32
Steganography Steganography Techniques and Techniques and Countermeasures with Countermeasures with Images, Text, and Audio Images, Text, and Audio First speaker – Chris First speaker – Chris Kleeschulte Kleeschulte Second speaker – David Miller Second speaker – David Miller Third speaker – Frederick Third speaker – Frederick Hendrix Hendrix Fourth speaker – Robert Flasher Fourth speaker – Robert Flasher

Steganography Techniques and Countermeasures with Images, Text, and Audio First speaker – Chris Kleeschulte Second speaker – David Miller Third speaker

  • View
    217

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Steganography Techniques and Steganography Techniques and Countermeasures with Images, Countermeasures with Images,

Text, and AudioText, and Audio

First speaker – Chris KleeschulteFirst speaker – Chris Kleeschulte Second speaker – David MillerSecond speaker – David Miller Third speaker – Frederick HendrixThird speaker – Frederick Hendrix Fourth speaker – Robert FlasherFourth speaker – Robert Flasher

Page 2: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Steganography Steganography TechniquesTechniques

1.1. Null cipherNull cipher

2.2. Invisible InkInvisible Ink

3.3. Least Significant Bit InsertionLeast Significant Bit Insertion

4.4. Noise ManipulationNoise Manipulation

Page 3: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Null CipherNull Cipher

Used to hide cipher text, as part of a Used to hide cipher text, as part of a more complex systemmore complex system Example:Example:NNewsews EEightight WWeather:eather: TTonightonight iincreasingncreasing ssnow.now. UUnexpectednexpected pprecipitationrecipitation ssmothersmothers eeasternastern ttowns.owns. BBee eextremelyxtremely ccautiousautious aandnd uusese ssnowtiresnowtires eespeciallyspecially hheadingeading eeast.ast. TThe [he [hhighwayighway iiss nnot]ot] kknowinglynowingly sslippery.lippery. HHighwayighway eevacuationvacuation iiss ssuspected.uspected. PPoliceolice rreporteport eemergencymergency ssituationsituations iinn ddowntownowntown eendingnding nnearear TTuesday.uesday.

Hidden message:Hidden message: Newt is upset because he thinks he Newt is upset because he thinks he is presidentis president

Page 4: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Invisible InkInvisible Ink A substance used for writingA substance used for writing, , which is which is

either invisible on application, which later either invisible on application, which later on can be made visible by some meanson can be made visible by some means

Example inks:Example inks: milk, lemon, apple or orange juice, onion juice, milk, lemon, apple or orange juice, onion juice,

sugar solution, diluted honey, diluted cola sugar solution, diluted honey, diluted cola drink, vinegar /wine, or soap water (developed drink, vinegar /wine, or soap water (developed by heat)by heat)

phenolphthalein ink (developing by ultraviolet)phenolphthalein ink (developing by ultraviolet)

Page 5: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Least Significant Bit InsertionLeast Significant Bit Insertion

Method of hiding data specifically in digital media that Method of hiding data specifically in digital media that organizes data in the form of bytes and bitsorganizes data in the form of bytes and bits

““For example: a 24-bit bitmap will have 8 bits representing each of the three For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. The difference between say color values (red, green, and blue) at each pixel. The difference between say 11111111 and 11111110 in the value for blue intensity is likely to be 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye.” --Wikipediaundetectable by the human eye.” --Wikipedia

Real Example: the colors of these two boxes is #330099 Real Example: the colors of these two boxes is #330099 and #330098, which one is which?and #330098, which one is which?

Page 6: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Noise ManipulationNoise Manipulation

Method of hiding a secret message in data Method of hiding a secret message in data that is considered noise or extraneous that is considered noise or extraneous artifacts in cover information. artifacts in cover information.

When dealing with audio, reproduction When dealing with audio, reproduction errors, sound equipment imperfections, errors, sound equipment imperfections, distortions from echoes in the studio itself, distortions from echoes in the studio itself, can introduce tiny errors in the recording of can introduce tiny errors in the recording of audioaudio

Page 7: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Implementation of LSB InsertionImplementation of LSB Insertion

This application can take This application can take anyany kind of kind of digital data and embed it into a picturedigital data and embed it into a picture

Each LSB in each color in each pixel will be Each LSB in each color in each pixel will be considered by the encoding program to be considered by the encoding program to be even or odd. Odd will become a ‘1’ and even even or odd. Odd will become a ‘1’ and even will be a ‘0’ will be a ‘0’

Page 8: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Steganographic Triad of Trade-offsSteganographic Triad of Trade-offs

Perceptibility

Covert Communication

Capacity

Subtitles/Indexing

Robustness

WatermarksFingerprints

Page 9: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Where to Hide the Data?Where to Hide the Data?

In the Fringes of the CoverIn the Fringes of the Covero By definition Fringe data is less useful and lacks By definition Fringe data is less useful and lacks

robustness to processes like compression. robustness to processes like compression. o Usually has a higher capacity.Usually has a higher capacity.o Perceptibility is variable.Perceptibility is variable.

In the Significant Portions of the CoverIn the Significant Portions of the Covero More robust to processes like compression.More robust to processes like compression.o May have lower capacity.May have lower capacity.o Perceptibility is variable.Perceptibility is variable.

Page 10: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Transform Domain SteganographyTransform Domain Steganography Seek to hide data in the significant portions of the Seek to hide data in the significant portions of the

Transform SpaceTransform Space Two Major Types in useTwo Major Types in use

Discrete Cosine TransformDiscrete Cosine Transform Subdivides cover into blocksSubdivides cover into blocks Transforms blocks to summation of cosine coefficientsTransforms blocks to summation of cosine coefficients Work with coefficients and perform a reverse transform.Work with coefficients and perform a reverse transform.

Discrete Wavelet TransformDiscrete Wavelet Transform Kind of like DCT but block size and transform mechanism Kind of like DCT but block size and transform mechanism are variable.are variable.

Pixel valuesPixel values DCT coefficientsDCT coefficients

                                                        

    

                                                        

    

Page 11: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

How Does it Work with How Does it Work with Steganography?Steganography?

Subdivide cover into blocks.Subdivide cover into blocks. Convert block to a series of frequency coefficients.Convert block to a series of frequency coefficients. Select coefficients to work with.Select coefficients to work with. Encode or DecodeEncode or Decode

Ignore, Modulate and/or Swap coefficients.Ignore, Modulate and/or Swap coefficients.

Compress or Perform reverse transform.Compress or Perform reverse transform.

DCT coefficientsDCT coefficients Quantization tableQuantization table Quantized DCT coefficientsQuantized DCT coefficients

                                                        

    

                                                        

    

                                                            

Page 12: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Trade-offsTrade-offs

Choice of Coefficients, Level of Modulation and Block Size Choice of Coefficients, Level of Modulation and Block Size all Impact all Impact

PerceptibilityPerceptibility Capacity Capacity RobustnessRobustness

Page 13: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Other Advantages and Other Advantages and DisadvantagesDisadvantages

High Entropy vs. Low Entropy High Entropy vs. Low Entropy CoversCovers Audio with talk and music Audio with talk and music

intermixedintermixed Images of a cloudless sky or other Images of a cloudless sky or other

such scenessuch scenes Choice of DCT vs. DWT with Choice of DCT vs. DWT with

regard to Entropyregard to Entropy Symmetric / Private Key Symmetric / Private Key

ExchangeExchange Match transform to cover choiceMatch transform to cover choice

Page 14: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Digital VideoDigital Video Can be treated as a stream of imagesCan be treated as a stream of images

Same steganographic techniques can be used.Same steganographic techniques can be used. Potential Increase in capacity, perceptibility and/or Potential Increase in capacity, perceptibility and/or

robustness.robustness.

Additional Avenues of AttackAdditional Avenues of Attack Frame Rate – Frames may be dropped. Frame Rate – Frames may be dropped. Drift – Additional level of compression and error Drift – Additional level of compression and error

handling.handling.

Page 15: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

The Future of SteganographyThe Future of Steganography

New TechnologiesNew Technologies BioengineeringBioengineering

New UsesNew Uses Medical RecordsMedical Records Anti-counterfeitingAnti-counterfeiting Tunable Tunable

AuthenticationAuthentication Corporate EspionageCorporate Espionage Copyright Copyright

EnforcementEnforcement

Page 16: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Detecting Detecting SteganographySteganography

Main ApproachesMain Approaches

Automated DetectionAutomated DetectionVisual Inspection Visual Inspection Hand Crafted Statistical Analysis Hand Crafted Statistical Analysis

Page 17: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Automated DetectionAutomated Detection What is Automated Detection?What is Automated Detection?

Automated detection involves using software or a system to read a file Automated detection involves using software or a system to read a file and determine if it contains steganography. and determine if it contains steganography.

How does it work?How does it work? Using an algorithm written in the software or system, the file is analyzed Using an algorithm written in the software or system, the file is analyzed

for the presence of steganography and the results of the test are given for the presence of steganography and the results of the test are given to the user.to the user.

ToolsTools Software: StegDetectSoftware: StegDetect Machine Learning SystemMachine Learning System

Method ComparisonsMethod Comparisons Benefits and LimitationsBenefits and Limitations

++ FastFast++ Low CostLow Cost- High Error RateHigh Error Rate- Defeated by Newer Steganography AlgorithmsDefeated by Newer Steganography Algorithms

Page 18: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Automated Detection Cont.Automated Detection Cont.

Page 19: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Visual InspectionVisual Inspection

What is Visual Inspection?What is Visual Inspection? This involves using the aided or unaided human eye This involves using the aided or unaided human eye

to determine if a picture contains steganographyto determine if a picture contains steganography How does it work?How does it work?

Unaided: Look at the image for signs of tamperingUnaided: Look at the image for signs of tampering Aided: Map the bit planes and examine themAided: Map the bit planes and examine them

Benefits and LimitationsBenefits and Limitations+ Low Cost+ Low Cost+ Good for LSB insertions on GIFs+ Good for LSB insertions on GIFs- UnreliableUnreliable- Requires skill/experienceRequires skill/experience

Page 20: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Visual Inspection ExampleVisual Inspection Example

Original:

Enhanced LSB Map

Bit Plane Mapping Unaided

(Note Artifacts)->

Page 21: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

More Visual Inspection ExamplesMore Visual Inspection Examples

CleanClean Steganography Steganography

Page 22: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Statistical AnalysisStatistical Analysis What is Statistical Analysis?What is Statistical Analysis?

Statistical Analysis involves analyzing patterns in image to determine if Statistical Analysis involves analyzing patterns in image to determine if it contains a stego payload.it contains a stego payload.

How does it work?How does it work? Using properties of the stego image, steganalysis in done using a hand Using properties of the stego image, steganalysis in done using a hand

crafted algorithm.crafted algorithm. ApproachesApproaches

Pairs of Values AnalysisPairs of Values Analysis Dual Statistics AnalysisDual Statistics Analysis JPEG Compatibility JPEG Compatibility

Benefits and LimitationsBenefits and Limitations++ FlexibleFlexible++ ReliableReliable-- CostlyCostly- Time ConsumingTime Consuming

Page 23: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Summary of DetectionSummary of Detection

There is no “end all” methodThere is no “end all” method Steganography is always trying to defeat Steganography is always trying to defeat

steganalysis, and vice versasteganalysis, and vice versa The cost, benefits and limitations of each The cost, benefits and limitations of each

method must be weighedmethod must be weighed

Page 24: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Steganalysis Destruction AttackSteganalysis Destruction Attack

PurposePurposeo Replace stego-message dataReplace stego-message datao Render message inextricableRender message inextricableo Backup for detection attacksBackup for detection attacks

Steganogram?Steganogram?o Image files (gif, jpeg, bmp, etc…)Image files (gif, jpeg, bmp, etc…)o TextTexto Video (mpeg, wav, etc)Video (mpeg, wav, etc)o Audio (mp3, CD, tape, etc…)Audio (mp3, CD, tape, etc…)o Virtually any digital media or fileVirtually any digital media or file

Page 25: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Desired Attack CharacteristicsDesired Attack Characteristics

Removes hidden dataRemoves hidden data StealthStealth

o Imperceptible (human senses)Imperceptible (human senses)o I = v + tI = v + t

Low resource useLow resource useo HumanHumano ComputingComputing

Page 26: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Image Domain Destruction AttackImage Domain Destruction Attack

File CompressionFile Compressiono EncodeEncode

Outputs compact fileOutputs compact file Removes unnecessary data bitsRemoves unnecessary data bits

o DecodeDecode Generates data bit valuesGenerates data bit values Not the same bit valuesNot the same bit values

Stealth – Does not affect Stealth – Does not affect v + tv + t Resource useResource use

o Easily automated processEasily automated processo Little human interactionLittle human interaction

Page 27: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

File Compression Attack - SampleFile Compression Attack - Sample

Before File Before File Compression Compression AttackAttack

After File After File Compression Compression AttackAttack

Page 28: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Image Transform Destruction Image Transform Destruction AttackAttack

Manipulates essential bits of perceptible Manipulates essential bits of perceptible media propertiesmedia properties

Attack typesAttack typeso ContrastContrasto BlurBluro RotateRotateo SharpenSharpeno Etc…Etc…

Page 29: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Image Transform Attack (cont.)Image Transform Attack (cont.)

Remove Stego-Message? Stealth?Remove Stego-Message? Stealth?o Steganographer hides message in Steganographer hides message in t’t’ such that such that

t’t’ is a subset of is a subset of tto Steganalyst must insert Steganalyst must insert t’’t’’ such that such that t’’t’’ is a is a

subset of subset of tt and and t’t’ is a subset of is a subset of t’’t’’

Resource use – Significant human Resource use – Significant human interactioninteraction

Page 30: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Image Transform Attack - SampleImage Transform Attack - Sample

Before Before Contrast AttackContrast Attack

After Contrast After Contrast AttackAttack

Page 31: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

ConclusionsConclusions

There is no “end all” methodThere is no “end all” method Steganography is always trying to defeat Steganography is always trying to defeat

steganalysis, and vice versasteganalysis, and vice versa The benefits and limitations of each method The benefits and limitations of each method

must be weighedmust be weighed

Page 32: Steganography Techniques and Countermeasures with Images, Text, and Audio  First speaker – Chris Kleeschulte  Second speaker – David Miller  Third speaker

Questions?Questions?