Transcript Seminar Steganography

Steganography
The Art of Covert Communication
Presented by LADA
Luiz, Angel, Dimitar and Andrew
Covert Communication
What Is Steganography?
Steganography - \Steg`a*nog"ra*phy\,
n. [Gr. steganos (covered or secret) + graphy
(writing or drawing).] The art of writing in cipher,
or in characters which are not intelligible except
to persons who have the key; cryptography.

Steganography
2
Steganography v Cryptography



Both have been used throughout recorded history
as means to protect information
Cryptographic techniques "scramble" messages so
if intercepted, the messages cannot be understood
Steganography, in an essence, "camouflages" a
message to hide its existence and make it seem
"invisible" thus concealing the fact that a message
is being sent altogether
History of steganography

Herodotus mentions it for the first time in his
history

Demeratus wanted to notify Sparta that Xerxes
intended to invade Greece
Shave the head of the messenger and tattoo the text on it
History of steganography

Another common form of invisible writing is
through the use of Invisible inks
- Common sources for invisible inks are milk, vinegar,
fruit juices and urine
With improvements in technologies new methods
had to be discovered
- Some messages had to be "developed" much as
photographs are developed with a number of chemicals
in processing labs.
History of Steganography
During WWII miniscule dots of invisible ink were
added directly above the letters of seemingly
innocuous text.
 In the resent century POW are known to have
used the dots in letters in such as i & j and t & f
to convey Morse code messages
flat . I just fall flat onto this.
-- . . - -- . - -- . - .--. -. .. --. …. –
m ee t m e t o n i g h t

Micro dots


Microdots are photographs the
size of a printed period having
the clarity of standard-sized
typewritten pages.
The first microdots were
discovered masquerading as a
period on a typed envelope
carried by a German agent in
1941.
Null ciphers (unencrypted messages)

Fishing freshwater bends and saltwater coasts
rewards anyone feeling stressed. Resourceful
anglers usually find masterful leapers fun and
admit swordfish rank overwhelming anyday.

Secret message: Send Lawyers, Guns, and Money
Hiding information in plain text



We explore new steganographic and
cryptographic algorithms and techniques
throughout the world to produce wide variety
and security in the electronic web called the
Internet.
Secret message: Explore the world wide web
Recent examples

Barcode images
Covert Communication



Where the Hidden Data Hides?
Where Did It Came From?
Where It Is Going?


When Steganography Inspires Terror


DNA
Who is Using Stego?
Keeping Your Business Secure
Steganography
10
Hiding the Goods with Stego

Overview of Steganography



The Growth of Steganography – modern data
compression, info theory, spread spectrum and crypto
are brought together to satisfy the need for privacy on
the Internet
Steganography in Use – powerful tool for secret
communication
Flaws of Steganography – Stego is not perfect


Algorithms are known
Message is not encrypted
Steganography
11
Hiding the Goods with Stego Cont’

Variations of Stego


Trojan Horses – sneak viruses or other malicious code
Covert Channels – subclass of Stego



Two parties signal to each other without anyone else
knowing they are communicating. (Holland Windmills )
Easter Eggs – hybrid between Trojan horses and Stego
Hardware Keys – used for Copyright protection
Steganography
12
Hiding the Goods with Stego Cont’

Security and Steganography


Confidentiality – network security
Survivability – hiding data in TCP/IP headers




On a local Network you can use TTL (Time To Live) field
Across the Internet though, each router will decrement the
TTL with one
No Detection – Stego must be hard to find.
Visibility – make sure that people can’t see any
changes to the host file in which data is hidden.
Steganography
13
Hiding the Goods with Stego Cont’


Principles of Steganography
Types of Steganography


File Type – hide data in least significant bits of each
pixel of .bmp image
Method of Hiding



Injection – after EOF of audio file
Substitution – replaces the insignificant info with covert
Generation – creates new overt file from the covert
Steganography
14
Digital Watermarking


What is Digital Watermarking?
Types of Digital Watermarking





Invisible Watermarking
Visible Watermarking
Digital Watermarking and Stego
Uses of Digital Watermarking
Removing Digital Watermarking
Steganography
15
Steganography 101

Types of Steganography:


Original Classification Scheme (how data is hidden)
 Insertion-Based
 Algorithmic-Based
 Grammar-Based
New Classification Scheme (how and where data is
hidden)
 Insertion-Based
 Substitution-Based
 Generation-Based
Steganography
16
Steganography 101

Types of Steganography:



Insertion-Based – information is added that
increases the file
Substitution-Based – substitute data for information
already in the file (overwriting)
Generation-Based – the covert file created from
previous methods is used to create the overt file.
Steganography
17
Steganography 101

Color Tables:



Images are composed of dots called pixels
Each pixel gets its own color by combining
percentages of red, green and blue (RGB)
Each of these colors has value from 0 to 255



Zero designates that the color is present
255 designates complete saturation of that color
RGB color model has 16,777,216 possible colors

Total of 255x255x255
Steganography
18
Steganography 101

Color Tables Cont’:

Examples:





255 0 0 is red
0 255 0 is green
0 0 255 is blue
0 0 0 is black
255 255 255 is white
Steganography
19
Steganography 101

Color Tables Cont’:

Color Tables are used by
several stego techniques
to hide data
Entry
R
G
B
0
24
104
155
1
41
100
65
2
24
120
179
3
33
83
49
4
82
132
90
Steganography
20
Steganography 101

Products Implementing Stego









S-Tools – freeware for hiding data in GIF or .bmp image files or
.wav files
Hide and Seek
J-Steg
EZ Stego
Image Hide
Digital Picture Envelope
Camouflage
Gif Shuffle
Spam Mimic
Steganography
21
Stego Files Across a Network

Uses and Techniques of Network Stego



Hiding in Network Traffic – making your connection emulate
the often-used port 80 traffic (HTTP), your message might pass
without raising anyone’s suspicions
Stego Combined with Viruses – hide a virus in .txt using Stego,
avoiding detection. Later the virus could pull its payload from
.txt and infect the system
Tracking Internet Usage – URL embedding, Hidden fields,
Cookies. Online stalking (Cyberstalking) is used to mimic your
behavior, leading to identity theft.
Steganography
22
Stego Files Across a Network

Network Stego Techniques




Hiding in an Attachment – file-based stego is used to hide the
covert message in a file and attach it to some other form of
network traffic (FTP, Web site posting)
Hiding Data in an E-mail Attachment – send spam mail to
thousands of people, only the intended recipient will look for it
Transmitting Hidden Data with FTP – hide the secret data in
picture and post it on FTP
Posting Stego to a Web Site – pictures posted on your Web site
containing covert files.
Steganography
23
Stego Files Across a Network

Hiding in a Transmission



Hiding Data in Network Headers




Using Invisible Secrets to Hide and Transmit Data
Camera-Shy
Using IP and TCP Headers for Stego
UDP and ICMP Headers
Covert TCP
Hiding in an Overt Protocol
Steganography
24
Stego Files Across a Network
Using IP and TCP Headers for Stego

Using IP Headers for
Stego
4-bit
version
4-bit IP
header
length
8-bit TOS
16-bit Total length (in bytes)
3-bit
flags
16-bit IP identification number

Hide data here
IP identification number
is used to track
packets that have to
be defragmented.
Any number can be used
and the protocol will
still function properly.
8-bit time to live
(TTL)
8-bit protocol
13-bit fragment offset
16-bit header checksum
32-bit source IP address
32-bit destination IP address
options (if any)
data
Steganography
25
Stego Files Across a Network
Using IP and TCP Headers for Stego

Using TCP Headers for
Stego

16-bit source port number
Hide data here
16-bit destination port number
32-bit sequence number
Seq.& Acknow. numbers are
used to indicate how
much data is
send/received.
Data can be hidden only at
initial handshake (first
packet). After that those
fields are critical for valid
communication
32-bit acknowledgement number
32-bit source IP address
32-bit destination IP address
options (if any)
data
Steganography
26
Cracking Stego and Crypto


Who’s Cracking What?
Cracking Analysis



Cryptanalysis
Steganalysis
The Role of Detection



Detecting Encryption
Randomness and Compression
Detection and Image Files
Steganography
27
Cracking Stego and Crypto

Cracking Crypto:


General Attacks
 COA – Ciphertext-Only Attack
 KPA – Known Plaintext Attack
 CTA – Chosen Plaintext Attack
 CCA – Chosen Ciphertext Attack
Specific Attacks
 Brute-Force Attack
 Replay Attack
 Man-in-the-Middle Attack
 Meet-in-the-middle Attack
 Birthday Attack
Steganography
28
Cracking Stego and Crypto

Cracking Stego:


Specific Techniques
 S-Tools V4.0
 Hide and Seek
 J-Steg
 EZ Stego
 StegDetect
General Techniques for Detecting Stego
Steganography
29
Cracking Stego and Crypto

Cracking Stego S-Tools V4.0 files with 8-bit color:



Naturally 8-bit color files have few duplicated colors.
Files that have data hidden with S-Tools have many duplicating
colors
Program called sdetect examines the color table of .bmp
images for near duplicates and reports a measurement of
duplication:
C:\Data\forest.bmp
File Name: forest.bmp
Actual size: 66146 Reported: 66146
C:\Data\forest_h.bmp
File Name: forest_h.bmp
Actual size: 66146 Reported: 66146
Duplicate colors: 2
Duplicate colors: 1046
Steganography
30
Developing Secure Communication
Strategy


Secure vs. Secret
The Roles of Crypto and Stego in Business





Why You Need Both Stego and Crypto
 Complimentary Services, providing more robust result
Crypto and Stego in Business today
How Crypto and Stego Make You More Secure
Developing Strategy
Common Problems with Secure Technologies
 Training the users
 Protecting your keys and passwords
 How detectable are yours stego tools
Steganography
31
Steganography at Large

The Internet: A Climate for Deceit

Corporate Espionage

Who’s Playing?


Information Attacks (software piracy)
System Attacks ( Hidden viruses in e-mail)
Steganography at Large:
Corporate Espionage
Who’s Playing?



Freelance – independent hacker who steals and sells to
highest bidder
Outsourced – a company hires info broker to steal
information from competition
State-sponsored – governments use intelligence to
discover secret projects at foreign companies and offer
it to their own countries to give them competitive edge
Steganography at Large:
Corporate Espionage

June 1998



More than $11.4 Billion has been lost due to piracy.
Over 25% of all software applications are pirated in the
U.S.
As high as 95% in Southeast Asia and Eastern Europe.
Steganography at Large:
Corporate Espionage





February 1, 2003
The release of The SoftwareShield System
New Software Licensing System Embeds Sensitive Data Inside Images
through the use of Steganography.
The SoftwareShield System has the ability to hide encrypted license
data inside images
SoftwareShield primarily helps software developers who choose to
deliver or license their products in electronic format by the internet for the obvious cost benefit while maintaining security.
Steganography at Large:



Option of using encrypted data hidden in the corners of
images to license and protect their applications.
Doing this enables developers with the power to create
demo, trial, copy-protected, leased, pay-per-use and many
other editions of their software with a minimum of effort
and a solid level of security.
www.softwareshield.com
Future of Steganography


To ban technology that could be used in an
inappropriate manner would mean that few
technologies could ever be released.
The more we look for where messages could be
hidden, the more one realizes that the possibilities
are limitless.
The Future of Steganography

Improving the Techniques




Improved Resistance to Analysis
How much You Can Hide?
Improved Attack Tools
New and Improved Ways to Use Stegonography



Law Enforcement
Corporate Uses
Illegal Uses
Future Legal uses



Proof of ownership (better watermarking of
digital media)
Protection of property: physical and intellectual.
With advances in Steganography, it is possible
that it could be used as a secure transmission
medium.
Future Illegal Uses

Criminal Communications


Circumventing network censors


Automatically extract a hidden message with
minimal user intervention.
Porn behind audio or video files which are
undetectable to censors
Computer Warfare

Steganographically embedded Viruses

Free Wallpaper E-mail or audio/video clips
Conclusion



Steganography may have limited legitimate
uses, with the exception of watermarking due
to the abundance of other techniques.
Location of some form of Steganography will
need techniques other than statistical profiling
in order to truly decipher steganography on the
web.
On the other hand, hiding an object in plain
sight could sometimes be the best option.
Credits

Cole, Eric - Hiding In Plain Sight ; Wiley
Publishing, Inc. 2003

ISBN: 0-471-44449-9
Steganography
42