Survey on Information Assurance TEL 581 Presented by Viswesh Prabhu Subramanian Gregory Michel Lincoln Jean Louis Steganography
Agenda History Introduction Steganography Techniques Limitations Detection Attacks Conclusion
Have you ever wanted to hide something from: Your friends? Your family? The Government?
If the answer is yes, then you need to learn about Steganography Steganography is the study of hiding information
History Thousands of years ago, the Greeks used steganography to hide information from their enemies. One hiding method was to engrave a message in a block of wood, then cover it with wax, so it looked like a blank wax tablet. When they wanted to retrieve the message, they would simply melt off the wax. Content source: ertigo/sig-giu-5-tinypayload- hex.gif
History 440 B.C. Histiaeus shaved the head of his most trusted slave and tattooed it with a message which disappeared after the hair had regrown. To instigate a revolt against Persians. 1 st and 2 nd World Wars German spies used invisible ink to print very small dots on letters. Microdots – Blocks of text or images scaled down to the size of a regular dot. Current Special inks are used to write a hidden messages on bank notes. Industry demands for digital watermarking and fingerprinting of audio and video.
Introduction Steganography Protection against detection (data hiding) Protection against removal (document marking) Watermarking (all objects are marked in the same way) Fingerprinting (identify all objects, every object is marked specific)
Why not Encryption? Steganography (hide existence of the secret message, but do not use encryption) Encryption (encrypt the message, but do not hide the message) Confidentiality Anybody can see both parties are communicating in secret. Suspicious. Ideally nobody can see both parties are secretly communicating. Innocent.
Steganography basics = A = B = C Bits One byte can be used to represent each letter of the alphabet. This is what is used in text files Bytes Content source:
Steganography basics Pictures are made up of lots of little dots called pixels. Each pixel is represented as 3 bytes – one for red, one for green and one for blue. Each byte is interpreted as a number, which is how much of that colour is used to make the final colour of the pixel = Orange Colour
Steganography basics The difference between two colours that differ by one in either one red, green or blue value is impossible to see with the human eye. If we change the least significant (last) bit in a byte, we either add or subtract one from the value it represents. This means we can overwrite the last bit in a byte without affecting the colour it appears to be = Original Colour = Red = Blue +1
We can use images to hide things if we replace the last bit of every colour’s byte with a bit from the message Message: A Image with 3 pixels: Pixel 1: Pixel 2: Pixel 3: Now we hide our message in the image: Pixel 1: Pixel 2: Pixel 3: New image:
Basic Principle in Steganography Encoder Decoder Cover Image Secret Image Key Stego Object Original Cover Secret Image Communications Channel
Types of Steganography Fragile – Hidden information destroyed as soon as object is modified. – Useful in proving objects have not been manipulated and changed e.g. evidence in a court of law. Robust – It should be infeasible to remove the hidden data without degrading the perceived quality of the data. – Useful in copyright watermarking.
Steganography Techniques
Binary File Techniques Text Techniques Image Techniques Sound Techniques Other Techniques
Binary File Techniques Used to protect copyright inside a binary program Any changes to that binary file will cause the execution of it to alter key generators and serial keys and no longer sufficient for copyrights purposes
Binary File Techniques One method for embedding a watermark in a binary file works as follows. First, let’s look at the following lines of code that have been extracted from a binary file: a = 2; b = 3; c = b + 3; d = b + c; The above instruction is simply equivalent to: b = 3;b = 3;b = 3; a = 2;c = b + 3;c = b + 3; c = b + 3;a = 2;d = b + c; d = b + c;d = b + c;a = 2;
Text Techniques Can be achieved by: Altering text formatting Altering characteristics of characters. The document is altered in a way that it is simply not visible to the human eye
Text Techniques To embed information inside a document we can simply alter some of its characteristics The codebook is a set of rules that tells the encoder which parts of the document it needs to change These can be either the text formatting or characteristics of the characters Encoder Codebook Marked Documents
Text Techniques Line Shift Coding Protocol Word Shift Coding Protocol Feature Coding Protocol White Space Manipulation Text Content
Line Shift Coding Protocol Lines are shifted inside the document up or down by a small fraction (such as 1/300th of an inch) according to the codebook These lines will become a control so that the computer can measure the distances between them By finding out whether a line has been shifted up or down we can represent a single bit, 0 or 1.
Word Shift Coding Protocol Based on the same principle as the line shift coding protocol The codebook will simply tell the encoder which of the words is to be shifted and whether it is a left or a right shift The decoding technique is measuring the spaces between each word and a left shift could represent a 0 bit and a right bit representing a 1 bit.
Feature Coding Protocol The document is passed through a parser where it examines the document and it automatically builds a codebook specific to that document. can use a number of different characteristics such as the height of certain characters, the dots above i and j and the horizontal line length of letters such as f and t. Line shifting and word shifting techniques can also be used to increase the amount of data that can be hidden.
White Space Manipulation White space can be manipulated so that bits can be stored This is done by adding a certain amount of white space to the end of line A program which uses this technique is SNOW [7], which is freely available.
Text Content Information can hidden in conceal it in what seems to be inconspicuous text The grammar within the text can be used to store information Easy to spot but there are clever implementations, such as SpamMimic [9] which creates a spam that contains a secret message.
Image Techniques Simple Watermarking LSB – Least Significant Bit Hiding (Image Hiding) Direct Cosine Transformation
Simple Watermarking Can be done by adding a pattern on top of an existing image This method is only really applicable to watermarking, as the pattern is visible and even without the original watermark
Simple Watermarking rmarking.jpg/450px-Visible_digital_watermarking.jpg
LSB – Least Significant Bit The easiest way of hiding information in an image and yet it is surprisingly effective It works by using the least significant bits of each pixel in one image to hide the most significant bits of another
LSB – Least Significant Bit STEPS: 1. First load up both the host image and the image you need to hide 2.Chose the number of bits you wish to hide the secret image in. The more bits used in the host image, the more it deteriorates 3.Create a new image by combining the pixels from both images e.g. Host Pixel: Secret Pixel: New Image Pixel:
LSB – Least Significant Bit
Direct Cosine Transformation 1. First the image is split up into 8 x 8 squares 2. Next each of these squares is transformed via a DCT, which outputs a multi dimensional array of 63 coefficients 3. A quantizer rounds each of these coefficients, which essentially is the compression stage as this is where data is lost 4. Small unimportant coefficients are rounded to 0 while larger ones lose some of their precision 5. At this stage you should have an array of streamlined coefficients, which are further compressed via a Huffman encoding scheme or similar 6. Decompression is done via an inverse DCT.
Spread Spectrum Spread Spectrum MIDI
Sound Techniques Spread spectrum systems encode data as a binary sequence which sounds like noise but which can be recognised by a receiver with the correct key Used by the military since the 1940s because the signals are hard to jam or intercept as they are lost in the background noise
MIDI Good places to hide information due to the revival this format has had with the surge of mobile phones, which play MIDI ring tones Steganography in MIDI takes advantages of the Program Change message in the midi file which basically changes the type of instrument being played on a certain channel.
MIDI Each PC message can contain a number from 0 to 127 String together the necessary number of PC messages to contain the hidden data.
Limitations
Both parties must agree on the method used. If they don’t, the receiving party may not know that there is a hidden message. The size of the medium being used to hide the data. In order for steganography to be useful the message should be hidden without any major changes to the object it is being embedded in. This leaves limited room to embed a message without noticeably changing the original object.
Detection
Steganalysis The art of detecting Steganography. This involves detecting the use of Steganography inside of a file. Does not deal with trying to decrypt the hidden information inside of a file, it just attempts to discover it. Detection can be either passive or active. Passive – Just attempt to discover it. Active – Attempt to retrieve the hidden information.
Detection Methods for detecting Steganography are: Viewing the file and comparing it to another copy of the file found on the Internet (eg. a picture file). Look for (disturbings of) patterns. Line heights and whitespaces. Examine color palette. Size of the image. Last modified date. Listening to the file (audio file). Listen for disturbances. Size of file. Date last modified.
Detection Methods for detecting Steganography are: Video files Visible signals (gestures, movements) Same techniques as with images Same techniques as with audio Using utilities. Xsteg (Linux based) Stegdetect Steganography Analyzer Artifact Scanner (StegAlyzerAS) Steganography Analyzer Signature Scanner (StegAlyzerSS)
Attacks
Basic Attacks Introduce timing errors. This is done by adjusting the synchronization chip signal which causes the embedded data to be lost. Change the Length of audio. Altering the length of a piece of audio without changing the pitch. This can be an effective attack on audio files.
Attacks Robustness Attacks: Attempts to diminish or remove the presence of a watermark. If a series of minor distortions are applied the watermark can be lost while the image remains largely unchanged. Whatever changes have been made will likely be acceptable to pirates or other persons who do not usually require high quality copies. A utility that utilizes this technique is Stirmark. E.g..E.g..
Attacks Robustness Attacks (cont) Cepstrum analysis. Echo hiding. Echo hiding is a technique used to encode zeros and ones by adding echo signals distinguished by different values for their delay and amplitude to an audio signal. Decoding can be done by detecting the initial delay using the auto-correlation of the cepstrum of the encoded signal. If the echo can be detected then it can be removed by inverting the formula used to add it.
Attacks Presentation Attacks: Modifies the content of the file in order to prevent the detection of the watermark. Mosaic attack Takes advantage of size requirements for embedding a watermark. By splitting the marked file into small sections the mark detection can be confused. E.g..E.g..
Attacks Interpretation Attacks Interpretation attacks involve finding a situation in which the assertion of ownership is prevented. Prevents mark detection being unable to tell which mark came first if multiple marks are found. If the owner publishes a document, d + w (where d is the original and w is the watermark) a pirate can add a second watermark w’ and claim that the document is his and that the original was d + w - w’.
Attacks Implementation Attacks Software used to implement steganographic techniques needs to be secure. If the mark detection software is vulnerable it may be possible for attackers to deceive it. Digimarc, one of the most widely used picture marking schemes was attacked using a weakness in the implementation.
Conclusion As Steganography becomes more widely used in computing there are issues that need to be resolved. There are a wide variety of different techniques with their own advantages and disadvantages Many currently used techniques are not robust enough to prevent detection and removal of embedded data.
Conclusion For a system to be considered robust it should have the following properties: The quality of the media should not noticeably degrade upon addition of a mark. Marks should be undetectable without secret knowledge, typically the key. If multiple marks are present they should not interfere with each other. The marks should survive attacks that don’t degrade the perceived quality of the work.
Conclusion As attacks are found that work against existing techniques, it is likely that new techniques will be developed that overcome these deficiencies. The continuing use of digital media will drive development of new techniques and standards for watermarking are likely to be developed. techniques used by law enforcement authorities to detect embedded material will improve as they continue to try and prevent the misuse of Steganography.
References /security/students/SS5/Steganography.pdf eganography_AMangarae.pdf