1 / 42

Information Hiding Cryptography & Steganography

Information Hiding Cryptography & Steganography. Lesson 6. What is Cryptography. Protecting information by transforming it into an unreadable format Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format.

katy
Download Presentation

Information Hiding Cryptography & Steganography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information HidingCryptography & Steganography Lesson 6

  2. What is Cryptography • Protecting information by transforming it into an unreadable format • Encryption is the process that transforms the data into the unreadable format, Decryption restores it to its original format. • Used to prevent information from “falling into the wrong hands” • Data is only available to the people that are supposed to see it

  3. A little history • Cryptography is not new • 1900 BC hieroglyphics • 60 BC Caesar cipher • Simple substitution cipher • Replace each letter with alphabet shifted K letters • If K=3 then “hello” becomes “khoor” • Thomas Jefferson considered by some to be the father of U.S. cryptography • Cryptography vital during World Wars • German Enigma machine in WW II • “Lucifer” IBM project in late 1960’s became successful commercial product

  4. How does it work • A few terms • Plaintext – the original message • Ciphertext – the encrypted message • Encryption – how the message is scrambled • Decryption – how the message is unscrambled • Cryptographic system – specific method of encryption and decryption (also called a cipher or cryptosystem) • Transposition – rearranging elements • Substitution – replacing elements

  5. How does it work • Encryption is NOT the same as a code • Code – words are substituted for other words • Navajo code talkers from WW II • “dah-he-tih-hi (hummingbird) substituted for “fighter plane” • “besh-lo” (iron fish) meant “submarine”

  6. How does it work • Encryptkey(Plaintext) = Ciphertext • Decryptkey(Ciphertext) = Plaintext • Must know method and key (if used) • Not all crypto methods use keys

  7. How does it work • Caesar cipher • Plaintext = “hello” • Encryption method = substitute letter with letter plus 3 • Encrypt(“hello”) = Ciphertext = “khoor” • How can we make this method more secure?

  8. How does it work • Caesar cipher with incrementing substitution • Plaintext = “hello” • Encryption method = substitute letter with letter(I) where I starts at 3 and increments 1 for each letter • Encrypt(“hello”) = Ciphertext = “kiqrv”

  9. Different Methods • Symmetric – same key is used for both encryption and decryption (also called private key encryption) • DES - Data Encryption Standard • Loosely based on Lucifer which used 112 bit keys • NSA asked that the key length be shortened to 56 bits • Triple-DES – variant of DES • AES - Advanced Encryption Standard • IDEA – International Data Encryption Algorithm

  10. Different Methods • DES • Encrypts 64-bit blocks using a 56-bit key • 64-bit block is permutated • 64-bit block split into two 32-bit blocks • Each sub-block is combined with the key and processed 16 times • Sub-blocks are joined and sent through an inverse permutation process

  11. How DES Works Initial Permutation DES operates on a 64-bit block of plaintext which it breaks into two 32 bit blocks.

  12. Different Methods • Skipjack – developed and released by NSA • Uses 80-bit keys • Used in Clipper chip • Meant to help FBI combat criminals using encryption • Built in back door for law enforcement • Government has “master key” • Key escrow – session key held for later release to law enforcement when needed • Government tried to force this as a standard • Not widely accepted

  13. Different Methods • Problems with symmetric methods • Same key is used to encrypt and decrypt • Shared key is more likely to be compromised • Possible to brute force short keys • Certain keys are weak • Different keys can produce identical ciphertext • Distribution of keys

  14. Different Methods • Asymmetric – uses two different keys (also called public key) • Private key – known only to one party • Public key – available to anyone • Diffie-Hellman • 1976 - First discussion of public-key distribution system • RSA (named for its inventors Ron Rivest, Adi Shamir, and Leonard Adleman) • PGP (Pretty Good Privacy)

  15. Different Methods • Diffie-Hellman Method • Ciphertext = Encrypt public key[Plaintext] • Plaintext = Decrypt private key[Ciphertext] • Each party creates their own private key • Each party computes a public key using a mathematical function of the private key • Public keys are exchanged • Message key is computed from other person’s public key and your own private key • If the math is right, the message key is the same on both sides

  16. Uses of Public Key Cryptography • Digital Signatures • Used to authenticate digital material • Prove identity and validity of action or material • Transmission of symmetric key (public key encryption is generally slower)

  17. Uses of Public Key Cryptography • Digital Signatures and Public Key Encryption • Message encrypted or signed with private key of sender and public key of recipient • Recipient decrypts with own private key and sender’s public key • Only sender has the right private key so if it decrypts it must have come from the sender • NOTE: Assumes keys have not been compromised

  18. Uses of Cryptography • Digital Certificates • Used to encode and verify messages • Requires a Certificate Authority that creates a digital certificate based on a private key and other authentication information • Implements the “trusted third party” concept • X.509 is a popular standard for defining digital certificates

  19. Uses of Cryptography • VPN (Virtual Private Network) • Connects geographically separate offices using public communication means • Packets are usually “tunneled” – entire packet is encrypted and encapsulated in a new packet before sending • Hardware or software based • Sometimes integrated into firewalls • Usually cheaper than leased lines • Very good for mobile employees that need access to the company network

  20. Uses of Cryptography • Smart Cards • IPv6 will support IPsec – built in encryption • SSH – Secure Shell, an alternative to Telnet • E-mail – PGP very popular in this area • File or disk encryption

  21. Uses of Cryptography • Key Escrow and Key Recovery • Keys held in “reserve” in case the original keys are lost or damaged • Usually split between two parties, each with half of the key • Often requires two or more people to access and recover key

  22. Breaking Crypto • Weaknesses • The human factor • Security of key and message • Key length • Short keys can be broken even with a good algorithm • Algorithm • Very difficult to develop a secure algorithm • Weak algorithm can be insecure even with a long key

  23. Breaking Crypto • Differential Cryptanalysis • Look for differences in pairs of messages • Only works on certain ciphers • Linear Cryptanalysis • Looks for simple approximation of encryption function • Differential Power Analysis • Measures power consumption of hardware encryption devices

  24. DPA

  25. Breaking Crypto • Brute Force • Just try different keys until you get one that works • DES Challenge • Worked off of 56 bit keys • Sponsored by RSA to show weaknesses in DES • Electronic Frontier Foundation built special system (DES Cracker) to crack DES in 56 hours • Jan 19, 1999 – Distributed.Net cracks 56-bit DES in 22 hours and 15 minutes using 100,000 PCs on Internet and DES Cracker • Testing 245 billion keys per second • Depends on where key falls in possible keyspace

  26. Breaking Crypto • Advances in computing power enhances ability to break crypto. • 56-bit DES broken in less than a day • Roughly 70 thousand trillion possible keys • 128-bit DES would have 3 * 10^38 possible keys • 1 billion processors capable of processing 100 million keys/sec would take 10^20 years to try all keys • Cracking just needs to find a suitable key, not try every combination

  27. Steganography

  28. Steganography • Literally means “covered writing” • The practice of hiding a message in such a manner that its very existence is concealed. • Done by embedding the message in some medium such as a document, image, sound recording, or video. • Those who know the medium contains a message can extract it. • For those who don’t know about it, the message will be completely invisible. • Related concept is digital “watermarking”

  29. Steganography -- historical examples • In the Histories of Herodotus • Demaratus wanted to notify the Spartans that Xerxes planned to invade Greece. He had the wax scraped off of writing tablets, the message carved into the wood, then recovered with the wax. The message was thus hidden. • Shave the head of a messenger, tattoo the message on his head, let his hair grow back. • Codes, invisible ink, microdots

  30. Encoded messages • “Pershing sails from N.Y. June 1” • Example 1: President’s embargo ruling should have immediate notice. Grave situation affecting international law, statement foreshadows ruin of many neutrals. Yellow journals unifying national excitement immensely. • Example 2: Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on byproducts, ejecting suets and vegetable oils.

  31. Hiding images in files • Takes advantage of coding scheme • For pictures, each pixel represented by 1 or more bytes. • If the least significant bit is used to encode the message, small variations in the picture may occur but the message will be hidden inside. • A 400 x 300 image will have 120,000 pixels thus • if 8 bit coding scheme (256 colors) 120,000 bits of coded message can be encrypted or 15,000 bytes (characters). • If RGB scheme used with 3 bytes/pixel (one for each color RGB) even more data can be hidden since the resulting file is much larger.

  32. Steganography 111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111 111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111 CAB = 01000011 01000001 01000010 8 shades of gray 000 001 010 011 100 101 110 111

  33. Steganography 111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111 CAB = 0 1 0 0 0 0 1 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0 Original = 111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111 Hidden = 110 001 000 000 110 000 111 001 110 001 000 000 110 000 000 001 110 001 110 000 110 000 001 000 111 8 shades of gray 000 001 010 011 100 101 110 111

  34. Steganography Hidden = 110 001 000 000 110 000 111 001 110 001 000 000 110 000 000 001 110 001 110 000 110 000 001 000 111 110 001 000 000 110 000 111 001 110 001 000 000 110 000 000 001 110 001 110 000 110 000 001 000 111 original hidden original 8 shades of gray 000 001 010 011 100 101 110 111

  35. Example (hideseek on gif file) Original Version with hidden text Text: “This is a MacGregor 26X.”

  36. Example (hideseek on gif file) Original Version with hidden text Text: “This is a MacGregor 26X under power. Cool looking boat with lots of neat features. Uses water ballast system so very easily trailered. This also results in an extremely shallow draft so it can be easily beached..”

  37. Example (PGE on jpg file) Original Picture with hidden text Text: “A sample text to hide.”

  38. Example (PGE on jpg file) Original Picture with hidden text Text: “A sample text to hide. This is a larger file to hide. The photo is cool, how did that car get underneath the jet in the first place?”

  39. Example (Hide4pgp with wav) Original Wav file with hidden text Text: “An example of text hidden in a sound file.”

  40. Steganography (TextHide)

  41. Steganography (TextHide)

  42. What can you do about it? • First of all, why worry? • There are some legitimate concerns but often there are many other easy ways to conceal/capture info. • Detection • Watermarks harder than complete stego images • Any manipulation of image introduces distortion • Changes between colors rarely occur in 1-bit shifts • (not true of gray-scale) • one way to foil is to use color palettes that change dramatically with 1-bit shifts

More Related