when he intercepts the media, because it is common behavior. Secret information
Concept Emoticon It is a main method in my concept. It uses the image hiding technique to hide the PIF file in an image file. For example, (Smile face), (Sad face). Text
CDES • Confused Document Encrypting Scheme (CDES), Lin& Lee,1998 [1] • Elements of CDES • Cheating text • Plaintext • Character position table (CPT) • Plaintext Index file (PIF) • Key
Sender Input plaintext Input cheating text No Does the cheating text contains all of the different characters in the plaintext? Sender Yes Generate the character’s position table (CPT) of the cheating text Randomly generate an ID for the cheating text Generate plaintext index file (PIF) by random 2-nd key Compress the PIF Encrypt the ID 1-st key Encrypt the compressed PIF Put the encrypted ID in the head of the encrypted and compressed PIF (CDES,Lin&Lee,1998 [1]) Send out the compressed and encrypted PIF and the cheating text involving an ID Receiver
Decrypt the encrypted ID in the given PIF 2-nd key No, wait the correct cheating text to come Does find out the corresponding cheating text? No Yes 1-st key Receiver Decrypt the given PIF Generate the character’s position table (CPT) of the cheating text Decompress the given PIF Use the CPT and the PIF to reverse the original plaintext (CDES,Lin&Lee,1998 [1]) Plaintext output
CPT & PIF Input Plaintext : Cat is my pet. {C, a , t , i, s , m , y , p , e , . , □} Cheating text : Computer security is important. {C, o , m , p, u , t , e , r , s , c , i , y , a , n , . , □} Plaintext index file(PIF) 1 28 6 … … … … Table 1. Characters Position Table(CPT)
System model CDES module Compression module Compress the PIF Plaintext Cheating text CPT generated Encryption module Encrypt the compressed PIF PIF generated Image-Hiding module Hiding the PIF in image Send out via E-mail
Text + photo 這裡是秘密訊息 : 今晚8:00在科三409見面 今晚我們去喝杯City咖啡吧. Cheating text PIF It looks OK ! Sent out via Email Eavesdropper The proposal is based on Confused Document Encrypting Scheme
CDES Module • Feature • Sender :Generate the CPT by the cheating text, and the plaintext will generate PIF by CPT • Receiver :Use the CPT and the PIF to reverse the original plaintext
Compression Module • Feature • It provides compression/decompression for the plaintext index file(PIF), because the PIF size will be large. • It uses the LZMA algorithm
Data Compression • Reduce the data size. • Decrease transmission time • Increase security of data • Lower the cost • Compression type • Lossless data compression (Huffman coding, LZ series) • Lossy data compression (Prediction by Partial Match series)
LZMA algorithm • Dictionary coding • Dictionary size increased → Higher compression rate ↑ and lower speed ↓ Example: ABCDEFBCGXY • {AB,BC,CD,DE,EF) will be added to the dictionary and translated to a smallest unique-code . • Later, if BC has been stored in the dictionary, so it will be translated to a smallest unique-code ,and add the strings {BCG,XY} to the dictionary.
LZMA Diagram 大腦儲存區 (字典) 從窗戶外看到的景色會先存在眼睛的緩衝區 我看過的地方 台中 1 台中 雲林 台南 台中 台南 2 雲林 3 第一次看過這裡,將它存入字典 這地方我看過了,所以直接轉換成代碼 1,不再存入字典 22
Encryption Module • Feature • Encrypt the plaintext index file (PIF) • It uses the Blowfish algorithm
Cryptography • It will modify the file or message to a unreadable content and receiver must use a key to decrypt the content. Public area M M = Dk2(C) C = Ek1(M) (Encryptor) E (Decryptor) D Hacker KEY1 KEY2 Private area Ek (M) = Encryption function M ( Plaintext) = original message C ( Cipher text) = encrypted message Dk (C) = Decryption function
Blowfish algorithm • Symmetric block cipher • Key sizes : 32-448 bits • Block sizes : 64 bits • Structure : Feistel network • Easy to implement • Fast encryption
Image-hiding Module • Feature • It provides image hiding for the plaintext index file (PIF) • It uses the” JPHS“ (open source software) • It uses the Blowfish algorithm to encrypt the PIF in an image
Environment • Windows XP SP3 • Visual Studio 2005 • Mozilla Thunderbird 3 (3.0.4)
Do you want to have a coffee with me ? Do you want to have a coffee with me ? 這裡是秘密訊息 : Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. 29
Receive a mail Cheating text Plaintext index file embedded
Flow chart (Sender) Read the plaintext Hiding the PIF in image 2-nd Key Read the cheating text Compose a mail to receiver Generate the CPT of the cheating text From : weishin.pan@gmail.com Generate the plaintext index file To: magicpanx@gmail.com Subject: Hello ,magicpanx ! Compress the PIF Do you want to have a coffee with me? Cheating text 1-st Key Attached file : Encrypt the compressed PIF ncnu.jpg PIF embedded
Flow chart (Receiver) Read the cheating text From : weishin.pan@gmail.com 2-nd Key To: magicpanx@gmail.com Seek PIF from the attach image Subject: Hello ,magicpanx ! Do you want to have a coffee with me? 1-st Key Decrypt the PIF Cheating text Attached file : ncnu.jpg Generate the CPT of the cheating text PIF embedded Decompress the PIF Using the CPT and the PIF to reverse the original plaintext Plaintext Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. Plaintext output
Image hiding(JPHS) ncnu_original.jpg 33,767 bytes + PIF 200 bytes ncnu.jpg 13,449 bytes JPHSwin
Decrypt the plaintext Plaintext
Conclusion • Increase the security in email services • In original CDES, the PIF was sent in encrypted form, which looks meaningless and suspicious • Through the behavior observed in chatting, the image hiding technique is applied to hide the PIF in an emoticon or a photo, which looks meaningful
Future work • The framework can use for instant message (IM), like Windows Live Messenger, Yahoo Messenger in the future work. • Because human use the emoticon and photo in the chat, it has been a common behavior.
Reference • [ 1 ] Chu-Hsing Lin and Tien-Chi Lee, “A Confused Document Encrypting Scheme and its Implementation”,Computers & Security,Vol. 17, No. 6, pp.543-551, 1998. • [ 2 ]Wen-Hung Yeh and Jing-Jang Hwang, “Hiding Digital Information Using a Novel System Scheme”, Elsevier Science Ltd, 2001. • [ 3 ]Yeh, W. H. and Hwang J. J., "A scheme of hiding secret Chinese information in confused documents" , Journal of Information Management, Vol.7 (2),2001b, pp. 183-191 • [ 4 ]Bi-feng Liang, etc, “On the study and implementation for confused document encrypting scheme of data hiding”, Technical Report, Department of Information Management, Ta Hwa Institute of Technology, R.O.C.,2002. • [ 5 ]Tzu-jung Yao and Quincy Wu, "On the Study of Overhead Reduction for Confused Document Encrypting Schemes", International Conference on Multimedia Computing and Information Technology (MCIT 2010) University of Sharjah(UoS), Sharjah, United Arab Emirates (UAE), March 2-4, 2010.