Title: Steganography By, George Gergues Dale Flannagan Kushala Priya T Indira P Manchem
1Steganography By, George Gergues Dale
Flannagan Kushala Priya T Indira P Manchem
2Find any difference in the images?
3Introduction
- Data Hiding
- How it is done?
-
- Encryption
- Information is hidden in a ciphered form and sent
to the destination securely. - Problem????
- Cannot hide the existence of the data.
- Solution
4Steganography
- What is Steganography?
- Communicate secretly by embedding messages
within other messages. -
- How is it different from Encryption?
- Information is hidden in a ciphered form and
sent to the destination securely. Encryption
does not hide the data. - Steganography hides the very existence of the
data. -
5Real Life Applications
- Medical
- National Security
- Terrorism
- Businesses
6Steganography Techniques
- Injection
- Substitution
- Generation
7 Limitations of Steganography
- The sender and receiver must agree on a method in
which to hide the message - Choosing the correct method may also limit
Steganography. Ex LSB,TCP/IP - Active wardens
- Passive wardens
8Steganography Tools
- Steg Party
- PC File safe
- JSteg
- Mp3 Stego
- S-Tools
9- Hiding data in TCP header
10TCP Packet Header
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port
Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number
Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number
Data Offset Data Offset Data Offset Data Offset reserved reserved reserved ECN ECN ECN Control Bits Control Bits Control Bits Control Bits Control Bits Control Bits Window Window Window Window Window Window Window Window Window Window Window Window Window Window Window Window
Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer
Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding Options and padding
Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data Data
11IP Header
0 0 0 1 0 2 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1
Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address Source IP address
Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address Destination IP address
0 0 0 IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol IP Protocol Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length Total length
12TCP Header fields
Added in RFC3168
Component Description Length (bits)
Source Port. Source Port 16 bits,
Destination Port. Destination Port 16 bits
Seq.Number. The sequence number of the first data byte in this segment. If the SYN bit is set, the sequence number is the initial sequence number and the first data byte is initial sequence number 1. 32bits
Acknowledgment Number. If the ACK bit is set, this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent. 32 bits
Data Offset. The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits. 4 bits
Reserved. Must be cleared to zero. 3 bits
ECN, Explicit Congestion Notification. 3 bits
N, NS, Nonce Sum. Added in RFC3540. This is an optional field added to ECN intended to protect against accidental or malicious concealment of marked packets from the TCP sender. 1 bit
C, CWR. A value of 1 means sender has cut congestion window in half 1 bit
E, ECE, ECN-Echo. A value of 1 means receiver has cut congestion window in half 1 bit
Control Bits. 6 bits
U, URG. Urgent pointer valid flag. 1 bit
A, ACK. Acknowledgment number valid flag. 1 bit
P, PSH. Push flag. 1 bit
00 01 02
N C E
00 01 02 03 04 05
U A P R S F
13TCP Header Fields Continued..
R, RST. Reset connection flag. 1 bit
S, SYN. Synchronize sequence numbers flag. 1 bit
F, FIN. End of data flag. 1 bit
Window. The number of data bytes beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept. 16 bits, unsigned
Checksum. This is computed as the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the TCP header, and the data, padded as needed with zero bytes at the end to make a multiple of two bytes. The pseudo header contains the following fields 16 bits
Urgent Pointer. If the URG bit is set, this field points to the sequence number of the last byte in a sequence of urgent data. 16 bits, unsigned
Options. Options occupy space at the end of the TCP header. All options are included in the checksum. An option may begin on any byte boundary. The TCP header must be padded with zeros to make the header length a multiple of 32 bits. 0 to 44 bytes
Data. From the list above, the (options) bits leave a lot of space to hide data, given that your system should only comply with the standards that drive the rule based detection system of an active warden. Variable length.
14System assumptions and criteria
- All covert carrier objects (images, audio files,
scripts, or binary signatures) should not exceed
the 1 K byte limit, use know file formats to
reduce probability of detection. - The object should fit in one TCP packet done over
a single transmission without continuation as the
DO NOT FRAGMENT flag will be set. - The number of object set to be used for carriers
is predefined between both client and server. - The Server and client are both a clone of known
commercial systems , so that the sending and
receiving ends should declare the host type (i.e.
, TOMCAT or APACHE as a server and MOZILLA
client)
15System assumptions and criteria (contd)
- The maximum message size (MSS) set to 1460 to
facilitate the transmission on one session. - The covert message will be sent over after a
number of transmissions from the original system
(i.e., to get a one 1K message you will need to
perform 512 GET operations.) - Both Client and server have a way to get
synchronized timing. i.e. (have one reference of
time).
16Proposed System Architecture
17Iteration on Sequence of 3 Object System
time sequence sequence sequence
t 0 O0 O1 O2
t 1 O0 O2 O1
t 2 O1 O0 O2
t 3 O1 O2 O0
t 4 O2 O0 O1
t 5 O2 O1 O0
18New Transmission Rate
- For a system with (n) static covert carrier
objects, with each carrying 2 bytes as part of
the options you can have (n X 2 Bytes) given that
you have an MSS of 1460 Bytes, preset. - If you have a transmission rate of R bits per
second, your new covert channel rate is (RR /
(16 X n X w)) bits per second, even though in
most Steganagraphic communication, speed is not
the keyword. Where (w) is the time window
between 2 concurrent sequences. - Total number of covert bytes transmitted over one
client / server request, (i.e. site visit) n X
2 Bytes.
19New Transmission Rate (contd)
- To secure the link more we have to scramble the
sequence. The objects are loaded with
disassembled items and unloaded at the client for
reassembly .For this one, we will use a sequence
of (n!)(n Factorial) The same schema is hard
coded on both the client and server. A sample is
shown below with a 3 object system with time .The
unit of time is a preset attribute that can be
arranged between both ends.
20Steganographic TCP Packet Structure
0 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 1 9 2 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 3 0 3 1
Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Source Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port Destination Port
Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number Sequence Number
Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number Acknowledgment Number
Data Offset Data Offset Data Offset Data Offset reserved reserved reserved ECN ECN ECN Control Bits Control Bits Control Bits Control Bits Control Bits Control Bits Window Window Window Window Window Window Window Window Window Window Window Window Window Window Window Window
Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Checksum Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer Urgent Pointer
Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter. Options Including The 16 bit covert data and 16 bit covert counter.
Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object Data The Piggybacked object
21Case StudyYAHOO.COM
Items in Red circles are covert
carriers
22Ethereal Packet analysis of one request to the
front page.
23Conclusion
Proposed Solution Reduces the risk of detection
even in the case of active wardens. Future
Research Enhancing the complexity of the
replacement algorithm should improve the
reliability of this technique.