bob sherman, mcse, cissp sinclair community college dayton, oh [email protected]

Bob Sherman, MCSE, CISSP

Sinclair Community College

Dayton, OH

[email protected]

Steganography and CryptographySteganography and Cryptography

Fascinating but difficult topics for Fascinating but difficult topics for studentsstudents

Very strong mathematical link Very strong mathematical link We use encryption almost every We use encryption almost every

time we’re onlinetime we’re online How can we educate, excite and How can we educate, excite and

motivate our students!!motivate our students!!


Cryptography and Network SecurityCryptography and Network Security William Stallings, 5William Stallings, 5thth Edition Edition Prentice HallPrentice Hall ISBN: 0-13-609074-9ISBN: 0-13-609074-9


http://en.wikipedia.org/wiki/Steganographyhttp://en.wikipedia.org/wiki/Steganography

SteganographySteganography is the art and science of is the art and science of writing hidden messages in such a way that writing hidden messages in such a way that no one, apart from the sender and intended no one, apart from the sender and intended recipient, suspects the existence of the recipient, suspects the existence of the message, a form of message, a form of security through obscuritysecurity through obscurity. .


http://en.wikipedia.org/wiki/Steganograhttp://en.wikipedia.org/wiki/Steganographyphy

The advantage of steganography, over The advantage of steganography, over cryptographycryptography alone, is that messages alone, is that messages do not attract attention to themselves. do not attract attention to themselves. Plainly visible encrypted messages—no Plainly visible encrypted messages—no matter how unbreakable—will arouse matter how unbreakable—will arouse suspicion.suspicion.


Digital cameras and image sizesDigital cameras and image sizes Nikon D300 has a 12 megapixel Nikon D300 has a 12 megapixel

sensorsensor Approximately 4000 x 3000 pixelsApproximately 4000 x 3000 pixels Common image storage techniques Common image storage techniques

uses 3 bytes or 24 bits for each pixeluses 3 bytes or 24 bits for each pixel One byte used for red, green and One byte used for red, green and

blue color associated with each pixelblue color associated with each pixel


12 megapixel image could be as 12 megapixel image could be as large as 36 megabytes in sizelarge as 36 megabytes in size

That image is commonly compressed That image is commonly compressed and stored as a JPEG file typeand stored as a JPEG file type

That image stored as a JPEG fine That image stored as a JPEG fine image would be 6-8 MBsimage would be 6-8 MBs

Steganography uses the least Steganography uses the least significant bit of each byte for the significant bit of each byte for the purpose of holding the “hidden” datapurpose of holding the “hidden” data


Steganography is the ability to hide Steganography is the ability to hide an object inside another objectan object inside another object

The viewer is not even aware of the The viewer is not even aware of the hidden objecthidden object

For example consider these two For example consider these two different pictures:different pictures:


Actually these two pictures are not Actually these two pictures are not the samethe same

The picture on the right has a text The picture on the right has a text document hidden inside of itdocument hidden inside of it

A secret message that the viewer A secret message that the viewer doesn’t even know exists!!doesn’t even know exists!!


jphide: a tool to embed a file in a jphide: a tool to embed a file in a digital imagedigital image

jpseek: a tool to retrieve a file from jpseek: a tool to retrieve a file from a digital imagea digital image

Requires a shared secret (password) Requires a shared secret (password) known to both partiesknown to both parties


For example…….

http://http://www.outguess.org/detection.phpwww.outguess.org/detection.php


“ “Lately, al-Qaeda operatives have been sending hundreds of encrypted Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” that al-Qaeda is planning another attack.” USA TodayUSA Today, 10 July, 2002., 10 July, 2002.

““Authorities also are investigating information from detainees that suggests al Authorities also are investigating information from detainees that suggests al Qaeda members -- and possibly even bin Laden -- are hiding messages inside Qaeda members -- and possibly even bin Laden -- are hiding messages inside photographic files on pornographic Web sites.”photographic files on pornographic Web sites.”- - CNN, CNN, 23 July, 200223 July, 2002

Wired News reported that messages are being hidden in images Wired News reported that messages are being hidden in images posted on Internet auction sites like eBay or Amazon. Some posted on Internet auction sites like eBay or Amazon. Some government sources suspect that Laden’s pre-recorded videos government sources suspect that Laden’s pre-recorded videos that are re-played on TV stations around the world contain that are re-played on TV stations around the world contain hidden messages.hidden messages.

• Could the 9/11 attacks have been one of these activities?Could the 9/11 attacks have been one of these activities?• Intelligence experts suspect that individuals use embedded Intelligence experts suspect that individuals use embedded

Internet messages to communicate covertly.Internet messages to communicate covertly.• Will future terrorist attacks be coordinated thus?Will future terrorist attacks be coordinated thus?

After September 11th, the popular press reported on a regular basis that the al Qaeda terrorist network was using steganography to pass information covertly


We use it nearly every day!We use it nearly every day! It’s been used for thousands of It’s been used for thousands of

years!years! It protects our communications, It protects our communications,

transactions and data!transactions and data! It helps keep us safer!It helps keep us safer!

Ciphers provide a method of taking Ciphers provide a method of taking normal text (plaintext) and converting normal text (plaintext) and converting it to encrypted text (ciphertext).it to encrypted text (ciphertext).

You might see the text but it would be You might see the text but it would be unintelligble to you.unintelligble to you.

Substitution ciphers are one of the Substitution ciphers are one of the oldest forms and have been used for oldest forms and have been used for thousands of years to encrypt thousands of years to encrypt communication.communication.

Steganography and Cryptography


A B C D E F G H I J K L M N O P Q R S T U V W X Y ZA B C D E F G H I J K L M N O P Q R S T U V W X Y Z

D E F G H I J K L M N O P Q R S T U V W X Y Z A B CD E F G H I J K L M N O P Q R S T U V W X Y Z A B C

A substitution cipher might look like this:


The money is hidden in the backpackThe money is hidden in the backpack

Becomes….Becomes….

The money is hidden in the backpackThe money is hidden in the backpack

Becomes….Becomes….

Wkh prqhb lv klgghq lq wkh edfnsdfnWkh prqhb lv klgghq lq wkh edfnsdfn


iuhh slccd iru oxqfk wrgdbiuhh slccd iru oxqfk wrgdb

Becomes…Becomes…



iuhh slccd iru oxqfk wrgdbiuhh slccd iru oxqfk wrgdb

Becomes…Becomes…

Free pizza for lunch todayFree pizza for lunch today


The “key” in this example is 3The “key” in this example is 3 The “key” is used in both the The “key” is used in both the

encryption and the decryption encryption and the decryption processprocess

The “key” must be known to both The “key” must be known to both parties but kept secret from others!parties but kept secret from others!


Symmetric cryptographySymmetric cryptography• Also known as “secret key”Also known as “secret key”• A single key performs both functions: A single key performs both functions:

encrypt and decryptencrypt and decrypt• If the key becomes known by others, If the key becomes known by others,

confidentiality is lostconfidentiality is lost How many keys are needed?!How many keys are needed?!


Asymmetric cryptographyAsymmetric cryptography• Two keysTwo keys• One public; one privateOne public; one private• One encrypts and the other decryptsOne encrypts and the other decrypts• The public key is available to everyoneThe public key is available to everyone• The private key is known only to its The private key is known only to its

ownerowner


We use cryptography on the web We use cryptography on the web every day!every day!

Secure web sitesSecure web sites HTTPS and digital certificatesHTTPS and digital certificates https://mail.sinclair.edu/exchange/https://mail.sinclair.edu/exchange/


Secure Socket Layer (SSL) and Secure Socket Layer (SSL) and Transport Layer Security (TLS)Transport Layer Security (TLS)

Client and server exchange a Client and server exchange a sequence of messages that results in sequence of messages that results in the server providing its certificate to the server providing its certificate to the clientthe client

The client (browser) chooses a “key” The client (browser) chooses a “key” and encrypts it with the server’s and encrypts it with the server’s public key and sends it to the serverpublic key and sends it to the server


The server decrypts that key (using The server decrypts that key (using its private key)its private key)

The client and server have now The client and server have now securely exchanged a “secret key”securely exchanged a “secret key”

That key is used by both parties to That key is used by both parties to calculate another key using the calculate another key using the Diffie Hellman algorithmDiffie Hellman algorithm


That key is used by both parties for That key is used by both parties for the online sessionthe online session

The key is used to encrypt and The key is used to encrypt and decrypt all messages exchanged decrypt all messages exchanged between client and serverbetween client and server

The key can be changed periodically The key can be changed periodically during the connection and is during the connection and is discarded at the end of the sessiondiscarded at the end of the session


We actually use both symmetric and We actually use both symmetric and asymmetric cryptography every time asymmetric cryptography every time we visit a secure web site!we visit a secure web site!


We can use Wireshark or any other network monitor tool to capture and view all of this traffic. For example…..

Related topics….Related topics….

HashingHashing• MD5MD5• SHA-1SHA-1

IPSecIPSec• Another way to provide for secure Another way to provide for secure

transport of datatransport of data Virtual Private Networks (VPNs)Virtual Private Networks (VPNs)


What works for you?What works for you? Ideas to share?Ideas to share? Comments?Comments?

[email protected]

bob sherman, mcse, cissp sinclair community college dayton, oh [email protected]

Documents