Top Banner

Click here to load reader

Steganography and Watermarking - Autenticação · PDF fileSteganography and Watermarking Section III. Advanced Topics on Digital Forensics CSF: Forensics Cyber-Security MSIDC,...

Feb 04, 2018

ReportDownload

Documents

  • Steganography and Watermarking

    Section III. Advanced Topics on Digital Forensics

    CSF: Forensics Cyber-Security MSIDC, Spring 2017

    Nuno Santos

  • Summary

    MSIDC - CSF - Nuno Santos

    ! Introduction to steganography

    ! Introduction to watermarking

    2016/17

  • Remember were we are

    MSIDC - CSF - Nuno Santos

    Modern Tools of Cybercrime

    Anonymity systems How criminals hide their IDs

    Botnets (C&C) How to launch large scale attacks

    Digital currency How to make untraceable payments

    2016/17

  • Today: More advanced techniques

    MSIDC - CSF - Nuno Santos

    ! Hiding in the clear

    http://www.zdnet.com/article/terrorists-and-steganography/

    http://www.oneindia.com/feature/steganography-and-terrorism-why-isis-relies-on-it-so-much-1670728.html

    2016/17

  • Why is it relevant to forensic investigators?

    MSIDC - CSF - Nuno Santos

    ! Used for concealment of communications in various crimes, e.g., terrorism, botnet management, data exfiltration, etc.

    Hidden file upload Hidden file download

    Hidden bidirectional communication

    2016/17

  • Steganography messages are difficult to detect by investigators

    MSIDC - CSF - Nuno Santos

    http://www.oneindia.com/feature/steganography-and-terrorism-why-isis-relies-on-it-so-much-1670728.html

    2016/17

  • Introduction to steganography

    MSIDC - CSF - Nuno Santos 2016/17

  • Can you spot a difference between these images?

    MSIDC - CSF - Nuno Santos

    Image A Image B

    2016/17

  • Do they carry the same amount of information?

    MSIDC - CSF - Nuno Santos

    ! No! Image B hides a secretly encoded message

    Image B

    Attack at 14:00!decode

    Hidden message

    2016/17

  • Steganography defined

    MSIDC - CSF - Nuno Santos

    ! Steganography: Art and science of communicating in a way that hides the existence of a message ! From the Greek words steganos and graphy

    ! Steganography simply takes one piece of information (secret) and hides it within another (carrier / cover)

    steganography

    covered

    writing

    2016/17

  • Cryptography vs. steganography

    MSIDC - CSF - Nuno Santos

    ! Cryptography ! Is about protecting the content of messages (their meaning)

    ! Steganography ! Is about concealing the existence of messages

    2016/17

  • Early steganography in Ancient Greece: Tattoos

    MSIDC - CSF - Nuno Santos

    ! In the 5th century BC, Histaiacus shaved a slaves head, tattooed a message on his skull and the slave was dispatched with the message after his hair grew back ! He wanted to instigate revolt against Persians

    Today, planning the escape: tattoo contains hidden blueprints of Fox River

    State Penitentiary

    2016/17

  • In Ancient Rome: Invisible ink

    MSIDC - CSF - Nuno Santos

    ! Ancient Romans used to write between lines using invisible ink ! Based on various natural substances

    such as fruit juices, urine, and milk ! Messages appear only when heated

    Using lemon

    Using milk The XXI century way: UV pen

    2016/17

  • During the I and II World War: Microdot

    MSIDC - CSF - Nuno Santos

    ! A secret message was photographically reduced to the size of a period, and affixed as the dot for letter 'i' or other punctuation on a paper with a written message ! Permitted the transmission of large amounts of printed data,

    including technical drawings

    2016/17

  • Another example from the WWs: Null-Cipher

    MSIDC - CSF - Nuno Santos

    ! Message sent by a German spy during World war-I:

    PRESIDENT S EMBARGO RULING SHOULD HAVE IMMEDIATE

    NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.

    2016/17

  • Another example from the WWs: Null-Cipher

    MSIDC - CSF - Nuno Santos

    ! Null cipher: plaintext is mixed with a large amount of non-cipher material (termed null characters)

    PRESIDENT S EMBARGO RULING SHOULD HAVE IMMEDIATE

    NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.

    Pershing sails from NY June I 2016/17

  • Digital steganography

    MSIDC - CSF - Nuno Santos

    ! Digital steganography works by encoding secret bits in files, such as photos or audio files, with secret data ! The secret message and the carrier message are digital objects

    2016/17

  • Why digital steganography works

    MSIDC - CSF - Nuno Santos

    ! Digital steganography is based on two principles:

    1. Digital image or sound files can be altered to a certain extent without loosing their functionality

    2. Humans are unable to distinguish minor changes in image color or sound quality

    2016/17

  • Problem formulation: Prisoners problem

    MSIDC - CSF - Nuno Santos

    ! Dave and Tyler are arrested in different cells and want to develop an escape plan, but all communication is arbitrated by the warden

    ! The warden wont let them use encryption and wont allow them to communicate at all if suspicious communications are detected

    ! Thus, both parties must hide meaningful info in harmless messages

    2016/17

  • General model of a steganographic system

    MSIDC - CSF - Nuno Santos

    ! Stegotexts should be indistinguishable from covertexts ! A third person watching such a communication should not be able to

    find out whether the sender has been active, and when, i.e., if he really embedded a message in the covertext

    2016/17

  • Image encoding

    MSIDC - CSF - Nuno Santos

    ! 24-bit RGB image files ! Each pixel encoded by 3 byte values for red, green, and blue

    (0, 0, 0) is black (255, 255, 255) is white (255, 0, 0) is red (0, 255, 0) is green (0, 0, 255) is blue (255, 255, 0) is yellow (0, 255, 255) is cyan (255, 0, 255) is magenta

    2016/17

  • A common digital steganography technique: LSB

    MSIDC - CSF - Nuno Santos

    ! Least Significant Bit (LSB) ! The ones bit of a byte is used to encode hidden information

    ! Example: Suppose we want to encode the letter A in the following 8 bytes of a carrier file ! A ! ASCII 65 or binary 01000001

    01011101###11010000###00011100###10101100#11100111###10000111###01101011###11100011#

    becomes

    01011100###11010001###00011100###10101100#11100110###10000110###01101010###11100011#

    2016/17

  • LSB modification adds just a little color noise

    MSIDC - CSF - Nuno Santos

    ! Tweaking the LSB is only a small change in image color ! R##=#140#=#10001100b#! R#=#141#=#10001101b#

    LSB modified to hide info Original image

    2016/17

  • Its possible to use different bits for encoding

    MSIDC - CSF - Nuno Santos

    ! Different results in terms of capacity and added noise ! More bits means higher capacity, but higher noise ! Emerges a side effect named banding

    4 LSB modified produces banding

    6 bits

    7 bits

    All 8 bits

    2016/17

  • What if we change the most significant bit?

    MSIDC - CSF - Nuno Santos

    ! Heres the result:

    ! Why is it so?

    Bit 8 vs. Bit 1

    2016/17

  • Pixels of a carrier image to be used

    MSIDC - CSF - Nuno Santos

    ! As more pixels are used, chances of detection increase ! According to researchers on an average only 50% of the

    pixels actually change from 0-1 or 1-0

    ! Select the pixels for holding the data on the basis of a key which can be a random number ! The key serves as seed to a random number generator

    2016/17

  • What kind of data can be used as payload?

    MSIDC - CSF - Nuno Santos

    ! An arbitrary sequence of binary data ! Namely, text or another image

    ! You can add encrypted data too

    2016/17

  • LSB: The good, the bad, and the ugly

    MSIDC - CSF - Nuno Santos

    ! The good ! Simple to implement ! Allows for large payload: Max payload = b * p

    ! b = number of bytes per pixel, p = number of pixels of cover image

    ! The bad ! Easy to figure out message if attacker knows the msg is there

    ! Vulnerable to statistical analysis

    ! The ugly ! Integrity is extremely frail ! Easy for attacker to corrupt the message

    ! E.g., just randomize the LSBs himself ! Vulnerable to unintentional corruption

    ! E.g., image cropping, conversion to jpeg and back, etc

    2016/17

  • Digital steganography techniques

    MSIDC - CSF - Nuno Santos

    ! Substitution methods ! Substitute redundant parts of a cover with a secret message ! Bit plane methods (LSB), palette-based methods

    ! Transform method techniques ! Embed secret info in a transform space of a signal (e.g.,

    frequency domain) ! Distortion techniques

    ! Store information by signal distortion and measure the deviation from the original cover in the decoding step

    ! Cover generation methods ! Encode information by creating a cover object (e.g., fractal

    generation)

    2016/17

  • Steganography tools

    MSIDC - CSF - Nuno Santos

    ! Steganos ! S-Tools (GIF, JPEG) ! StegHide (WAV, BMP) ! Invisible Secrets (JPEG) ! JPHide ! Camouflage ! Hiderman ! Many others

    2016/17

  • Watermarking

    MSIDC - CSF - Nuno Santos 2016/17

  • Steganography vs. Watermarking: Goals

    Steganography W

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.