Download - STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT
![Page 1: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/1.jpg)
STEGANOGRAPHY: HIDDEN IN PLAIN SIGHTBY: KEVIN R. MEDINA SANTIAGO
![Page 2: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/2.jpg)
COMPUTER FORENSICS
• Investigation of information found in computers and digital storage media
• Focuses on:
• Identifying
• Preserving
• Recovering
• Analyzing
![Page 3: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/3.jpg)
WHAT IS STEGANOGRAPHY
SCovered, concealed,
protected
GRAPHEIN
Writing
?
![Page 4: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/4.jpg)
Herodotus
440 A.C.
Histories
Histiaeus
Revolution
against the
Persians
![Page 5: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/5.jpg)
PHYSICAL STEGANOGRAPHY
• Invisible Ink
• Message under a postage stamp
• Knitting a message in on clothing
• Blinking in Morse code
ISEC
InfoSecurity
Tour
2018
![Page 6: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/6.jpg)
DIGITAL STEGANOGRAPHY
• 1975, Personal Computers
• 1985, Barrie Morgan and Mike Barney, Datotek, M2B2
• Steganography tools surfacing
• Slow at first, followed by a rapid spike
![Page 7: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/7.jpg)
CURRENT STEGANOGRAPHY TOOLS
• TOO MANY TO LIST!!!
• Here are a few:
• ImageHide
• Hide in Picture
• BDV DataHider
![Page 8: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/8.jpg)
WHAT DO THEY DO?
• Hide stuff
• Images, videos, audio files, documents, text
• Inside other stuff
• Images, videos, audio files, documents, executables, folders
WHERE?LIKE WHAT?…like what?
![Page 9: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/9.jpg)
ENCRYPTION (WHY NOT?)
• Advanced Encryption Standard
• Data Encryption Standard
• Message Digest 5
• Secure Hashing Algorithm
![Page 10: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/10.jpg)
IMAGE STEGANOGRAPHY
LVHFLQIRVH
FXULWBWRXU
IS EC IN FO SE CU
RI TY TO UR
![Page 11: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/11.jpg)
Steganography Pic Original Pic
![Page 12: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/12.jpg)
DIGITAL WATERMARKING
• Visible Watermarking
• A logo or text that denotes the owner
• Invisible Watermarking
• Data embedded into file
• Invisible and inaudible
![Page 13: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/13.jpg)
STEGANOGRAPHY METHODS
![Page 14: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/14.jpg)
LEAST SIGNIFICANT BIT (LSB)
10000010
Data to be hidden:
101101
011011100111
1010101001
101101
![Page 15: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/15.jpg)
DISCRETE COSINE TRANSFORM (DCT)
• Technique used to compress JPEG, MJPEG, MPEG
-23 -2 0 0 0 0 0 0
-21 4 2 0 0 0 0 0
6 1 0 0 0 0 0 0
1 -1 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
![Page 16: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/16.jpg)
STEGANALYSIS
• Stego-Only attacks – Stego object available
• Known Cover Attack – Original and Carrier available
• Chosen Stego Attack – Programs used, patterns compared
• Known Stego Attack – Everything is available
![Page 17: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/17.jpg)
HOW TO DETECT?
• EnCase, Guidance Software Inc.
• Ilook Investigator
• StegDetect
• Forensic Toolkit, AccessData
![Page 18: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/18.jpg)
NETWORK STEGANOGRAPHY
• Coined in 2003, Krzysztof Szczypiorski
• Communication Protocols
• Protocol Logic Manipulation
• Deliberate Packet Delays
• Much harder to detect!
![Page 19: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/19.jpg)
CRYPTOGRAPHY V.S. STEGANOGRAPHY• Unknown message passing
• Little Known Technology
• Technology still being
developed for certain formats
• Once detected message is
known
• Known message passing
• Common technology
• Most algorithms known to
governments
• Current algorithms resistant to
BFA, but strength reduces
while technology increases
![Page 20: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/20.jpg)
WHY IS THIS SCARY?
•Mostly used maliciously:
• Terrorism
• Hide stolen data
• Hide illegal videos/images
• Research and Development must go on!
![Page 21: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/21.jpg)
CONCLUSION
• Still being investigated
• Difficult to notice
• Can hide large amounts of data
• Various types of uses, including commercial
![Page 22: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/22.jpg)
REFERENCES
• Funds for foreign cryptology support, 10 USC §412
• Richer, P. (2003). Steganalysis: Detecting hidden information with computer forensic analysis (Tech.).
Retrieved February 9, 2018, from SANS Institute InfoSec Reading Room website:
https://www.sans.org/reading-room/whitepapers/stenganography/steganalysis-detecting-hidden-
information-computer-forensic-analysis-1014
• Software, G. (n.d.). EnCase® Forensic. Retrieved February 9, 2018, from
https://www.guidancesoftware.com/encase-forensic
• U.S. Internal Revenue Service Criminal Investigation Division Electronic Crimes. (n.d.). Retrieved February
9, 2018, from http://www.ilook-forensics.org/
![Page 23: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/23.jpg)
REFERENCES
• Forensic Toolkit. (n.d.). Retrieved February 2, 2018, from https://accessdata.com/products-
services/forensic-toolkit-ftk
• Rout, H., & Mishra, B. K. (2014, December). Pros and Cons of Cryptography, Steganography and
Perturbation techniques (Tech.). Retrieved February 7, 2018, from Research Gate website:
https://www.researchgate.net/publication/286092142_Pros_and_Cons_of_Cryptography_Steganogra
phy_and_Perturbation_techniques
• Petitcolas, F. A., Anderson, R. J., & Kuhn, M. G. (n.d.). Information Hiding—A Survey (Tech.).
Retrieved February 2, 2018, from IEEE website:
http://www.petitcolas.net/fabien/publications/ieee99-infohiding.pdf
![Page 24: STEGANOGRAPHY: HIDDEN IN PLAIN SIGHT](https://reader031.vdocuments.site/reader031/viewer/2022012419/6173da7eada1c91af00ca9c6/html5/thumbnails/24.jpg)
This material is based upon work supported by, or
in part by the National Science Foundation
Scholarship for Service (NSF-SFS) award under
contract award #1563978.