FESA(Framework for Enterprise StegAnalysis)
Charles D. George, Jr.Masters Project
Fall Semester 2012
Background
• Steganography – art of hiding messages such that only the sender and recipient are aware
• Steganalysis – art of detecting messages hidden with steganography
• The relationship between steganography and steganalysis is similar to that of cryptography and cryptanalysis.
Steganography
• Digital steganography (1985)• Media files images, audio, video, ect• Images are the most popular– JPEG– TIFF– PNG– GIF– BMP
• Thousands of tools exist
Steganalysis
• Statistical analysis– Spectrum– Inconsistencies with compression
• Signatures– Specific bit patterns– Identifiable header information, ect
• Most tools are one-off and try to detect specific algorithms
• Cat and mouse game as new steg algorithms emerge
FESA
• Utilize existing research on steganography detection
• Modular, extensible, robust• Plugin framework for steganography detection
algorithms• Suitable for an Enterprise• Scalable
Enterprise Technologies
• Enterprise JavaBeans (EJBs)• JavaServer Faces (JSF)• Java DB (Derby)• RESTful WS (JAX-RS)• CDI (Web Beans)• Java Persistence (JPA)• Java Web Start (JavaWS)
Design
Design :: Plugin Framework
• Rolled my own plugin framework• Reuses parts of Java ServiceProvider
mechanism• Dynamically adds/removes plugins at runtime• Plugins represented as third-party jars– Implement a service provider interface
• Each plugin loaded into it’s own classloader• Internal map tracks current plugins
Design :: Business Logic
• Encapsulates all the functionality of the system
• Plugin management• Invoking plugins for steganography detection• Database communication• Security
Design :: PluginsBean
• Singleton JavaBean (One instance)– There should only be one view of the plugins
• Loads plugins from plugins directory• Listens on that directory for files being created/deleted• Manages adding, removing, and querying plugins• Processes a PluginRequest and responds with a
PluginResponse.• Has defined roles “PluginAdmin”– Only users of this group can modify plugins
PluginBean :: PluginRequest
PluginBean :: PluginResponse
PluginBean :: Security
• PluginBean is annotated with @DeclaredRoles and @RolesAllowed
• Security enforced by GlassFish• Users are created and placed in groups• Groups are mapped to roles• Only users in group “PluginAdmin” have
access to modify plugins
Design :: DetectionBean
• Stateless bean– New instance per request (detection request)– Automatically thread for performance ect
• Computes mime type and hash• Database interaction for previous results• Invokes all plugins that match the file’s mime type• Processes DetectionRequest and responds with a
DetectionResponse
DetectionBean :: DetectionRequest
DetectionBean :: DetectionResponse
Design :: REST Web Services
• Two web service methods are available– Handle plugin and detection requests
• Produce/Consume XML• Use contexts and dependency inject to call a bean to
process the request (Plugin/Detection)– @EJB annotation is used for CDI
• XML requests/responses are automaticalled converted into objects with JAXB– Java classes (POJOs) are annotated with JAXB annotations
• These objects are passed to the beans
Design :: Database
• Used to store results of files that have been processed
• Efficient since duplicate files don’t need to be reprocessed
• Dirty flag is enabled when plugins change which will require reprocessing
• DetectionResponse class is annotated as an Entity that maps to the database schema– Allows for injection of persistence context and easily
persist/retrieve results
Database :: Detection Response
Database :: Detection Technique Result
Code Walk Through
Demonstration
Questions?