Steganography Detection Brittnee Morgan December 22, 2004 HPR 108B.
-
date post
15-Jan-2016 -
Category
Documents
-
view
218 -
download
0
Transcript of Steganography Detection Brittnee Morgan December 22, 2004 HPR 108B.
Steganography Steganography DetectionDetection
Brittnee MorganBrittnee Morgan
December 22, 2004December 22, 2004
HPR 108BHPR 108B
Topics of discussion:Topics of discussion:
What is Steganography?What is Steganography?
What is Steganalysis?What is Steganalysis?
What are some detection methods?What are some detection methods?
Is this a growing threat?Is this a growing threat?
What is Steganography?What is Steganography?
SteganographySteganography is the hiding of information within is the hiding of information within a more obvious kind of communication.a more obvious kind of communication.
Used for centuriesUsed for centuries traced back to the Roman Empire traced back to the Roman Empire
messenger shaved his head messenger shaved his head
tattooed a message on it tattooed a message on it
waited for his hair to grow backwaited for his hair to grow back
traveled to his destination traveled to his destination
shaved his head to reveal the message. shaved his head to reveal the message.
Also used invisible ink etc.Also used invisible ink etc.
Round 1 - BitmapRound 1 - Bitmap
One of these is just a regular image, the other has a 22.0 KB document hidden inside it. Can you tell which is which by just looking? The image on the right is the one with the embedded data.
Round 2 – GIF Round 2 – GIF
The same 22 KB document is hidden inside one of these.
The original was 4.8 KB, because it is compressed, the steg image is 251 KB
SteganalysisSteganalysis
SteganalysisSteganalysis is the detection of is the detection of steganography by a third party. steganography by a third party. Visual analysis- detecting changes in the Visual analysis- detecting changes in the appearance that are noticeable to the appearance that are noticeable to the human eye.human eye.Statistical (algorithmic) analysis- more Statistical (algorithmic) analysis- more powerful, reveals small alterations in an powerful, reveals small alterations in an image’s statistical behavior caused by image’s statistical behavior caused by steganographysteganography
Different Statistical TestsDifferent Statistical Tests
Average bytes - above 175 Average bytes - above 175 indicates data embedded, indicates data embedded, below indicates clean file.below indicates clean file.Differential values – above Differential values – above 150 is dirty, below 50 is clean150 is dirty, below 50 is cleanYou can also use variation of You can also use variation of the bytes, kurtosis, and the bytes, kurtosis, and average deviation graphs, but average deviation graphs, but they have no distinct breaking they have no distinct breaking point, and therefore can not point, and therefore can not be universal.be universal.There are also more There are also more complicated types, such as complicated types, such as mathematical steganalysismathematical steganalysis
Types of DetectionTypes of Detection
S-tools & Hide and S-tools & Hide and Seek – examine color Seek – examine color table of .bmp images table of .bmp images for near duplicatesfor near duplicatesJ-Steg – hides in DCT J-Steg – hides in DCT coefficients, use coefficients, use statistical testingstatistical testingEZ-Stego – look at EZ-Stego – look at color table, can see color table, can see by looking at image if by looking at image if it is degradedit is degraded
WetStone TechnologiesWetStone Technologies
WetStone WetStone delivers cyber security and delivers cyber security and
digital investigation digital investigation products products
training to government, law training to government, law enforcement, and private enforcement, and private sector organizations around sector organizations around the world. the world.
StegoStego Suite 4.1 Suite 4.1 Stego Watch Stego Watch Stego Analyst Stego Analyst Stego BreakStego Break
StegoWatch, Stego Analyst and StegoWatch, Stego Analyst and Stego BreakStego Break
Stego Analyst-Stego Analyst- An imaging An imaging tool that allows searches for tool that allows searches for visual cluesvisual cluesCan examine characteristics Can examine characteristics such as color palettes, hue, such as color palettes, hue, intensity, used colors, etc…intensity, used colors, etc…Stego Break-Stego Break- Applies a Applies a dictionary based attack, to dictionary based attack, to obtain passwords.obtain passwords.
Stego Watch-Stego Watch- This allows This allows users to detect the presence users to detect the presence of hidden communications in of hidden communications in digital images or audio files.digital images or audio files.
Niels Provos and StegDetectNiels Provos and StegDetect
Niels Provos is one of the Niels Provos is one of the leaders in Steganography leaders in Steganography detection, he developed detection, he developed Stegdetect.Stegdetect.This program uses a This program uses a webcrawler to save images webcrawler to save images and send them to and send them to Stegdetect. Stegdetect. It also includes Stegbreak It also includes Stegbreak which launches dictionary which launches dictionary based attacks on jpegs.based attacks on jpegs.Problems: Problems:
Many false positivesMany false positives Too slowToo slow
Dangers of SteganographyDangers of Steganography
Explosion on internet traffic provides perfect Explosion on internet traffic provides perfect environment for steganographyenvironment for steganographyOver 100 free steg programs on the internet, Over 100 free steg programs on the internet, over 1 million downloadsover 1 million downloadsTerrorism – In a New York Times article it Terrorism – In a New York Times article it explains the use of steganography by terrorists explains the use of steganography by terrorists linked to Osama Bin Laden, as well as the linked to Osama Bin Laden, as well as the Zacarias Moussaoui case that we read about.Zacarias Moussaoui case that we read about.Used for industrial espionage, trade secret theft, Used for industrial espionage, trade secret theft, cyber weapon exchange, and criminal cyber weapon exchange, and criminal coordination and communication.coordination and communication.
Future of Steg and SteganalysisFuture of Steg and Steganalysis
As the use of steganography becomes more As the use of steganography becomes more widespread in both the traditional and criminal widespread in both the traditional and criminal world, the techniques are becoming better and world, the techniques are becoming better and better.better.
Steganalysis is also getting better, but as people Steganalysis is also getting better, but as people publish their findings, it is easier to protect publish their findings, it is easier to protect against it. against it.
Laws are changing to encompass digital Laws are changing to encompass digital information. on Niels Provos’ information. on Niels Provos’ websitewebsite, the , the legality is said to be questioned.legality is said to be questioned.
My ThoughtsMy Thoughts
There is a lot of information out there.There is a lot of information out there.
Too many imagesToo many images
Easy accessEasy access
SummarySummary
Today we talked aboutToday we talked about What steganography isWhat steganography is
What steganalysis isWhat steganalysis is
Some detection methodsSome detection methods
Some programs usedSome programs used
The growing threat when used maliciouslyThe growing threat when used maliciously
For more information look at my website at: http://www.uri.edu/personal2/love0945/stegdetection.htm