Steganography Cyber Security Camp, July 22, 2015 Rodrigo Sardiñas Dr. David Umphress William...
-
Upload
valerie-young -
Category
Documents
-
view
216 -
download
2
Transcript of Steganography Cyber Security Camp, July 22, 2015 Rodrigo Sardiñas Dr. David Umphress William...
3
What is Steganography
• The art of covered or hidden writing. • Steganos – Greek word meaning “covered”• Graphy – Latin word meaning “writing” or
“drawing”• Thousands of years old
– Tattoos, symbols, contextual clues/jargon, bunnies
• Difficult to detect (if you don’t know its there)
4
What Steganography is Not
• Cryptography – Kryptos = secret or hidden– Graphein/Logia = writing/study– The art of writing or solving codes.– Hide the meaning, not the message
• Steganography– Hide the message, not the meaning
• Can both be used to obscure data
5
Example 1
• Covered or concealment ciphers– Use null cipher to hide message according
to some prearranged set of rules
Frank is not doing my editing.
Hidden message: “Find me”
6
Activity 1
• At your table, devise your own concealment cipher strategy. (5 minutes)
• Use that strategy to hide a message. (3 min)• Class will have several minutes to try to
decipher each group’s message.– Prize for group with most correct guesses– Prize for group with most elaborate or creative
strategy
8
Insertion (Injection)
• Hide data in sections of a file that are not processed– Comments section in HTML file– After EOF marker in regular file– Metadata section of file
• No modification of relevant data• Will add to original file size• No limit to how much can be hidden• Potential to detect if compared to original
10
Activity 2 (text only)• Open an image using notepad++• Write a message at the bottom of the file• Open the image normally to view it• Experiment with writing messages at various
locations in the image (in notepad++) to see what happens
• Discuss results of inserting messages in places other than at the end– What happens when you add text to beginning?– What about somewhere in the middle?
11
Activity 3 (files)• Create file(s) (any files, text, word, etc…)• Zip files up using built-in windows zip command
(send to -> zip file)• Place zip and an image in same folder• Open command in current directory
– Shift + right click -> open command prompt here
• copy /b [name of picture].jpg + [name of zip file].zip [new name for picture].jpg
• View new image normally• Change file extension to .zip to view archive contents
12
Substitution
• Make minor changes in data such that user doesn’t notice change
• No change in file size• Limited in how much can be hidden• Potential to detect if compared to
original
14
Activity 5• Open a web browser and go to the following URL:
– http://www.mobilefish.com/services/steganography/steganography.php
• Follow instructions to upload any image• Type hidden message• Do not enter a password (no encryption)• Download image with message inside• Open in notepad++ to see if you can find message• Go back to website and follow instructions to
show message
16
Generation
• Create new file from carrier (file hiding the data) and hidden data file using some algorithm
• No limit to how much can be hidden• Cannot be compared to original since a brand
new “original” file is created
17
Example 5Use custom algorithm to hide data
Created image
Message hidden in audio generated from image
18
Activity 4 Do Together (part 1)• Use Gimp to create
hidden message– Create new image– Change background
color to black
– Create text in image (use white text)
– Export image as JPEG
19
Activity 4 Do Together (part 2)• Use coagula to convert JPEG to audio (.wav) file
– Open JPEG in coagula– Select “render without blue”
• This should create coagula.wav in current folder
20
Activity 4 Do Together (part 3)• Use Audacity to view message
– Open coagula.wav in audacity– Select Spectrogram option to view hidden message
21
Activity 5 (part 1)
• Use OpenPuff to Hide, encrypt, and distract• Hide data
– Choose 3 different passwords (write them down)• 2 for crypto, 1 for scrambling
– Select data to hide• From secret data folder
– Select multiple carriers (.mp3, .jpg, .pdf, ect…)• From carrier folder
– Sort carriers– Select noise level– Add Decoy– Enter 3 different passwords– Choose output folder(s)
23
Activity 5 (part 3)
• Use OpenPuff to Hide, encrypt, and distract• Unhide data
– Enter all passwords• If you want to unhide decoy, enter decoy passwords• If you want to unhide data, enter data passwords
– Browse to folder with previous carriers and choose correct ones
– Sort carriers in same order as before– Select same noise level as before– Verify data is correct
25
Who Uses Steganography• Spies and terrorists
– http://www.washingtonpost.com/wp-dyn/content/article/2010/06/30/AR2010063003108.html
• Commercial and Government– Suggest to use with encryption– Watermarking
• Hackers– http://www.tripwire.com/state-of-security/incident-detect
ion/hackers-exfiltrating-data-with-video-steganography-via-cloud-video-services/
• All of us after this workshop!
26
Interesting Application of Steganography• https://danbowen.wordpress.com/2014/02/11/meet
-the-man-who-solved-the-mysterious-cicada-3301-puzzle/