part 2 detection and research n.
Skip this Video
Loading SlideShow in 5 Seconds..
Steganography PowerPoint Presentation
Download Presentation

Loading in 2 Seconds...

play fullscreen
1 / 12

Steganography - PowerPoint PPT Presentation

  • Uploaded on

Part 2 – Detection and Research. Steganography. Introduction to Steganalysis. What is steganalysis? The art of detecting messages hidden by steganography Alternatively, detection of Steganography by a third party Research and analysis of steganography tools to develop detection methods.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Steganography' - idania

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
introduction to steganalysis
Introduction to Steganalysis
  • What is steganalysis?
    • The art of detecting messages hidden by steganography
    • Alternatively, detection of Steganography by a third party
    • Research and analysis of steganography tools to develop detection methods
introduction to steganalysis1
Introduction to Steganalysis
  • Why is it important to Computer Forensics?
    • Steganography allows a person to hide information in a non-obvious way, so potentially tough to find evidence.
      • Harder to spot steganography than encryption.
    • Steganography is tough to detect. You need a tool to help you.
    • Time intensive to check images etc for steganography.
      • Need help to narrow down the search
detection methods
Detection Methods
  • Human Methods
    • Manually look at the file
      • Extremely hard to detect steg with sight or hearing
      • Looking for anomalies in image or with sound
        • Only possible when the hidden message is large compared to the carrier.
    • Look for anomalies in file size etc
    • All human methods are very time intensive and not reliable.
detection methods1
Detection Methods
  • Computer Forensic Methods
    • We can use CF techniques to help find evidence of steg usage
    • Search for evidence of steganography tools
      • Use a tool like EnCase to look for deleted programs
      • Look in start menu's
      • Look for remnants of steg tools in registry
    • If we can find a tool then we know what steganalysis to run
      • Detection is typically different for each steg tool so we want to reduce the number of steg tools we scan for in our images, mp3s, etc.
detection programs
Detection Programs
  • Use a specialized tool
    • Much like a virus scanner
      • Scans disk looking at files for steg “signatures”
      • Can search based on for a specific tool's signature
  • Freeware/Opensource tool
    • Stegdetect
      • Can detect and crack various JPEG based steg tools
        • Such as JPHide, Outguess, F5, etc
  • Commerical Products
    • StegoSuite by Wetstone
    • StegAnalyzer by SARC
demo of stegdetect
Demo of Stegdetect
  • Command line tool
    • Usage: stegdetect <options> <files>
    • Options
      • -q only report images that have steg content
      • -s <number> change the sensitivity of detection
      • -t <tools> select which tools to search for
        • Any combination of j, o, p, i.
        • j = JSteg, o = OutGuess, p = JPHide, i = Invisible Secrets
    • Example:
      • stegdetect -q -t jp *.jpg
      • Search all jpeg's in current directory for usage of Jsteg and JPHide and report only those that do have steg.
detection tools
Detection Tools
  • Blind Steganography Detection
    • When you don't know the steg tool used.
      • Might even be a steg tool thats not widely known about
    • Involves statistical techniques
      • Expected values of image compared to actual
        • File size, noise levels
        • Chi-Square tests on distribution of DCT values
          • DCT values in a non-steg match a distribution curve
          • Modified DCT values don't fit this curve
      • May give false positives, or false negatives
      • Some steg tools purposely avoid these statistical detection techniques by adjusting other values to fool the Chi-Square test.
detection tools1
Detection Tools
  • Blind Steganography Detection Con't
    • Once a file is flagged as being steg'd we need to extract the hidden message.
    • May need to break a password or encryption
      • JPHide uses a password to control how it modifies the JPEG, therefore we need to know the password in order to extract the image.
      • Contained message may be encrypted.
    • Might have to use brute force to break
      • Can be extremely time consuming for complex passwords.
steganography research
Steganography Research
  • Finding new ways of detecting steg
    • Improving blind detection methods
      • Genetic algorithms
        • Self modifying algorithm
        • Adapts to find optimal solution
          • In this case, optimal detection of steg
      • Artificial intelligence
        • Support Vector Machines
          • Consists of classifying an image, steg or non-steg
          • Composed of a feature vector
          • Specific sections or statistics of an image to look at
          • SVM is trained on a series of steg and non-steg images along with its feature vector and learns how to detect steg to a high percentage.
steganography research1
Steganography Research
  • Also finding new ways of steg'ing files
      • MPEG, PNG, etc
      • Tells us if we need to be concerned with steg in certain files
      • Important in order to adapt our practices of what or what not to search for in an investigation.
steganography research2
Steganography Research
  • URI Steganography Research Group
    • Received a NIJ grant to create a steg detection tool
    • Combines own SVM along with commercial detection software
    • Provides a single toolchain to analyze, break, and report.
      • Gives a single interface to forensic examiners
      • Easily extendable to new tools, new file formats without examiner having to learn new tool/technique.
      • Allows examiner to submit files to be checked and allows them to continue their examination.