Upload
xavier-prathap
View
108
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Brief view on Computer Forensics and Steganography, a tool to hide data in images, video, audio etc..
Citation preview
Computer Forensics and Steganography
Xavier Prathap. WSt. Claret College, Jalahalli
Overview
What is Computer Forensics? Uses of Computer Forensics. Forensic Processes. What is Steganography? Examples of Steganography in history. Classification of Steganography Techniques. Application of Steganography in Computer
Forensics. Steganography Tools.
Introduction to Computer Forensics
Use of Scientific knowledge for collecting, analyzing and presenting evidence to the court.
Forensics means “to bring to the court”
Why is Computer Forensics necessary?
Helps to ensure overall integrity and survivability of network infrastructure.
Defence-in-depth. Bad practices of computer forensics
may result in destroying of vital evidences.
Uses of Computer Forensics as evidence
Computer forensics has been used sincemid 1980s as evidence in the court
BTK Killer Joseph E. Duncan III Sharon Lopatka
Forensic Processes
Cross-drive analysis Live analysis Deleted Files Steganography
What is Steganography?
Art of Covered or hidden writing.
Steganography (greek word)
στεγανός
covered
γραφία
writing
Examples in History
Invisible ink (1st century AD - WW II) Tatoo message on head Overwrite select characters in printed type in
pencil› look for the gloss
Pin punctures in type Microdots (WW II) Newspaper clippings, knitting instructions, XOXO
signatures, report cards, …
Stego in Digital world
Steganography received little attention in computing
Renewed interest because of industry desire to protect copyrighted digital work› audio› images› video› Text
Detect counterfeiter, unauthorized presentation, embed key, embed author ID
Steganography ≠ Copy protection
Steganography Techniques
Null Cipher Hide message among irrelevant data Confuse the cryptoanalyst
Null Cipher Hide message among irrelevant data Confuse the cryptoanalyst
Big rumble in New Guinea.The war oncelebrity acts should end soon.Over fourbig ecstatic elephants replicated.
Null Cipher
Hide message among irrelevant data Confuse the cryptoanalyst
Big rumble in New Guinea.The war oncelebrity acts should end soon.Over fourbig ecstatic elephants replicated.
Bring two cases of beer.
Chaffing & Winnowing
Separate good messages from the bad ones Stream of unencoded messages with signatures
› Some signatures are bogus› Need key to test
M0M3 M1M2 M0M3 M1M2
Alice Bob
M0M3 M1M2
Irene
? ? ? ?
× × ×OK
Image watermarking
Spatial domain watermarking› bit flipping› color separation
Frequency domain watermarking› embed signal in select frequency bands (e.g.
high frequency areas)› apply FFT/DCT transform first
› e.g. Digimarc› watermark should alter the least perceptible
bits these are the same bits targeted by lossy image
compression software
DIGITAL APPROACHES
Today, it often exists within digital formats It makes use of seemingly innocent cover files
such as text, audio, and image files The embedded message may be anything that can
be encoded in binary
AudioPerceptual coding
› inject signal into areas that will not be detected by humans
› may be obliterated by compression
Hardware with copy-protection› not true watermarking - metadata present on media› DAT› minidisc› presence of copy protection mechanisms often failed to
give the media wide-spread acceptance
Video
Coding still frames - spatial or frequency
data encoded during refresh› closed captioning
visible watermarking› used by most networks (logo at bottom-
right)
IMAGE ATTRIBUTES
Digital images are made up of pixels The arrangement of pixels make up the image’s
“raster data” 8-bit and 24-bit images are common The larger the image size, the more information
you can hide. However, larger images may require compression to avoid detection
IMAGE-BASED TECHNIQUES
Least Significant Bit Insertion Masking and Filtering
LSB INSERTION
Replaces least significant bits with the message to be encoded
Most popular technique when dealing with images
Simple, but susceptible to lossy compression and image manipulation
LSB - ExampleA sample raster data for 3 pixels (9 bytes) may be:
Inserting the binaryvalue for
A (10000001
)changes
4 bits
00100111 11101000 1100100000100110 11001000 1110100011001001 00100111 11101011
00100111 11101001 1100100000100111 11001000 1110100111001000 00100111 11101011
MASKING & FILTERING
Masks secret data over the original data by changing the luminance of particular areas
During masking, it embed the message within significant bits of the cover image
Not susceptible to lossy techniques because image manipulation does not affect the secret message
MASKING & FILTERING - Uses
Digital Watermarking – provides identification pertaining to the owner; i.e. license or copyright information
- Invisible vs Visible
Fingerprinting – provides identification of the user; used to identify and track illegal use of content
Steganography ToolsSoftware Supporting Files Notes
BMPSecrets BMP, JPG, TIFF, GIFAllows to replace upto 50-
60% of picture with information
DarkCryptTC
BMP, JPG, TIFF, PNG, PSD, TGA, MNG, WAV,
TXT, HTML, XML, EXE, DLL
RSD mode(RNG-based random data distribution)
MP3Stego MP3 Source code provided
OpenPuffBMP, JPEG, PNG,TGA, MP3, WAV, 3fp, MP4,
MPEG-2, FLV, VOB, Pdf
256-bit multi-encryption, carrier chains, Multi-layered
obfuscation
PHP-Class StreamSteganography PNG -
Steganography Studio BMP, PNG, GIFDifferent hiding methods
included (LSC, LSC matching, SLSB, ….)
Steganographic Laboratory (VSL) BMP, PNG, JPG, TIFF Open Source
REFERENCES Wikipedia Exploring Steganography: Seeing the Unseen –
N. Johnson & S. Jajodia www.jjtc.com/stegdoc/steg1995.html Information Hiding: Techniques for
Steganography and Digital Watermarking” – S. Katzenbeisser, F. Petitcolas
Digital Watermarking – H. Bergel, L. O’Gorman
Questions?
Thank you
Xavier Prathap. WSt. Claret College, Jalahalli