STEGANOGRAPHIC COMPUTER WARFARE - · PDF file STEGANOGRAPHIC COMPUTER WARFARE THESIS ... Steganography's goal is to conceal information, in plain sight. Although ... dependent organizations

STEGANOGRAPHIC COMPUTER WARFARE

THESIS

Jordon T. Cochran, Captain, USAF

AFIT/GCS/ENG/00M-03

DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY

AIR FORCE INSTITUTE OF TECHNOLOGY

Wright-Patterson Air Force Base, Ohio

APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED

The views expressed in this thesis are those of the author and do not necessarily

reflect the official policy or position of the United States Air Force, Department of

Defense, or the United States Government.

AFIT/GCS/ENG/00M-03

STEGANOGRAPHIC COMPUTER WARFARE

THESIS

Presented to the Faculty of the Graduate School of Engineering and Management

Of the Air Force Institute of Technology

In Partial Fulfillment of the

Requirements for the Degree of

Master of Science in Computer Systems

Jordon T. Cochran, B.S.

Captain, USAF

March 2000

Approved for public release, distribution unlimited

iii

Acknowledgments

I would like to express my sincere appreciation to my research advisor, Dr. Henry

Potoczny, for giving me incredible freedom to explore the subject of virus steganography

and perform research that I felt was important. His wit and encouragement made a

seemingly impossible task well worth the effort. I thank my committee members, Dr.

Gregg Gunsch and Lieutenant Colonel Tim Jacobs, for their interest and support of this

excursion into the unique field of information hiding. Also, to the fellow academic

researchers who shared their insights with me to help me get started, I thank you.

Finally, and most importantly, I would like to express my most heartfelt

appreciation to my wife and best friend, Kathy, and our "children", Jenny Joy and

Precious. Their love and understanding was the greatest support and comfort to me

during the ceaseless academic course work. Without them in my corner, my research

most likely would not have been possible.

Jordon T. Cochran

iv

Table of Contents

Page

Acknowledgments............................................................................................................... iii

Table of Contents................................................................................................................ iv

List of Figures ....................................................................................................................viii

List of Tables .......................................................................................................................x

Abstract ............................................................................................................................... xi

STEGANOGRAPHIC COMPUTER WARFARE ..............................................................1

I Introduction............................................................................................................. 1

1.1 Executive Summary...................................................................................... 1

1.2 Specific Problem .......................................................................................... 3

1.3 Research Objectives ..................................................................................... 5

1.4 Scope ............................................................................................................ 6

1.5 Research Need .............................................................................................. 7

1.6 Document Sequence ..................................................................................... 7

II Steganography......................................................................................................... 9

2.1 Introduction .................................................................................................. 9

2.2 Historical Perspective ................................................................................. 10 2.2.1 Security through obscurity............................................................ 11 2.2.2 Camouflage ................................................................................... 11 2.2.3 Hiding the location of the embedded information........................ 13 2.2.4 Spreading the hidden information................................................. 13

v

2.3 Terminology ............................................................................................... 14 2.3.1 Message File ................................................................................. 15 2.3.2 Cover File...................................................................................... 15 2.3.3 Steganography vs. Cryptography.................................................. 15

2.4 Steganographic Methods ............................................................................ 18

2.5 Research Areas ........................................................................................... 19

2.6 Summary..................................................................................................... 21

III Methodology ......................................................................................................... 22

3.1 Introduction ................................................................................................ 22 3.1.1 Problem Definition........................................................................ 22 3.1.2 Problem Statement ........................................................................ 23 3.1.3 Scope............................................................................................. 23

3.1.3.1 Selected Strategies ........................................................... 23 3.1.3.2 File Format ...................................................................... 23 3.1.3.3 Image Library.................................................................. 24

3.2 Steganography Tools Overview ................................................................. 27 3.2.1 Contraband HE.............................................................................. 27 3.2.2 Encrypt Pic .................................................................................... 27 3.2.3 FFEncode ...................................................................................... 28 3.2.4 Gifshuffle ...................................................................................... 28 3.2.5 HideSeek ....................................................................................... 28 3.2.6 In The Picture................................................................................ 28 3.2.7 JSteg Shell..................................................................................... 29 3.2.8 Pretty Good Envelope ................................................................... 29 3.2.9 S-Tools .......................................................................................... 29 3.2.10 Snow.............................................................................................. 30 3.2.11 SteganoGifPaletteOrder ................................................................ 30 3.2.12 Steganos ........................................................................................ 30 3.2.13 Steghide......................................................................................... 31 3.2.14 wbStego......................................................................................... 31

3.3 Method of Evaluation................................................................................. 32 3.3.1 Process Overview.......................................................................... 32 3.3.2 Cover and Message File Controls ................................................. 32 3.3.3 Steganography Tools ..................................................................... 32

3.4 Method of Delivery .................................................................................... 34 3.4.1 Network Propagation System Analysis ........................................ 34 3.4.2 Methods of Transmission.............................................................. 35 3.4.3 Trouble with Propagation Timing................................................. 37

3.5 Anti-Virus Programs .................................................................................. 39 3.5.1 McAfee VirusScan........................................................................ 41

vi

3.5.2 Norton Anti-Virus ......................................................................... 41 3.5.3 PC-cillin ........................................................................................ 41 3.5.4 InoculateIT.................................................................................... 42

3.6 The Real Threat .......................................................................................... 42

3.7 Summary..................................................................................................... 43

IV Analysis and Results ............................................................................................. 44

4.1 Introduction ................................................................................................ 44

4.2 Steganography Tool Test....