Steganography
S. S. Yau
CSE 494/598, Fall 2004
1
Secure Communication Two parties, Alice and Bob, can exchange information over an insecure medium in such a way that even if an intruder (Willie) is able to intercept, read and perform computation on the intercepted information, Willie will not be able to decipher the content of the exchanged information. S. S. Yau
CSE 494/598, Fall 2004
2
1
Encryption may not be enough z Prisoner
Problem – Alice and Bob are in jail and wish to hatch an escape plan . All their communications pass through the warden,Willie, and if Willie detects any encrypted messages, he can simply stop the communication. z So they must find some way of hiding their secret message in an innocuous looking text. S. S. Yau
CSE 494/598, Fall 2004
3
Steganography z The
art of hiding information in ways that prevent detection of hidden messages. z In Greek means “covered writing” z Steganography and cryptography are cousins in the spy craft family z While the goal of the cryptography system is to conceal the content of the messages, the goal of information hiding or steganography is to conceal their existence S. S. Yau
CSE 494/598, Fall 2004
4
2
Steganography z
z
What to hide – Texts – Images – Sound How to hide – embed text in text/images/sound files – embed image in text/image/sound files – embed sound in text/image/sound files
S. S. Yau
CSE 494/598, Fall 2004
5
Cryptographic System Intruder
Active intruder
Passive Intruder
Alters messages
just listens
Plaintext
Encryption method
Encryption Key K
S. S. Yau
Decryption method
Ciphertext ,c=Ek(p)
CSE 494/598, Fall 2004
Plaintext
Decryption Key
6
3
Steganographic System
S. S. Yau
CSE 494/598, Fall 2004
7
Comparison Cryptography C = Ek (P)
Plain text
P = Dk (C)
Ciphertext
f Key
Steganography secret message f
Stego message
cover image
S. S. Yau
CSE 494/598, Fall 2004
8
4
Real Example z
During WW1 the following cipher message was actually sent by a German spy - Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils
S. S. Yau
CSE 494/598, Fall 2004
9
Real Example (cont.) Apparently neutral’s protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils z
Hidden Message - Pershing sails from NY June 1
S. S. Yau
CSE 494/598, Fall 2004
10
5
Steganographic Techniques (1) z Genome
Steganography: Encoding a hidden message in a strand of human DNA z Hiding in Text: Information hidden in documents by manipulating the positions of lines and words, hiding the data in html files z Hiding in the disk space: Hiding the data in unused or reserved space S. S. Yau
CSE 494/598, Fall 2004
11
Steganographic Techniques (2) z Hiding
data in software and circuitry: Data can be hidden in the layout of the code distributed in a program or the layout of electronic circuits on a board. z Information Hiding in Images: Ranges from least significant bit insertion to masking and filtering to applying more sophisticated image processing algorithms z Hiding in network packets: Hidden in packets transmitted through the Internet. S. S. Yau
CSE 494/598, Fall 2004
12
6
Software Tools z
S-Tools: Includes programs that process GIF and BMP images, process audio files and will even hide information in the unused areas of the floppy diskettes
z
StegoDos: Also known as the Black Wolfs Picture Encoder version 0.90a. It works only for 320* 200 images with 256 colors
z
Camouflage: Allows hiding files by scrambling them and then attaching them to the file of your choice
z
Mp3 Stego: Hides information in MP3 files during the compression process S. S. Yau
CSE 494/598, Fall 2004
13
Structure of TCP Header
TCP: Transmission Control Protocol S. S. Yau
CSE 494/598, Fall 2004
14
7
Hiding Data in TCP Header z Places
to hide secret message - Reserved bits - Sequence number field z Initial Sequence Number (ISN) is a randomly generated number based on: localhost, localport, remotehost, remoteport z Makes use of three-way handshake in buildup of a TCP/IP connection S. S. Yau
CSE 494/598, Fall 2004
15
TCP Manipulation Example z
z
Normal method: Host A sends a synchronization packet and an ISN to host B asking for acknowledgement. B answers with an ISN increased by one as its acknowledgement. Finally, the connection is established by acknowledgement from host A to host B. Steganographic Method: (1) A sends packet with a manipulated header to B, and (2) the manipulated header causes B to send acknowledgement meant for A to C. (3) C can establish connection anonymously without B knowing that C is not A. (See the next slide) S. S. Yau
CSE 494/598, Fall 2004
16
8
Illustration of Steganography Example
A
(1) Packet with manipulated header
(2) A
C
S. S. Yau
t men e g d wle ckno
B
ate unic m m co can B as A C ) (3 wi t h
CSE 494/598, Fall 2004
17
Digital Watermarking • Watermarking is the practice of imperceptibly altering a cover to embed a message in that cover – Imperceptibility: The modifications caused by watermarking embedding are not perceptible.
• Watermarking is inseparable from the cover in which they are embedded. Unlike cryptography, watermarks can protect content ownership even after they are decoded. • Applications – Copyright protection, copy protection, content authentication, transaction tracking and broadcast monitoring S. S. Yau
CSE 494/598, Fall 2004
18
9
Digital Watermarking • Digital Watermarking is the embedding of a signal (watermark) into another signal (image)
S. S. Yau
• The embedding must not cause serious degradation to the original signal
Original Image CSE 494/598, Fall Watermarked Image 2004
19
Digital Watermarking (cont.) • Watermarking is used primarily for identification and entails embedding a unique piece of information within a medium without noticeably altering the medium • The difference between Steganography and Watermarking is primarily intent. Steganography conceals information; Watermarks become an attribute of the cover image • Publishing and broadcasting industries are interested in techniques for hiding encrypted copyright marks and serial numbers in digital films, audio recordings, books and multimedia products. 1. Cox, Kilian, Leighton, and Talal Shamoon, “Secure Spread Spectrum Watermarking for Multimedia”, IEEE Transactions on Image Processing, Vol. 6, No. 12, December 1997 2. Podilchuk, C.I., Delp, E.J., “Digital Watermarking: Algorithms and Applications”, IEEE Signal Processing Magazine, July 2001, Volume 18 Number 4 S. S. Yau
CSE 494/598, Fall 2004
20
10