Embed Size (px)
DESCRIPTION
CIT 380: Securing Computer Systems. Modern Cryptography. Steganography. Hiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent. - PowerPoint PPT Presentation
Citation preview
CIT 380: Securing Computer Systems Slide #1
CIT 380: Securing Computer Systems
Modern Cryptography
CIT 380: Securing Computer Systems Slide #2
SteganographyHiding messages in another text (the covertext) so that no one except intended recipient knows a message has been sent.– Wax Tablets: In ancient times, messages were written
in wax poured on top of a stone or wood tablet. Messages were hidden by engraving them in the stone then pouring wax over them.
– Invisible Ink: Write message using lemon juice on paper. Write covertext in regular ink after dries. Heat to view hidden message.
– Null Cipher: Hide message in ordinary text, using nth
letter of each word, or every nth word of the message.
CIT 380: Securing Computer Systems Slide #3
Digital Steganography
1. Choose a cover medium file.– JPEG, MP3, etc.
2. Identify redundant bits in cover medium.– Low order bits in image and audio files.
3. Replace subset of redundant data with secret message.
4. Send steganographic file to recipient.
CIT 380: Securing Computer Systems Slide #4
JSteg: JPEG Steganography
JPEG image format– For each color component, a discrete cosine transform
(DCT) transforms successive 8x8 pixel blocks into 64 DCT coefficients.
– Quantize DCT coefficients.
Derek Upham’s JSteg algorithm– LSBs of DCT coefficients are redundancy.
– Modification of a single DCT coef affects all 64 pixels.
– Frequency domain changes are not visually observable.
Wikipedia
• http://en.wikipedia.org/wiki/Steganography
CIT 380: Securing Computer Systems Slide #5
CIT 380: Securing Computer Systems Slide #6
SteganalysisCompare steganographic file with original.
– 100% effective at identifying presence.– Original file is “secret key” of steganography.
Statistical analysis– Inserting high entropy changes histogram of color
frequencies in predictable ways.– Reduces frequency difference between adjacent colors.
Countermeasures– Insert less information to reduce impact.– Choose DCT coefficients to modify at random.– Alternate +/- DCT coefficient value to encode bits.– Use parity of groups of DCT LSBs to encode a message.
CIT 380: Securing Computer Systems Slide #7
Key Points1. Two types of cryptosystems:
– classical (symmetric)– public key (asymmetric)
2. Cryptographic checksums provide integrity check.– One-way functions.– Keyed hash functions.
3. Public Key Cryptography– One-way trapdoor functions.– Confidentiality: encipher with public, deciper with private– Integrity: encipher with private, decipher with public
4. Steganography– Hiding existence of message inside other data.
CIT 380: Securing Computer Systems Slide #8
References1. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005.2. Cryptography Research, “Hash Collision FAQ,”
http://www.cryptography.com/cnews/hash.html, 2005.3. Paul Garrett, Making, Breaking Codes: An Introduction to Cryptology,
Prentice Hall, 2001.4. Steven Levy, Crypto, Penguin Putnam, 2002.5. Wenbo Mao, Modern Cryptography: Theory and Practice, Prentice Hall,
2004.6. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook
of Applied Cryptography, http://www.cacr.math.uwaterloo.ca/hac/, CRC Press, 1996.
7. Bruce Schneier, Applied Cryptography, 2nd edition, Wiley, 1996.8. NIST, FIPS-198a, “The Keyed-Hash Message Authentication Code
(HMAC)”, http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf9. Niels Provos and Peter Honeyman, “Hide and Seek: An Introduction to
Steganography,” IEEE Security & Privacy, May/June 2003.10. John Viega and Gary McGraw, Building Secure Software, Addison-Wesley,
2002.
