SlideShare a Scribd company logo

digital stega slides

J
James Eglinton
1 of 15
Download to read offline
Digital Steganography and Virtual Environments James Eglinton
Overview • Steganography Some quick definitions What is steganography? Methods of Masking Steganographic constraints • Real World Application The “illegals” and more • Application in Virtual Environments Gaming and Virtual Reality Limitations • Conclusion
… But First, Some Definitions • Cover file: Original message/file in which hidden information will be stored. • Stego Medium: The medium/type of media of the Cover file.. • LSB: Least Significant Bit, the right-most bit in a byte. • Capacity: Amount of data that can be hidden without distorting the Cover file. • Constraint: 3 types: Perceptual, Statistical and Attack. • Cognitive cost: The impact of a task (measured in time) on mental ability. • Lossy Compression: Inexact approximations (discarded points/loss of accuracy) to represent content.
What is Steganography? • Greek: “steganos” (covered/hidden), “graphie” (writing). • The art of concealment: Hiding in plain sight. • “Security through Obscurity” • Historically a tool of stealth/espionage. • Threat to Confidentiality (in CIA pyramid).
Steganographic Types and Mediums Data Audio Stream Image Still Video Stream Textual IP Header Linguistic Semagrams Visual Textual
The Digital Do Not’s (3 Constraints) • Perceptual: Don’t mask so much data that it distorts the cover. • Statistical: Don’t be too predictable. • Attack: Don’t make it overly complicated to decipher.
The “illegals” • FBI “Operation Ghost Stories” culminates in June 2010 with arrest of 10 Russian spies operating out of NY/NJ. • The spies used sophisticated technologies to exchange data, including disappearing ink and masked digital photos– two applications of steganography • One of the spies, Richard Murphy, regularly embedded data in the photograph of flowers, right, and uploaded to SVR (Russian Intelligence).
Other Real World Examples... • 2014: Malware ZeusVM uses sunset (at right) to mask a configuration file containing instructions to steal user credentials for financial institutions • 2014: Lurk embeds encrypted list of downloader URLs into an image file using LSB bit substitution. Acts as a backdoor, downloading and executing secondary malware payloads. • 2015: Vawtrak hides in favicons, aka desktop shortcuts. Steals financial information, FTP credentials, private encryption keys, etc, executes banking transactions directly from the victim’s pc.
…And Some Fictions • 2001: USA Today story on 9/11 reports Osama and cells employ sophisticated photo steganography to communicate. FALSE – has never been even slightest evidence proving this. • 2003: CIA monitors al-Jazeera broadcasts, uncovers covert dates, flight numbers, coordinates for high-profile sites. FALSE – overzealous interpretation of SIGInt signal-to-noise. • 2015: Forbes reports Paris Bataclan attackers used Playstation PS4s for covert communications. FALSE – To date, no supporting evidence has been found.
Other Digital Examples • Audio “stream within a stream”, aka voice over voice over IP (VoVoIP) using G.711 codec • SUNY Stony Brook’s CASTLE in-game covert channels and prerecorded group movement actions in StarCraft • Traditional textual masking in a digital format:
More on Gaming • Rook and Castle: Create covert channels in MMORPG games • Not theoretical: Real world tested in Starcraft, Warcraft, Shogun 2, and Company of Heroes, relies on pre-recorded unit movements. • Current undetected real-time decryption slow, only 1.5 kpbs, solution: playback from recorded logs offline. (Threatens both Confidentiality and Availability). • Currently tested in local/desktop only modes.
Virtual Reality Masking • Special equipment (eg Oculus Rift, Samsung VR) would be needed to even observe Cover. • Theoretically huge (and unlimited) capacity to successfully mask data, owing to pixel depth and streaming of media. • One time, uncaptured stream = maximum message security, but low potential Integrity and Availability (in CIA pyramid). • 4k stream in immersive 360 degree view is too much, too fast for unaided decryption.
The Human Problem: Multitasking • Speed/amount of masked data in visual VR environment too much for human brain to process. • Maximum pixel definition for human eye is 2650x1600, but 30 degree field of visibility and lossy compression. • Cognitive cost of multi stream single source inputs too high == vague and inaccurate decoding. • Multi stream, multi source inputs decrease retention, impacting Integrity (in CIA pyramid).
Sensory Input, Illustrated Going to the movies: 3 Scenarios and Steganographic Counterparts Silent movie. Visual only. Single input stream, single sense input. Lowest Cognitive cost, highest retention. (Textual Steganography) Regular movie. Audio and Visual inputs. 2 competing inputs, but 2 different senses. Mid range Cognitive cost, slight loss to details in retention. (Traditional Steganography) Foreign movie. Audio + Visual + Subtitles = 3 competing input streams, 2 from the same sense (visual). Highest Cognitive Cost, least retention. (VR Steganography)
Conclusions • Human cognitive and perceptual ability are the biggest hurdles to future technologies. • High risk of data loss in decryption (loss of Integrity) = VR not a credible threat at present. (Yet!) • “Old school” methods (think “illegals”) still the best… for now. • Masking data in gaming = most promising current technology.

Recommended

N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA APsai Nagaragiri
 
Information and network security 17 steganography
Information and network security 17 steganographyInformation and network security 17 steganography
Information and network security 17 steganographyVaibhav Khanna
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposalguest6caaab
 
Steganography and Its Applications in Security
Steganography and Its Applications in SecuritySteganography and Its Applications in Security
Steganography and Its Applications in SecurityIJMER
 
Steganography
SteganographySteganography
Steganographysandeipz
 
Steganography
SteganographySteganography
SteganographyHassan Aftab
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Steganography ppt
Steganography pptSteganography ppt
Steganography pptVikas Sharma
 

Recommended

N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA APsai Nagaragiri
 
Information and network security 17 steganography
Information and network security 17 steganographyInformation and network security 17 steganography
Information and network security 17 steganographyVaibhav Khanna
 
Phd T H E S I Sproposal
Phd T H E S I SproposalPhd T H E S I Sproposal
Phd T H E S I Sproposalguest6caaab
 
Steganography and Its Applications in Security
Steganography and Its Applications in SecuritySteganography and Its Applications in Security
Steganography and Its Applications in SecurityIJMER
 
Steganography
SteganographySteganography
Steganographysandeipz
 
Steganography
SteganographySteganography
SteganographyHassan Aftab
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Steganography ppt
Steganography pptSteganography ppt
Steganography pptVikas Sharma
 
Steganography
SteganographySteganography
SteganographyDivam Goyal
 
Role of encryption in security vs privacy debate
Role of encryption in security vs privacy debateRole of encryption in security vs privacy debate
Role of encryption in security vs privacy debateKristine Hejna
 
Lec21
Lec21Lec21
Lec21tani41
 
L4 internet security
L4 internet securityL4 internet security
L4 internet securitylistergc
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
Ss
SsSs
Ssyuyatamaru
 
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...Edureka!
 
Steganography
SteganographySteganography
SteganographyMayank Saxena
 
Voley
VoleyVoley
VoleyAndrea Rojas Rioja
 
Plano de negocios Bitorpedo
Plano de negocios BitorpedoPlano de negocios Bitorpedo
Plano de negocios BitorpedoNuno Santos
 
Missão cumprida!
Missão cumprida!Missão cumprida!
Missão cumprida!Rogerio Rodrigues
 
Fabulas
FabulasFabulas
Fabulasbenvinda1
 
Las profesiones del futuro
Las profesiones del futuroLas profesiones del futuro
Las profesiones del futuroAlex Arias
 
1
11
1Matheus Tavares
 
Danissa
DanissaDanissa
Danissahghfhgjhk
 
Ettore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite VenezaEttore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite VenezaEttoreTedeschi
 
Java EE 7 introduction
Java EE 7 introductionJava EE 7 introduction
Java EE 7 introductionMoumie Soulemane
 
Gamão nos bares de Buenos Aires
Gamão nos bares de Buenos AiresGamão nos bares de Buenos Aires
Gamão nos bares de Buenos AiresEttoreTedeschi
 
Consigli per figli e genitori
Consigli per figli e genitoriConsigli per figli e genitori
Consigli per figli e genitorigiovanni23ctp
 
Usted sabe lo que hacen los ediles
Usted sabe lo que hacen los edilesUsted sabe lo que hacen los ediles
Usted sabe lo que hacen los edilesVeeduría al Control Disciplinario y Gestión Pública a los Ediles de Cúcuta
 
Plate tectonics
Plate tectonicsPlate tectonics
Plate tectonicszeeshan Ahmad
 

More Related Content

What's hot

Role of encryption in security vs privacy debate
Role of encryption in security vs privacy debateRole of encryption in security vs privacy debate
Role of encryption in security vs privacy debateKristine Hejna
 
L4 internet security
L4 internet securityL4 internet security
L4 internet securitylistergc
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...Edureka!
 

What's hot (9)

Steganography
SteganographySteganography
Steganography
 
Role of encryption in security vs privacy debate
Role of encryption in security vs privacy debateRole of encryption in security vs privacy debate
Role of encryption in security vs privacy debate
 
Lec21
Lec21Lec21
Lec21
 
L4 internet security
L4 internet securityL4 internet security
L4 internet security
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 
Ss
SsSs
Ss
 
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
Steganography Tutorial | How To Hide Text Inside The Image | Cybersecurity Tr...
 
Steganography
SteganographySteganography
Steganography
 

Viewers also liked

Plano de negocios Bitorpedo
Plano de negocios BitorpedoPlano de negocios Bitorpedo
Plano de negocios BitorpedoNuno Santos
 
Las profesiones del futuro
Las profesiones del futuroLas profesiones del futuro
Las profesiones del futuroAlex Arias
 
Ettore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite VenezaEttore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite VenezaEttoreTedeschi
 
Gamão nos bares de Buenos Aires
Gamão nos bares de Buenos AiresGamão nos bares de Buenos Aires
Gamão nos bares de Buenos AiresEttoreTedeschi
 
Consigli per figli e genitori
Consigli per figli e genitoriConsigli per figli e genitori
Consigli per figli e genitorigiovanni23ctp
 

Viewers also liked (13)

Voley
VoleyVoley
Voley
 
Plano de negocios Bitorpedo
Plano de negocios BitorpedoPlano de negocios Bitorpedo
Plano de negocios Bitorpedo
 
Missão cumprida!
Missão cumprida!Missão cumprida!
Missão cumprida!
 
Fabulas
FabulasFabulas
Fabulas
 
Las profesiones del futuro
Las profesiones del futuroLas profesiones del futuro
Las profesiones del futuro
 
1
11
1
 
Danissa
DanissaDanissa
Danissa
 
Ettore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite VenezaEttore Reginaldo Tedeschi indica: visite Veneza
Ettore Reginaldo Tedeschi indica: visite Veneza
 
Java EE 7 introduction
Java EE 7 introductionJava EE 7 introduction
Java EE 7 introduction
 
Gamão nos bares de Buenos Aires
Gamão nos bares de Buenos AiresGamão nos bares de Buenos Aires
Gamão nos bares de Buenos Aires
 
Consigli per figli e genitori
Consigli per figli e genitoriConsigli per figli e genitori
Consigli per figli e genitori
 
Usted sabe lo que hacen los ediles
Usted sabe lo que hacen los edilesUsted sabe lo que hacen los ediles
Usted sabe lo que hacen los ediles
 
Plate tectonics
Plate tectonicsPlate tectonics
Plate tectonics
 

Similar to digital stega slides

SEMINAR ON staganography
SEMINAR ON staganographySEMINAR ON staganography
SEMINAR ON staganographyKamonasish Hore
 
Steganography - The art of hiding data
Steganography - The art of hiding dataSteganography - The art of hiding data
Steganography - The art of hiding dataSarin Thapa
 
Visual Cryptography part 1-1.pptx.pptx
Visual Cryptography part 1-1.pptx.pptxVisual Cryptography part 1-1.pptx.pptx
Visual Cryptography part 1-1.pptx.pptxThusharaBAmigoz1
 
Steganography.
Steganography.Steganography.
Steganography.yprajapati
 
Stegnography final
Stegnography finalStegnography final
Stegnography finalNikhil Kumar
 
SteganographyonImage.ppt
SteganographyonImage.pptSteganographyonImage.ppt
SteganographyonImage.pptSantu Chall
 
CSE steganography for data writing and reading
CSE steganography for data writing and readingCSE steganography for data writing and reading
CSE steganography for data writing and readingmisbanausheenparvam
 
Electronic Document & Electronic Signatures
Electronic Document & Electronic SignaturesElectronic Document & Electronic Signatures
Electronic Document & Electronic SignaturesMichele Martoni
 
steganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptxsteganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptxAkashBhosale50
 
8-steganography.ppt
8-steganography.ppt8-steganography.ppt
8-steganography.pptssuser4d4e5a
 
8-steganography.ppt
8-steganography.ppt8-steganography.ppt
8-steganography.pptSamehShenoda
 

Similar to digital stega slides (20)

Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)
 
SEMINAR ON staganography
SEMINAR ON staganographySEMINAR ON staganography
SEMINAR ON staganography
 
Steganography - The art of hiding data
Steganography - The art of hiding dataSteganography - The art of hiding data
Steganography - The art of hiding data
 
Visual Cryptography part 1-1.pptx.pptx
Visual Cryptography part 1-1.pptx.pptxVisual Cryptography part 1-1.pptx.pptx
Visual Cryptography part 1-1.pptx.pptx
 
Stegnography Systems for Securing DataFile in Image
Stegnography Systems for Securing DataFile in ImageStegnography Systems for Securing DataFile in Image
Stegnography Systems for Securing DataFile in Image
 
Steganography.
Steganography.Steganography.
Steganography.
 
Stegnography final
Stegnography finalStegnography final
Stegnography final
 
SteganographyonImage.ppt
SteganographyonImage.pptSteganographyonImage.ppt
SteganographyonImage.ppt
 
Steganography
Steganography Steganography
Steganography
 
Stegnography
StegnographyStegnography
Stegnography
 
digital stega
digital stegadigital stega
digital stega
 
83747965 steganography
83747965 steganography83747965 steganography
83747965 steganography
 
Steganography ppt
Steganography pptSteganography ppt
Steganography ppt
 
CSE steganography for data writing and reading
CSE steganography for data writing and readingCSE steganography for data writing and reading
CSE steganography for data writing and reading
 
Electronic Document & Electronic Signatures
Electronic Document & Electronic SignaturesElectronic Document & Electronic Signatures
Electronic Document & Electronic Signatures
 
steganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptxsteganography-252-uzLRCSm.pptx
steganography-252-uzLRCSm.pptx
 
Isit1
Isit1Isit1
Isit1
 
shilpa
shilpashilpa
shilpa
 
8-steganography.ppt
8-steganography.ppt8-steganography.ppt
8-steganography.ppt
 
8-steganography.ppt
8-steganography.ppt8-steganography.ppt
8-steganography.ppt
 

digital stega slides

  • 2. Overview • Steganography Some quick definitions What is steganography? Methods of Masking Steganographic constraints • Real World Application The “illegals” and more • Application in Virtual Environments Gaming and Virtual Reality Limitations • Conclusion
  • 3. … But First, Some Definitions • Cover file: Original message/file in which hidden information will be stored. • Stego Medium: The medium/type of media of the Cover file.. • LSB: Least Significant Bit, the right-most bit in a byte. • Capacity: Amount of data that can be hidden without distorting the Cover file. • Constraint: 3 types: Perceptual, Statistical and Attack. • Cognitive cost: The impact of a task (measured in time) on mental ability. • Lossy Compression: Inexact approximations (discarded points/loss of accuracy) to represent content.
  • 4. What is Steganography? • Greek: “steganos” (covered/hidden), “graphie” (writing). • The art of concealment: Hiding in plain sight. • “Security through Obscurity” • Historically a tool of stealth/espionage. • Threat to Confidentiality (in CIA pyramid).
  • 5. Steganographic Types and Mediums Data Audio Stream Image Still Video Stream Textual IP Header Linguistic Semagrams Visual Textual
  • 6. The Digital Do Not’s (3 Constraints) • Perceptual: Don’t mask so much data that it distorts the cover. • Statistical: Don’t be too predictable. • Attack: Don’t make it overly complicated to decipher.
  • 7. The “illegals” • FBI “Operation Ghost Stories” culminates in June 2010 with arrest of 10 Russian spies operating out of NY/NJ. • The spies used sophisticated technologies to exchange data, including disappearing ink and masked digital photos– two applications of steganography • One of the spies, Richard Murphy, regularly embedded data in the photograph of flowers, right, and uploaded to SVR (Russian Intelligence).
  • 8. Other Real World Examples... • 2014: Malware ZeusVM uses sunset (at right) to mask a configuration file containing instructions to steal user credentials for financial institutions • 2014: Lurk embeds encrypted list of downloader URLs into an image file using LSB bit substitution. Acts as a backdoor, downloading and executing secondary malware payloads. • 2015: Vawtrak hides in favicons, aka desktop shortcuts. Steals financial information, FTP credentials, private encryption keys, etc, executes banking transactions directly from the victim’s pc.
  • 9. …And Some Fictions • 2001: USA Today story on 9/11 reports Osama and cells employ sophisticated photo steganography to communicate. FALSE – has never been even slightest evidence proving this. • 2003: CIA monitors al-Jazeera broadcasts, uncovers covert dates, flight numbers, coordinates for high-profile sites. FALSE – overzealous interpretation of SIGInt signal-to-noise. • 2015: Forbes reports Paris Bataclan attackers used Playstation PS4s for covert communications. FALSE – To date, no supporting evidence has been found.
  • 10. Other Digital Examples • Audio “stream within a stream”, aka voice over voice over IP (VoVoIP) using G.711 codec • SUNY Stony Brook’s CASTLE in-game covert channels and prerecorded group movement actions in StarCraft • Traditional textual masking in a digital format:
  • 11. More on Gaming • Rook and Castle: Create covert channels in MMORPG games • Not theoretical: Real world tested in Starcraft, Warcraft, Shogun 2, and Company of Heroes, relies on pre-recorded unit movements. • Current undetected real-time decryption slow, only 1.5 kpbs, solution: playback from recorded logs offline. (Threatens both Confidentiality and Availability). • Currently tested in local/desktop only modes.
  • 12. Virtual Reality Masking • Special equipment (eg Oculus Rift, Samsung VR) would be needed to even observe Cover. • Theoretically huge (and unlimited) capacity to successfully mask data, owing to pixel depth and streaming of media. • One time, uncaptured stream = maximum message security, but low potential Integrity and Availability (in CIA pyramid). • 4k stream in immersive 360 degree view is too much, too fast for unaided decryption.
  • 13. The Human Problem: Multitasking • Speed/amount of masked data in visual VR environment too much for human brain to process. • Maximum pixel definition for human eye is 2650x1600, but 30 degree field of visibility and lossy compression. • Cognitive cost of multi stream single source inputs too high == vague and inaccurate decoding. • Multi stream, multi source inputs decrease retention, impacting Integrity (in CIA pyramid).
  • 14. Sensory Input, Illustrated Going to the movies: 3 Scenarios and Steganographic Counterparts Silent movie. Visual only. Single input stream, single sense input. Lowest Cognitive cost, highest retention. (Textual Steganography) Regular movie. Audio and Visual inputs. 2 competing inputs, but 2 different senses. Mid range Cognitive cost, slight loss to details in retention. (Traditional Steganography) Foreign movie. Audio + Visual + Subtitles = 3 competing input streams, 2 from the same sense (visual). Highest Cognitive Cost, least retention. (VR Steganography)
  • 15. Conclusions • Human cognitive and perceptual ability are the biggest hurdles to future technologies. • High risk of data loss in decryption (loss of Integrity) = VR not a credible threat at present. (Yet!) • “Old school” methods (think “illegals”) still the best… for now. • Masking data in gaming = most promising current technology.