definition: types of security,media stories,goals of computer security,security basics,some of types attack,network attacks,web attacks,os,application and software are attacks,social engineering:network attacks ,packet sniffing,main in the middle,dns hacking......conclusion
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
definition: types of security,media stories,goals of computer security,security basics,some of types attack,network attacks,web attacks,os,application and software are attacks,social engineering:network attacks ,packet sniffing,main in the middle,dns hacking......conclusion
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Computer , Internet and physical security.Ankur Kumar
It refers to protection of a computer and the information stored in it, from the unauthorised users.
Computer security is a branch of computer technology known as information security as applied to computers and networks.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
https://mloey.github.io/courses/security2017.html
We will discuss the following: Cryptography, Computer Security, OSI Security Architecture, Security Structure Scheme, Key Properties, Symmetric Encryption, Asymmetric Encryption, finally Our Book
Computer , Internet and physical security.Ankur Kumar
It refers to protection of a computer and the information stored in it, from the unauthorised users.
Computer security is a branch of computer technology known as information security as applied to computers and networks.
Network Security protects your network and data from breaches, intrusions and other threats. View this presentation now to understand what is network security and the types of network security.
Happy learning!!
CS8792 - Cryptography and Network Securityvishnukp34
this is an engineering subject.this consist of
pgno: 5 - Information security in past & present
pgno: 7 - Aim of Course
pgno: 8 - OSI Security Architecture
pgno: 9 - Security Goals – CIA Triad
pgno: 13 - Aspects of Security
pgno: 17 - ATTACKS
pgno: 22 - Passive Versus Active Attacks
pgno: 23 - SERVICES AND MECHANISMS
Security Introduction
Potential attacks
Positive attacks
Active attacks
Cryptography
Terminologies
Symmetric and asymmetric
authentication
types of authentication
approaches to authentication
user login
access control
protection domains
design signature
design principle
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
2. AGENDA
• Overview of Security & Needs
• Concepts, Types of Viruses
• Different Types of Security
• Threats in Network
• Hacking, Ethical Hacking
• Attacks, services and mechanisms
• Security attacks-Types
• Security services
• Methods of Defense
• A model for Internetwork Security
3. Overview
• What is security?
• Why do we need security?
• Who is vulnerable?
4. What is “Security”
Security is state of having
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear
Definition:
Security is the protection of assets. Three main
aspects of security are
1. Protection
2. Detection
3. Reaction.
5. Why do we need security?
• Protect vital information while still allowing
access to those who need it
– Trade secrets, medical records, etc.
• Provide authentication and access control
for resources
– Ex: Bank Identity Card, ATM Card
• Guarantee availability of resources
– Must be available all the time
6. Need for Security
• The Information Age- Internet Highway
• Digital Assets- emails, documents
• Static Assets- pictures, databases
• Assets on Transit- emails(Comm. Networks)
7. Who is vulnerable?
• Financial institutions and banks
• Internet service providers
• Pharmaceutical companies
• Government and defense agencies
• Internet users
• Multinational corporations
• ANYONE ON THE NETWORK
8. Different Types of Security-Definitions
• Computer Security - generic name for the
collection of tools designed to protect
hardware or software modules.
• Network Security - measures to protect
data during their transmission
• Internet Security - measures to protect
data during their transmission over a
collection of interconnected network
• Information Security- All the three areas
9. Basic Terminologies
• Cryptography
– Study of mathematical techniques related to aspects of
information security (Set of techniques)
• Cryptanalysis
– The process of breaking the security policies
• Cryptology
- Cryptography + cryptanalysis
• Cryptosystems are computer systems used to encrypt data
for secure transmission and storage
11. Types of Viruses
• Time Bomb – Active when time/date comes
• Logical Bomb – Active when some action comes
• Worm- Self replicating in networks
• Boot Sector Virus- During system boot, boot sector virus is
loaded into main memory and destroys data stored in hard disk
• Micro Virus- It is associated with application software like
word and excel
• Trojan Horse- usually email virus
12. Launching the attack
Steps are
1. Vulnerability
2. Threat
3. Discovery of Vulnerability
4. Exploitation of Vulnerability
5. Attack
13. Attacks, Services and Mechanisms
• Security Attack: Any action that compromises the
security of information.
• Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a security
attack.
• Security Service: A service that enhances the
security of data processing systems and information
transfers. A security service makes use of one or more
security mechanisms.
15. Security Attacks
• Interruption: This is an attack on
availability
• Interception: This is an attack on
confidentiality
• Modification: This is an attack on integrity
• Fabrication: This is an attack on
authenticity
18. In This Section
• What makes a network Vulnerable
– Reasons for network attacks
• Who Attacks Networks?
– Who are the attackers? Why people attack?
• Threats in Network transmission:
Eavesdropping and Wiretapping
– Different ways attackers attack a victim
19. What Makes a Network Vulnerable
• How network differ from a stand-alone
environment:
– Anonymity
• Attacker can mount an attack from thousands of
miles away; passes through many hosts
– Many points of attack
• Both targets and origins
• An attack can come from any host to any host
– Sharing
• More users have the potential to access networked
systems than on single computers
20. • How network differ from a stand-alone
environment:
– Complexity of System
• Reliable security is difficult to obtain
• Complex as many users do not know what their computers are
doing at any moment
– Unknown Perimeter
• One host may be a node on two different networks
• Causing uncontrolled groups of possibly malicious users
– Unknown Path
• Can have multiple paths from one host to another.
What Makes a Network Vulnerable
21. Who Attacks Networks
1. Challenge – what would happen if I tried this
approach or technique? Can I defeat this network?
2. Fame
3. Money and Espionage(Spy)
4. Organized Crime
Ideology
Hacktivism – breaking into a computer system with the
intent of disrupting normal operations but not causing
serious damage
Cyberterroism- more dangerous than hacktivism can
cause grave harm such as loss of life or severe economic
damage
22. Ethical Hacking
• Ethics: Moral principles that govern a person's or
group's behavior
• Hacking: Practice of modifying the features of a
system, in order to accomplish a goal outside of the
creator's original purpose
• Ethical Hacking: Process of legally hacking the
information that is considered to be confidential
25. How attackers perpetrate attacks?
1. Port Scan
For a particular IP address, the program will gather network information.
It tells an attacker which standard ports are being used, which OS is
installed on the target system, & what applications and which versions are
present.
2. Social Engineering
It gives an external picture of the network to the attacker.
3. Operating System & Application Fingerprinting
Determining what commercial application server application is running,
what version…
4. Intelligence
Gathering all the information and making a plan.
e information and making a plan.
26. Threats In Network Transmission
• Eavesdropping
– Overhearing without expending any extra effort
– Causing harm that can occur between a sender
and a receiver
• Wiretapping
– Passive wiretapping
• Similar to eavesdropping
– Active wiretapping
• Injecting something into the communication
27. Wiretapping Communication
Cable
Packet sniffer – A device that can retrieve all packets of LAN
Inductance – a process where an intruder can tap a wire and read
radiated signals without making physical contact with the cable
Microwave, Wireless
Signals are broadcasted through air, making more accessible to
hackers
Signals are not usually shielded or isolated to prevent interception
Satellite Communication
Dispersed over a great area than the indented point of reception
Communications are multiplexed, the risk is small that any one
communication will be interrupted
Greater potential than microwave signals
29. Threat Categories
Impersonation
Easier than wiretapping for obtaining information on a network
More significant threat in WAN than in LAN
Spoofing
An attacker obtains network credentials illegally and carries false
conversations
Masquerade
One hosts pretends to be another
Phishing is a variation of this kind of an attack.
Session hijacking
Intercepting & carrying a session begun by another entity
Man-in-the-Middle Attack
One entity intrudes between two others.
30. Vulnerability and Attacks
• Exploiting a Vulnerability
• Passive Attacks
• Active Attacks
• Hacking
• Social Engineering
• Identity Theft
34. Various Security Attacks
• Brute-force Attack
• Spoofing Attack
• Denial of Service
attack(DoS)
• Distributed DoS
Attack(DDoS)
• Authentication attacks
I. Dictionary Attack
II. Replay Attack-
aquestic attack
III. Password Guessing
IV. Password Sniffing
44. Methods of Defence
• Encryption
• Software Controls (access limitations in a
data base, in operating system protect each
user from other users)
• Hardware Controls (smartcard)
• Policies (frequent changes of passwords)
• Physical Controls
45. Cryptographic Techniques
Cryptography
Some security services can be implemented using
cryptography. Cryptography, a word with Greek origins,
means “secret writing”.
Steganography
The word steganography, with its origin in Greek, means
“covered writing”, in contrast to cryptography, which means
“secret writing”.
46. Basic Terminology
• plaintext - the original message
• ciphertext - the coded message
• cipher - algorithm for transforming plaintext to
ciphertext
• key - info used in cipher known only to
sender/receiver
• encipher (encrypt) - converting plaintext to
ciphertext
• decipher (decrypt) - recovering ciphertext from
plaintext
• cryptography - study of encryption
principles/methods
• cryptanalysis (code breaking) - the study of
principles/ methods of deciphering ciphertext
without knowing key
47. Basic Terminologies
• Plaintext is text that is in readable form
• Ciphertext results from plaintext by applying the
encryption key
• Notations:
• M = message, C = ciphertext, E = encryption,
D = decryption, k= key
• Encryption
Ek(M)=C
• Decryption
Dk(C)=M
48. Cipher-Algorithm
• Symmetric cipher: same key used for
encryption and decryption
– Block cipher: encrypts a block of plaintext at a
time (typically 64 or 128 bits)
– Stream cipher: encrypts data one bit or one byte at
a time
• Asymmetric cipher: different keys used for
encryption and decryption
50. Traditional Ciphers
SUBSTITUTION AND TRANSPOSITION.
Substitution ciphers
A substitution cipher replaces one symbol with another.
If the symbols in the plaintext are alphabetic characters,
we replace one character with another.
A substitution cipher replaces one symbol
with another.
The simplest substitution cipher is a shift cipher
(additive cipher).
51. Example
Use the additive cipher with key = 15 to encrypt the message
“hello”.
Solution
We apply the encryption algorithm to the plaintext, character by
character:
The ciphertext is therefore “wtaad”.
52. Transposition ciphers
A transposition cipher does not substitute one symbol for
another, instead it changes the location of the symbols
A transposition cipher reorders symbols.
53. Example
Alice needs to send the message “Enemy attacks tonight” to
Bob. Alice and Bob have agreed to divide the text into groups of
five characters and then permute the characters in each group.
The following shows the grouping after adding a bogus character
(z) at the end to make the last group the same size as the others.
The key used for encryption and decryption is a permutation key,
which shows how the character are permuted. For this message,
assume that Alice and Bob used the following key:
54. Example
The third character in the plaintext block becomes the first
character in the ciphertext block, the first character in the
plaintext block becomes the second character in the ciphertext
block and so on. The permutation yields:
Continued
Alice sends the ciphertext “eemyntaacttkonshitzg” to Bob. Bob
divides the ciphertext into five-character groups and, using the
key in the reverse order, finds the plaintext.
56. Caesar Cipher
• Earliest known substitution cipher
• Invented by Julius Caesar
• Each letter is replaced by the letter three positions
further down the alphabet.
• Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
• Example: ohio state RKLR VWDWH
57. Caesar Cipher
• Mathematically, map letters to numbers:
a, b, c, ..., x, y, z
0, 1, 2, ..., 23, 24, 25
• Then the general Caesar cipher is:
c = EK(p) = (p + k) mod 26
p = DK(c) = (c – k) mod 26
• Can be generalized with any alphabet.
58. Polyalphabetic Cipher
• In monoalphabetic cipher the problem was
that each character was substituted by a
single character
• Cryptanalysts are helped by the fact that
they have to see what character would
correspond in plaintext for a given
ciphertext character
• Polyalphabetic cipher’s goal is to make this
process difficult
59. Polyalphabetic Cipher
• In polyalphabetic cipher, each plaintext character
may be replaced by more than one character
• Since there are only 26 alphabets this process will
require using a different representation than the
alphabets
• Alphabets ‘A’ through ‘Z’ are replaced by 00, 01,
02, …, 25
• We need two digits in this representation since we
need to know how to reverse the process at the
decryption side
60. 60
Polyalphabetic Cipher
• The most common method used is Vigenère
cipher
• Vigenère cipher starts with a 26 x 26 matrix of
alphabets in sequence. First row starts with ‘A’,
second row starts with ‘B’, etc.
• This cipher requires a keyword that the sender and
receiver know ahead of time
• Each character of the message is combined with
the characters of the keyword to find the
ciphertext character
61. 61
Vigenère Cipher Table
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B B A B C D E F G H I J K L M N O P Q R S T U V W X Y
C C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
62. 62
Vigenère Cipher Table (cont’d)
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
N N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
63. 63
Vigenere Cipher
• E.g., Message = SEE ME IN MALL
• Take keyword as INFOSEC
• Vigenère cipher works as follows:
S E E M E I N M A L L
I N F O S E C I N F O
-------------------------------------
A R J A W M P U N Q Z
64. 64
Vigenere Cipher
• To decrypt, the receiver places the keyword
characters below each ciphertext character
• Using the table, choose the row
corresponding to the keyword character and
look for the ciphertext character in that row
• Plaintext character is then at the top of that
column
65. 65
Vigenere Cipher
• Decryption of ciphertext:
A R J A W M P U N Q Z-column2
I N F O S E C I N F O-row1
-------------------------------------
S E E M E I N M A L L
• Best feature is that same plaintext character
is substituted by different ciphertext
characters (i.e., polyalphabetic)
66. 66
Multiple Letter Cipher
• Playfair cipher is a multiple letter cipher
• Each plaintext letter is replaced by a digram in this
cipher
• Number of digrams is 26 x 26 = 676
• User chooses a keyword and puts it in the cells of
a 5 x 5 matrix. I and J stay in one cell. Duplicate
letters appear only once.
• Alphabets that are not in the keyword are arranged
in the remaining cells from left to right in
successive rows in ascending order
68. 68
Playfair Cipher
• Rules:
– Group plaintext letters two at a time
– Separate repeating letters with an x
– Take a pair of letters from plaintext
– Plaintext letters in the same row are replaced by letters
to the right (cyclic manner)
– Plaintext letters in the same column are replaced by
letters below (cyclic manner)
– Plaintext letters in different row and column are
replaced by the letter in the row corresponding to the
column of the other letter and vice versa
69. 69
Playfair Cipher
• E.g., Plaintext: “CRYPTO IS TOO EASY”
• Keyword is “INFOSEC”
• Grouped text: CR YP TO IS TO XO EA SY
• Ciphertext: AQ VT YB NI YB YF CB
OZ
• To decrypt, the receiver reconstructs the 5
x 5 matrix using the keyword and then uses
the same rules as for encryption
70. Transposition Ciphers
• consider classical transposition or
permutation ciphers
• these hide the message by rearranging the
letter order
• without altering the actual letters used
• can recognise these since have the same
frequency distribution as the original text
• Rail Fence and Vernam Ciphers
• Columnar Transposition Techniques
71. Rail Fence cipher
• write message letters out diagonally over a
number of rows
• then read off cipher row by row
• eg. write message out as:
m e m a t r h p r y
e t e f e t e a t
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
72. Vernam Cipher
• The only unbreakable stream cipher
– K: a long, non-repeating sequence of random numbers
Exclusive OR Exclusive ORPlaintext Ciphertext Plaintext
P PC
K K
Secret channel
1 0 =1; 0 1=1
0 0 =0; 1 1=0
74. Product Ciphers
• ciphers using substitutions or transpositions are
not secure because of language characteristics
• hence consider using several ciphers in succession
to make harder, but:
– two substitutions make a more complex substitution
– two transpositions make more complex transposition
– but a substitution followed by a transposition makes a
new much harder cipher
• this is bridge from classical to modern ciphers
75. Stegnographic Techniques
Greek Words:
STEGANOS – “Covered”
GRAPHIE – “Writing”
• Steganography is the art and science of writing
hidden messages in such a way that no one apart
from the intended recipient knows of the existence
of the message.
• This can be achieved by concealing the existence
of information within seemingly harmless
carriers or cover
• Carrier: text, image, video, audio, etc
76. Evolution of Steganography
440 BC
• Histiaeus, who shaved the head of his most trusted slave
and tattooed a message on it. After his hair had grown the
message was hidden. The purpose was to instigate a revolt
against the Persians.
• Demeratus sent a warning about a forthcoming attack to
Greece by writing it on a wooden panel and covering it in
wax.
World War II
• Invincible inks
• Null ciphers (unencrypted messages):
• Microdot Technology
-Shrinking messages down to the size of a dot became a
popular method. Since the microdot could be placed at the
end of a sentence or above a j or an i.
Disadv: Time, complex, not secure etc
77. Steganographic System
cover: cover is the original picture, audio or video
emb : embedded secret message
fE: steganographic function "embedding"
fE-1: steganographic function "extracting"
key: parameter which controls the hiding process of
the secret message
stego: resultant file that contains hidden message
78. Modern Steganography Techniques
Masking and Filtering: Is where information is hidden inside of a
image using digital watermarks that include information such as copyright,
ownership, or licenses. The purpose is different from traditional
steganography since it is adding an attribute to the cover image thus
extending the amount of information presented.
Algorithms and Transformations: This technique hides data
in mathematical functions that are often used in compression algorithms.
The idea of this method is to hide the secret message in the data bits in the
least significant coefficients.
Least Significant Bit Insertion: The most common and
popular method of modern day steganography is to make use of the LSB
of a picture’s pixel information. Thus the overall image distortion is kept
to a minimum while the message is spaced out over the pixels in the
images. This technique works best when the image file is larger then the
message file and if the image is grayscale.
79. Steganography Techniques
• Substitution methods(Steganography in Images)
Bit plane methods
Palette-based methods
• Signal Processing methods(Steganography in Images)
Transform methods
• Steganography in Audio
• Steganography in Text
80. Stegano-system Criteria
• Cover data should not be significantly modified ie
perceptible to human perception system
• The embedded data should be directly encoded in
the cover & not in wrapper or header
• Embedded data should be immune to
modifications to cover
81. Places to Hide Information:
Steganography
• Images
• Audio files
• Text
• Video
We focus on Images as cover media.
Though most ideas apply to video and audio
as well.
82. Steganography in Images
Way images are stored:
• Array of numbers representing RGB values for each pixel
• Common images are in 8-bit/pixel and 24-bit/pixel format.
• 24-bit images have lot of space for storage but are huge
and invite compression
• Proper selection of cover image is important.
• Best candidates: gray scale images ..
• Cashing on limitations of perception in human vision
83. Steganography: Bit plane Methods
• Image: replace least significant bit (LSB) of image
intensity with message bit
• Replace lowest 3 or 4 LSB with message bits or
image data (assume 8 bit values)
• Data is hidden in “noise” of image
• Can hide surprisingly large amounts of data this
way
• Very fragile to any image manipulation
84. Least Significant Bit
• Consider a 24 bit picture
• Data to be inserted: character ‘A’: (10000011)
• Host pixels: 3 pixel will be used to store one character of 8-bits
• The pixels which would be selected for holding the data are chosen on the
basis of the key which can be a random number.
• Ex: 00100111 11101001 11001000
00100111 11001000 11101001
11001000 00100111 11101001
Embedding ‘A’
00100111 11101000 11001000
00100110 11001000 11101000
11001001 00100111 11101001
• According to researchers on an average only 50% of the pixels actually
change from 0-1 or 1-0.
86. Sacrificing 2 bits of cover to carry 2 bits of
secret image
Original Image Extracted Image
87. Sacrificing 5 bits of cover to carry 5 bits of
secret image
Original Image Extracted Image
88. Palette-based Methods
• Palette manipulation means changing the way the
color or grayscale palette represents the image
colors
• Bit methods are used in palette manipulation
schemes
• Data hidden in “noise” of image
• Often radical color shifts occur - can tip off that
data is hidden
• Use grayscale to overcome color shift problem
90. Message: 0 1 1 0 0 1 0 1 0 1 1 1 0 1 0 1 0 1 0 0 0 1 1 1 1
Randomly chosen pixel with color
Find the color in the sorted palette
Sorted palette
Replace the LSB of the index to
color C1 with the message bit
The new index now points to a
neighboring color C2
Replace the index of the pixel in
the original image to point to the
new color C2.
index = 30 = 00011110
00011110
00011111
C1
C1
C2
92. Discrete Cosine Transform
The forward equation, for image A, is
N
yv
N
xu
yxavCuC
N
vub
N
x
N
y 2
)12(
cos
2
)12(
cos),()()(
2
),(
1
0
1
0
N
yv
N
xu
vubvCuC
N
yxa
N
u
N
v 2
)12(
cos
2
)12(
cos),()()(
2
),(
1
0
1
0
The inverse equation, for image B, is
93. Discrete Fourier Transform
The formulae for the DFT and its inverse are
1
0
1
0
2
exp
2
exp),(),(
N
x
N
y N
vyj
N
uxj
yxavuF
1
0
1
0
2
2
exp
2
exp),(
1
),(
N
u
N
v N
vyj
N
uxj
vuF
N
yxa
94. Steganography in Audio
• Low Bit Coding
– Most digital audio is created by sampling the signal and
quantizing the sample with a 16-bit quantizer.
– The rightmost bit, or low order bit, of each sample can
be changed from 0 to 1 or 1 to 0
– This modification from one sample value to another is
not perceptible by most people and the audio signal still
sounds the same
95. Steganography in Audio
• Phase Coding
– Relies on the relative insensitivity of the human
auditory system to phase changes
– Substitutes the initial phase of an audio signal with a
reference phase that represents the data
– More complex than low bit encoding, but it is much
more robust and less likely to distort the signal that is
carrying the hidden data.
96. Steganography in Audio
• Direct Sequence Spread Spectrum
– Spreads the signal by multiplying it by a chip,
which is a maximal length pseudorandom
sequence
– DSSS introduces additive random noise to the
sound file
97. Steganography in Audio
• Echo Data Hiding
– Discrete copies of the original signal are mixed
in with the original signal creating echoes of
each sound.
– By using two different time values between an
echo and the original sound, a binary 1 or
binary 0 can be encoded.
98. Steganography in Text
• Soft Copy Text
– Encode data by varying the number of spaces
after punctuation
– Slight modifications of formatted text will be
immediately apparent to anyone reading the
text
99. Steganography in Text
• Soft Copy Text
– Use of White Space (tabs & spaces) is much
more effective and less noticeable
– This is most common method for hiding data in
text
100. Steganography in Text
• Soft Copy Text
– Encode data in additional spaces placed at the
end of a line
F o u r s c o r e a n d
s e v e n y e a r s a g o
o u r f o r e f a t h e r s
101. Steganography in Text
• Hard Copy Text
– Line Shift Coding
• Shifts every other line up or down slightly in order
to encode data
– Word Shift Coding
• Shifts some words slightly left or right in order to
encode data
102. Steganography in Text-Null
Cipher
• Message sent by a German spy during World war-I:
PRESIDENT’S EMBARGO RULING SHOULD HAVE
IMMEDIATE NOTICE. GRAVE SITUATION
AFFECTING INTERNATIONAL LAW. STATEMENT
FORESHADOWS RUIN OF MANY NEUTRALS.
YELLOW JOURNALS UNIFYING NATIONAL
EXCITEMENT IMMENSELY.
Pershing sails from NY June I.
103. Reference
• Asoke K Talukder, Manish Chaitanya, Architecting Secure Software
System, Aeurbach Publication, 2008
• Howard M, Lipner S, The Security Development Lifecycle, Microsoft
Press, 2006
• Frank Swiderski, Window Snyder, Threat Modeling, Microsoft Press,
2004
• John Viega, Gary McGraw, Building secure Software, How to Avoid
Security problems in the Right Way, Addison-Wesley 2001
• Tom Gallagher, Bryan Jeffries, Lawrence Landauer, Hunting Security
Bugs, Microsoft Press, 2006
• Ross Anderson, Security Engineering: A guide to Building dependable
Distributed systems, John wiley, 2001.