Security Protection of Software Programs by Information Sharing and Authentication Techniques Using Invisible ASCII Control Codes Authors : I-Shi Lee and Wen-Hsiang Tsai Source : International Journal of Network Security, vol. 10, no. 1, pp. 1-10, 2010 Presenter : Ping-Kun Hsu ( 許許許 ) Date : 11/26/2010
Security Protection of Software Programs by Information Sharing and Authentication Techniques Using Invisible ASCII Control Codes. Authors : I-Shi Lee and Wen-Hsiang Tsai Source : International Journal of Network Security, vol. 10, no. 1, pp. 1-10, 2010 - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Security Protection of Software Programs by Information Sharing and Authentication
Techniques Using Invisible ASCII Control Codes
Authors : I-Shi Lee and Wen-Hsiang TsaiSource : International Journal of Network Security, vol. 10, no. 1, pp. 1-10, 2010Presenter : Ping-Kun Hsu (許鈵昆 )Date : 11/26/2010
2
Outline Introduction ASCII control codes The proposed method Experimental result Conclusions
3
Introduction Goals
Information Sharing Authentication
Related Works Invisible Character Coding Table Exclusive-OR
4
ASCII control codes(1/2)
Hex Char Hex Char Hex Char Hex Char
0 NUL 8 BS 10 DLE 18 CAN
1 SOH 9 HT 11 DC1 19 EM
2 STX A LF 12 DC2 1A SUB
3 ETX B VT 13 DC3 1B ESC
4 EOT C FF 14 DC4 1C FS
5 ENQ D CR 15 NAK 1D GS
6 ACK E SO 16 SYN 1E RS
7 BEL F SI 17 ETB 1F US
invisible in the comments or characters string of VC++ programs
5
ASCII control codes(2/2)
6
The proposed method(1/8) Invisible Character Coding Table
Hex Invisible ASCII Code Bit Pair
1C FS 00
1D GS 01
1E RS 10
1F US 11
The proposed method(2/8) Flow Chat
7
Secret program Camouflage programs Secret random key
⊕ ⊕
Shares
Authentication signs
Stego-programs
Invisible Character Coding Table
The proposed method(3/8) Creating shares from the secret program
Ss : Secret program string Pk: Camouflage program, , k = 1, 2, … , n Sk: Camouflage programs string, k = 1, 2, …, n Y’: The expanded key Ek: The shares, k = 1, 2, …, n
8
S1 S2 S3 Sn-1 Sn Ss⊕ ⊕ ⊕ ⊕‧‧‧ ⊕ ⊕⊕ Y’
E E1 E2 En-1 E3 En‧‧‧
= E
Pk = c1c2c3 … Sk
9
The proposed method(4/8) Generating authentication signs
Sk: Camouflage programs string, k = 1 ,2, …, n Ek: The shares, k = 1, 2, …, n Ak: The authentication signs, k = 1, 2, … ,n Y : The secret random key
Sk
Ek
Y
= (ABC)16 =(65 66 67)10
= (10101010)2 = (170)10
= (DEF)16 =(68 69 70)10
65+66+67 mod 170 = 28
68+69+70 mod 170 = 37
00011100 00100101 = Ak
10
The proposed method(5/8) Encoding and hiding the shares and signs
Ek: The shares, k = 1, 2,…, n Ak: The authentication signs, k = 1, 2,… , n Fk: Binary string, k = 1, 2,… , n Pk: Camouflage program, , k = 1, 2, … , n Pk’: Stego-programs, k = 1, 2, … , n
Ek Ak Fk = ||
= 01000100 01000101 01000110 00011100 00100101
Invisible character coding table
1D1C1D1C 1D1C1D1D 1D1C1D1E 1C1D1F1C 1C1E1D1D
Pk Pk’
11
The proposed method(6/8) Extracting hidden shares and signs
Ek: The shares, k = 1, 2,…, n Ak: The authentication signs, k = 1, 2,… , n Fk’: The extracted character string, k = 1, 2,… , n Pk: Camouflage program, , k = 1, 2, … , n Pk’: Stego-programs, k = 1, 2, … , n
Pk’ Pk
1D1C1D1C 1D1C1D1D 1D1C1D1E 1C1D1F1C 1C1E1D1D
= Fk’||
Invisible character coding table
Fk’ =
01000100 01000101 01000110 00011100 00100101
Ek Ak
The proposed method(7/8) Authenticating
Ek: The shares, k = 1, 2,…, n Ak’: The authentication signs, k = 1, 2,… , n Pk: Camouflage program, , k = 1, 2, … , n Sk: Camouflage programs string, k = 1, 2, …, n Y : The secret random key
12
=00011100 00100101 Ak’
Ak = 00011100 00100101 Pk = c1c2c3 … Sk
Sk
Ek
= (ABC)16 =(65 66 67)10
= (DEF)16 =(68 69 70)10
65+66+67 mod 170 = 28
68+69+70 mod 170 = 37
Y = (10101010)2 = (170)10 00011100 00100101 = Ak’
13
The proposed method(8/8) Recovering the secret program
Ss : Secret program string Sk: Camouflage programs string, k = 1, 2, …, n Y’: The expanded key Ek: The shares, k = 1, 2, …, n
E E1 E2 En-1 E3 En‧‧‧|| || || || =
Ss⊕ S1 S2 S3 Sn-1 Sn
⊕ ⊕ ⊕ ⊕‧‧‧ ⊕ ⊕ Y’= E
14
Experimental result
15
Conclusions The proposed method may decrease the
doubts of malicious attackers.
The proposed method may be extended to deal with web pages.