Honeypot and Steganography

NIS ASSIGNMENTTopic: Honeypot and Steganography

Date:08/08/2015

Made By:Preeti KumariSushma Bhat

MOUNT CARMEL COLLEGEDEPARTMENT OF MCA

HoneypotsBe afraid

Be very afraid

page 312/10/07 Presentation

CONTENTS Introduction History

What is Honeypot?

Classification

Applications

Advantages and Disadvantages

Conclusion References


Introduction

The primary goal of computer security is to defend computers against attacks launched by malicious users. A relatively recent innovation in intrusion detection

technology is the honeypot. The systems can only react to or prevent attacks but they

cannot give us information about the attacker, the tools used or even the methods employed. Hence, Honeypots are a novel approach to network security and security research

Honeypots are closely monitored decoys that are employed in a network to study the trail of hackers and to alert network administrators of a possible intrusion.


The concept of Honeypots was first described by Clifford Stoll in 1990.

It began with two publications, “The Cuckoos Egg” and “An Evening with Breford”.

The first honeypot was released in 1997 called the Deceptive Toolkit.

In 1998 the first commercial honeypot called Cybercop Sting was released.

In 2002 the honeypot was used all over the world. In the year 2005 The Philippine Honeypot Project was started to

promote computer safety over in the Philippines.

History


A HONEYPOT is an information system resource whose value lies in unauthorized or illicit use of that resource

Honeypots and firewalls work in reverse direction to each other as the honeypots allow all traffic to come in but blocks all outgoing traffic. Most honeypots are installed inside network firewalls and is a means of monitoring and tracking hackers. Honeypots are a unique tool to learn about the tactics of hackers.

Honeypots are decoy systems that are designed to lure a potential attacker away from critical systems.

What is a Honeypot?


Goals of the Honey pot system The virtual system should look as real as possible, it

should attract unwanted intruders to connect to the virtual machine for study. It must include files, directories and information that will catch the eye of the hacker.

The virtual system should be watched to see that it isn’t used for a massive attack on other systems.


Purpose

The two main reasons why honeypots are deployed are

1.To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems. 2. To gather forensic information required to aid in the apprehension.


Block diagram of single honeypot


How do honeypots work?


Classification of HoneyPots Honeypots can be classified according to two criteria:

According to their Implementation Environment According to their Level of Interaction.


Implementation Environment

Under this two category

Production Honeypots

Research Honeypots


Production Honeypots: ….. Used to protect organizations in real production

operating environments.

Specifically the three layers of prevention, detection, and response.


Research Honeypots: …..

These Honeypots are not implemented with the objective of protecting networks.

Studying all sorts of attack patterns and threats.

Used to gather information about the intruders’ actions.


Level of Interaction …...

The term “Level of Interaction” defines the range of attack possibilities that a Honeypot allows an attacker to have.

classified on the bases of their levels:-

1. HoneyD (Low-Interaction)

2. Honey net (High-Interaction)


Low-Interaction Honeypots

Low-interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain.

Nepenthes Honeyd Honeytrap Web Applications


High-interaction Honeypots

Honeynets is a collection of honeypots are combined to create a single honeynet.

High-interaction honeypots provide an attacker with a real operating system where nothing is emulated or restricted.

It controls an attacker at the network level.


Advantages of Honeypots…..

New Tools and Tactics Minimal Resources Information Simplicity


Disadvantages of Honeypots……

Limited Vision Risk


Applications Defence

Business

Education organizations

Banking security

Web applications


Contents

What is Steganography? History Of Steganography Physical And Digital techniques Steganography v/s Cryptography Basic Steganography Model Types Of Steganography Applications Advantages v/s Disadvantages Conclusion References


History

Steganography was traced from 440 BC Demaratus sent a warning about a forthcoming attack to

Greece by writing it directly on the wooden backing of a wax tablet

Ancient Chinese wrote messages on fine silk

During Second World War a technique was developed to shrink photographically a page of text into a dot less than one millimeter in diameter.


What is Steganography?What is Steganography?

Steganography is the art and science of writing hiddenmessages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message.

“Steganography means hiding one piece of data within another”.


Example

Since everyone can read, encoding textin neutral sentences is doubtfully effective

Since Everyone Can Read, Encoding TextIn Neutral Sentences Is Doubtfully Effective

‘Secret inside’


Physical Techniques

Hidden messages within wax tablets Hidden messages on messenger's body Hidden messages on paper written in secret inks Messages written on envelopes in the area covered

by postage stamps. Invisible ink Character marking Pin punctures Typewriter correction ribbon


Digital Techniques

Concealing messages within the lowest bits of noisy images or sound files.

Modifying the echo of a sound file (Echo Steganography)

Including data in ignored sections of a file, such as after the logical end of the carrier file.


Steganography V/s Cryptography

Steganography CryptographyUnknown message passing Known message passing

Steganography prevents discovery of the very existence of communication

Encryption prevents an unauthorized party from discovering the contents of a

communication

Little known technology Common technologyTechnology still being develop for certain

formatsMost of algorithm known by all

Once detected message is knownStrong current algorithm are resistant to

attacks ,larger expensive computing power is required for cracking

Steganography does not alter the structure of the secret message

Cryptography alter the structure of the secret message


Basic Steganography Model


Text Steganography

Text steganography can be applied in the digital makeup format such as PDF, digital watermark or information hiding

Example: TextHide hides the information in the manner of text overwriting and words’ selection.


Text Steganography Methods

Text Steganography in Markup Languages[HTML] Text Steganography in Specific characters in words Line shifting Method Word shifting Feature coding


Examples of Text Steganography

An example of a message containing cipher text by German Spy in World War II:

“Apparently neutral's protest is thoroughly discounted And ignored. Isman hard hit. Blockade issue affects Pretext for embargo on by products, ejecting suets and Vegetable oils. ”

Pershing sails from NY June 1.


Image Steganography


Transform Domain Technique

Transform domain techniques embed messages in the intensity of the pixels directly.

In this technique images are first transformed and then the message is embedded in the image

This techniques encompass bit-wise methods that apply bit insertion and noise manipulation.

Steganography in the transform domain involves the manipulation of algorithms and image transforms.


LSB [Least Significant bit] Method Least significant bit (LSB) insertion is a common, simple

approach to embedding information in a cover image The least significant bit (8th bit) is changed to a bit of the

secret message When using a 24-bit image, a bit of each of the red, green

and blue colour components can be used, since they are each represented by a byte.

In its simplest form, LSB makes use of BMP images, since they use lossless compression


Example Of LSB Method

A grid for 3 pixels of a 24-bit image can be as follows:(00101101 00011100 11011100)(10100110 11000100 00001100)(11010010 10101101 01100011)

When the number 200, which binary representation is 11001000, is embedded into the least significant bits of this part of the image, the resulting grid is as follows:

(00101101 00011101 11011100)(10100110 11000101 00001100)(11010010 10101100 01100011)


Example Of Image Steganography

Image of a tree with a steganographically hidden image.


Audio Steganography

Embedding secret messages into digital sound is known as audio Steganography.

Audio Steganography methods can embed messages in WAV, AU, and even MP3 sound files.


LSB Technique Method

The message 'HEY' is encoded in a 16-bit sample using the LSB method.

Here the secret information is ‘HEY’ and the cover file is audio file. HEY is to be embedded inside the audio file.

First the secret information ‘HEY’ and the audio file are converted into bit stream.

The least significant column of the audio file is replaced by the bit stream of secret information ‘HEY’.

The resulting file after embedding secret information ‘HEY’ is called Stego-file.


It is used in the way of hiding not the information but the password to reach that information.

Difficult to detect. Only receiver can detect.

Can be applied differently in digital image, audio and video file.

It can be done faster with the large number of softwares.

Advantages


Disadvantages

Huge number of data, huge file size, so someone can suspect about it.

If this technique is gone in the wrong hands like hackers, terrorist, criminals then this can be very much dangerous for all.


Applications

Media Database systems Usage in modern printers Alleged use by terrorists Alleged use by intelligence services


Conclusion

• Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks.

• Steganography in our current digital age can be attributed to both the desire of individuals to hide information


References

http://www.honeynet.org.mx/es/data/files/Papers/UAT_Honeypots_EN

http://www.honeypots.net/honeypots/links

S. William, Cryptography and Network Security: Principles and Practice, 2nd edition, Prentice-Hall, Inc., 1999 pp 23-50

Bandyopadhyay, S.K., 2010. An Alternative Approach of Steganography Using Reference Image.


Research paper on Online hiding of information


In today’s world the art of sending & displaying the hidden information especially in public places, has received more attention.

In this paper we propose a new form of steganography, on-line hiding of information on the output screens of the instrument. This method can be used for announcing a secret message in public place.

Private marking system using symmetric key

steganography technique and LSB technique is used here for hiding the secret information.

Abstract


Introduction

The main goal of steganography is to hide information in the other cover media so that other person will not notice the presence of the information.

Steganography is the art of inconspicuously hiding data within data.


Requirements of hiding information digitally

a)The integrity of the hidden information after it has been embedded inside the stego object must be correct.

b)The stego object must remain unchanged or almost unchanged to the naked eye.

c) Finally, we always assume that the attacker knows that there is hidden information inside the stego object.


Embedding and detecting secret information


Types of steganography

Steganography can be split into two types :

a)Fragile: This steganography involves embedding information into a file which is destroyed if the file is modified.

b)Robust: Robust marking aims to embed information into a file which cannot easily be destroyed.


PROPOSED WORK


Algorithm for embedding the secret message

a) Read the image from the source. b) Divide the image into [R x C] smaller blocks .Where R

& C are the first & second bytes of the key respectively c) Each smaller block is a combination of many pixels of

different values. d) The LSBs of the pixel are changed depending on the

pattern bits and the secret message bits. e) The pattern bits are considered in sequence form its

MSB. f) If the pattern bit is 0, then the first LSB of the pixel is

changed


g) If the pattern bit is 1, then the second LSB of the pixel is changed accordingly. h) A single bit of the secret message is distributed through out the block. This is done to have enough information so that correct information can be retrived after decoding i) Similarly the other bits are inserted in the remaining blocks. j) If the length of the secret message is large , then it can be divided and stored in two or three frames. k) The information is extracted.


Performance Measures

a) The integrity of the hidden information should not change after embedding.

b) The stego object must remain almost unchanged to the naked eye.

c) There should be accuracy in the extracted data


RESULTS

In Online transmission of the hidden data, there are 3 systems are used System 1 : To create and send the normal billboard dataSystem 2 : To hide the secret message . System 3 : To display any data coming from system 2.


CONCLUSION

Steganography is more widely used in computing. For a system to be considered robust it should have the

following properties: a) The quality of the media should not noticeably degrade

upon addition of a secret data. b) Secret data should be undetectable without secret

knowledge, typically the key. c) If multiple data are present they should not interfere with

each other. d) The secret data should survive attacks that don’t degrade

the perceived quality of the work.


References

[1] Mohammad Shirali-Shahreza , “A new method for real time steganography”, ICSP 2006 Proceedings of IEEE . [2] Yuk Ying Chung, fang Fei Xu , “Development of video watermarking for MPEG2 video” City university of Hong Kong ,IEEE 2006. [3] C. Lu, J. Chen and K. Fan, "Real-time Frame-Dependent Video Watermarking in VLC Domain", Signal Processing : Image Communication 20, 2005.