Survey on Information Assurance TEL 581 Presented by Viswesh Prabhu Subramanian Gregory Michel Lincoln Jean Louis Steganography
Dec 21, 2015
Survey on Information Assurance
TEL 581
Presented byViswesh Prabhu Subramanian
Gregory MichelLincoln Jean Louis
Steganography
Agenda
History Introduction Steganography Techniques Limitations Detection Attacks Conclusion
Have you ever wanted to hide something from:
• Your friends?
• Your family?
• The Government?
If the answer is yes, then you need to learn about
Steganography
Steganography is the study ofhiding information
http://plus.maths.org/issue21/features/singh/Pixels.jpg
History
Thousands of years ago, the Greeks used steganography to hide information from their enemies.
One hiding method was to engrave a message in a block of wood, then cover it with wax, so it looked like a blank wax tablet. When they wanted to retrieve the message, they would simply melt off the wax.
Content source: www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS5/Steganography.ppt
http://www.securitytribe.com/~vertigo/sig-giu-5-tinypayload-hex.gif
History
440 B.C. Histiaeus shaved the head of his most trusted slave and tattooed it with a
message which disappeared after the hair had regrown. To instigate a revolt against Persians.
1st and 2nd World Wars German spies used invisible ink to print very small dots on letters.
Microdots – Blocks of text or images scaled down to the size of a regular dot.
Current Special inks are used to write a hidden messages on bank notes.
Industry demands for digital watermarking and fingerprinting of audio and video.
Introduction Steganography
Protection against detection(data hiding)
Protection against removal(document marking)
Watermarking(all objects are marked
in the same way)
Fingerprinting(identify all objects, every
object is marked specific)
Why not Encryption?
Steganography(hide existence of the secret message,
but do not use encryption)
Encryption(encrypt the message,
but do not hide the message)
Confidentiality
• Anybody can see both parties are communicating in secret.
• Suspicious.
• Ideally nobody can see both parties are secretly communicating.
• Innocent.
Steganography basics
01000001 = A01000010 = B01000011 = C
001
Bits
One byte can be used to represent each letter of the alphabet. This is what is used in text files.
1001100011111111
Bytes
00001000
Content source: www.cs.bham.ac.uk/~mdr/teaching/modules03/security/students/SS5/Steganography.ppt
Steganography basics
11111000 11001001 00000011
Pictures are made up of lots of little dots called pixels. Each pixel is represented as 3 bytes – one for red, one for green and one for blue.
Each byte is interpreted as a number, which is how much of that colour is used to make the final colour of the pixel.
248 201 3
248 + 201 + 3 = Orange Colour
Steganography basicsThe difference between two colours that differ by one in either one red, green or blue value is impossible to see with the human eye.
If we change the least significant (last) bit in a byte, we either add or subtract one from the value it represents.
This means we can overwrite the last bit in a byte without affecting the colour it appears to be.
248 + 201 + 3 = Original Colour
247 + 201 + 3 = Red -1
248 + 201 + 4 = Blue +1
11111000 11001001 0000001111111000 11001001 0000001111111000 11001001 00000011
We can use images to hide things if we replace the last bit of every colour’s byte with a bit from the message.
01000001Message: A
Image with 3 pixels:
11111000 11001001 00000011 11111000 11001001 00000011 11111000 11001001 00000011
Pixel 1:
Pixel 2:
Pixel 3:
Now we hide our message in the image:
11111000 11001001 00000010Pixel 1:
Pixel 2:
Pixel 3:
New image:
11111000 11001000 0000001011111000 11001001 00000011
Basic Principle in Steganography
Encoder
Decoder
Cover Image
Secret Image
Key
Stego Object
Original Cover
Secret Image Communications
Channel
Types of Steganography• Fragile
– Hidden information destroyed as soon as object is modified.
– Useful in proving objects have not been manipulated and changed e.g. evidence in a court of law.
• Robust – It should be infeasible to remove the hidden data without degrading the
perceived quality of the data.
– Useful in copyright watermarking.
Steganography Techniques
Steganography Techniques Binary File Techniques
Text Techniques
Image Techniques
Sound Techniques
Other Techniques
Binary File Techniques Used to protect copyright inside a binary
program
Any changes to that binary file will cause the execution of it to alter
key generators and serial keys and no longer sufficient for copyrights purposes
Binary File Techniques One method for embedding a watermark in a binary file
works as follows. First, let’s look at the following lines of code that have been extracted from a binary file: a = 2;
b = 3; c = b + 3;
d = b + c;
The above instruction is simply equivalent to:b = 3; b = 3; b = 3;
a = 2; c = b + 3; c = b + 3;c = b + 3; a = 2; d = b + c;d = b + c; d = b + c; a = 2;
Text Techniques Can be achieved by:
Altering text formatting Altering characteristics of characters.
The document is altered in a way that it is simply not visible to the human eye
Text Techniques To embed information inside a document we can simply alter some of its
characteristics The codebook is a set of rules that tells the encoder which parts of the
document it needs to change These can be either the text formatting or characteristics of the characters
Encoder
Codebook
Marked Documents
Text Techniques Line Shift Coding Protocol Word Shift Coding Protocol Feature Coding Protocol White Space Manipulation Text Content
Line Shift Coding Protocol Lines are shifted inside the document up or down by
a small fraction (such as 1/300th of an inch) according to the codebook
These lines will become a control so that the computer can measure the distances between them
By finding out whether a line has been shifted up or down we can represent a single bit, 0 or 1.
Word Shift Coding Protocol Based on the same principle as the line shift coding
protocol
The codebook will simply tell the encoder which of the words is to be shifted and whether it is a left or a right shift
The decoding technique is measuring the spaces between each word and a left shift could represent a 0 bit and a right bit representing a 1 bit.
Feature Coding Protocol
The document is passed through a parser where it examines the document and it automatically builds a codebook specific to that document.
can use a number of different characteristics such as the height of certain characters, the dots above i and j and the horizontal line length of letters such as f and t.
Line shifting and word shifting techniques can also be used to increase the amount of data that can be hidden.
White Space Manipulation White space can be manipulated so that bits
can be stored
This is done by adding a certain amount of white space to the end of line
A program which uses this technique is SNOW [7], which is freely available.
Text Content Information can hidden in conceal it in what seems
to be inconspicuous text
The grammar within the text can be used to store information
Easy to spot but there are clever implementations, such as SpamMimic [9] which creates a spam email that contains a secret message.
Image Techniques
Simple Watermarking LSB – Least Significant Bit Hiding (Image
Hiding) Direct Cosine Transformation
Simple Watermarking
Can be done by adding a pattern on top of an existing image
This method is only really applicable to watermarking, as the pattern is visible and even without the original watermark
Simple Watermarking
http://upload.wikimedia.org/wikipedia/commons/thumb/6/60/Visible_digital_watermarking.jpg/450px-Visible_digital_watermarking.jpg
LSB – Least Significant Bit The easiest way of hiding information in an
image and yet it is surprisingly effective
It works by using the least significant bits of each pixel in one image to hide the most significant bits of another
LSB – Least Significant Bit STEPS:1. First load up both the host image and the image you need to hide
2. Chose the number of bits you wish to hide the secret image in. The more bits used in the host image, the more it deteriorates
3. Create a new image by combining the pixels from both images
e.g. Host Pixel: 10110001
Secret Pixel: 00111111
New Image Pixel: 10110011
LSB – Least Significant Bit
Direct Cosine Transformation1. First the image is split up into 8 x 8 squares
2. Next each of these squares is transformed via a DCT, which outputs a multi dimensional array of 63 coefficients
3. A quantizer rounds each of these coefficients, which essentially is the compression stage as this is where data is lost
4. Small unimportant coefficients are rounded to 0 while larger ones lose some of their precision
5. At this stage you should have an array of streamlined coefficients, which are further compressed via a Huffman encoding scheme or similar
6. Decompression is done via an inverse DCT.
Spread Spectrum Spread Spectrum MIDI
Sound Techniques Spread spectrum systems encode data as a
binary sequence which sounds like noise but which can be recognised by a receiver with the correct key
Used by the military since the 1940s because the signals are hard to jam or intercept as they are lost in the background noise
MIDI
Good places to hide information due to the revival this format has had with the surge of mobile phones, which play MIDI ring tones
Steganography in MIDI takes advantages of the Program Change message in the midi file which basically changes the type of instrument being played on a certain channel.
MIDI Each PC message can contain a number from
0 to 127
String together the necessary number of PC messages to contain the hidden data.
Limitations
Limitations
Both parties must agree on the method used.
If they don’t, the receiving party may not know that there is a hidden message.
The size of the medium being used to hide the data.
In order for steganography to be useful the message should be hidden without any major changes to the object it is being embedded in. This leaves limited room to embed a message without noticeably changing the original object.
Detection
Detection
Steganalysis The art of detecting Steganography. This involves
detecting the use of Steganography inside of a file.
Does not deal with trying to decrypt the hidden information inside of a file, it just attempts to discover it.
Detection can be either passive or active. Passive – Just attempt to discover it. Active – Attempt to retrieve the hidden information.
Detection
Methods for detecting Steganography are:
Viewing the file and comparing it to another copy of the file found on the Internet (eg. a picture file).
Look for (disturbings of) patterns. Line heights and whitespaces. Examine color palette. Size of the image. Last modified date.
Listening to the file (audio file). Listen for disturbances. Size of file. Date last modified.
Detection
Methods for detecting Steganography are: Video files
Visible signals (gestures, movements) Same techniques as with images Same techniques as with audio
Using utilities. Xsteg (Linux based) Stegdetect Steganography Analyzer Artifact Scanner (StegAlyzerAS) Steganography Analyzer Signature Scanner (StegAlyzerSS)
Attacks
Attacks
Basic Attacks Introduce timing errors.
This is done by adjusting the synchronization chip signal which causes the embedded data to be lost.
Change the Length of audio. Altering the length of a piece of audio without changing
the pitch. This can be an effective attack on audio files.
Attacks
Robustness Attacks: Attempts to diminish or remove the presence of a
watermark. If a series of minor distortions are applied the
watermark can be lost while the image remains largely unchanged.
Whatever changes have been made will likely be acceptable to pirates or other persons who do not usually require high quality copies.
A utility that utilizes this technique is Stirmark. E.g..
Attacks
Robustness Attacks (cont) Cepstrum analysis.
Echo hiding. Echo hiding is a technique used to encode zeros and ones
by adding echo signals distinguished by different values for their delay and amplitude to an audio signal.
Decoding can be done by detecting the initial delay using the auto-correlation of the cepstrum of the encoded signal.
If the echo can be detected then it can be removed by inverting the formula used to add it.
Attacks
Presentation Attacks: Modifies the content of the file in order to prevent the
detection of the watermark.
Mosaic attack Takes advantage of size requirements for embedding
a watermark. By splitting the marked file into small sections the
mark detection can be confused. E.g..
Attacks
Interpretation Attacks Interpretation attacks involve finding a situation in
which the assertion of ownership is prevented.
Prevents mark detection being unable to tell which mark came first if multiple marks are found.
If the owner publishes a document, d + w (where d is the original and w is the watermark) a pirate can add a second watermark w’ and claim that the document is his and that the original was d + w - w’ .
Attacks
Implementation Attacks Software used to implement steganographic
techniques needs to be secure. If the mark detection software is vulnerable it may be
possible for attackers to deceive it.
Digimarc, one of the most widely used picture marking schemes was attacked using a weakness in the implementation.
Conclusion As Steganography becomes more widely used in
computing there are issues that need to be resolved.
There are a wide variety of different techniques with their own advantages and disadvantages
Many currently used techniques are not robust enough to prevent detection and removal of embedded data.
Conclusion
For a system to be considered robust it should have the following properties:
The quality of the media should not noticeably degrade upon addition of a mark.
Marks should be undetectable without secret knowledge, typically the key.
If multiple marks are present they should not interfere with each other.
The marks should survive attacks that don’t degrade the perceived quality of the work.
Conclusion As attacks are found that work against existing
techniques, it is likely that new techniques will be developed that overcome these deficiencies.
The continuing use of digital media will drive development of new techniques and standards for watermarking are likely to be developed.
techniques used by law enforcement authorities to detect embedded material will improve as they continue to try and prevent the misuse of Steganography.
References http://www.cs.bham.ac.uk/~mdr/teaching/
modules03/security/students/SS5/Steganography.pdf
http://www.infosecwriters.com/text_resources/pdf/Steganography_AMangarae.pdf
http://en.wikipedia.org/wiki/Steganography
http://niels.xtdnet.nl/papers/practical.pdf