Presentation is loading. Please wait.

Presentation is loading. Please wait.

ECrime and Steganography Lecture & Demonstration.

Published byTimothy Chavez Modified over 10 years ago

Similar presentations

Presentation on theme: "ECrime and Steganography Lecture & Demonstration."— Presentation transcript:

1 eCrime and Steganography Lecture & Demonstration

2

3 © 2003-2006 WetStone Technologies, Inc. Origins of Steganography Steganography Origins – From the Greek Roots Steganos or Covered Graphie or Writing Covered Writing – First Known Usage The early Greeks and Persians used several forms of covered writing to conceal the communication of secret or covert messages Origins date back as far 2,500 years ago

4 © 2003-2006 WetStone Technologies, Inc. Origins of Steganography Demaratus of Ariston was exiled in Persia, and while there, he received news that Xerxes had decided to invade Greece. He decided that he must get word of the pending invasion to Sparta. Since discovery of such an act meant certain death, he decided that he must conceal the message. He scraped the wax off a pair of wooden folding writing tablets and carved a warning message in the wood. He then covered the wood with a fresh coat of wax. The tablet was passed by the sentries without raising any suspicion and was delivered to and read by the Greeks. WAX TABLET

5 © 2003-2006 WetStone Technologies, Inc. Origins of Steganography Null Cipher Messages – Most notably this method was used during World War I by the Germans – Text based steganography has taken on several forms PRESIDENTS EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW, STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY PERSHING SAILS FROM NY JUNE 1

6 © 2003-2006 WetStone Technologies, Inc. Dangers of Steganography Steganography vs. Encryption – Steganography and Encryption each have distinct purposes Encryption – Keeps information private by using a mathematical algorithm which renders the contents unreadable unless you possess a specific key allowing you to decipher the message – Encrypted objects are typically easy to identify or detect – The existence of the message is obvious, however the content is obscured Steganography – Hides the actual existence of a message or hidden data – Hides information in plain sight by exploiting weaknesses of our human senses

7 © 2003-2006 WetStone Technologies, Inc. Dangers of Steganography Steganography Encryption

8 Steganography E-Mail Communication Covert Message Send Message With Innocuous Attachment Firewall RevealStego CP Carrier Image ApplyStego Revealed CP password

9 © 2003-2006 WetStone Technologies, Inc. Who knows about this technology?

10 © 2003-2006 WetStone Technologies, Inc. How big is the problem?

11 © 2003-2006 WetStone Technologies, Inc. Who knows about it? source google.com

12 © 2003-2006 WetStone Technologies, Inc. How global is the problem? ARABICARABIC

13 © 2003-2006 WetStone Technologies, Inc. How global is the problem? CHINESECHINESE

14 © 2003-2006 WetStone Technologies, Inc. How global is the problem? GERMANGERMAN

15 © 2003-2006 WetStone Technologies, Inc. How global is the problem? KOREANKOREAN

16 © 2003-2006 WetStone Technologies, Inc. How global is the problem? CROATIANCROATIAN

17 © 2003-2006 WetStone Technologies, Inc. How global is the problem? JAPANESEJAPANESE

18 Steganography How does it work?

19 © 2003-2006 WetStone Technologies, Inc. How is this possible? Human Sight – Characteristics Poor detection and identification of differing shades of color Poor recognition of high intensity shades (i.e. bright blue and violet shades of color) Human Hearing – Characteristics Very sensitive to noise and distortion Imperceptible in detecting slight amplitude shifts Imperceptible in detecting slight phase shifts

20 © 2003-2006 WetStone Technologies, Inc. Palette Images Map to a pre-defined color on a table – Pixel represented by table lookup value 2 http://www.webstyleguide.com/graphics/displays.html 2

21 © 2003-2006 WetStone Technologies, Inc. RGB or True Color Images True Color images – Typically represented by 24 bits – 8 bits for each color (red, green, blue) – 16.7M possible colors (2 8 x 2 8 x 2 8 ) – Each pixel holds color triplet 4 http://www.webstyleguide.com/graphics/displays.html 4

22 Least Significant Bit (LSB) Steganography Applied to RGB Color Images

23 © 2003-2006 WetStone Technologies, Inc. LSB Substitution – bit 0 11011010 1100011 1110000 RED GREEN BLUE 0 0 1 Before After Combined Color Individual Colors After 0 1 0 LSB Substitution

24 © 2003-2006 WetStone Technologies, Inc. LSB Substitution bit 0 and 1 11011010 110001 0 111000 1 RED GREEN BLUE 1 0 1 Before After Combined Color Individual Colors After 0 1 0 LSB Substitution

25 © 2003-2006 WetStone Technologies, Inc. LSB Substitution bits (0-3) 1 1011 100 1100 100 1110 111 RED GREEN BLUE 1 0 1 Before After Combined Color Individual Colors After 0 1 0 LSB Substitution

26 © 2003-2006 WetStone Technologies, Inc. Visual Analysis

27 © 2003-2006 WetStone Technologies, Inc. Visual Analysis

28 © 2003-2006 WetStone Technologies, Inc. Visual Analysis

29 © 2003-2006 WetStone Technologies, Inc. Digital Audio CD Audio – Typically referred to as wave audio files – Wave audio is an uncompressed set of samples – Each samples is represented as a16-bit value Binary – 0000 0000 0000 0000 – 1111 1111 1111 1111 Hex – 0000 - FFFF Decimal – -32768 to +32767 – Each sample is collected at a frequency of 44.1 Khz or 44,100 times per second based on Nyquists theorem Nyquist's theorem: A theorem, developed by H. Nyquist, which states that an analog signal waveform may be uniquely reconstructed, without error, from samples taken at equal time intervals. The sampling rate must be equal to, or greater than, twice the highest frequency component in the analog signalanalog signal waveformerrortimesampling ratefrequency component Nyquist's theorem: A theorem, developed by H. Nyquist, which states that an analog signal waveform may be uniquely reconstructed, without error, from samples taken at equal time intervals. The sampling rate must be equal to, or greater than, twice the highest frequency component in the analog signalanalog signal waveformerrortimesampling ratefrequency component 5 http://www.its.bldrdoc.gov 5

30 © 2003-2006 WetStone Technologies, Inc. Digital Audio - Dangers Audio based steganography has the potential to conceal more information – Audio files are generally larger than images – Our hearing can be easily fooled – Slight changes in amplitude can store vast amounts of information Many sources and types makes statistical analysis more difficult – Greater amounts of information can be embedded without audible degradation

31 © 2003-2006 WetStone Technologies, Inc. LSB in Action Steganography Demonstration

32 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Data Appending Covert Channels Formatting Modification Word Substitution Color Palette Modification Encoding Algorithm Modification 24-Bit LSB Encoding

33 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Typically modifies the cover file by appending data after the standard end-of-file marker Data Appending Example Program Camouflage

34 © 2003-2006 WetStone Technologies, Inc. Data Appending Example Carrier Image Hidden Data

35 © 2003-2006 WetStone Technologies, Inc. Data Appending Example Original Carrier File Camouflage Hidden Message End of File MarkersHidden Data

36 Camouflage in Action Demonstration

37 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Formatting Modification Example Program Invisible Secrets Works by making subtle modification to text and/or line spacing in standard documents

38 © 2003-2006 WetStone Technologies, Inc. Formatting Modification Example Carrier File Hidden Data

39 © 2003-2006 WetStone Technologies, Inc. Formatting Modification Example Original Carrier File Modified Carrier File HASH D350 E408 495B D1A4 2FDB 6A54 6C34 2F94 DE8F 89E5 HASH 7E62 FC70 65FE 8095 7796 23DC 697D CBDF EEEC 3E07

40 © 2003-2006 WetStone Technologies, Inc. Formatting Modification Example Original Carrier FileModified Carrier File

41 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Word Substitution Spam Mimic – Web based steganography tool http://www.spammimic.com/ Automatically create spam like messages that actually contain hidden data

42 © 2003-2006 WetStone Technologies, Inc. Word Substitution Example Message to Encode

43 © 2003-2006 WetStone Technologies, Inc. Spam mimic Spam encoded message

44 © 2003-2006 WetStone Technologies, Inc. Spam mimic

45 © 2003-2006 WetStone Technologies, Inc. Spam mimic

46 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Typically applied to 8-BIT images such as GIF or 8 BIT BMP files. The technique modifies the color palette and the associated colors in the image to embed data Color Palette Modification Example Program Gif-it-Up

47 © 2003-2006 WetStone Technologies, Inc. Color Palette Modification Example Carrier Image Hidden Data

48 © 2003-2006 WetStone Technologies, Inc. Color Palette Modification Example Carrier Image Covert Message

49 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography 24-Bit LSB Encoding Example Program The LSB method makes subtle changes to each pixel of the image. The changes are undetectable through visual inspection for most images Example Program : S-Tools Version 4.0

50 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Encoding Algorithm Modification JPEG Discrete Cosine Transform (DCT) Modification MP3 perceptual noise shaping (PNS) Modification

51 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Most typically applied to JPEG files. LSB modifications are made to the coefficients of the Discrete Cosine Transform prior to the lossless stage of compression DCT Coefficient Modification Example Program JPHS

52 © 2003-2006 WetStone Technologies, Inc. DCT Coefficient Modification Example Carrier Image Hidden Data

53 © 2003-2006 WetStone Technologies, Inc. Carrier Image HASH 7847 C7B7 1884 B350 17E9 4783 2603 B315 27B1 8ABE File Size 224,186 Modified Carrier Image HASH 4AC7 2ADA 5C95 08A3 645A 8FC2 30CD 3AA5 E323 644D File Size 223,122 DCT Coefficient Modification Example

54 © 2003-2006 WetStone Technologies, Inc. DCT Formula 8 x 8 2D Forward DCT 8 x 8 2D Inverse DCT

55 © 2003-2006 WetStone Technologies, Inc. Quantized DCT 12345678 1015614152728 22471316262942 338121725304143 4911182431404453 51019233239455254 62022333846515560 72134374750565961 83536484957586263 LOW ENERGY MEDIUM ENERGY HIGH ENERGY

56 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography Modification of the MP3 encoding algorithm to insert data without altering the sound quality MP3 PNS Modification Example Program MP3 Steno

57 © 2003-2006 WetStone Technologies, Inc. Known Methods of Steganography A modified communication channel exploited by a sender and receiver to exchange information Covert Channels Example Program Covert TCP Source code supplied with informational article published in First Monday http://www.firstmonday.dk/issues/issue2_5/rowla nd/index.html#app

58 © 2003-2006 WetStone Technologies, Inc. Covert Channels Example Manipulation of the Initial Sequence Number Field* – The Initial Sequence Number is used to establish a communication link between a client and remote server – A program can be created to generate this number using a constant divided by an ASCII character value – A similar program on the other end can passively listen for communication and then decode the message *http://www.firstmonday.dk/issues/issue2_5/rowland/index.html#app

59 © 2003-2006 WetStone Technologies, Inc. Covert Channels Example 20:30:10.005553 10.1.1.45321 > 128.162.1.0.80: S 1207959552:1207959552(0) win 512 (ttl 64, id 49408) Packet Header 20:30:10.005553 Time Stamp 10.1.1.0.45321 Source 1207959552:1207959552 ISN > S 128.162.1.0.80 Destination Win 512 (ttl 64, id 49408) Misc. Fields

60 © 2003-2006 WetStone Technologies, Inc. Covert Channels Example 1207959552:1207959552 Locate ISN 1207959552 / 16777216 = 72 Divide by constant 72 = H in ASCII Convert to ASCII

61 Steganography Investigation Demonstration

62 © 2003-2006 WetStone Technologies, Inc. Summary Steganography weapons are easy to use, and readily available to our adversaries

63 © 2003-2006 WetStone Technologies, Inc. Summary Steganography is capable of concealing the mere existence of incriminating information and/or covert communications

64 © 2003-2006 WetStone Technologies, Inc. Summary Steganography provides criminals with the ability to: Conceal incriminating information Covertly communicate with accomplices Innocuously share dangerous information

65 © 2003-2006 WetStone Technologies, Inc. Summary Steganography is difficult to: Detect Analyze Break

66 © 2003-2006 WetStone Technologies, Inc. Summary Modern digital steganography is capable of innocuously concealing or transferring large amounts of information. A rule of thumb is 30-40% of the carrier size.

67 © 2003-2006 WetStone Technologies, Inc. Summary When used in conjunction with the Internet, steganography becomes a globally effective weapon for criminals and terrorists.

68 Thank You Chet Hosmer CEO & Chief Scientist chet@wetstonetech.com

Download ppt "ECrime and Steganography Lecture & Demonstration."

Similar presentations

An Exploration in the Detection of Hidden Data in Audio Bit Streams Presented by: John Monk CS 525, Spring Semester 2002

An Exploration in the Detection of Hidden Data in Audio Bit Streams Presented by: John Monk CS 525, Spring Semester 2002
Data Compression CS 147 Minh Nguyen.

Data Compression CS 147 Minh Nguyen.
Steganography University of Palestine Eng. Wisam Zaqoot April 2011 ITSS 4201 Internet Insurance and Information Hiding.

Steganography University of Palestine Eng. Wisam Zaqoot April 2011 ITSS 4201 Internet Insurance and Information Hiding.
Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.

Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.
F5 A Steganographic Algorithm

F5 A Steganographic Algorithm
Computers Talk Binary. nd/Binary_Conversion/Binary_to_Text.asp Send me a polite or write me a polite coded.

Computers Talk Binary. nd/Binary_Conversion/Binary_to_Text.asp Send me a polite or write me a polite coded.
Motivation Application driven -- VoD, Information on Demand (WWW), education, telemedicine, videoconference, videophone Storage capacity Large capacity.

Motivation Application driven -- VoD, Information on Demand (WWW), education, telemedicine, videoconference, videophone Storage capacity Large capacity.
IT-101 Section 001 Lecture #8 Introduction to Information Technology.

IT-101 Section 001 Lecture #8 Introduction to Information Technology.
Khan, Mohammed Minhajuddin

Khan, Mohammed Minhajuddin
Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed By: Randy Grubb Armstrong Atlantic State University – Cyber.

Covert Channels The Silence Must be Heard The Hidden Must be Seen The Secrets Must be Revealed By: Randy Grubb Armstrong Atlantic State University – Cyber.
Department of Computer Engineering University of California at Santa Cruz Data Compression (3) Hai Tao.

Department of Computer Engineering University of California at Santa Cruz Data Compression (3) Hai Tao.
-Archana Sapkota -Deepti Reddy Steganography 1 CS691 Summer 2009.

-Archana Sapkota -Deepti Reddy Steganography 1 CS691 Summer 2009.
Overview of Digital Stenography

Overview of Digital Stenography
Pictures Worth More Than 1000 Words

Pictures Worth More Than 1000 Words
Spread Spectrum Steganography

Spread Spectrum Steganography
Steganography Detection Brittnee Morgan December 22, 2004 HPR 108B.

Steganography Detection Brittnee Morgan December 22, 2004 HPR 108B.
Steganography Rayan Ghamri.

Steganography Rayan Ghamri.
1. 2 Discussion Topic: Steganography By Chris Turla, Darien Hager, Jeremy Cheng, Pui Chee Chan INFO 498 – Information Security Autumn ’04.

1. 2 Discussion Topic: Steganography By Chris Turla, Darien Hager, Jeremy Cheng, Pui Chee Chan INFO 498 – Information Security Autumn ’04.
1 A Balanced Introduction to Computer Science, 2/E David Reed, Creighton University ©2008 Pearson Prentice Hall ISBN 978-0-13-601722-6 Chapter 12 Data.

1 A Balanced Introduction to Computer Science, 2/E David Reed, Creighton University ©2008 Pearson Prentice Hall ISBN Chapter 12 Data.
5. 1 JPEG “ JPEG ” is Joint Photographic Experts Group. compresses pictures which don't have sharp changes e.g. landscape pictures. May lose some of the.

5. 1 JPEG “ JPEG ” is Joint Photographic Experts Group. compresses pictures which don't have sharp changes e.g. landscape pictures. May lose some of the.

Similar presentations

Ads by Google