General

1 / 33
About This Presentation
Title:

General

Description:

http://www.cl.cam.ac.uk/~mgk25/ieee02-optical.pdf. Eavesdropped & Processed. Emissions Security ... Hidden microphones. Business ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 34
Provided by: fengmi5

less

Transcript and Presenter's Notes

Title: General


1
Information Hiding
CS 6262 Fall 02
2
Lecture Notes from Julie M. Starr on Passing
Information Covertly
3
Outline
  • Steganography
  • Covert Channels
  • Information Leakage

4
Prisoners Dilemma
  • How do two prisoners communicate when all
    messages are passed through the warden?
  • Cant use just encryption
  • Must make message seem innocuous
  • Prearrange scheme

5
Steganography
6
Steganography
  • Encryption hides the content of a message, but
    not the EXISTENCE of a message
  • Steganography hides data where it is not expected
  • Communications is only known to cooperating
    parties
  • Combine encryption steganography for secured
    covert messaging
  • Might not raise as much suspicion as an encrypted
    message

7
Examples
  • Invisible Ink
  • Some ancient societies known to pass messages
    covered in wax and swallowed
  • Shave a persons head, tattoo message and wait
    until hair grew
  • Apparently neutrals protest is thoroughly
    discounted and ignored. Isman hard hit. Blockade
    issue affects pretext for embargo on by-products,
    ejecting suets and vegetable oils.

Apparently neutrals protest is thoroughly
discounted and ignored. Isman hard hit. Blockade
issue affects pretext for embargo on by-products,
ejecting suets and vegetable oils.
Pershing sails from NY June 1
8
Examples (contd)
  • Microdots by Germans in WWII
  • Photo of a message cemented to a period . on a
    cover-text carrier message
  • Only discovered when a double agent tipped off
    the FBI
  • TCP headers
  • Picture files
  • Audio files
  • Web pages

9
Messages in Pictures
  • Lossless compression
  • GIF, BMP
  • Lossy compression
  • JPEG
  • Some stored as 8 or 24 bit images
  • Red, Green, Blue
  • FF FF FF, 255 255 255, 11111111 11111111 11111111
  • White
  • B/W
  • One 8 bit number to choose from 256 shades of grey

10
Messages in Pictures
  • Cover-image
  • Innocent file youll be piggybacking
  • Stego-image
  • Combined cover image with your data
  • Data can be encrypted, a file, audio, another
    picture
  • Stego-key
  • Similar to a password, may help in extracting the
    data from the stego-image

11
S-Tools
http//www.cs.vu.nl/ast/books/mos2/zebras.html
12
Messages in Pictures
  • Bad cover image choices
  • Snowstorm in Antartica
  • Night picture in the country w/ a new moon
  • Good choice
  • Lots of variations, colors
  • Options
  • Every bit
  • Selectively choose which bits to add data to

13
Picture Techniques
  • Least Significant Bit (LSB) Insertion
  • Original 3 pixels (9 bytes)
  • (1101101 00100100 101000011)
  • (0001111 00101101 111011111)
  • (0000111 00100111 100000111)
  • 8-bit message 10010111
  • New message
  • (1101101 00100100 101000010)
  • (0001111 00101100 111011111)
  • (0000111 00100111 100000111)

14
LSB Insertion
  • About ½ of bits will need to be changed
  • If using LSB or second LSB, not discernable to
    human eye
  • If BMP or GIF converted to JPEG and back, secret
    data will be lost
  • Could also insert noise, modify properties such
    as luminance

15
Pictures
  • JPEG-Steg
  • JPEG used discrete cosine transform to achieve
    compression
  • Combines data cover image and produces lossy
    stego-image JPEG through JPEG compression
  • In general secret messages may be altered if
    stego-image is cropped or touched up

16
More Picture Schemes
  • Scheme by Israeli researchers works on printed
    versions

17
Other Mediums
  • Audio - Add small echoes, not detected by human
    ear if higher amplitude signal is in original
    spot

18
Steganalysis
  • Hard to discover
  • Designed to slip under the radar
  • Use information theory to discover
  • Unusual patterns
  • Dont use 5 meg pictures files, not a standard
    picture on the Internet
  • Some users insert PGP messages into cover images
  • Harder to detect if PGP headers are stripped
  • Obvious PGP header would signal existence of a
    message to steganalysist

19
Watermarking
  • Similar to steganography in pictures, but
    different intent
  • Want people to see marks

20
Implications
  • How can government/FBI demand the encryption keys
    to your data when they dont even know youve got
    information encrypted?

21
Covert Channels
22
Covert Channels
  • Similar to steganography, but message is not
    necessarily delivered individually
  • Shared medium exists for information to be passed
  • Mechanism not designed for communication but
    abused to be

23
Examples
  • Clinton wearing a special tie to send a message
    to Monica
  • X-Files, masking tape X on window
  • al Qaeda videotapes?
  • At a brokerage house, passing on inside trading
    information
  • Programmer could subtly alter how information is
    displayed in reports, website to alter parties
    when to sell
  • Just need something out of place but not obvious

24
Govt Definitions
  • Covert Channel
  • A communications channel that allows a process to
    transfer information in a manner that violates
    the systems security policy
  • Covert Storage Channel
  • CC using direct or indirect writing to a storage
    location
  • Files, file locks
  • Presences or absence of items
  • Covert Timing Channel
  • CC where a process manipulates system resources
    to pass information to another process
  • CPU time, disk space shared resource is time
  • Using or not using

25
SW Controls
  • Keep an eye on developers
  • Peer code/design reviews
  • Code walk-through
  • Software Engineering practices

26
Is there a problem?
  • Relatively low transmission rate for
    steganography and covert channels
  • May need a Trojan horse program for a covert
    channel
  • Trojan horse program given with no ill intent
    but is actually malicious
  • Demonstrated in labs, but doe they exist in the
    real world?
  • Bob Morris Sr. was asked if CC were really in the
    wild
  • Answer was Yes

27
Information Leakage
28
Information Leakage
  • Not a prearranged covert channel, but user
    inadvertently make information available
  • LED status lights can leak information
  • Modems, routers, hard drives
  • Emissions from computer monitors
  • Emsec, Emissions Security
  • Power consumption
  • smartcards

29
Original
http//www.cl.cam.ac.uk/mgk25/ieee02-optical.pdf
30
Eavesdropped Processed
31
Emissions Security
  • Dont want computers RF signals given off in
    normal operation to give info to opponents
  • Related to EMC RFI
  • Electromagnetic compatibility, Radio Frequency
    Inteference
  • Jamming
  • Tempest Virus
  • Infect computer turn it into a small radio
    transmitter

32
Tempest Radio
http//www.erikyyy.de/tempest/
33
EmSec Threat?
  • Government
  • Real threat, embassies abroad
  • Hidden microphones
  • Business
  • Not as important, unless is used against key
    product such as smartcard
  • Easier ways to do industrial espionage
  • Cable TV
  • EmSec Controls
  • Shielding
Write a Comment
User Comments (0)
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "General" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!