400 likes | 667 Views
Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH Robert.sherman@sinclair.edu. Steganography and Cryptography. Fascinating but difficult topics for students Very strong mathematical link We use encryption almost every time we’re online
E N D
Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH Robert.sherman@sinclair.edu
Steganography and Cryptography • Fascinating but difficult topics for students • Very strong mathematical link • We use encryption almost every time we’re online • How can we educate, excite and motivate our students!!
Steganography and Cryptography • Cryptography and Network Security • William Stallings, 5th Edition • Prentice Hall • ISBN: 0-13-609074-9
Steganography and Cryptography • http://en.wikipedia.org/wiki/Steganography • Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.
Steganography and Cryptography • http://en.wikipedia.org/wiki/Steganography • The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion.
Steganography and Cryptography • Digital cameras and image sizes • Nikon D300 has a 12 megapixel sensor • Approximately 4000 x 3000 pixels • Common image storage techniques uses 3 bytes or 24 bits for each pixel • One byte used for red, green and blue color associated with each pixel
Steganography and Cryptography • 12 megapixel image could be as large as 36 megabytes in size • That image is commonly compressed and stored as a JPEG file type • That image stored as a JPEG fine image would be 6-8 MBs • Steganography uses the least significant bit of each byte for the purpose of holding the “hidden” data
Steganography and Cryptography • Steganography is the ability to hide an object inside another object • The viewer is not even aware of the hidden object • For example consider these two different pictures:
Steganography and Cryptography • Actually these two pictures are not the same • The picture on the right has a text document hidden inside of it • A secret message that the viewer doesn’t even know exists!!
Steganography and Cryptography • jphide: a tool to embed a file in a digital image • jpseek: a tool to retrieve a file from a digital image • Requires a shared secret (password) known to both parties
Steganography and Cryptography For example…….
Steganography and Cryptography After September 11th, the popular press reported on a regular basis that the al Qaeda terrorist network was using steganography to pass information covertly “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” USA Today, 10 July, 2002. “Authorities also are investigating information from detainees that suggests al Qaeda members -- and possibly even bin Laden -- are hiding messages inside photographic files on pornographic Web sites.”- CNN, 23 July, 2002 Wired News reported that messages are being hidden in images posted on Internet auction sites like eBay or Amazon. Some government sources suspect that Laden’s pre-recorded videos that are re-played on TV stations around the world contain hidden messages. • Could the 9/11 attacks have been one of these activities? • Intelligence experts suspect that individuals use embedded Internet messages to communicate covertly. • Will future terrorist attacks be coordinated thus?
Steganography and Cryptography • We use it nearly every day! • It’s been used for thousands of years! • It protects our communications, transactions and data! • It helps keep us safer!
Steganographyand Cryptography • Ciphers provide a method of taking normal text (plaintext) and converting it to encrypted text (ciphertext). • You might see the text but it would be unintelligble to you. • Substitution ciphers are one of the oldest forms and have been used for thousands of years to encrypt communication.
Steganography and Cryptography A substitution cipher might look like this: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Steganography and Cryptography The money is hidden in the backpack Becomes….
Steganography and Cryptography The money is hidden in the backpack Becomes…. Wkh prqhb lv klgghq lq wkh edfnsdfn
Steganography and Cryptography iuhh slccd iru oxqfk wrgdb Becomes…
Steganography and Cryptography iuhh slccd iru oxqfk wrgdb Becomes… Free pizza for lunch today
Steganography and Cryptography • The “key” in this example is 3 • The “key” is used in both the encryption and the decryption process • The “key” must be known to both parties but kept secret from others!
Steganography and Cryptography • Symmetric cryptography • Also known as “secret key” • A single key performs both functions: encrypt and decrypt • If the key becomes known by others, confidentiality is lost • How many keys are needed?!
Steganography and Cryptography • Asymmetric cryptography • Two keys • One public; one private • One encrypts and the other decrypts • The public key is available to everyone • The private key is known only to its owner
Steganography and Cryptography • We use cryptography on the web every day! • Secure web sites • HTTPS and digital certificates • https://mail.sinclair.edu/exchange/
Steganography and Cryptography • Secure Socket Layer (SSL) and Transport Layer Security (TLS) • Client and server exchange a sequence of messages that results in the server providing its certificate to the client • The client (browser) chooses a “key” and encrypts it with the server’s public key and sends it to the server
Steganography and Cryptography • The server decrypts that key (using its private key) • The client and server have now securely exchanged a “secret key” • That key is used by both parties to calculate another key using the Diffie Hellman algorithm
Steganography and Cryptography • That key is used by both parties for the online session • The key is used to encrypt and decrypt all messages exchanged between client and server • The key can be changed periodically during the connection and is discarded at the end of the session
Steganography and Cryptography • We actually use both symmetric and asymmetric cryptography every time we visit a secure web site!
Steganography and Cryptography We can use Wireshark or any other network monitor tool to capture and view all of this traffic. For example…..
Related topics…. • Hashing • MD5 • SHA-1 • IPSec • Another way to provide for secure transport of data • Virtual Private Networks (VPNs)
Steganography and Cryptography • What works for you? • Ideas to share? • Comments? Robert.sherman@sinclair.edu