Steganography Steganography Techniques and Techniques and Countermeasures with Countermeasures with Images, Text, and Audio Images, Text, and Audio First speaker – Chris First speaker – Chris Kleeschulte Kleeschulte Second speaker – David Miller Second speaker – David Miller Third speaker – Frederick Third speaker – Frederick Hendrix Hendrix Fourth speaker – Robert Flasher Fourth speaker – Robert Flasher
32
Embed
Steganography Techniques and Countermeasures with Images, Text, and Audio First speaker – Chris Kleeschulte Second speaker – David Miller Third speaker.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Steganography Techniques and Steganography Techniques and Countermeasures with Images, Countermeasures with Images,
Text, and AudioText, and Audio
First speaker – Chris KleeschulteFirst speaker – Chris Kleeschulte Second speaker – David MillerSecond speaker – David Miller Third speaker – Frederick HendrixThird speaker – Frederick Hendrix Fourth speaker – Robert FlasherFourth speaker – Robert Flasher
Steganography Steganography TechniquesTechniques
1.1. Null cipherNull cipher
2.2. Invisible InkInvisible Ink
3.3. Least Significant Bit InsertionLeast Significant Bit Insertion
4.4. Noise ManipulationNoise Manipulation
Null CipherNull Cipher
Used to hide cipher text, as part of a Used to hide cipher text, as part of a more complex systemmore complex system Example:Example:NNewsews EEightight WWeather:eather: TTonightonight iincreasingncreasing ssnow.now. UUnexpectednexpected pprecipitationrecipitation ssmothersmothers eeasternastern ttowns.owns. BBee eextremelyxtremely ccautiousautious aandnd uusese ssnowtiresnowtires eespeciallyspecially hheadingeading eeast.ast. TThe [he [hhighwayighway iiss nnot]ot] kknowinglynowingly sslippery.lippery. HHighwayighway eevacuationvacuation iiss ssuspected.uspected. PPoliceolice rreporteport eemergencymergency ssituationsituations iinn ddowntownowntown eendingnding nnearear TTuesday.uesday.
Hidden message:Hidden message: Newt is upset because he thinks he Newt is upset because he thinks he is presidentis president
Invisible InkInvisible Ink A substance used for writingA substance used for writing, , which is which is
either invisible on application, which later either invisible on application, which later on can be made visible by some meanson can be made visible by some means
Example inks:Example inks: milk, lemon, apple or orange juice, onion juice, milk, lemon, apple or orange juice, onion juice,
sugar solution, diluted honey, diluted cola sugar solution, diluted honey, diluted cola drink, vinegar /wine, or soap water (developed drink, vinegar /wine, or soap water (developed by heat)by heat)
phenolphthalein ink (developing by ultraviolet)phenolphthalein ink (developing by ultraviolet)
Least Significant Bit InsertionLeast Significant Bit Insertion
Method of hiding data specifically in digital media that Method of hiding data specifically in digital media that organizes data in the form of bytes and bitsorganizes data in the form of bytes and bits
““For example: a 24-bit bitmap will have 8 bits representing each of the three For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. The difference between say color values (red, green, and blue) at each pixel. The difference between say 11111111 and 11111110 in the value for blue intensity is likely to be 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye.” --Wikipediaundetectable by the human eye.” --Wikipedia
Real Example: the colors of these two boxes is #330099 Real Example: the colors of these two boxes is #330099 and #330098, which one is which?and #330098, which one is which?
Noise ManipulationNoise Manipulation
Method of hiding a secret message in data Method of hiding a secret message in data that is considered noise or extraneous that is considered noise or extraneous artifacts in cover information. artifacts in cover information.
When dealing with audio, reproduction When dealing with audio, reproduction errors, sound equipment imperfections, errors, sound equipment imperfections, distortions from echoes in the studio itself, distortions from echoes in the studio itself, can introduce tiny errors in the recording of can introduce tiny errors in the recording of audioaudio
Implementation of LSB InsertionImplementation of LSB Insertion
This application can take This application can take anyany kind of kind of digital data and embed it into a picturedigital data and embed it into a picture
Each LSB in each color in each pixel will be Each LSB in each color in each pixel will be considered by the encoding program to be considered by the encoding program to be even or odd. Odd will become a ‘1’ and even even or odd. Odd will become a ‘1’ and even will be a ‘0’ will be a ‘0’
Steganographic Triad of Trade-offsSteganographic Triad of Trade-offs
Perceptibility
Covert Communication
Capacity
Subtitles/Indexing
Robustness
WatermarksFingerprints
Where to Hide the Data?Where to Hide the Data?
In the Fringes of the CoverIn the Fringes of the Covero By definition Fringe data is less useful and lacks By definition Fringe data is less useful and lacks
robustness to processes like compression. robustness to processes like compression. o Usually has a higher capacity.Usually has a higher capacity.o Perceptibility is variable.Perceptibility is variable.
In the Significant Portions of the CoverIn the Significant Portions of the Covero More robust to processes like compression.More robust to processes like compression.o May have lower capacity.May have lower capacity.o Perceptibility is variable.Perceptibility is variable.
Transform Domain SteganographyTransform Domain Steganography Seek to hide data in the significant portions of the Seek to hide data in the significant portions of the
Transform SpaceTransform Space Two Major Types in useTwo Major Types in use
Discrete Cosine TransformDiscrete Cosine Transform Subdivides cover into blocksSubdivides cover into blocks Transforms blocks to summation of cosine coefficientsTransforms blocks to summation of cosine coefficients Work with coefficients and perform a reverse transform.Work with coefficients and perform a reverse transform.
Discrete Wavelet TransformDiscrete Wavelet Transform Kind of like DCT but block size and transform mechanism Kind of like DCT but block size and transform mechanism are variable.are variable.
How Does it Work with How Does it Work with Steganography?Steganography?
Subdivide cover into blocks.Subdivide cover into blocks. Convert block to a series of frequency coefficients.Convert block to a series of frequency coefficients. Select coefficients to work with.Select coefficients to work with. Encode or DecodeEncode or Decode
Other Advantages and Other Advantages and DisadvantagesDisadvantages
High Entropy vs. Low Entropy High Entropy vs. Low Entropy CoversCovers Audio with talk and music Audio with talk and music
intermixedintermixed Images of a cloudless sky or other Images of a cloudless sky or other
such scenessuch scenes Choice of DCT vs. DWT with Choice of DCT vs. DWT with
regard to Entropyregard to Entropy Symmetric / Private Key Symmetric / Private Key
ExchangeExchange Match transform to cover choiceMatch transform to cover choice
Digital VideoDigital Video Can be treated as a stream of imagesCan be treated as a stream of images
Same steganographic techniques can be used.Same steganographic techniques can be used. Potential Increase in capacity, perceptibility and/or Potential Increase in capacity, perceptibility and/or
robustness.robustness.
Additional Avenues of AttackAdditional Avenues of Attack Frame Rate – Frames may be dropped. Frame Rate – Frames may be dropped. Drift – Additional level of compression and error Drift – Additional level of compression and error
handling.handling.
The Future of SteganographyThe Future of Steganography
New TechnologiesNew Technologies BioengineeringBioengineering
New UsesNew Uses Medical RecordsMedical Records Anti-counterfeitingAnti-counterfeiting Tunable Tunable
Automated DetectionAutomated DetectionVisual Inspection Visual Inspection Hand Crafted Statistical Analysis Hand Crafted Statistical Analysis
Automated DetectionAutomated Detection What is Automated Detection?What is Automated Detection?
Automated detection involves using software or a system to read a file Automated detection involves using software or a system to read a file and determine if it contains steganography. and determine if it contains steganography.
How does it work?How does it work? Using an algorithm written in the software or system, the file is analyzed Using an algorithm written in the software or system, the file is analyzed
for the presence of steganography and the results of the test are given for the presence of steganography and the results of the test are given to the user.to the user.
ToolsTools Software: StegDetectSoftware: StegDetect Machine Learning SystemMachine Learning System
Method ComparisonsMethod Comparisons Benefits and LimitationsBenefits and Limitations
++ FastFast++ Low CostLow Cost- High Error RateHigh Error Rate- Defeated by Newer Steganography AlgorithmsDefeated by Newer Steganography Algorithms
What is Visual Inspection?What is Visual Inspection? This involves using the aided or unaided human eye This involves using the aided or unaided human eye
to determine if a picture contains steganographyto determine if a picture contains steganography How does it work?How does it work?
Unaided: Look at the image for signs of tamperingUnaided: Look at the image for signs of tampering Aided: Map the bit planes and examine themAided: Map the bit planes and examine them
Benefits and LimitationsBenefits and Limitations+ Low Cost+ Low Cost+ Good for LSB insertions on GIFs+ Good for LSB insertions on GIFs- UnreliableUnreliable- Requires skill/experienceRequires skill/experience
Visual Inspection ExampleVisual Inspection Example
Original:
Enhanced LSB Map
Bit Plane Mapping Unaided
(Note Artifacts)->
More Visual Inspection ExamplesMore Visual Inspection Examples
CleanClean Steganography Steganography
Statistical AnalysisStatistical Analysis What is Statistical Analysis?What is Statistical Analysis?
Statistical Analysis involves analyzing patterns in image to determine if Statistical Analysis involves analyzing patterns in image to determine if it contains a stego payload.it contains a stego payload.
How does it work?How does it work? Using properties of the stego image, steganalysis in done using a hand Using properties of the stego image, steganalysis in done using a hand
PurposePurposeo Replace stego-message dataReplace stego-message datao Render message inextricableRender message inextricableo Backup for detection attacksBackup for detection attacks
Steganogram?Steganogram?o Image files (gif, jpeg, bmp, etc…)Image files (gif, jpeg, bmp, etc…)o TextTexto Video (mpeg, wav, etc)Video (mpeg, wav, etc)o Audio (mp3, CD, tape, etc…)Audio (mp3, CD, tape, etc…)o Virtually any digital media or fileVirtually any digital media or file