2. Overview
• Steganography
Some quick definitions
What is steganography?
Methods of Masking
Steganographic constraints
• Real World Application
The “illegals” and more
• Application in Virtual Environments
Gaming and Virtual Reality
Limitations
• Conclusion
3. … But First, Some Definitions
• Cover file: Original message/file in which hidden information will be stored.
• Stego Medium: The medium/type of media of the Cover file..
• LSB: Least Significant Bit, the right-most bit in a byte.
• Capacity: Amount of data that can be hidden without distorting the Cover file.
• Constraint: 3 types: Perceptual, Statistical and Attack.
• Cognitive cost: The impact of a task (measured in time) on mental ability.
• Lossy Compression: Inexact approximations (discarded points/loss of accuracy) to
represent content.
4. What is Steganography?
• Greek: “steganos” (covered/hidden), “graphie” (writing).
• The art of concealment: Hiding in plain sight.
• “Security through Obscurity”
• Historically a tool of stealth/espionage.
• Threat to Confidentiality (in CIA pyramid).
5. Steganographic Types and Mediums
Data
Audio
Stream
Image
Still Video
Stream
Textual
IP Header
Linguistic
Semagrams
Visual
Textual
6. The Digital Do Not’s (3 Constraints)
• Perceptual: Don’t mask so much data that it distorts the cover.
• Statistical: Don’t be too predictable.
• Attack: Don’t make it overly complicated to decipher.
7. The “illegals”
• FBI “Operation Ghost Stories” culminates in June 2010 with arrest of 10 Russian
spies operating out of NY/NJ.
• The spies used sophisticated technologies to exchange data, including
disappearing ink and masked digital photos– two applications of steganography
• One of the spies, Richard Murphy, regularly
embedded data in the photograph of flowers, right,
and uploaded to SVR (Russian Intelligence).
8. Other Real World Examples...
• 2014: Malware ZeusVM uses sunset (at right)
to mask a configuration file containing instructions
to steal user credentials for financial institutions
• 2014: Lurk embeds encrypted list of downloader URLs into an
image file using LSB bit substitution. Acts as a backdoor,
downloading and executing secondary malware payloads.
• 2015: Vawtrak hides in favicons, aka desktop shortcuts. Steals
financial information, FTP credentials, private encryption keys,
etc, executes banking transactions directly from the victim’s pc.
9. …And Some Fictions
• 2001: USA Today story on 9/11 reports Osama and cells employ
sophisticated photo steganography to communicate.
FALSE – has never been even slightest evidence proving this.
• 2003: CIA monitors al-Jazeera broadcasts, uncovers covert dates,
flight numbers, coordinates for high-profile sites.
FALSE – overzealous interpretation of SIGInt signal-to-noise.
• 2015: Forbes reports Paris Bataclan attackers used Playstation
PS4s for covert communications.
FALSE – To date, no supporting evidence has been found.
10. Other Digital Examples
• Audio “stream within a stream”, aka voice over voice over IP
(VoVoIP) using G.711 codec
• SUNY Stony Brook’s CASTLE in-game covert
channels and prerecorded group movement
actions in StarCraft
• Traditional textual masking in a digital format:
11. More on Gaming
• Rook and Castle: Create covert channels in MMORPG games
• Not theoretical: Real world tested in Starcraft, Warcraft, Shogun
2, and Company of Heroes, relies on pre-recorded unit
movements.
• Current undetected real-time decryption slow, only 1.5 kpbs,
solution: playback from recorded logs offline. (Threatens both
Confidentiality and Availability).
• Currently tested in local/desktop only modes.
12. Virtual Reality Masking
• Special equipment (eg Oculus Rift, Samsung VR) would be
needed to even observe Cover.
• Theoretically huge (and unlimited) capacity to successfully
mask data, owing to pixel depth and streaming of media.
• One time, uncaptured stream = maximum message security,
but low potential Integrity and Availability (in CIA pyramid).
• 4k stream in immersive 360 degree view is too much, too fast
for unaided decryption.
13. The Human Problem: Multitasking
• Speed/amount of masked data in visual VR environment too
much for human brain to process.
• Maximum pixel definition for human eye is 2650x1600, but 30
degree field of visibility and lossy compression.
• Cognitive cost of multi stream single source inputs too high ==
vague and inaccurate decoding.
• Multi stream, multi source inputs decrease retention, impacting
Integrity (in CIA pyramid).
14. Sensory Input, Illustrated
Going to the movies: 3 Scenarios and Steganographic Counterparts
Silent movie. Visual only. Single input stream, single
sense input. Lowest Cognitive cost, highest retention.
(Textual Steganography)
Regular movie. Audio and Visual inputs. 2 competing
inputs, but 2 different senses. Mid range Cognitive
cost, slight loss to details in retention. (Traditional
Steganography)
Foreign movie. Audio + Visual + Subtitles = 3
competing input streams, 2 from the same sense
(visual). Highest Cognitive Cost, least retention. (VR
Steganography)
15. Conclusions
• Human cognitive and perceptual ability are the biggest hurdles to
future technologies.
• High risk of data loss in decryption (loss of Integrity) = VR not a
credible threat at present. (Yet!)
• “Old school” methods (think “illegals”) still the best… for now.
• Masking data in gaming = most promising current technology.