1 / 19

Steganography

Steganography. Sarah Weeks, Auburn University. Overview. What is steganography ? Regarding cryptography Classifications of steganography Who uses steganography?. What is Steganography?. Steganography comes from the Latin & Greek roots: Steganos (Greek) meaning covered

zeno
Download Presentation

Steganography

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Steganography Sarah Weeks, Auburn University

  2. Overview • What is steganography? • Regarding cryptography • Classifications of steganography • Who uses steganography?

  3. What is Steganography? • Steganography comes from the Latin & Greek roots: • Steganos (Greek) meaning covered • Graphy (Latin) meaning writing or drawing • Steganography is the science of hiding information. (Kessler) • Steganography is the art of concealing the existence of information within seemingly innocuous carriers (Johnson) • The Art & Science of using overt objects to create and exploit covert communications. (Trawick)

  4. Covert Channels • Definitions • NSA: Definition 4 - Covert channels are those that "use entities not normally viewed as data objects to transfer information from one subject to another.“ • RSA Labs: A covert channel enables the prisoners [actors] to exchange secret information through messages that appear to be innocuous. • Wikipedia: a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. • Steganography is arguably the most common covert channel used (but only among those who consider steganography a covert channel)

  5. Regarding Cryptography • Steganography and Cryptography are not the same • Cryptography seeks to scramble the contents of a message in such a way that it is unreadable without the proper key • Steganography seeks to completely hide the existence of the message • The two concepts can be used together • Order of operations is relevant • A hidden message that is encrypted • An encrypted message that has a hidden message inside

  6. Steganography Simple Example A simple example of a steganographic system would be to use a given letter of each word in the cover-medium to convey your message: Susan eats truffles. Under pressure, that helps everything before 0wning Major Bullwinkle. Hides the message: “Set Up the b0MB”

  7. Classifications of Steganography • Insertion • Substitution • Generation

  8. Classifications - Insertion • Adds to beginning or ending of file • In between BOF and EOF headers • Practically unlimited storage • Does not affect the appearance of original • Does not modify the original data • Metadata for the file may be changed, however • File size changes proportionately

  9. Classifications - Substitution • Changes existing data in the original file • In images change typically applied to Least Significant Bit (LSB) • Limits to how much you can hide • Can change the visual appearance

  10. Classifications - Generation • Uses an algorithm and a hidden file to generate a new file • Unlimited storage • Generates pictures such as fractals, static or noise depending on algorithm used. • Use may allow steganography image to remain intact even after processing such as format change

  11. Substitution Example http://scien.stanford.edu/pages/labsite/2005/psych221/projects/05/vvikram/stegosubst.htm

  12. Who Uses Steganography? • Terrorists are thought to use steganography (particularly Web Images) to transmit messages to communicate and coordinate criminal activity • Commercial & Government users use it to communicate with employees and hide critical data • Use as a Dead-Drop so parties don’t know each other

  13. Steganography Detection Try to open all the pictures? • File in question is usually password protected • George Trawick’sPhD Dissertation • Looking for traces of Steganography, something which narrow down the pool of possibilities • In the example of JPEG compression, certain elements remain stable and therefore traceable so that law enforcement can more easier cope with image-altering steganographic techniques

  14. Steganography Detection Tools • StegDetect • Outguess • Camouflage • iSteg - http://www.hanynet.com/isteg/index.html • Pict Encrypt

  15. StegDetect • Uses linear discriminant analysis Outguess, “Steganography Detection with Stegdetect,” Neil Provos, 1999-2004. http://www.outguess.org/detection.php

  16. OutGuess $ outguess -k "my secret key" -d hidden.txt demo.jpg out.jpg Reading demo.jpg.... JPEG compression quality set to 75 Extracting usable bits: 40059 bits Correctable message size: 21194 bits, 52.91% Encoded 'snark.bz2': 14712 bits, 1839 bytes Finding best embedding... 0: 7467(50.6%)[50.8%], bias 8137(1.09), saved: -13, total: 18.64% 1: 7311(49.6%)[49.7%], bias 8079(1.11), saved: 5, total: 18.25% 4: 7250(49.2%)[49.3%], bias 7906(1.09), saved: 13, total: 18.10% 59: 7225(49.0%)[49.1%], bias 7889(1.09), saved: 16, total: 18.04% 59, 7225: Embedding data: 14712 in 40059 Bits embedded: 14744, changed: 7225(49.0%)[49.1%], bias: 7889, tot: 40032, skip: 25288 Foiling statistics: corrections: 2590, failed: 1, offset: 122.585494 +- 239.664983 Total bits changed: 15114 (change 7225 + bias 7889) Storing bitmap into data... Writing foil/out.jpg.... Outguess, “Steganography Detection with Stegdetect,” Neil Provos, 1999-2004. http://www.outguess.org/detection.php

  17. Summary • What is steganography? • Regarding cryptography • Classifications of steganography • Who uses steganography?

  18. Questions?

  19. References • “Principles of Steganography,” Max Weiss. http://www.math.ucsd.edu/~crypto/Projects/MaxWeiss/steganography.pdf • Wikipedia: http://en.wikipedia.org/wiki/Steganography • “Steganography Primer or Intro to Steganography,” Computer Academic Background, 2004, http://druid.caughq.org/presentations/Steganography-Primer.pdf • Outguess, “Steganography Detection with Stegdetect,” Neil Provos, 1999-2004. http://www.outguess.org/detection.php • “Substitution based systems,” http://scien.stanford.edu/pages/labsite/2005/psych221/projects/05/vvikram/stegosubst.htm.

More Related