680 likes | 830 Views
eCrime and Steganography. Lecture & Demonstration. Origins of Steganography. Steganography Origins From the Greek Roots “Steganos” or Covered “Graphie” or Writing “Covered Writing” First Known Usage
E N D
eCrime and Steganography Lecture & Demonstration
Origins of Steganography • Steganography Origins • From the Greek Roots • “Steganos” or Covered • “Graphie” or Writing • “Covered Writing” • First Known Usage • The early Greeks and Persians used several forms of covered writing to conceal the communication of secret or covert messages • Origins date back as far 2,500 years ago
Demaratus of Ariston was exiled in Persia, and while there, he received news that Xerxes had decided to invade Greece. He decided that he must get word of the pending invasion to Sparta. Since discovery of such an act meant certain death, he decided that he must conceal the message. He scraped the wax off a pair of wooden folding writing tablets and carved a warning message in the wood. He then covered the wood with a fresh coat of wax. The tablet was passed by the sentries without raising any suspicion and was delivered to and read by the Greeks. Origins of Steganography WAX TABLET
Origins of Steganography • Null Cipher Messages • Most notably this method was used during World War I by the Germans • Text based steganography has taken on several forms PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW, STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW, STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY PERSHING SAILS FROM NY JUNE 1
Dangers of Steganography • Steganography vs. Encryption • Steganography and Encryption each have distinct purposes • Encryption • Keeps information private by using a mathematical algorithm which renders the contents unreadable unless you possess a specific key allowing you to decipher the message • Encrypted objects are typically easy to identify or detect • The existence of the message is obvious, however the content is obscured • Steganography • Hides the actual existence of a message or hidden data • Hides information in plain sight by exploiting weaknesses of our human senses
Dangers of Steganography Encryption Steganography
CP Apply Stego Covert Message Send Message With Innocuous Attachment password Firewall Carrier Image password Reveal Stego Revealed CP Steganography E-Mail Communication
Who knows about it? source google.com
How global is the problem? A R A B I C
How global is the problem? C H I N E S E
How global is the problem? G E R M A N
How global is the problem? K O R E A N
How global is the problem? C R O A T I A N
How global is the problem? J A P A N E S E
Steganography How does it work?
Human Sight Characteristics Poor detection and identification of differing shades of color Poor recognition of high intensity shades (i.e. bright blue and violet shades of color) Human Hearing Characteristics Very sensitive to noise and distortion Imperceptible in detecting slight amplitude shifts Imperceptible in detecting slight phase shifts How is this possible?
Palette Images • Map to a pre-defined color on a table • Pixel represented by table lookup value 2 2http://www.webstyleguide.com/graphics/displays.html
RGB or True Color Images 4 • True Color images • Typically represented by 24 bits • 8 bits for each color (red, green, blue) • 16.7M possible colors (28 x 28 x 28) • Each pixel holds color triplet 4http://www.webstyleguide.com/graphics/displays.html
Least Significant Bit (LSB)Steganography Applied to RGB Color Images
1 0 1 1 0 1 0 1 0 1 0 LSB Substitution – bit 0 LSB Substitution Individual Colors Before After Combined Color 0 RED Before After GREEN 1 1 0 0 0 1 1 0 1 1 1 0 0 0 0 1 BLUE
1 0 1 1 0 1 0 1 0 1 0 LSB Substitution bit 0 and 1 LSB Substitution Individual Colors Before After Combined Color 1 RED Before After GREEN 1 1 0 0 0 1 0 0 1 1 1 0 0 0 1 1 BLUE
0 1 0 LSB Substitution bits (0-3) LSB Substitution Individual Colors Before After Combined Color 1 0 1 1 1 0 1 0 1 RED Before After GREEN 1 1 0 0 1 0 0 0 1 1 1 0 1 1 1 1 BLUE
Digital Audio • CD Audio • Typically referred to as wave audiofiles • Wave audio is an uncompressedset of samples • Each samples is represented as a16-bit value • Binary • 0000 0000 0000 0000 – 1111 1111 1111 1111 • Hex • 0000 - FFFF • Decimal • -32768 to +32767 • Each sample is collected at a frequency of 44.1 Khz or 44,100 times per secondbased on Nyquist’s theorem 5 “Nyquist's theorem: A theorem, developed by H. Nyquist, which states that an analog signalwaveform may be uniquely reconstructed, without error, from samples taken at equal time intervals. The sampling rate must be equal to, or greater than, twice the highest frequencycomponent in the analog signal” 5http://www.its.bldrdoc.gov
Digital Audio - Dangers • Audio based steganography has the potential to conceal more information • Audio files are generally larger than images • Our hearing can be easily fooled • Slight changes in amplitude can store vast amounts of information • Many sources and types makes statistical analysis more difficult • Greater amounts of information can be embedded without audible degradation
LSB in Action Steganography Demonstration
Known Methods of Steganography CovertChannels 24-Bit LSBEncoding ColorPaletteModification EncodingAlgorithmModification WordSubstitution FormattingModification DataAppending
Known Methods of Steganography DataAppending Typically modifies the cover file by appendingdata after the standard end-of-file marker ExampleProgram Camouflage
Data Appending Example Carrier Image Hidden Data
Original Carrier File Data Appending Example End of File Markers Hidden Data Camouflage Hidden Message
Camouflage in Action Demonstration
Known Methods of Steganography FormattingModification Works by making subtle modification to text and/or line spacing in standard documents Invisible Secrets ExampleProgram
Carrier File Hidden Data Formatting Modification Example
Formatting Modification Example HASH 7E62 FC70 65FE 8095 7796 23DC 697D CBDF EEEC 3E07 HASH D350 E408 495B D1A4 2FDB 6A54 6C34 2F94 DE8F 89E5 Modified Carrier File Original Carrier File
Formatting Modification Example Original Carrier File Modified Carrier File
Known Methods of Steganography WordSubstitution Automatically create “spam” like messages that actually contain hidden data Spam Mimic – Web based steganography tool WordSubstitution http://www.spammimic.com/
Message to Encode Word Substitution Example
Spam encoded message Spam mimic
Known Methods of Steganography ColorPaletteModification Typically applied to 8-BIT images such as GIF or 8 BIT BMP files. The technique modifies the color palette and the associated colors in the image to embed data Gif-it-Up ExampleProgram
Color Palette Modification Example Carrier Image HiddenData
Color Palette Modification Example Carrier Image Covert Message
Known Methods of Steganography 24-Bit LSBEncoding The LSB method makes subtle changes to each pixel of the image. The changes are undetectable through visual inspection for most images ExampleProgram Example Program : S-Tools Version 4.0
MP3 perceptual noise shaping (PNS) Modification JPEG Discrete Cosine Transform (DCT)Modification Known Methods of Steganography EncodingAlgorithmModification