Digital Steganography - Indiana University of Pennsylvania

Digital Steganography - Indiana University of Pennsylvania

Digital Steganography Jared Schmidt In This Presentation Digital Steganography Common Methods in Images Network Steganography Uses Steganalysis

oDetecting steganography OpenPuff Demo Conclusion / Questions Digital Steganography The art of hiding data in a file so that only the sender and intended recipient suspect the presence of hidden data o A form of security through obscurity

Very easy to accomplish Harder to detect and decrypt BMP, JPG, TXT, HTML/XML, PDF, PNG, GIF, AU, WAV, MP3, AVI, TIF, TGA, DLL, EXE LSB Method Most common form of digital steganography In a RGB image, Information is hidden in the LSB[s] of the RGB values of each pixel

oIn a 24-bit bitmap, each pixel represented by 3 bytes. 8 bits representing red value = 2^8 = 256 shades of RED 8 bits representing green value = 2^8 = 256 shades of GREEN 8 bits representing blue value = 2^8 = 256 shades of BLUE 16,777,216 possible colors Effectively have 3-4 bits of data to hide information in for every pixel o32bpp format contains an alpha channel 8 required for ASCII character

Color Perception Changing the LSB of the Red value by 1 (in 24-bit color depth) is undetectable by the human eye. Nokia 808 PureView: 41 megapixel camera phone. 41 megapixels / (3 pixels/byte)

= 13.66MB of data can be hidden in a single image. JPEG Steganography Most common image format oLossy compression Uses type-II DCT to achieve compression. oNeighboring pixels typically have similar color values. oInformation less important to human eye (sharp

transitions in brightness, color hue) is discarded Steganographic methods work by manipulating rounding in the DCT coefficient matrix of a JPEG file JPEG Encoding/Decoding Process Comparison of JPEG Compression A blocking effect occurs with higher

compression creating artifacts Higher quality Lower Quality Network Steganography Modifying network packets header or payload

o In TCP/IP networks, unused bits in the IP and TCP header may be used Packet based length steganography o Manipulation of the MTU (Maximum Transmission Unit) VoIP - Lost Audio Packets Steganographic Method (LACK) o Transmitter intentionally delays packets by an excessive amount of time. o Payload of these lost packets contains the secret information

Uses Individuals or organizations storing sensitive information in steganographic carriers. Layered encryption / decoy data Digital watermarking to verify intellectual ownership or authenticity Open Source Steganography Tools OpenPuff, S-Tools

Illegitimate Uses Terrorist Organizations oEasy form of covert communication oMay 16, 2012 Over 100 Al-Qaeda training manuals and detailed future plots discovered in a porn video found on an operatives flash drive. Stealing/transmitting confidential data or corporate plans Finding Steganography on the Web

Provos and Honeyman, researchers at the University of Michingan, conducted a scan of 2 million Ebay images and 1 million USENET images in 2001 and found no suspect images. UN report title Use of Internet for Terrorist Purposes oMembers of a Colombian guerilla group found communicating using steganographic spam emails Steganalysis Analyzing images for possible hidden data Many algorithms perform a statistical analysis to detect

anomalies in the cover object oE.g. repetitive patterns could indicate use of a steganography tool or hidden message Investigating pixel neighborhoods to find inconsistencies with ways files are compressed. Problems with Detecting Steganography Impractical to actively scan all internet content for

steganography Data is likely encrypted Data can be hidden in certain parts of image or scattered based on a random seed Messages can be hidden in chains of files oCan be hidden in several files using different techniques for each Time consuming

Cover and Stego Image Comparison Original Image (cover) Stego Image (with hidden data) Conclusion How digital steganography is achieved oImages, audio, video

oNetwork methods (manipulation of packets) Uses of Steganography oLegitimate / Illegitimate How it can be detected oChallenges with detection Questions?

Recently Viewed Presentations

  • U.S. General Services Administration Federal Acquisition Service Schedule

    U.S. General Services Administration Federal Acquisition Service Schedule

    TAA Compliance *On the Post Award Reference website, we have posted "General Modification Instructions" and post award reference documents to assist you with your modification requests. These documents were previously posted on FedBizOpps with the Solicitation, but were since removed...
  • Slide 1

    Slide 1

    Word Work. Spelling tests will resume in the new semester. We do not have a test planned for this week. Lists are available online at SpellingCity.com if you should choose to have your child study at home: WW & SJ...
  • Hess's Law

    Hess's Law

    Hess's Law Example Problem. Hess's Law Example Problem. Hess's Law Example Problem. Calculation of Heat of Reaction . Author: Eng, Breanna Created Date: 01/08/2015 19:28:08 Title: Hess's Law Last modified by:
  • Custom Earpiece and Face Masks - Homestead Schools

    Custom Earpiece and Face Masks - Homestead Schools

    Odontogenic Infections ... Acute onset infection Diffuse swelling Compromised host defenses Involvement of fascial spaces Severe pericoronitis Principles of Antibiotic Therapy Use Empiric Therapy Use narrowest spectrum drug Use antibiotic with the lowest toxicity Use bactericidal antibiotic Be ...
  • IT Strategic Plan

    IT Strategic Plan

    PID: Print ID (CABLE lookup) Consistent concerns raised in end-to-end delivery of IT services (including training), except for Airport Bureau IT services. IT Service Delivery Department of Telecommunications and Information Services (DTIS), the Department's primary provider of IT services is...
  • American Democratic Culture

    American Democratic Culture

    American Democratic Culture Romanticism in America Industry and ambition were dominant themes in American society in the 1830-1850s People were looking for something different Interest in nature Interest in Native Americans Drew on instinct & feelings rather than intelligence Jacksonian...
  • "Convicting Those Who Contradict" - In Search Of Truth

    "Convicting Those Who Contradict" - In Search Of Truth

    6. "I don't argue about religion!". However, We Must Correct and Contend: … in humility correcting those who are in opposition, if God perhaps will grant them repentance, so that they may know the truth, and that they may come...
  • ANR/CED Strategic Business Plan Mike Buschermohle Biosystems ...

    ANR/CED Strategic Business Plan Mike Buschermohle Biosystems ...

    Mannie Bedwell - Eastern Region . Center for Profitable Agriculture. Rob Holland - Director and Value-Added Agriculture Specialist ... Paul Hart, Central Region. David Qualls, Central Region. Lena Beth Reynolds, Eastern Region. John Wilson, Eastern . Region. Lori Duncan, Specialist....