The document discusses using open source tools for securing data with crypto-steganography. It introduces Python libraries for cryptography (ezPyCrypto), steganography (Stepic), and image processing (PIL). Stepic allows hiding encrypted data in images by encoding it, and ezPyCrypto allows encrypting the data with a key first. The document provides code examples of encrypting data, hiding it in an image, and then extracting and decrypting the hidden data. It promotes using open source tools to add security through encrypting data before hiding it with steganography.
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
Return-Oriented Programming (ROP) attacks allow to hijack the control-flow execution of a vulnerable process using instructions already present in its memory map. Thus, the attacker concatenates sequences of instructions (named ROP gadgets) redirecting the control-flow execution to perform whatever computation he/she wants. Those instruction sequences, when executed, perform a well-defined operation, such as a XOR or an addition between two registers.
A Turing machine is an abstract concept to define a theoretical model able to solve any computational problem using a set of minimal operations. A system is said to be Turing-complete whether simulates a Turing machine, that is, if it is able to perform the same set of minimal operations. In particular, these operations are: to load a constant, to move values, to load and to store a value from/to memory, and to perform arithmetic and logic operations.
In this talk, we introduce a tool named EasyROP, which seeks the gadgets in a given binary file that are semantically equivalent to each of those operations. Hence, EasyROP helps to automate the development of ROP attacks. We analyzed the main dynamic-link libraries of most flavours of Windows OS, in 32 and 64-bit modes, to study the feasibility of an attack on these systems. We found that shell32.dll is the best candidate in 32-bit systems. In the case of 64-bit systems, none DLL allows to build a Turing machine. We also show the applicability with a real case study, showing how to build a ROP chain attack for CVE-2010-3333 in a Windows 7 32-bit system.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The slides shown here have been used for talks given to scientists in informal contexts.
Python is introduced as a valuable tool for both producing and evaluating data.
The talk is essentially a guided tour of the author's favourite parts of the Python ecosystem. Besides the Python language itself, NumPy and SciPy as well as Matplotlib are mentioned.
A last part of the talk concerns itself with code execution speed. With this problem in sight, Cython and f2py are introduced as means of glueing different languages together and speeding Python up.
The source code for the slides, code snippets and further links are available in a git repository at
https://github.com/aeberspaecher/PythonForScientists
PyTorch is one of the most widely used deep learning library in python community. In this talk I will cover the basic to advanced guide to implement deep learning model using PyTorch. My goal is to introduce PyTorch and show how to use it for deep learning project.
Ricardo J. Rodríguez & Daniel Uroz - When ROP meets Turing: Automatic Generat...RootedCON
Return-Oriented Programming (ROP) attacks allow to hijack the control-flow execution of a vulnerable process using instructions already present in its memory map. Thus, the attacker concatenates sequences of instructions (named ROP gadgets) redirecting the control-flow execution to perform whatever computation he/she wants. Those instruction sequences, when executed, perform a well-defined operation, such as a XOR or an addition between two registers.
A Turing machine is an abstract concept to define a theoretical model able to solve any computational problem using a set of minimal operations. A system is said to be Turing-complete whether simulates a Turing machine, that is, if it is able to perform the same set of minimal operations. In particular, these operations are: to load a constant, to move values, to load and to store a value from/to memory, and to perform arithmetic and logic operations.
In this talk, we introduce a tool named EasyROP, which seeks the gadgets in a given binary file that are semantically equivalent to each of those operations. Hence, EasyROP helps to automate the development of ROP attacks. We analyzed the main dynamic-link libraries of most flavours of Windows OS, in 32 and 64-bit modes, to study the feasibility of an attack on these systems. We found that shell32.dll is the best candidate in 32-bit systems. In the case of 64-bit systems, none DLL allows to build a Turing machine. We also show the applicability with a real case study, showing how to build a ROP chain attack for CVE-2010-3333 in a Windows 7 32-bit system.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The slides shown here have been used for talks given to scientists in informal contexts.
Python is introduced as a valuable tool for both producing and evaluating data.
The talk is essentially a guided tour of the author's favourite parts of the Python ecosystem. Besides the Python language itself, NumPy and SciPy as well as Matplotlib are mentioned.
A last part of the talk concerns itself with code execution speed. With this problem in sight, Cython and f2py are introduced as means of glueing different languages together and speeding Python up.
The source code for the slides, code snippets and further links are available in a git repository at
https://github.com/aeberspaecher/PythonForScientists
PyTorch is one of the most widely used deep learning library in python community. In this talk I will cover the basic to advanced guide to implement deep learning model using PyTorch. My goal is to introduce PyTorch and show how to use it for deep learning project.
Atm Security System Using Steganography Nss ptt by (rohit malav)Rohit malav
The ATM detail security using image Steganography is an application through which the confidential information related to the details of the ATM is maintained. This application will involve 3 steps authentication that will be done with great ease through the use of this application.
This project is developed for hiding information in any image file.Implementation of steganography tools for hiding information includes any type of information file and image files and the path where the user wants to save Image and extruded file. This project has two methods – Encrypt and Decrypt.In encryption the secrete information is hiding in with any type of image file.Decryption is getting the secrete information from image file.
While transferring a file from one point to another through Intranet and Internet we need more file secure concepts. Ordinary, file Encryption-Decryption Concepts, which are readily available in java examples are easily captured by middle way itself. So we need more security combination. This project helps to send a file from one place to another in a secured manner. Firstly the target file is encrypted and it is embedded into an audio or video or any media file. The resultant file will be protected by a password. This resultant media file is not changed in its original format and it can be run in the player, we can’t find any encrypted data inside it. This format will be sent through net. In the destination point it will be retrieved only by our software and giving the relevant password. So it is highly secured.
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYcscpconf
Now-a-days many encryption algorithms have been proposed for network security. In this
paper, a new cryptographic algorithm for network security is proposed to assist the
effectiveness of network security. Here symmetric key concept instead of public key is
considered to develop the encryption – decryption algorithm. Also, to give more security in the
algorithm, the idea of one way function alongwith Newton’s method is applied as a secret key to
the proposed work as well as Digital Signature Standard (DSS) technology is used to send the
key. Moreover, steganography is used to hide the cipher within a picture in encryption
algorithm. In brief, a numerical method based secret key encryption – decryption algorithm is
developed using steganography to enhance the network security.
E-Fraud Prevention based on self-authentication of e-documentsMaddiSujitha
The self-authentication of e-documents sent as attachments over the internet provides a unique facility for many legal and financial transactions that have traditionally relied on paper based documents to secure authenticity.
Steganography is the technique of hiding any secret information like password, data andimage behind any cover file. This paper proposes a method which is an audio-video crypto steganography system which is the combination of audio steganography and video steganography using advanced chaotic algorithm as the secure encryption method. The aim is to hide secret information behind image and audio of video file. Since video is the application of many audio and video frames. We can select a particular frame for image hiding and audio for hiding our secret data.4LSB substitution can be used for image steganography and LSB substitution algorithm with location selection for audio steganography. Advanced chaotic algorithm can be used for encryption and decryption of data and images. Suitable parameter of security and authentication such as PSNR value, histograms are obtained at both the receiver side and transmitter sides which are found to be identical at both ends. Reversible data hiding methods for both video and audio are also being mentioned. Hence the security of the data and image can be enhanced. This method can be used in fields such as medical and defence which requires real time processing.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
More Related Content
Similar to Suhas Desai Clubhack09 Open Source Data Security 0.2
Atm Security System Using Steganography Nss ptt by (rohit malav)Rohit malav
The ATM detail security using image Steganography is an application through which the confidential information related to the details of the ATM is maintained. This application will involve 3 steps authentication that will be done with great ease through the use of this application.
This project is developed for hiding information in any image file.Implementation of steganography tools for hiding information includes any type of information file and image files and the path where the user wants to save Image and extruded file. This project has two methods – Encrypt and Decrypt.In encryption the secrete information is hiding in with any type of image file.Decryption is getting the secrete information from image file.
While transferring a file from one point to another through Intranet and Internet we need more file secure concepts. Ordinary, file Encryption-Decryption Concepts, which are readily available in java examples are easily captured by middle way itself. So we need more security combination. This project helps to send a file from one place to another in a secured manner. Firstly the target file is encrypted and it is embedded into an audio or video or any media file. The resultant file will be protected by a password. This resultant media file is not changed in its original format and it can be run in the player, we can’t find any encrypted data inside it. This format will be sent through net. In the destination point it will be retrieved only by our software and giving the relevant password. So it is highly secured.
A NUMERICAL METHOD BASED ENCRYPTION ALGORITHM WITH STEGANOGRAPHYcscpconf
Now-a-days many encryption algorithms have been proposed for network security. In this
paper, a new cryptographic algorithm for network security is proposed to assist the
effectiveness of network security. Here symmetric key concept instead of public key is
considered to develop the encryption – decryption algorithm. Also, to give more security in the
algorithm, the idea of one way function alongwith Newton’s method is applied as a secret key to
the proposed work as well as Digital Signature Standard (DSS) technology is used to send the
key. Moreover, steganography is used to hide the cipher within a picture in encryption
algorithm. In brief, a numerical method based secret key encryption – decryption algorithm is
developed using steganography to enhance the network security.
E-Fraud Prevention based on self-authentication of e-documentsMaddiSujitha
The self-authentication of e-documents sent as attachments over the internet provides a unique facility for many legal and financial transactions that have traditionally relied on paper based documents to secure authenticity.
Steganography is the technique of hiding any secret information like password, data andimage behind any cover file. This paper proposes a method which is an audio-video crypto steganography system which is the combination of audio steganography and video steganography using advanced chaotic algorithm as the secure encryption method. The aim is to hide secret information behind image and audio of video file. Since video is the application of many audio and video frames. We can select a particular frame for image hiding and audio for hiding our secret data.4LSB substitution can be used for image steganography and LSB substitution algorithm with location selection for audio steganography. Advanced chaotic algorithm can be used for encryption and decryption of data and images. Suitable parameter of security and authentication such as PSNR value, histograms are obtained at both the receiver side and transmitter sides which are found to be identical at both ends. Reversible data hiding methods for both video and audio are also being mentioned. Hence the security of the data and image can be enhanced. This method can be used in fields such as medical and defence which requires real time processing.
International Journal of Computational Engineering Research(IJCER)ijceronline
International Journal of Computational Engineering Research(IJCER) is an intentional online Journal in English monthly publishing journal. This Journal publish original research work that contributes significantly to further the scientific knowledge in engineering and Technology.
Similar to Suhas Desai Clubhack09 Open Source Data Security 0.2 (20)
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Epistemic Interaction - tuning interfaces to provide information for AI support
Suhas Desai Clubhack09 Open Source Data Security 0.2
1. Open source for securing data
with advanced Crypto-Steganography
technology
Suhas Desai
5th, 6th & 7th December, 2009 | Pune , INDIA
Suhas_Desai/ClubHack2009 1
2. About me
Security analyst.
Contributing writer - “Linux Journal”,” LFY”, “Linux+” magazines.
Authored several research papers on RFID, Image processing and Linux security.
Co-author - “Security in Computing” / Pearson Education *2010+.
Over 175 workshops across the globe to promote Linux and Open Source.
Frequent speaker at prominent industry forums and conferences, has delivered noted
sessions at Universiti Sains Malaysia; OSSPAC'09 (Open source Singapore Pacific Asia
Conference), Singapore and at INTEROP 2009, Mumbai.
Suhas_Desai/ClubHack2009 2
3. Agenda
Crypto-steganography Overview
Open Source role
Python to achieve Security
Promotion of Open Source technologies to secure data!
Suhas_Desai/ClubHack2009 3
5. Introduction
Steganography and Cryptography are two important technologies used to secure data. It has
gained major attention since Second World War. In Second World War it has been widely used to
hide and send sensitive information of military operations.
Steganography is the art of hiding
Cryptography is art of writing secret code. information in images. In Steganography,
Cryptography is combination of ‘Crypto’ and confidential data is hidden in images to
‘graphy’ words. Crypto means ‘secret’ and protect it from unauthorized users.
graphy means ‘art of’. Steganography means “covered writing” in
Greek.
Steganography differs from cryptography in the sense that where cryptography focuses on
keeping the contents of a message secret, Steganography focuses on keeping the existence of
message secret .The strength of Steganography can thus be amplified by combining it with
Cryptography.
Suhas_Desai/ClubHack2009 5
9. Why Python?
Python plays vital role in information security.
Essentials :
Python Image Library – Image processing Library from Python.
EzPyCrypto - EzPyCrypto is used for cryptography.
Stepic - Stepic is used for Steganography
Suhas_Desai/ClubHack2009 9
10. Python Image Library (PIL)
• Python interpreter is having various capabilities to perform image
processing applications very efficiently.
• Python, xv and the PIL package are essential packages to perform image
processing in python. xv is an interactive image display for the X window
system.
• Steps for Installation of python imaging library (PIL):
• #gunzip Imaging-1.1.6.tar.gz
• #tar xvf Imaging-1.1.6.tar
• #cd Imaging-1.1.6
• #python setup.py install
Suhas_Desai/ClubHack2009 10
20. What is ezPyCrypto class?
EzPyCrypto Overview
EzPyCrypto is very simple API for military-grade cryptography in Python. It encrypts and
decrypts arbitrary-sized pieces of data like strings or files. EzPyCrypto class performs public
and private key cryptography. You can use any size public key. Programming with EzPyCrypto
class is relatively simple. You can import or export public and private keys also.
EzPyCrypto Setup
#tar xvf ezPyCrypto-0.1.1.tar
#cd ezPyCrypto-0.1.1
#python setup install
Suhas_Desai/ClubHack2009 20
21. Methods of ezPyCrypto Class
• EzPyCrypto.key (number)-This method generates the key based on passed number.
• EncString (string)-This method encrypts the data or string which is passed to the method. It uses the key
passed to above method. This method is called with key generated by ezPyCrypto.key() method.
• DecString (string)-This method decrypts the data. This method is called with key generated by
ezPyCrypto.key() method. The string which we want to decrypt is passed to this method.
• EncStringToAscii (string)-This method encrypts the data using the key passed to ezPyCrypto class and
stores it in ASCII format. This method is called with key generated by ezPyCrypto.key() method. The string
which we want to encrypt is passed to this method.
• DecStringFromAscii (string)-This method decrypts the ASCII format data. This method is called with key
generated by ezPyCrypto.key() method. The string which you may want to decrypt is passed to this
method.
• There are also many more methods of ezPyCrypto class like signString (), verifyString (), makeNewKeys (),
importkey (), exportkey() etc.
Suhas_Desai/ClubHack2009 21
22. Stepic
Setup of Stepic and related packages:
To perform Steganography operation you need to use Stepic class of python. Following packages are
essential to perform Steganography operations with Stepic class.
1. Imaging-1.1.6.tar.gz
2. stepic-0.3.tar.tar
3. ezPyCrypto-0.1.1.tar
4. libpng10-1.0.42-1.fc11.i386.rpm
5. xv-3.10a-13.i386.rpm
• Limitation of imaging packages are you cannot directly use show () method of python image class. This
problem can overcome with xv utility to use show () method of python image class. For that it is required
to install xv utility. Libpng10-1.0.42-1.fc11.i386.rpm and xv-3.10a-13.i386.rpm are the essential packages
to get XV utility.
Suhas_Desai/ClubHack2009 22
23. Steganography in Images using Stepic class of Python
Stepic is a new Python module and command line tool. It hides arbitrary data within images. Stepic is having a
very simple behavior. Methods available in stepic class are easy to implement steganography. Stepic is having a
disadvantage. It slightly modifies the colors of pixels in the image to hide the data. These modifications are
imperceptible to humans. These minor modifications we can detect through programs.
Stepic encodes or hides text inside image and also decodes/extracts hidden text from the image. It allows
storing the text or image data within an existing image without original image being affected. Stepic has very
simple and easy implementation in python. But stepic doesn’t perform any encryption or
compression of data while hiding it inside image. For that it is required to use ezPyCrypto tool with stepic.
Here we will see how to use this stepic for image steganography.
Steps for installation of stepic -
1. Install python imaging library (PIL)
2. Steps for installation of stepic 3.0
#tar xvf stepic-0.3.tar.tar
#cd stepic-0.3
#python setup.py install
Suhas_Desai/ClubHack2009 23
24. Methods of stepic class
• Encode (string) - This method hides data inside image. This method is called with
steganographer object. We can call this method directly by using stepic class.
• stepic.steganographer ( ) – It creates image object which is ready for undergoing
steganography.
• decode ()-It extracts data from images. This method is also called with steganographer object
• Open (), save (), show () methods from image class of python are compatible with stepic
class. After installation of stepic now you can develop your steganography application.
Suhas_Desai/ClubHack2009 24
25. Encode or hide data inside an image
Import Image and stepic classes -
>>> import Image
>>> import stepic
Open an image in which you want to hide the data -
>>> im=Image.open ("lena.jpg")
Create steganographer object
>>> s = stepic.Steganographer(im)
You may get deprecation warning during steganographer call method at first time.
Use steganographer object to encode the data in some another object -
>>> im1=s.encode("This is the hidden text")
Save the data inside the image -
>>> im1.save ("stegolena.jpg",'JPFG')
Suhas_Desai/ClubHack2009 25
28. Here, Instead of every time creating Steaganographer class instance, you can
use stepic.encode() method directly for hiding the data.
• >>> import Image
• >>> import stepic
• >>> im=Image.open("lena.jpg")
• >>> im2=stepic.encode(im, ‘This is the hidden text’)
• >>> im2.save('stegolena.jpg','JPEG')
Suhas_Desai/ClubHack2009 28
29. Decoding or extracting hidden data from an Image
1.Use decode () function for decoding or extracting data from image.
>>> im1=Image.open(“stegolena.jpg”)
>>> s=stepic.decode(im1)
>>> data=s.decode()
2.Print the data
>>> print data
This is the hidden text
Suhas_Desai/ClubHack2009 29
30. Combine ezPyCrypto with stepic class to hide encrypted data inside images
Instead of hiding plain data inside images, if you encrypt that data with some key and
hide it inside image then that is more secure.
As stepic doesn’t support encryption or compression of data while hiding it inside images, you
can use ezPyCrypto tool of python along with stepic class for hiding encrypted data inside images
to obtain more security.
EzPyCrypto is the more powerful tool that we can combine with stepic. Other cryptography
algorithm classes like md5, bz2 cannot work with stepic.
Stepic class hides data in ASCII format. So after encrypting data you have to convert it to ASCII
format. You can use encStringToAscii () and encStringFromAscii() methods with stepic class to
convert this data in ASCII format.
Suhas_Desai/ClubHack2009 30
31. Encode or Hide Encrypted message inside image
1. Import Image, stepic and ezPyCrypto class in python
>>> import Image
>>> import stepic
>>> import ezPyCrypto
2. Now open an image in which you want to hide data
>>> im=Image.open("lena.jpg")
3. Create a key that you want to use for cryptography
>>>k=ezPyCrypto.key(2048)
4. Using key message is encrypted to ASCII format. This is shown in Figure 3 where actual data is
encrypted.
>>>enc=k.encStringToAscii(“This is the hidden text”)
Suhas_Desai/ClubHack2009 31
34. Hide encrypted message inside image -
>>>im1=stepic.encode(enc)
Save this image with new name and show this new image -
>>>im1.save(“stegolena.jpg”,’JPEG’)
Suhas_Desai/ClubHack2009 34
35. Decode or Extract Encrypted message from image and then decrypt it to original text.
//Decode/extract/decrypt encrypted messages Program.
>>> import Image
>>> import stepic
>>> import ezPyCrypto
>>> im=Image.open("stegolena.jpg")
>>> data=stepic.decode(im) //Extract data from image
>>>k=ezPyCrypto(2048) //Create key (key should be same as key used at the time of encryption)
>>> dec=k.decStringFromAscii(data) //Decrypt the message using the key
>>>print dec //Print the message
This is the hidden text
Suhas_Desai/ClubHack2009 35
37. Now display data which is extracted from the
image then it will displayed in encoded form
as shown in Figure . To crack this encoded text
you need to have a key that is used at the time
of encryption of the message.
Suhas_Desai/ClubHack2009 37
39. Here secret key cryptography has been demonstrated. Same
key is used at receiver and sender side. Similarly you can use
public key cryptography using ezPyCrypto tool that is one
common public key for encryption but different keys for
decryption. EzPyCrypto is also useful to add digital signatures
inside the image.
Suhas_Desai/ClubHack2009 39
40. Summary
Stepic provides additional security by hiding the message inside images. You can encrypt
the messages using ezPyCrypto tool and hide it inside image. This will be additional layer of
security for the confidential data.
Enjoy the power of Stepic with ezPyCrypto!
Suhas_Desai/ClubHack2009 40
41. References
Jain Ankit,” Steganography: A solution for data hiding”.
Robert Krenn,” Steganography Implementation & Detection”
Christian Cachin,” Digital Steganography”
James Madison,” An Overview of Steganography”
Neil F. Johnson,Sushil Jajodia, ”Exploring Steganography:Seeing the Unseen”
Max Weiss, “Principles of Steganography”
T. Morkel , J.H.P. Eloff , M.S. Olivier,” An Overview of Image Steganography”
Andreas Westfeld and Andreas Pfitzmann,” Attacks on Steganographic Systems”
www.python.org
http://domnit.org/stepic/doc/
http://www.freenet.org.nz/ezPyCrypto/
Suhas_Desai/ClubHack2009 41