Survey on Information Assurance TEL 581 Presented by Viswesh Prabhu Subramanian Gregory Michel Lincoln Jean Louis Steganography.

Survey on Information Assurance   

TEL 581  

Presented byViswesh Prabhu Subramanian

Gregory MichelLincoln Jean Louis

Steganography

Agenda

History Introduction Steganography Techniques Limitations Detection Attacks Conclusion

Have you ever wanted to hide something from:

• Your friends?

• Your family?

• The Government?

If the answer is yes, then you need to learn about

Steganography

Steganography is the study ofhiding information

http://plus.maths.org/issue21/features/singh/Pixels.jpg

History

Thousands of years ago, the Greeks used steganography to hide information from their enemies.

One hiding method was to engrave a message in a block of wood, then cover it with wax, so it looked like a blank wax tablet. When they wanted to retrieve the message, they would simply melt off the wax.

Content source: www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS5/Steganography.ppt

http://www.securitytribe.com/~vertigo/sig-giu-5-tinypayload-hex.gif

History

440 B.C. Histiaeus shaved the head of his most trusted slave and tattooed it with a

message which disappeared after the hair had regrown. To instigate a revolt against Persians.

1st and 2nd World Wars German spies used invisible ink to print very small dots on letters.

Microdots – Blocks of text or images scaled down to the size of a regular dot.

Current Special inks are used to write a hidden messages on bank notes.

Industry demands for digital watermarking and fingerprinting of audio and video.

Introduction Steganography

Protection against detection(data hiding)

Protection against removal(document marking)

Watermarking(all objects are marked

in the same way)

Fingerprinting(identify all objects, every

object is marked specific)

Why not Encryption?

Steganography(hide existence of the secret message,

but do not use encryption)

Encryption(encrypt the message,

but do not hide the message)

Confidentiality

• Anybody can see both parties are communicating in secret.

• Suspicious.

• Ideally nobody can see both parties are secretly communicating.

• Innocent.

Steganography basics

01000001 = A01000010 = B01000011 = C

001

Bits

One byte can be used to represent each letter of the alphabet. This is what is used in text files.

1001100011111111

Bytes

00001000

Content source: www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS5/Steganography.ppt

Steganography basics

11111000 11001001 00000011

Pictures are made up of lots of little dots called pixels. Each pixel is represented as 3 bytes – one for red, one for green and one for blue.

Each byte is interpreted as a number, which is how much of that colour is used to make the final colour of the pixel.

248 201 3

248 + 201 + 3 = Orange Colour

Steganography basicsThe difference between two colours that differ by one in either one red, green or blue value is impossible to see with the human eye.

If we change the least significant (last) bit in a byte, we either add or subtract one from the value it represents.

This means we can overwrite the last bit in a byte without affecting the colour it appears to be.

248 + 201 + 3 = Original Colour

247 + 201 + 3 = Red -1

248 + 201 + 4 = Blue +1

11111000 11001001 0000001111111000 11001001 0000001111111000 11001001 00000011

We can use images to hide things if we replace the last bit of every colour’s byte with a bit from the message.

01000001Message: A

Image with 3 pixels:

11111000 11001001 00000011 11111000 11001001 00000011 11111000 11001001 00000011

Pixel 1:

Pixel 2:

Pixel 3:

Now we hide our message in the image:

11111000 11001001 00000010Pixel 1:

Pixel 2:

Pixel 3:

New image:

11111000 11001000 0000001011111000 11001001 00000011

Basic Principle in Steganography

Encoder

Decoder

Cover Image

Secret Image

Key

Stego Object

Original Cover

Secret Image Communications

Channel

Types of Steganography• Fragile

– Hidden information destroyed as soon as object is modified.

– Useful in proving objects have not been manipulated and changed e.g. evidence in a court of law.

• Robust – It should be infeasible to remove the hidden data without degrading the

perceived quality of the data.

– Useful in copyright watermarking.

Steganography Techniques

Steganography Techniques Binary File Techniques

Text Techniques

Image Techniques

Sound Techniques

Other Techniques

Binary File Techniques Used to protect copyright inside a binary

program

Any changes to that binary file will cause the execution of it to alter

key generators and serial keys and no longer sufficient for copyrights purposes

Binary File Techniques One method for embedding a watermark in a binary file

works as follows. First, let’s look at the following lines of code that have been extracted from a binary file: a = 2;

b = 3; c = b + 3;

d = b + c;

The above instruction is simply equivalent to:b = 3; b = 3; b = 3;

a = 2; c = b + 3; c = b + 3;c = b + 3; a = 2; d = b + c;d = b + c; d = b + c; a = 2;

Text Techniques Can be achieved by:

Altering text formatting Altering characteristics of characters.

The document is altered in a way that it is simply not visible to the human eye

Text Techniques To embed information inside a document we can simply alter some of its

characteristics The codebook is a set of rules that tells the encoder which parts of the

document it needs to change These can be either the text formatting or characteristics of the characters

Encoder

Codebook

Marked Documents

Text Techniques Line Shift Coding Protocol Word Shift Coding Protocol Feature Coding Protocol White Space Manipulation Text Content

Line Shift Coding Protocol Lines are shifted inside the document up or down by

a small fraction (such as 1/300th of an inch) according to the codebook

These lines will become a control so that the computer can measure the distances between them

By finding out whether a line has been shifted up or down we can represent a single bit, 0 or 1.

Word Shift Coding Protocol Based on the same principle as the line shift coding

protocol

The codebook will simply tell the encoder which of the words is to be shifted and whether it is a left or a right shift

The decoding technique is measuring the spaces between each word and a left shift could represent a 0 bit and a right bit representing a 1 bit.

Feature Coding Protocol

The document is passed through a parser where it examines the document and it automatically builds a codebook specific to that document.

can use a number of different characteristics such as the height of certain characters, the dots above i and j and the horizontal line length of letters such as f and t.

Line shifting and word shifting techniques can also be used to increase the amount of data that can be hidden.

White Space Manipulation White space can be manipulated so that bits

can be stored

This is done by adding a certain amount of white space to the end of line

A program which uses this technique is SNOW [7], which is freely available.

Text Content Information can hidden in conceal it in what seems

to be inconspicuous text

The grammar within the text can be used to store information

Easy to spot but there are clever implementations, such as SpamMimic [9] which creates a spam email that contains a secret message.

Image Techniques

Simple Watermarking LSB – Least Significant Bit Hiding (Image

Hiding) Direct Cosine Transformation

Simple Watermarking

Can be done by adding a pattern on top of an existing image

This method is only really applicable to watermarking, as the pattern is visible and even without the original watermark

Simple Watermarking

http://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Visible_digital_watermarking.jpg/450px-Visible_digital_watermarking.jpg

LSB – Least Significant Bit The easiest way of hiding information in an

image and yet it is surprisingly effective

It works by using the least significant bits of each pixel in one image to hide the most significant bits of another

LSB – Least Significant Bit STEPS:1. First load up both the host image and the image you need to hide

2. Chose the number of bits you wish to hide the secret image in. The more bits used in the host image, the more it deteriorates

3. Create a new image by combining the pixels from both images

e.g. Host Pixel: 10110001

Secret Pixel: 00111111

New Image Pixel: 10110011

LSB – Least Significant Bit

Direct Cosine Transformation1. First the image is split up into 8 x 8 squares

2. Next each of these squares is transformed via a DCT, which outputs a multi dimensional array of 63 coefficients

3. A quantizer rounds each of these coefficients, which essentially is the compression stage as this is where data is lost

4. Small unimportant coefficients are rounded to 0 while larger ones lose some of their precision

5. At this stage you should have an array of streamlined coefficients, which are further compressed via a Huffman encoding scheme or similar

6. Decompression is done via an inverse DCT.

Spread Spectrum Spread Spectrum MIDI

Sound Techniques Spread spectrum systems encode data as a

binary sequence which sounds like noise but which can be recognised by a receiver with the correct key

Used by the military since the 1940s because the signals are hard to jam or intercept as they are lost in the background noise

MIDI

Good places to hide information due to the revival this format has had with the surge of mobile phones, which play MIDI ring tones

Steganography in MIDI takes advantages of the Program Change message in the midi file which basically changes the type of instrument being played on a certain channel.

MIDI Each PC message can contain a number from

0 to 127

String together the necessary number of PC messages to contain the hidden data.

Limitations

Limitations

Both parties must agree on the method used.

If they don’t, the receiving party may not know that there is a hidden message.

The size of the medium being used to hide the data.

In order for steganography to be useful the message should be hidden without any major changes to the object it is being embedded in. This leaves limited room to embed a message without noticeably changing the original object.

Detection

Detection

Steganalysis The art of detecting Steganography. This involves

detecting the use of Steganography inside of a file.

Does not deal with trying to decrypt the hidden information inside of a file, it just attempts to discover it.

Detection can be either passive or active. Passive – Just attempt to discover it. Active – Attempt to retrieve the hidden information.

Detection

Methods for detecting Steganography are:

Viewing the file and comparing it to another copy of the file found on the Internet (eg. a picture file).

Look for (disturbings of) patterns. Line heights and whitespaces. Examine color palette. Size of the image. Last modified date.

Listening to the file (audio file). Listen for disturbances. Size of file. Date last modified.

Detection

Methods for detecting Steganography are: Video files

Visible signals (gestures, movements) Same techniques as with images Same techniques as with audio

Using utilities. Xsteg (Linux based) Stegdetect Steganography Analyzer Artifact Scanner (StegAlyzerAS) Steganography Analyzer Signature Scanner (StegAlyzerSS)

Attacks

Attacks

Basic Attacks Introduce timing errors.

This is done by adjusting the synchronization chip signal which causes the embedded data to be lost.

Change the Length of audio. Altering the length of a piece of audio without changing

the pitch. This can be an effective attack on audio files.

Attacks

Robustness Attacks: Attempts to diminish or remove the presence of a

watermark. If a series of minor distortions are applied the

watermark can be lost while the image remains largely unchanged.

Whatever changes have been made will likely be acceptable to pirates or other persons who do not usually require high quality copies.

A utility that utilizes this technique is Stirmark. E.g..

Attacks

Robustness Attacks (cont) Cepstrum analysis.

Echo hiding. Echo hiding is a technique used to encode zeros and ones

by adding echo signals distinguished by different values for their delay and amplitude to an audio signal.

Decoding can be done by detecting the initial delay using the auto-correlation of the cepstrum of the encoded signal.

If the echo can be detected then it can be removed by inverting the formula used to add it.

Attacks

Presentation Attacks: Modifies the content of the file in order to prevent the

detection of the watermark.

Mosaic attack Takes advantage of size requirements for embedding

a watermark. By splitting the marked file into small sections the

mark detection can be confused. E.g..

Attacks

Interpretation Attacks Interpretation attacks involve finding a situation in

which the assertion of ownership is prevented.

Prevents mark detection being unable to tell which mark came first if multiple marks are found.

If the owner publishes a document, d + w (where d is the original and w is the watermark) a pirate can add a second watermark w’ and claim that the document is his and that the original was d + w - w’ .

Attacks

Implementation Attacks Software used to implement steganographic

techniques needs to be secure. If the mark detection software is vulnerable it may be

possible for attackers to deceive it.

Digimarc, one of the most widely used picture marking schemes was attacked using a weakness in the implementation.

Conclusion As Steganography becomes more widely used in

computing there are issues that need to be resolved.

There are a wide variety of different techniques with their own advantages and disadvantages

Many currently used techniques are not robust enough to prevent detection and removal of embedded data.

Conclusion

For a system to be considered robust it should have the following properties:

The quality of the media should not noticeably degrade upon addition of a mark.

Marks should be undetectable without secret knowledge, typically the key.

If multiple marks are present they should not interfere with each other.

The marks should survive attacks that don’t degrade the perceived quality of the work.

Conclusion As attacks are found that work against existing

techniques, it is likely that new techniques will be developed that overcome these deficiencies.

The continuing use of digital media will drive development of new techniques and standards for watermarking are likely to be developed.

techniques used by law enforcement authorities to detect embedded material will improve as they continue to try and prevent the misuse of Steganography.

References http://www.cs.bham.ac.uk/~mdr/teaching/

modules03/security/students/SS5/Steganography.pdf

http://www.infosecwriters.com/text_resources/pdf/Steganography_AMangarae.pdf

http://en.wikipedia.org/wiki/Steganography

http://niels.xtdnet.nl/papers/practical.pdf