Steganography

Steganography

The Art of Covert Communication

Presented by LADA

Luiz, Angel, Dimitar and Andrew

Steganography 2

Covert Communication

What Is Steganography?

Steganography - \Steg`a*nog"ra*phy\,

n. [Gr. steganos (covered or secret) + graphy (writing or drawing).] The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography.

Steganography v Cryptography

Both have been used throughout recorded history as means to protect information

Cryptographic techniques "scramble" messages so if intercepted, the messages cannot be understood

Steganography, in an essence, "camouflages" a message to hide its existence and make it seem "invisible" thus concealing the fact that a message is being sent altogether

History of steganography

Herodotus mentions it for the first time in his history Demeratus wanted to notify Sparta that Xerxes

intended to invade Greece

Shave the head of the messenger and tattoo the text on it

History of steganography

Another common form of invisible writing is through the use of Invisible inks- Common sources for invisible inks are milk, vinegar,

fruit juices and urine

With improvements in technologies new methods had to be discovered

- Some messages had to be "developed" much as photographs are developed with a number of chemicals in processing labs.

History of Steganography

During WWII miniscule dots of invisible ink were added directly above the letters of seemingly innocuous text.

In the resent century POW are known to have used the dots in letters in such as i & j and t & f to convey Morse code messages

flat . I just fall flat onto this.-- . . - -- . - -- . - .--. -. .. --. …. –m ee t m e t o n i g h t

Micro dots Microdots are photographs

the size of a printed period having the clarity of standard-sized typewritten pages.

The first microdots were discovered masquerading as a period on a typed envelope carried by a German agent in 1941.

Null ciphers (unencrypted messages)

Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank overwhelming anyday.

Secret message: Send Lawyers, Guns, and Money

Hiding information in plain text We explore new steganographic and

cryptographic algorithms and techniques throughout the world to produce wide variety and security in the electronic web called the Internet.

Secret message: Explore the world wide web Recent examples

Barcode images

Steganography 10

Covert Communication

Where the Hidden Data Hides? Where Did It Came From? Where It Is Going?

DNA When Steganography Inspires Terror

Who is Using Stego? Keeping Your Business Secure

Steganography 11

Hiding the Goods with Stego

Overview of Steganography The Growth of Steganography – modern data

compression, info theory, spread spectrum and crypto are brought together to satisfy the need for privacy on the Internet

Steganography in Use – powerful tool for secret communication

Flaws of Steganography – Stego is not perfect Algorithms are known Message is not encrypted

Steganography 12

Hiding the Goods with Stego Cont’

Variations of Stego Trojan Horses – sneak viruses or other malicious code Covert Channels – subclass of Stego

Two parties signal to each other without anyone else knowing they are communicating. (Holland Windmills )

Easter Eggs – hybrid between Trojan horses and Stego Hardware Keys – used for Copyright protection

Steganography 13

Hiding the Goods with Stego Cont’

Security and Steganography Confidentiality – network security Survivability – hiding data in TCP/IP headers

On a local Network you can use TTL (Time To Live) field Across the Internet though, each router will decrement the

TTL with one No Detection – Stego must be hard to find. Visibility – make sure that people can’t see any

changes to the host file in which data is hidden.

Steganography 14

Hiding the Goods with Stego Cont’

Principles of Steganography Types of Steganography

File Type – hide data in least significant bits of each pixel of .bmp image

Method of Hiding Injection – after EOF of audio file Substitution – replaces the insignificant info with covert Generation – creates new overt file from the covert

Steganography 15

Digital Watermarking

What is Digital Watermarking? Types of Digital Watermarking

Invisible Watermarking Visible Watermarking

Digital Watermarking and Stego Uses of Digital Watermarking Removing Digital Watermarking

Steganography 16

Steganography 101

Types of Steganography: Original Classification Scheme (how data is hidden)

Insertion-Based Algorithmic-Based Grammar-Based

New Classification Scheme (how and where data is hidden) Insertion-Based Substitution-Based Generation-Based

Steganography 17

Steganography 101

Types of Steganography: Insertion-Based – information is added that

increases the file Substitution-Based – substitute data for information

already in the file (overwriting) Generation-Based – the covert file created from

previous methods is used to create the overt file.

Steganography 18

Steganography 101

Color Tables: Images are composed of dots called pixels Each pixel gets its own color by combining

percentages of red, green and blue (RGB) Each of these colors has value from 0 to 255

Zero designates that the color is present 255 designates complete saturation of that color

RGB color model has 16,777,216 possible colors Total of 255x255x255

Steganography 19

Steganography 101

Color Tables Cont’: Examples:

255 0 0 is red 0 255 0 is green 0 0 255 is blue 0 0 0 is black 255 255 255 is white

Steganography 20

Steganography 101

Color Tables Cont’: Color Tables are used by

several stego techniques to hide data

Entry R G B

0 24 104 155

1 41 100 65

2 24 120 179

3 33 83 49

4 82 132 90

Steganography 21

Steganography 101

Products Implementing Stego S-Tools – freeware for hiding data in GIF or .bmp image files

or .wav files Hide and Seek J-Steg EZ Stego Image Hide Digital Picture Envelope Camouflage Gif Shuffle Spam Mimic

Steganography 22

Stego Files Across a Network

Uses and Techniques of Network Stego Hiding in Network Traffic – making your connection emulate

the often-used port 80 traffic (HTTP), your message might pass without raising anyone’s suspicions

Stego Combined with Viruses – hide a virus in .txt using Stego, avoiding detection. Later the virus could pull its payload from .txt and infect the system

Tracking Internet Usage – URL embedding, Hidden fields, Cookies. Online stalking (Cyberstalking) is used to mimic your behavior, leading to identity theft.

Steganography 23

Stego Files Across a Network

Network Stego Techniques Hiding in an Attachment – file-based stego is used to hide the

covert message in a file and attach it to some other form of network traffic (FTP, Web site posting)

Hiding Data in an E-mail Attachment – send spam mail to thousands of people, only the intended recipient will look for it

Transmitting Hidden Data with FTP – hide the secret data in picture and post it on FTP

Posting Stego to a Web Site – pictures posted on your Web site containing covert files.

Steganography 24

Stego Files Across a Network

Hiding in a Transmission Using Invisible Secrets to Hide and Transmit Data Camera-Shy

Hiding Data in Network Headers Using IP and TCP Headers for Stego UDP and ICMP Headers Covert TCP

Hiding in an Overt Protocol

Steganography 25

Stego Files Across a NetworkUsing IP and TCP Headers for Stego

Using IP Headers for Stego Hide data here

IP identification number is used to track packets that have to be defragmented.

Any number can be used and the protocol will still function properly.

4-bit version

4-bit IP header length

8-bit TOS 16-bit Total length (in bytes)

16-bit IP identification number3-bit flags

13-bit fragment offset

8-bit time to live (TTL)

8-bit protocol 16-bit header checksum

32-bit source IP address

32-bit destination IP address

options (if any)

data

Steganography 26

Stego Files Across a NetworkUsing IP and TCP Headers for Stego

Using TCP Headers for Stego Hide data here

Seq.& Acknow. numbers are used to indicate how much data is send/received.

Data can be hidden only at initial handshake (first packet). After that those fields are critical for valid communication

16-bit source port number 16-bit destination port number

32-bit sequence number

32-bit acknowledgement number

32-bit source IP address

32-bit destination IP address

options (if any)

data

Steganography 27

Cracking Stego and Crypto

Who’s Cracking What? Cracking Analysis

Cryptanalysis Steganalysis

The Role of Detection Detecting Encryption Randomness and Compression Detection and Image Files

Steganography 28

Cracking Stego and Crypto

Cracking Crypto: General Attacks

COA – Ciphertext-Only Attack KPA – Known Plaintext Attack CTA – Chosen Plaintext Attack CCA – Chosen Ciphertext Attack

Specific Attacks Brute-Force Attack Replay Attack Man-in-the-Middle Attack Meet-in-the-middle Attack Birthday Attack

Steganography 29

Cracking Stego and Crypto

Cracking Stego: Specific Techniques

S-Tools V4.0 Hide and Seek J-Steg EZ Stego StegDetect

General Techniques for Detecting Stego

Steganography 30

Cracking Stego and Crypto

Cracking Stego S-Tools V4.0 files with 8-bit color: Naturally 8-bit color files have few duplicated colors. Files that have data hidden with S-Tools have many duplicating

colors

Program called sdetect examines the color table of .bmp images for near duplicates and reports a measurement of duplication:

C:\Data\forest.bmp

File Name: forest.bmp

Actual size: 66146 Reported: 66146

C:\Data\forest_h.bmp

File Name: forest_h.bmp

Actual size: 66146 Reported: 66146

Duplicate colors: 2 Duplicate colors: 1046

Steganography 31

Developing Secure Communication Strategy

Secure vs. Secret The Roles of Crypto and Stego in Business

Why You Need Both Stego and Crypto Complimentary Services, providing more robust result

Crypto and Stego in Business today How Crypto and Stego Make You More Secure Developing Strategy Common Problems with Secure Technologies

Training the users Protecting your keys and passwords How detectable are yours stego tools

Steganography at Large

The Internet: A Climate for Deceit

Corporate Espionage Who’s Playing?

Information Attacks (software piracy) System Attacks ( Hidden viruses in e-mail)

Steganography at Large:Corporate Espionage

Who’s Playing? Freelance – independent hacker who steals and sells to

highest bidder Outsourced – a company hires info broker to steal

information from competition State-sponsored – governments use intelligence to

discover secret projects at foreign companies and offer it to their own countries to give them competitive edge

Steganography at Large:Corporate Espionage

June 1998 More than $11.4 Billion has been lost due to piracy. Over 25% of all software applications are pirated in the

U.S. As high as 95% in Southeast Asia and Eastern Europe.

Steganography at Large:Corporate Espionage

February 1, 2003 The release of The SoftwareShield System New Software Licensing System Embeds Sensitive Data Inside Images

through the use of Steganography. The SoftwareShield System has the ability to hide encrypted license

data inside images SoftwareShield primarily helps software developers who choose to

deliver or license their products in electronic format by the internet - for the obvious cost benefit while maintaining security.

Steganography at Large:

Option of using encrypted data hidden in the corners of images to license and protect their applications.

Doing this enables developers with the power to create demo, trial, copy-protected, leased, pay-per-use and many other editions of their software with a minimum of effort and a solid level of security.

www.softwareshield.com

Future of Steganography

To ban technology that could be used in an inappropriate manner would mean that few technologies could ever be released.

The more we look for where messages could be hidden, the more one realizes that the possibilities are limitless.

The Future of Steganography

Improving the Techniques Improved Resistance to Analysis How much You Can Hide? Improved Attack Tools

New and Improved Ways to Use Stegonography Law Enforcement Corporate Uses Illegal Uses

Future Legal uses

Proof of ownership (better watermarking of digital media)

Protection of property: physical and intellectual. With advances in Steganography, it is possible

that it could be used as a secure transmission medium.

Future Illegal Uses

Criminal Communications Automatically extract a hidden message with

minimal user intervention. Circumventing network censors

Porn behind audio or video files which are undetectable to censors

Computer Warfare Steganographically embedded Viruses

Free Wallpaper E-mail or audio/video clips

Conclusion

Steganography may have limited legitimate uses, with the exception of watermarking due to the abundance of other techniques.

Location of some form of Steganography will need techniques other than statistical profiling in order to truly decipher steganography on the web.

On the other hand, hiding an object in plain sight could sometimes be the best option.

Steganography 42

Credits

Cole, Eric - Hiding In Plain Sight ; Wiley Publishing, Inc. 2003 ISBN: 0-471-44449-9