Transcript Steganography - Indiana University of Pennsylvania

Steganography
By Colton Delman COSC 316
What is it?
• Greek roots
– Steganos : covered
– Graphie: writting
• Hidden communication
• The hiding of data, information, or messages in many different
binary file formats/ object in such a way that it will not be noticed
• Watermarks
– Watermarking an image is the same thing and using the same
technology and methods
– Used to deal with digital rights, protect information, and conceal trade
secrets
– Copyright protection
History of Steganography
• Dates back to when man first began to publish books
• Ancient Greeks melted wax from their wax message
tablets and scratched their covert communication on the
wood of the tablet itself
– This replacing the wax on the surface when done
• Shaved head of slaves, tattooed message to head, and
sent slave with hair grown back
Types of Files
– Known:
•
•
•
•
•
•
•
•
•
•
•
•
•
.bmp
.jpg
.gif
.png
.html
.pcx
.pdf
.wav
.mp3
.au
text documents
Network traffic
executables
• Most commonly in picture files
What can be hidden?
• Text files
– ex. Legal/business
documents
• Other pictures
– ex. Pictures of child
pornography
• Messages
Place
ment
zone
How Does it Work?
• Most programs are simple drag and drop
– Open original file
– Drag and drop hidden file into original
– save as new file
• LSB method
– Least Significant Bit
• Append Method
Encrypt and append file to end of the original file
• Plus encryption/password for the file
LSB Method
•modifies the 1’s and 0’s from the secret message and inserts those into
each pixel of an image, starting at the bit lest likely to make a noticeable
change to the color of the pixel
•This changes the color so slightly that the human eye cant tell the
difference
Applications
• Used to transfer secret messages/data covertly
– ex: trade secrets stolen from business by insider, sent to rival company via
hidden document in a image in email
– Ex: sharing of child pornography hidden in normal images
• Freeware
–
–
–
–
•
S-Tools
JP Hide-and-Seek
Gif-it-up
wbStego4
Detection Software available
–
–
–
–
–
–
–
Stego Analyst™
Gargoyle
Stego Watch
Stego Break
StegAlyzerAS
StegAlyzerRTS
StegAlyzerSS
The Threat
• Has been connected to the distribution of
child pornography
• Secret message communication system
for terrorist groups
• Stealing of government/corporate
documents
• Files are hard to detect and go through
firewalls
Clear Issues/limitations
• Unless program used is high end most of the time the file size
changes dramatically (when compared to original file)
• But not always the case
• Simple algorithms and encryption but could lead to more robust
forms
• Detection software confuses watermarks and legit files with legit
Steganography files
• File size is limited for hidden files
– Carrier file dictates amount of space for hidden data
– Usually 25-30% of the size of carrier file
– Anymore then that = high probability of detection
Demo
•
•
•
•
PhotoCrypt
S-Tools4
The Third Eye
winhip
Questions?
Work Cited
•
Harris, Shon. "Steganography." CISSP All-in -One Exam Guide. Third ed. Emeryville: McGrawHill/Osborne, 2005. 602-03. Print.
•
McNamara, Joel. "Steganography." Secrets of Computer Espionage: Tactics and Countermeasures.
Indianapolis, IN: Wiley, 2003. 127-30. Print.
•
Rogers, Russ. "Covert Channels." Hacking a Terror Network: The Silent Threat of Covert Channels.
Rockland, MA: Syngress, 2005. 130-36. Print.
•
Rogers, Russ. "The Future of Steganography." Hacking a Terror Network: The Silent Threat of Covert
Channels. Rockland, MA: Syngress, 2005. 344-48. Print.
•
Steganography and digital watermarking resource links, Johnson & Johnson Technology Consultants
www.jjtc.com/Steganography
•
“Steganography Revealed,” by Kristy Westphal, SecurityFocus ( April 8, 2003)
www.securityfocus.com/infocus/1684