bob sherman, mcse, cissp sinclair community college dayton, oh [email protected]
TRANSCRIPT
Steganography and CryptographySteganography and Cryptography
Fascinating but difficult topics for Fascinating but difficult topics for studentsstudents
Very strong mathematical link Very strong mathematical link We use encryption almost every We use encryption almost every
time we’re onlinetime we’re online How can we educate, excite and How can we educate, excite and
motivate our students!!motivate our students!!
Steganography and CryptographySteganography and Cryptography
Cryptography and Network SecurityCryptography and Network Security William Stallings, 5William Stallings, 5thth Edition Edition Prentice HallPrentice Hall ISBN: 0-13-609074-9ISBN: 0-13-609074-9
Steganography and CryptographySteganography and Cryptography
http://en.wikipedia.org/wiki/Steganographyhttp://en.wikipedia.org/wiki/Steganography
SteganographySteganography is the art and science of is the art and science of writing hidden messages in such a way that writing hidden messages in such a way that no one, apart from the sender and intended no one, apart from the sender and intended recipient, suspects the existence of the recipient, suspects the existence of the message, a form of message, a form of security through obscuritysecurity through obscurity. .
Steganography and CryptographySteganography and Cryptography
http://en.wikipedia.org/wiki/Steganograhttp://en.wikipedia.org/wiki/Steganographyphy
The advantage of steganography, over The advantage of steganography, over cryptographycryptography alone, is that messages alone, is that messages do not attract attention to themselves. do not attract attention to themselves. Plainly visible encrypted messages—no Plainly visible encrypted messages—no matter how unbreakable—will arouse matter how unbreakable—will arouse suspicion.suspicion.
Steganography and CryptographySteganography and Cryptography
Digital cameras and image sizesDigital cameras and image sizes Nikon D300 has a 12 megapixel Nikon D300 has a 12 megapixel
sensorsensor Approximately 4000 x 3000 pixelsApproximately 4000 x 3000 pixels Common image storage techniques Common image storage techniques
uses 3 bytes or 24 bits for each pixeluses 3 bytes or 24 bits for each pixel One byte used for red, green and One byte used for red, green and
blue color associated with each pixelblue color associated with each pixel
Steganography and CryptographySteganography and Cryptography
12 megapixel image could be as 12 megapixel image could be as large as 36 megabytes in sizelarge as 36 megabytes in size
That image is commonly compressed That image is commonly compressed and stored as a JPEG file typeand stored as a JPEG file type
That image stored as a JPEG fine That image stored as a JPEG fine image would be 6-8 MBsimage would be 6-8 MBs
Steganography uses the least Steganography uses the least significant bit of each byte for the significant bit of each byte for the purpose of holding the “hidden” datapurpose of holding the “hidden” data
Steganography and CryptographySteganography and Cryptography
Steganography is the ability to hide Steganography is the ability to hide an object inside another objectan object inside another object
The viewer is not even aware of the The viewer is not even aware of the hidden objecthidden object
For example consider these two For example consider these two different pictures:different pictures:
Steganography and CryptographySteganography and Cryptography
Steganography and CryptographySteganography and Cryptography
Steganography and CryptographySteganography and Cryptography
Steganography and CryptographySteganography and Cryptography
Actually these two pictures are not Actually these two pictures are not the samethe same
The picture on the right has a text The picture on the right has a text document hidden inside of itdocument hidden inside of it
A secret message that the viewer A secret message that the viewer doesn’t even know exists!!doesn’t even know exists!!
Steganography and CryptographySteganography and Cryptography
jphide: a tool to embed a file in a jphide: a tool to embed a file in a digital imagedigital image
jpseek: a tool to retrieve a file from jpseek: a tool to retrieve a file from a digital imagea digital image
Requires a shared secret (password) Requires a shared secret (password) known to both partiesknown to both parties
Steganography and CryptographySteganography and Cryptography
For example…….
http://http://www.outguess.org/detection.phpwww.outguess.org/detection.php
Steganography and CryptographySteganography and Cryptography
“ “Lately, al-Qaeda operatives have been sending hundreds of encrypted Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” that al-Qaeda is planning another attack.” USA TodayUSA Today, 10 July, 2002., 10 July, 2002.
““Authorities also are investigating information from detainees that suggests al Authorities also are investigating information from detainees that suggests al Qaeda members -- and possibly even bin Laden -- are hiding messages inside Qaeda members -- and possibly even bin Laden -- are hiding messages inside photographic files on pornographic Web sites.”photographic files on pornographic Web sites.”- - CNN, CNN, 23 July, 200223 July, 2002
Wired News reported that messages are being hidden in images Wired News reported that messages are being hidden in images posted on Internet auction sites like eBay or Amazon. Some posted on Internet auction sites like eBay or Amazon. Some government sources suspect that Laden’s pre-recorded videos government sources suspect that Laden’s pre-recorded videos that are re-played on TV stations around the world contain that are re-played on TV stations around the world contain hidden messages.hidden messages.
• Could the 9/11 attacks have been one of these activities?Could the 9/11 attacks have been one of these activities?• Intelligence experts suspect that individuals use embedded Intelligence experts suspect that individuals use embedded
Internet messages to communicate covertly.Internet messages to communicate covertly.• Will future terrorist attacks be coordinated thus?Will future terrorist attacks be coordinated thus?
After September 11th, the popular press reported on a regular basis that the al Qaeda terrorist network was using steganography to pass information covertly
Steganography and CryptographySteganography and Cryptography
We use it nearly every day!We use it nearly every day! It’s been used for thousands of It’s been used for thousands of
years!years! It protects our communications, It protects our communications,
transactions and data!transactions and data! It helps keep us safer!It helps keep us safer!
Ciphers provide a method of taking Ciphers provide a method of taking normal text (plaintext) and converting normal text (plaintext) and converting it to encrypted text (ciphertext).it to encrypted text (ciphertext).
You might see the text but it would be You might see the text but it would be unintelligble to you.unintelligble to you.
Substitution ciphers are one of the Substitution ciphers are one of the oldest forms and have been used for oldest forms and have been used for thousands of years to encrypt thousands of years to encrypt communication.communication.
Steganography and Cryptography
Steganography and Cryptography
A B C D E F G H I J K L M N O P Q R S T U V W X Y ZA B C D E F G H I J K L M N O P Q R S T U V W X Y Z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B CD E F G H I J K L M N O P Q R S T U V W X Y Z A B C
A substitution cipher might look like this:
Steganography and Cryptography
The money is hidden in the backpackThe money is hidden in the backpack
Becomes….Becomes….
The money is hidden in the backpackThe money is hidden in the backpack
Becomes….Becomes….
Wkh prqhb lv klgghq lq wkh edfnsdfnWkh prqhb lv klgghq lq wkh edfnsdfn
Steganography and Cryptography
iuhh slccd iru oxqfk wrgdbiuhh slccd iru oxqfk wrgdb
Becomes…Becomes…
Steganography and Cryptography
Steganography and CryptographySteganography and Cryptography
iuhh slccd iru oxqfk wrgdbiuhh slccd iru oxqfk wrgdb
Becomes…Becomes…
Free pizza for lunch todayFree pizza for lunch today
Steganography and CryptographySteganography and Cryptography
The “key” in this example is 3The “key” in this example is 3 The “key” is used in both the The “key” is used in both the
encryption and the decryption encryption and the decryption processprocess
The “key” must be known to both The “key” must be known to both parties but kept secret from others!parties but kept secret from others!
Steganography and CryptographySteganography and Cryptography
Symmetric cryptographySymmetric cryptography• Also known as “secret key”Also known as “secret key”• A single key performs both functions: A single key performs both functions:
encrypt and decryptencrypt and decrypt• If the key becomes known by others, If the key becomes known by others,
confidentiality is lostconfidentiality is lost How many keys are needed?!How many keys are needed?!
Steganography and CryptographySteganography and Cryptography
Asymmetric cryptographyAsymmetric cryptography• Two keysTwo keys• One public; one privateOne public; one private• One encrypts and the other decryptsOne encrypts and the other decrypts• The public key is available to everyoneThe public key is available to everyone• The private key is known only to its The private key is known only to its
ownerowner
Steganography and CryptographySteganography and Cryptography
We use cryptography on the web We use cryptography on the web every day!every day!
Secure web sitesSecure web sites HTTPS and digital certificatesHTTPS and digital certificates https://mail.sinclair.edu/exchange/https://mail.sinclair.edu/exchange/
Steganography and CryptographySteganography and Cryptography
Secure Socket Layer (SSL) and Secure Socket Layer (SSL) and Transport Layer Security (TLS)Transport Layer Security (TLS)
Client and server exchange a Client and server exchange a sequence of messages that results in sequence of messages that results in the server providing its certificate to the server providing its certificate to the clientthe client
The client (browser) chooses a “key” The client (browser) chooses a “key” and encrypts it with the server’s and encrypts it with the server’s public key and sends it to the serverpublic key and sends it to the server
Steganography and CryptographySteganography and Cryptography
The server decrypts that key (using The server decrypts that key (using its private key)its private key)
The client and server have now The client and server have now securely exchanged a “secret key”securely exchanged a “secret key”
That key is used by both parties to That key is used by both parties to calculate another key using the calculate another key using the Diffie Hellman algorithmDiffie Hellman algorithm
Steganography and CryptographySteganography and Cryptography
That key is used by both parties for That key is used by both parties for the online sessionthe online session
The key is used to encrypt and The key is used to encrypt and decrypt all messages exchanged decrypt all messages exchanged between client and serverbetween client and server
The key can be changed periodically The key can be changed periodically during the connection and is during the connection and is discarded at the end of the sessiondiscarded at the end of the session
Steganography and CryptographySteganography and Cryptography
We actually use both symmetric and We actually use both symmetric and asymmetric cryptography every time asymmetric cryptography every time we visit a secure web site!we visit a secure web site!
Steganography and CryptographySteganography and Cryptography
We can use Wireshark or any other network monitor tool to capture and view all of this traffic. For example…..
Related topics….Related topics….
HashingHashing• MD5MD5• SHA-1SHA-1
IPSecIPSec• Another way to provide for secure Another way to provide for secure
transport of datatransport of data Virtual Private Networks (VPNs)Virtual Private Networks (VPNs)
Steganography and CryptographySteganography and Cryptography
What works for you?What works for you? Ideas to share?Ideas to share? Comments?Comments?