Your SlideShare is downloading. ×
File000133
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

File000133

1,077
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,077
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
40
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Module XX – Steganography
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Scenario A couple from Manchester was charged of plotting a terrorist act. Taxi driver Habib Ahmed of Elmfield Street, Cheetham Hill and his wife Mehreen Haji were held in police custody in London. Ahmed, age 27, was accused of making computer records of possible terror targets and undergoing a course of weapons training at a Pakistani terror camp between April and June of 2006. 25-year-old Haji was accused of providing just under £4,000 to finance her husband's alleged terrorist activities. The police seized the computer from Ahmed and also recovered a significant amount of material from the computers.
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: New Software Can Easily Read Messages Hidden in Noisy Digital Images Source: http://www.thaindian.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Steganography • Model of Stegosystem • Classification Of Steganography • Different Forms of Steganography • Issues in Information Hiding • Cryptography • Steganography vs. Cryptography • Stego-forensics • Watermarking • Steganography tools This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Steganography Classification Of Steganography Model of Stegosystem Issues in Information Hiding Different Forms of Steganography Steganography vs. Cryptography Cryptography Steganography Detection Steganography tools Watermarking
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Steganography is defined as “The art and science of hiding information by embedding messages within other, seemingly harmless messages” It involves placing a hidden message in some transport medium The meaning is derived from two Greek words mainly “Stegos” which means secret and “Graphie” which means writing
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Model of Stegosystem Stegosystem describes the process that is used in performing steganography
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Concepts
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application of Steganography Steganography is used to hide communication In military applications, where even the knowledge of communication between two parties can be critical Health care especially medical imaging systems, may benefit from information hiding techniques Other areas where steganography is used are workplace communication, digital music, terrorism, and the movie industry
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Classification of Steganography Steganography Technical Steganography Linguistic Steganography Semagrams Visual Semagrams Text Semagrams Open codes Jargon code Covered Ciphers Null Cipher Grill Cipher Digital Steganography
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Technical Steganography Technical steganography uses the physical or chemical means to hide the existence of a message Some of the technical steganography types include use of invisible ink or microdots Microdots method is a page sized photograph minimized to 1mm in diameter The photograph is reduced with the help of reverse microscope
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Linguistic Steganography Linguistic steganography hides the message in the carrier in some non- obvious ways It is further categorized into semagrams and open codes • Visual semagrams use innocent-looking or everyday physical objects to convey a message, such as doodles or the positioning of items on a desk or website • Text Semagrams hide a message by modifying the appearance of the carrier text, such as subtle changes in the font size or type, adding extra spaces, or different flourishes in letters or handwritten text Semagrams hide information using symbols or signs:
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Linguistic Steganography (cont’d) • Text is carefully constructed • Positioning text conceals messages Open codes Steganography:
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Linguistic Steganography (cont’d) Open codes Steganography is divided into: • It is a language that a group of people can understand but is meaningless to others The Jargon code: • The message is hidden openly in the carrier medium so that anyone who knows the secret of how it was concealed can recover it • It is again categorized into Null ciphers and Grille Ciphers Covered ciphers:
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Linguistic Steganography (cont’d) • A null cipher is an ancient form of encryption where the plaintext is mixed with a large amount of non-cipher material • It can also be used to hide ciphertext Null Ciphers: • In this technique, a grille is created by cutting holes in a piece of paper • When the receiver places the grille over the text, the intended message can be retrieved Grille Ciphers:
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Digital Steganography Techniques Digital Steganography hides secret messages in digital media • Injection • Least Significant Bit (LSB) • Embedding during Transform Process • Spread Spectrum Encoding • Perceptual Masking • Cover Generation Technique • Statistical Method Technique • Distortion Technique The techniques used in digital steganography:
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Injection The secret message is injected into the host’s medium Drawback: The host file gets larger and makes it easier to detect the message Example: In the web page, the message ‘This is a sample of Stego’ is displayed, whereas in the source code of the web page, a secret message ‘This is the hidden message” is viewed
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Least Significant Bit (LSB) In LSB, the right hand side bit in the binary notation is substituted with the bit from the embedded message Data is no longer secure if the attacker knows LSB substitution technique is used
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Transform Domain Techniques A transformed space is generated when the file is compressed at the time of transmission This transformed space is used for hiding the data Discrete Cosine Transform (DCT), Discrete Fourier Transform (DFT), and Wavelet Transform are used to embed secret data during the transformation process
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spread Spectrum Encoding Techniques • In direct sequence, the stream of information is divided into small parts, each of which is allocated across to a frequency channel across the spectrum Direct Sequence • In frequency spectrum, the bandwidth spectrum is divided into many possible broadcast frequencies Frequency Spectrum It encodes a small band signal into a wide band cover The encoder modulates a small band signal over a carrier Spread Spectrum Encoding techniques are of two types:
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Perceptual Masking Perceptual masking is a type of steganography that refers to masking of one signal over the other making it difficult for the observer to detect Masking tone Level (dB) time Inaudible tones (under curve) freq
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cover Generation Technique A cover is generated to hide the information, contrary to the one that chooses a cover object to hide the data Spam Mimic tool is used to embed a text message into a spam message that is emailed to the desired destination
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Statistical Method Technique This method uses the 1-bit steganographic scheme It embeds one bit of information in the digital carrier
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Distortion Technique This technique creates a change in the cover object in order to hide the information The secret message is recovered by comparing the distorted cover with the original one Original image Distorted image
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Different Forms of Steganography • Text file steganography • Image File steganography • Audio File steganography • Video File steganography Steganography comes in different forms: Text File Image File Audio File Video File
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Text File Steganography • It uses spaces in between words or sentences to hide the data Open space steganography • It modifies the word order or uses punctuation for hiding the data Syntactic steganography • It uses synonyms to encode the secret message Semantic steganography Steganography in the Text files include:
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Image File Steganography • GIF- Graphic Interface Format • BMP- A Microsoft standard image • JPEG- Joint Photographic Experts • TIFF- Tag Image File Format Four image file compressions commonly used in steganography: Image file properties relate to how digital images vary in terms of their resolution, width, and height
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Techniques in Image File Least Significant Bit Insertion in Image files Masking and Filtering in Image files Algorithms in Image files
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Least Significant Bit Insertion in Image Files The rightmost bit is called the Least Significant Bit (LSB) The LSB of every byte can be replaced with minor change to the overall file The binary data of the secret message is broken up and then inserted into the LSB of each pixel in the image file • Using the Red, Green, Blue (RGB) model, a stego tool makes a copy of an image palette • The LSB of each pixel 8-bit binary number is replaced with one bit from the hidden message • A new RGB color in the copied palette is created • The pixel is changed to the 8-bit binary number of the new RGB color Hiding the Data:
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Least Significant Bit Insertion in Image Files (cont’d) • 01001101 00101110 10101110 10001010 10101111 10100010 00101011 101010111 • The letter “H” is represented by binary digits 01001000. To hide this “H” above stream can be changed as: • 01001100 00101111 10101110 10001010 10101111 10100010 00101010 101010110 • To retrieve the “ H”combine all LSB bits 01001000 Recovering the data : • The stego tool finds the 8-bit binary number of each pixel RGB color • The LSB of each pixel's 8-bit binary number is one bit of the hidden data file • Each LSB is then written to an output file Example: Given a string of bytes
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Process of Hiding Information in Image Files
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Masking and Filtering in Image Files Masking technique hides data in a similar way like watermarks on the actual paper Masking and filtering techniques hide information by marking an image which can be done modifying the luminance of parts of the image Masking and filtering techniques are mostly used on 24 bit and grayscale images Masking techniques hide information in such a way that the hidden message is more integral to the cover image than simply hiding data in the "noise" level Masking adds redundancy to the hidden information
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Algorithms and Transformation Another steganography technique is to hide data in mathematical functions that are in compression algorithms JPEG images use the Discrete Cosine Transform (DCT) technique to achieve image compression
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Algorithms and Transformation (C0nt’d) • Take the DCT or wavelet transform of the cover image and find the coefficients below a specific threshold • Replace these bits with bits to be hidden • Take the inverse transform and store it as a regular image Hiding data: • Take the transform of the modified image and find the coefficients below a specific threshold • Extract bits of the data from these coefficients and combine the bits into an actual message Recovering the data:
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Algorithms and Transformation (C0nt’d)
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Audio File Steganography Information can be hidden in a audio file by using LSB or by using frequencies that are inaudible to the human ear High frequency sound can be used to hide information as human ear cannot detect frequencies greater than 20,000 Hz Information can be hidden using musical tones with a substitution scheme
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Low-bit Encoding in Audio Files Low bit Encoding is a type of audio steganography, which is similar to Least Bit Insertion method done through Image Files Binary data can be stored in the least important audio files The channel’s capacity is 1 kilo byte per second per kil0hertz
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Phase Coding • The original sound sequence is shortened into short segments • A DFT (Discrete Fourier Transform) is applied to each segment to create a matrix of the phase and magnitude • The phase difference between each adjacent segment is calculated • For all other segments, new phase frames are created • The new phase and original magnitude are combined to get a new segment • The new segments are concatenated to create the encoded output The method is described below: Phase coding is the phase in which an initial audio segment is replaced by a reference phase that represents the data
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Spread Spectrum The encoded data is spread across as much as the frequency spectrum Spread Spectrum can be clearly illustrated by using Direct Sequence Spread Spectrum (DSSS) Unlike phase coding, DSSS does introduce some random noise to the signal
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Echo Data Hiding In echo data hiding technique, an echo is embedded into the host audio signal Three Parameters of echo: Initial Amplitude Decay Rate Offset
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Video File Steganography Discrete Cosine Transform (DCT) manipulation is used to add secret data during the video transformation The techniques used in audio and image files are used in video files, as video consists of audio and image A large amount of secret messages can be hidden in video files since it is a moving stream of images and sound
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganographic File System Steganographic file system is a method to store the files in a way that it encrypts and hides the data without the knowledge of others It hides the user’s data in other seemingly random files It allows the user to give names and passwords for some files while keeping other files secret
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Issues in Information Hiding • The embedding process distorts the cover to a point where it is visually unnoticeable i.e., if the image is drastically distorted then the carrier is insufficient for the payload, and if the image is not distorted then the carrier is adequate Levels of Visibility: • Redundancy is needed for a robust method of embedding the message, but it subsequently reduces the payload • Robustness and payload are opposites of each other i.e., less the payload, more the robustness Robustness vs. Payload:
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Issues in Information Hiding (cont’d) • Some image and sound files are lossy or lossless • The conversion of lossless information to a compressed lossy information destroys the hidden information in the cover • Example: Conversion of uncompressed bitmap to a compressed estimated JPEG, changes the bits to include bits containing embedded message File format dependence:
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Cryptography Cryptography is an art of writing text or data in secret code It encrypts the plain text data into unreadable format, which is called cipher text It is based on mathematical algorithms These algorithms use a secret key for secure transformation
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Model of Cryptosystem Cyrptosystems are cryptography systems such as secure electronic mail systems which might include methods for digital signatures, cryptographic hash functions, key management techniques, and so on It involves algorithms that take a key and covert plaintext to cypertext and vice versa
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography vs. Cryptography Steganography Cryptography Steganography is the technique of hiding information by embedding messages within other messages Cryptography is the technique of encoding the contents of the message in such a way that its contents are hidden from outsiders The message is not visible, because it is hidden behind the other message The existence of the message is clear, but the meaning is obscured Only one private key is used Two keys are used i.e. public key for encryption and private key for decryption
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Public Key Infrastructure (PKI) PKI is used for secure and private data exchange over the Internet It uses public and a private cryptographic key pair that is obtained and shared through a trusted authority PKI provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates It uses public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message PKI consists of: • A certificate authority (CA) that issues and verifies digital certificate • A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a request • One or more directories where the certificates (with their public keys) are held
  • 49. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Key Management Protocols The primary goal of a key management scheme is to provide two communicating devices with a common or shared cryptographic key “Session key” is used to identity short-lived keys. This key does not require a session- based communication model "Master Key" is used to denote keys having a longer life period than a session key Key Management Controller (KMC) provides a key to a communication unit that is referred to as rekeying KMC will assign keys to the communication units through Over-the-Air-Rekeying (OTAR), i.e. the communication units are rekeyed over a radio channel
  • 50. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Watermarking
  • 51. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited What is Watermarking? During the manufacture of paper, the wet fiber is subjected to high pressure to expel the moisture If the press' mold has a slight pattern, this pattern leaves an imprint, a watermark, in the paper, best viewed under transmitted light Digital watermarks are imperceptible or barely perceptible transformations of the digital data; often the digital data set is a digital multimedia object
  • 52. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Study
  • 53. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography vs. Watermarking Steganography Watermarking The main goal of steganography is to hide a message ‘m’ in some audio or video (cover) data ‘d’, to obtain new data ‘D', practically indistinguishable from ‘d’, by people, in such a way that an eavesdropper cannot detect the presence of ‘m’ in ‘d' The main goal of watermarking is to hide a message ‘m’ in some audio or video (cover) data ‘d’, to obtain new data ‘D', practically indistinguishable from ‘d’, by people, in such a way that an eavesdropper cannot remove or replace ‘m’ in ‘d' Original message is hidden behind other message The original image is visible in watermarking Emphasizes on avoiding detection Emphasizes on avoiding distortion of the cover Largest hidden message possible Usually small hidden message It can be used for secret communication It can be used for copyright protection, image authentication
  • 54. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Types of Watermarks • A visible watermark is robust • Though not part of the foundation image, the watermark's presence is clearly noticeable and often difficult to remove Visible watermarks: • An invisible watermark's purpose is to identify ownership or verify the integrity of an image or piece of information • It is imperceptible but can be extracted via computational methods Invisible watermarks:
  • 55. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Working of Different Watermarks • The tampering with the image can be determined by observing the position of tampering caused due to any alteration Semi-fragile: • Fragile watermark has low robustness when the data is modified, it destroys the embedded information with a small change in the content Fragile: • Robust watermark has high robustness when the data is modified • It can be visible or invisible and is difficult to remove or damage the robust watermark Robust:
  • 56. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attacks on Watermarking • These attacks attempt to diminish or remove the presence of watermarks in a suspect image without rendering the image Robustness Attacks: • In a presentation attack, the watermarked content is manipulated, so a detector cannot find it Presentation Attack: • Interpretation attacks seek to falsify invalid or multiple interpretations of a watermark Interpretation Attacks: • Legal attacks is the ability of an attacker to cast doubt on the watermarking scheme in the courts Legal Attacks:
  • 57. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Application of Watermarking A popular application of watermarking techniques is to provide a proof of ownership of digital data by embedding copyright statements into video or image digital products Data augmentation - to add information for the benefit of the public Automatic audit of radio transmissions Automatic monitoring and tracking of copy-write material on WEB
  • 58. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Currency Watermarking Watermarking is used on the currency note to protect from counterfeiting Watermarks on currency note can be seen when held against the light that shows an image similar to the printed image on the note The image of the watermark is caused due to difference in thickness of the note A highlighted feature of ultra thin paper is an added security effect in watermarking
  • 59. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Digimarc's Digital Watermarking Digimarc's digital watermarking technologies allow users to embed a digital code into audio, images, video, and printed documents that is imperceptible during normal use but readable by computers and software It is a special message embedded in an image, whether it is a photo, video, or other digital content Digimarc's software embeds these "imperceptible" messages by making subtle changes to the data of the original digital content These watermarks can then be "read" to validate the original content
  • 60. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Watermarking – Mosaic Attack Mosaic attack works by splitting an image into multiple pieces and stitching them together using javascript code The web browser simply ‘sticks’ them back together at display time Both images are watermarked with Digimarc; but the watermark is unreadable in small parts The attack works because copyright marking methods have difficulties to embed watermarks in small images (typically below 100×100 pixels) Watermarked image Split into 9 pieces
  • 61. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Mosaic Attack – Javascript Code <nobr> <img SRC="kings_chapel_wmk1.jpg’ BORDER="0’ ALT="1/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk2.jpg’ BORDER="0’ ALT="2/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk3.jpg’ BORDER="0’ ALT="3/6’ width="118’ height="140"> </nobr> <br> <nobr> <img SRC="kings_chapel_wmk4.jpg’ BORDER="0’ ALT="4/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk5.jpg’ BORDER="0’ ALT="5/6’ width="116’ height="140"> <img SRC="kings_chapel_wmk6.jpg’ BORDER="0’ ALT="6/6’ width="118’ height="140"> </nobr>
  • 62. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 2Mosaic – Watermark Breaking Tool 2Mosaic is a 'presentation' attack against digital watermarking systems It consists of chopping an image into a number of smaller sub images, which are embedded in a suitable sequence in a web page Common web browsers render juxtaposed sub images stuck together, so they appear similar to the original image
  • 63. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Detection
  • 64. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How to Detect Steganography • Steganographic investigators need to be familiar with the name of the common steganographic software and related terminology, and even websites about steganography • Investigators should look for file names, web site references in browser cookie or history files, registry key entries, e-mail messages, chat or instant messaging logs, comments made by the suspect, or receipts that refer to steganography • These will provide hard clues for the investigator to look deeper • Finding similar clues for cryptography might also lead one down this path Software clues on the computer
  • 65. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How to Detect Steganography (cont’d) • Non-steganographic software might offer clues that the suspect hide files inside other files • Users with binary (hex) editors, disk wiping software, or specialized chat software might demonstrate an inclination to alter files and keep information secret Other program files
  • 66. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How to Detect Steganography (cont’d) • Look for the presence of a large volume of the suitable carrier files • While a standard Windows computer will contain thousands of graphics and audio files, for example, majority of these files are small and are an integral part of the graphical user’s interface • A computer system with an especially large number of files that could be steganographic carriers are potentially suspected; this is particularly true if there are a significant number of seemingly duplicate "carrier" files Multimedia files
  • 67. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited How to Detect Steganography (cont’d) • The type of crime being investigated may also make an investigator think more about steganography than other types of crime • Child pornographers, for example, might use steganography to hide their wares when posting pictures on a web site or sending them through e-mail • Crimes that involve business-type records are also good steganography candidates because the perpetrator can hide the files but still get access to them; consider accounting fraud, identity theft (lists of stolen credit cards), drugs, gambling, hacking, smuggling, terrorism, and more Type of crime
  • 68. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Detecting Steganography • Identifies whether the image is modified or not by determining its statistical properties Statistical tests: • Stegdetect • Stegbreak Tools used: Detecting steganography is a difficult task especially during low payloads The different ways of detecting steganography:
  • 69. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Detecting Steganography (cont’d) • It breaks the encoded password with the help of dictionary guessing Stegbreak: The different ways of detecting steganography are:
  • 70. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Detecting Text, Image, Audio, and Video Steganography • For the text files, the alterations are made to the character positions for hiding the data • The alterations are detected by looking for text patterns or disturbances, language used, and the unusual amount of blank spaces Text file: • The hidden data in image can be detected by determining the changes in size, file format, the last modified timestamp, and the color palette pointing to the existence of the hidden data • Statistical analysis method is used for image scanning Image file: Information that is hidden in different file system can be detected in the following ways:
  • 71. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Detecting Text, Image, Audio, and Video Steganography (cont’d) • Statistical analysis method can also be used for audio files since the LSB modifications are also used on audio • The inaudible frequencies can be scanned for information • The odd distortions and patterns show the existence of the secret data Audio file: • Detection of the secret data in video files include combination of methods used in image and audio files • Special code signs and gestures can also be used for detecting secret data Video file:
  • 72. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Counterfeit Detection The methods used to protect and validate currency are: • First Line Inspection method • Second Line Inspection method First line inspection method involves the first site determining authenticity of the currency that is being exchanged This type of inspection is detected by both the verifier and counterfeiter This method of detection can be assessed by varied density of watermark, Ultraviolet Fluorescence, and Microtext
  • 73. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Counterfeit Detection (cont’d) Second-Line inspection methods cannot be detected by the naked eye and requires additional devices The methods of second line inspection: • Isocheck/Isogram depends on the specific dots or lines that leads to some pattern when printed • Hidden watermarks can be applied in these patterns to know the genuineness of the note when a filter is placed Isocheck/Isogram: • This method uses unique configurations of fibers embedded in the paper Fiber-Based Certificates of Authenticity
  • 74. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganalysis Steganalysis is the art and science of detecting hidden messages using steganography It is the technology that attempts to defeat steganography—by detecting the hidden information and extracting it or destroying it
  • 75. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganalysis Methods/Attacks on Steganography • Only the stego-object is available for analysis Stego-only attack: • The stego-object as well as the original medium is available • The stego-object is compared with the original cover object to detect any hidden information Known-cover attack: • The hidden message and the corresponding stego-images are known Known-message attack:
  • 76. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganalysis Methods/Attacks on Steganography (cont’d) • The steganography algorithm is known and both the original and stego-object are available Known stego attack: • The steganography algorithm and stego-object are known Chosen-stego attack: • Active attackers can change the cover during the communication process Disabling or active attack:
  • 77. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganalysis Methods/Attacks on Steganography (cont’d) • The steganalyst generates a stego-object from some steganography tool or algorithm of a chosen message • The goal in this attack is to determine patterns in the stego-object that may point to the use of the specific steganography tools or algorithms Chosen-message attack:
  • 78. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disabling or Active Attacks • It softens the transitions and averages the adjacent pixels with significant color change Blur: • Random noise injects Random colored pixels to an image • Uniform noise inserts slightly similar pixels and colors of the original pixel Noise: • It reduces the noise in the image by adjusting the colors and averaging the pixel values Noise Reduction: • It increases the contrast between the adjacent pixels Sharpen:
  • 79. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Disabling or Active Attacks (cont’d) • It moves the image around a central point Rotate: • It is an interpolation process where the raggedness while expanding an image is reduced Resample: • Soften is a uniform blur to an image that smoothens the edges and decreases the contrasts Soften:
  • 80. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stego-Forensics Stego-Forensics is a stream of forensic science dealing with steganography techniques to investigate a source or cause of a crime Different methods of Steganalysis can be used to unearth secret communications between antisocial elements and criminals
  • 81. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography in the Future • Protection of the intellectual property • Individuals or organization using steganographic carriers for personal or private information Legitimate uses of steganography in the future:
  • 82. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Hiding Information in DNA In the near future, biological data such as DNA may be a viable medium for hidden messages This could be particularly useful for "invisible" watermarking that biotech companies could use to prevent unauthorized use of their genetically engineered material Three researchers in New York successfully hid a secret message in a DNA sequence and sent it across the country
  • 83. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Unethical Use of Steganography Criminal communications Fraud Hacking Electronic payments Gambling and pornography Harassment Intellectual property offenses Viruses
  • 84. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TEMPEST TEMPEST is an official acronym for "Telecommunications Electronics Material Protected From Emanating Spurious Transmissions" and includes technical security countermeasures; standards, and instrumentation, which prevent (or minimize) the exploitation of the security vulnerabilities by technical means TEMPEST and its associated disciplines involve designing circuits to minimize the amount of "compromising emanations" and to apply appropriate shielding, grounding, and bonding These disciplines also include methods of radiation screening, alarms, isolation circuits/devices, and similar areas of equipment engineering
  • 85. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TEMPEST (cont’d) When modern electrical devices operate, they generate electromagnetic fields Digital computers, radio equipment, typewriters, generate massive amounts of electromagnetic signals which if properly intercepted and processed, will allow certain amounts of information to be reconstructed based on these "compromising emanations" Anything with a microchip, diode, or transistor, gives off these fields These compromising emanation signals can then escape out of a controlled area by power line conduction, other fortuitous conduction paths such as the air conditioning duct work, or by simply radiating a signal into the air (like a radio station)
  • 86. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TEMPEST (cont’d) An excellent example of these compromising emanations may be found in modems and fax machines which utilize the Rockwell DataPump modem chip sets and several modems made by U.S. Robotics When these modems operate, they generate a strong electromagnetic field which may be intercepted, demodulated, and monitored with most VHF radios This is a serious problem with many speaker phone systems used in executive conference rooms This is also a serious problem with many fax machines, computer monitors, external disc drives, CD-R drives, scanners, printers, and other high bandwidth or high speed peripherals
  • 87. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TEMPEST (cont’d) To deal with this "signal leakage" issue, the government developed a series of standards which lay out how equipment should be designed to avoid such leakage The TEMPEST standards are measurements which were adjusted by the NSA A TEMPEST approved computer will be in a special heavy metal case, special shielding, a modified power supply, and few other modifications
  • 88. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Emission Security or Emanations Security (EMSEC) Electronic based information systems produce unwanted emanations These emanations are the electromagnetic radiation emitted from the information handling devices Emanations may also pose a security risk Emanation Security involves measures designed to deny information of value to be given to the unauthorized persons that may be derived from the interception and analysis of the compromising emanations Emanation security deals with protection against spurious signals emitted by the electrical equipments in the system, such as electromagnetic emission (from displays), visible emission, and audio emission (sounds from printers, etc)
  • 89. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Keyboard Sniffers to Steal Data Figure: The attacks were shown to work at a distance of 20 meters Source: http://news.bbc.co.uk/2/hi/technology/7681534.stm
  • 90. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Van Eck Phreaking Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions Information that drives the video display takes the form of high frequency electrical signals These oscillating electric currents create electromagnetic radiation in the RF range These radio emissions are correlated to the video image being displayed, so in theory they can be used to recover the displayed image
  • 91. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Legal Use of Steganography • Steganographically watermark the intermediation materials after the authorization and under the public prosecutor control with predefined marks • Trace the trade materials • Provide network nodes where the trade material is monitored • Build an international data bank to collect data on the trading controlled by the investigative bodies Law enforcement agencies use steganography to:
  • 92. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools
  • 93. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools S- Tools Steghide Mp3Stego Invisible Secrets 4 Stegdetect Stego Suite – Steg Detection Tool Stego Watch Snow Fort Knox ImageHide Blindside Camera/Shy Gifshuffle Data Stash JPHIDE and JPSEEK wbStego OutGuess Masker Cloak StegaNote Stegomagic Hermetic Stego StegSpy
  • 94. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Stealth tool WNSTORM Xidie CryptArkan Info Stego Scramdisk Jpegx CryptoBola JPEG ByteShelter I Camouflage Stego Analyst Steganos Pretty Good Envelop Hydan EzStego Steganosaurus appendX Stego Break Stego Hunter StegParty InPlainView Z-File MandelSteg and GIFExtract
  • 95. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tool: S- Tools S- Tools can hide multiple applications in a single object
  • 96. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tool: Steghide • Compression of the embedded data • Encryption of the embedded information • Automatic integrity checking using a checksum • Support for JPEG, BMP, WAV, and AU files Features : Steghide is a steganography program that is able to hide data in various kinds of image- and audio-files
  • 97. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steghide: Screenshot
  • 98. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Mp3Stego MP3Stego will hide information in MP3 files during the compression process The data is first compressed, encrypted, and then hidden in the MP3 bit stream
  • 99. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Invisible Secrets 4 Invisible Secrets 4 encrypts the data and files for secure transfer across the net It hides the encrypted data or files in places that appear totally innocent, such as picture or sound files, or web pages With this tool, the user may encrypt and hide files directly from Windows Explorer, and then automatically transfer them by e-mail or via the Internet It also allows to hide information in five files types: JPEG, PNG, BMP, HTML, and WAV
  • 100. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Invisible Secrets 4 (cont’d) • Strong file encryption algorithms • Passwords can be stored in the encrypted password lists • Ability to create self-decrypting packages • It is a shell integrated (available from Windows Explorer), so the file encryption operations are easier than ever • Real-random passwords can also be generated Features:
  • 101. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Invisible Secrets 4
  • 102. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Stegdetect Stegdetect is an automated tool for detecting steganographic content in images It is capable of detecting different steganographic methods to embed hidden information in JPEG images Stegbreak is used to launch dictionary attacks against Jsteg- Shell, JPHide, and OutGuess 0.13b
  • 103. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stego Suite – Steg Detection Tool Stego Watch allows users to detect digital steganography, or the presence of communications hidden in digital image or audio files It can extract information that has been embedded with some of the most popular steganography tools using a dictionary attack Stego Break is an application designed to obtain the passphrase that has been used on a file found to contain steganography Currently, Stego Break can crack passphrases for JP Hide ‘n Seek, F5, Jsteg, and Camouflage steganography embedding applications
  • 104. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Stego Watch
  • 105. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Tool: Snow Snow is a whitespace steganography program and is used to conceal messages in ASCII text by appending whitespace to the end of lines Because spaces and tabs are generally not visible in text viewers, the message is effectively hidden from the casual observers. If the built-in encryption is used, the message cannot be read even if it is detected • http://www.darkside.com.au/snow/
  • 106. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Fort Knox uses MD5, Blowfish, and CryptAPI algorithms ImageHide is a steganography program which hides loads of text in images and it does simple encryption and decryption of data
  • 107. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Blindside can hide files of any file type within a windows bitmap image Camera/Shy works with Windows and Internet Explorer, and allows sharing of censored or sensitive information buried within an ordinary GIF image
  • 108. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Data Stash is a security tool that allows hiding of the sensitive data files within other files Gifshuffle is used to conceal messages in GIF images by shuffling the colormap, which leaves the image visibly unchanged
  • 109. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) JPHIDE and JPSEEK are programs which allow hiding of a file in a jpeg visual image wbStego is a tool that hides any type of file in bitmap images, text files, HTML files, or Adobe PDF files
  • 110. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Masker is a program that encrypts files, that requires a password to open and then it hides files and folders inside carrier files, such as image files, video, program, and sound files OutGuess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources
  • 111. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) StegaNote is the tool used to protect the sensitive information in a secure way Cloak is a powerful security tool designed to protect and secure the personal information and documents from the third party
  • 112. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Stegomagic hides any kind of file or message in TEXT, WAV , BMP 24 bit, and BMP 256 color files Hermetic Stego is a program for hiding a message file in a single BMP image or in a set of BMP images
  • 113. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) StegSpy is a tool that will detect steganography and the program used to hide the message Stealth tool takes a PGP 2.x encrypted message, and strips any standard headers off to ensure that the result looks like random noise
  • 114. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Xidie enables hiding and encryption of files and allows the encryption of sensitive information, while at the same time hiding it in a file that will not look suspicious WNSTORM is used to encrypt files to keep prying eyes from invading privacy
  • 115. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) CryptArkan encrypts and hides data files and directories inside one or more container files Info Stego allows the protection of the private information, communication secret, and legal copyright using information watermark, and data encryption technology
  • 116. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Scramdisk is a program that allows the creation and use of the virtual encrypted drives Jpegx encrypts and hides messages in jpeg files to provide an ample medium for sending secure information
  • 117. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) CryptoBola JPEG stores only the cypher text without any additional information such as file name, type, length, etc. ByteShelter I hides data in .doc files and MS Outlook e-mail messages
  • 118. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Camouflage allows the hiding of files by scrambling them and then attaching them to the host file
  • 119. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Stego Analyst is a full featured imaging and analysis tool allowing investigators to search for visual clues Steganos combines Cryptography and Steganography for securing information Pretty Good Envelop is a program suite for hiding a (binary) message in a larger binary file, and retrieving such a hidden message Hydan steganographically conceals a message into an application
  • 120. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) EzStego is an easy to use tool for private communication by hiding an encrypted message in a GIF format image file Steganosaurus is a plain text steganography utility which encodes a (usually encrypted) binary file as gibberish text appendX is a steganography tool which simply appends data to other files (like JPEGs or PNGs) to hide it
  • 121. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) Stego Break is a built-in utility designed to obtain the pass phrase that has been used on a file found to contain steganography Stego Hunter is designed to quickly, accurately detect steganography programs StegParty is a system for hiding information inside plain-text files InPlainView allows hiding of any type of information within a BMP file, as well as recover it
  • 122. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steganography Tools (cont’d) • Z-File Camouflage&Encryption System, integrates compression, encryption, and camouflage technology to protect personal privacy and business core data • The file will be effectively compressed, strongly encrypted, and implanted into an ordinary image Z-File • It gives an increased level of security compared to sending PGP-encrypted email over the Internet • MandelSteg will create a Mandelbrot image storing the data in the specified bit of the image pixels • GIFExtract can be used by the recipient to extract the bit-plane of the image MandelSteg and GIFExtract
  • 123. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Steganography is the method of hiding information by embedding messages within other, seemingly harmless messages Cryptography is the technique of encoding the contents of the message in such a way that its contents are hidden from outsiders. The main goal of watermarking is to hide a message ‘m’ in some audio or video (cover) data ‘d’, to obtain new data ‘D', practically indistinguishable from ‘d’, by people, in such a way that an eavesdropper cannot remove or replace ‘m’ in ‘d' Watermarking techniques is used to provide a proof of ownership of digital data, and data augmentation Steganalysis is the technology that attempts to defeat steganography—by detecting the hidden information and extracting it or destroying it Steganography is used to secure secret communications
  • 124. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 125. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited