Steganography & Cybercriminals
When pictures worth a thousand secrets!
Mohamed N. El-Guindy, MCGI, CEng, MBCS, CITP, MIEEE
ISSA Egypt, President
•The largest International Association for Security Professionals
•138 Chapter around the world in 70 Countries
•More than 13,000 Security Professionals
•Provides Education, Training, Certification and Publications
The primary goal of the Information Systems Security Association, Inc. (ISSA) is to promote practices that will ensure the confidentiality, integrity; and availability of organizational information resources
About ISSA
What is Steganography?
Steganography - \Steg`a*nog"ra*phy\,
n. [Gr. steganos (covered or secret) + graphy
(writing or drawing).] The art of writing in cipher, or in
characters which are not intelligible except to persons
who have the key; cryptography.
The art and science of hiding information!
Steganography in History!
Herodotus, who documented the conflict between Persia and Greece in the fifth century B.C., felt that the art of secret writing saved Greece from Xerxes, the tyrant king of Persia.
Steganography in History!
Demeratus wanted to notify Sparta thatXerxes intended to invade Greece.
Sent a warning by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surface
Another Example:
Histaiaeus shaved the head of the messenger and tattooed the text on it!
Steganography in History!
Johannes Trithemius
Writes his famous bookStegoraphia c. 1499 in Frankfurt
• First book about Crypto. and Stego.• Appears to be about magic!• Now shown to be covertext
Steganography vs. Cryptography
• Hide message within another message
• Normal files are not suspicious
• No laws associated with itStego.
• Encrypt the original message
• Scrambled files or images may look suspicious
• Some laws ban cryptographyCrypto.
Steganography: Simple Examples
Null Cipher:Using innocent-sounding message to send the secret message
Fishing freshwater bends and saltwater coasts rewards anyone feeling stressed. Resourceful anglers usually find masterful leapers fun and admit swordfish rank and overwhelming any day.
Send lawyers guns and money
Steganography: Simple Examples
Microdots Are photographs the size of a printed period having the clarity of standard-sizedtypewritten pages.
The first microdots werediscovered masquerading asa period on a typed envelopecarried by a German agent in 1941.
Steganography: Simple Examples
Invisible inksAre colorless liquids that require heat, light, or a special chemical to change their colors and make them visible.
Example used by spies:Eggs have been used to hide secret messages.A message is written on the shell of a clean eggand the ink diffuses through the porous surfaceof the shell. When the egg is boiled thoroughly,the shell is carefully peeled off, revealing the message.
Encoder
Decoder
Cover
Image
Secret
ImageStego Object
Original
Cover
Secret
Image Communications
Channel
Basic Principle in Steganography
Steganography: Digital Images
Color Tables:
Images are composed of dots called pixels
Each pixel gets its own color by combining
percentages of red, green and blue (RGB)
Each of these colors has value from 0 to 255
Zero designates that the color is present
255 designates complete saturation of that color
RGB color model has 16,777,216 possible colors
Total of 255x255x255
Steganography: Digital Images
White Color:
R = 255G = 255B = 255
Color Saturation represented by 255
RED: R= 255 G = 0 B = 0
Steganography: Digital Images
LSB technique – Least Significant Bit:• A simple yet effective way of hiding data in an image for any purpose
• Replace the least significant bit (LSB) of each byte in the cover with a single bitfor the hidden message
11100101 01001110 10101101 10010111 … 01011010
10110010…
Least Significant Bit
Hidden message
Cover
Consider replacing LSB with letters of message or bits of the hidden image
Scale of the Problem
Unknown...there is little public information on the use of data hiding techniques by cybercriminals
Only recently has the security community started to concern itself with this subject
Lack of awarenessLack of professionally developed analysis tools and techniques
It is believed that advanced hiding techniques are used by Cybercriminals (organized crimes), terrorists, child pornographyCyber warfare and advanced malware development!
Scale of the Problem
# of AltaVista Keyword Hits on “Steganography”
(One hit/Website)
0
1000
2000
3000
4000
5000
6000
7000
Jan-
93
Jul-9
3
Jan-
94
Jul-9
4
Jan-
95
Jul-9
5
Jan-
96
Jul-9
6
Jan-
97
Jul-9
7
Jan-
98
Jul-9
8
Jan-
99
Jul-9
9
Jan-
00
Jul-0
0
Jan-
01
Time
# o
f Hits
Internet Hits for Steganography starts to increase
Scale of the Problem
• Over 140 data hiding packages and services currently available from numerous Web sites
• Platforms include:
Windows – DOS – Java – Macintosh - Unix/Linux
Real Scenario
How Cybercriminals will use Steganography?
Spy or Cybercriminal
Secret data or images for
target or victim
Cover Image or Carrier File
Stego Tool
Who will conduct the
crime?
Stego Medium
Secure Channel
Steganography: Carrier Files
Carrier File:
A file in which you can hide data using specific methods.
Carriers are usually multimedia files
(images, sounds, meshes, web pages, etc.)
Carrier File
JPEG, BMP, PNG Files
WAV Files
Web Pages
No restrictionsBut long files!
Depends on the size of carrier file. Uses LSB.
Real Scenario - Invisible Secrets!
Invisible Secrets:
- One of the best tools
- Lots of options
- Support Stego Encryption
- Widely used legally and illegally
- Transfer files securely
- Erase Internet Traces!
- Commercial software
Real Scenarios - Invisible Secrets!
Suppose this image has a secret!
How many people downloaded this secret?
Can law enforcement and computer forensic professional trace the criminal act
Will they know the identity of the criminals? (All are involved!)
DID YOU DOWNLOAD A SECERET? Who Knows!
Are We Going Further?
Even biological data, stored on DNA, may be a candidate for hidden messages, as biotech companies seek to prevent unauthorizeduse of their genetically engineered material.
DNA Based Steganography, DNA Cryptography and DNA Computers!
• Can steganography be detected?– Sometimes…many of the simpler steganographic
techniques produce some discernable change in the file size, statistics, or both. For image files, these include:• Color variations• Loss of resolution or exaggerated noise• Images larger in size than that to be expected• Characteristic signatures, e.g., distortions or patterns
– However, detection often requires a priori knowledge of what the image or file should look like
Detection!
Steganalysis - Stegdetect
• Automated tool for detecting Steganography content in images
• Currently-claimed detection schemes:– Jsteg
– JPHide
– Invisible Secrets
– Outguess 0.1.3b
• Analysis shows this program is extremely unreliable and provides excessive (i.e., near 100%) false-positives
• Evidence of Steganography software on computer– Forensics examination– Hashes of well-known files don’t match originals
• Transmission logs – Excessive/unusual e-mails involving pictures,
sound files, etc.
• Discernable (visual) changes• Statistical analysis
Evidence of Data Hiding
Defeating Forensics
• Several products currently available on the Internet that are designed to thwart forensic examination by wiping critical files on a hard disk
• Example:
– Evidence Eliminator
– www.evidence-eliminator.com
– “Buy protection for just $74.95(US) that will defeat Forensic Analysis equipment costing over $7000.00(US).”
• Increased convergence of Internet with telephony and other media will likely increase development and impact of new data hiding techniques
– Personal Digital Assistants - PDA
– Voice over IP
– PCS and Handheld, Mobiles etc
• Software piracy likely to increase criminals will actively work to develop new watermark attack techniques
• Sophisticated tools are readily available on the Internet, and are easy-to-use
• Development/use of information hiding products far outpaces the ability to detect/recover them;We are going to Biotechnological Era!
• There is a need for information security researchers!
Trends & Summary
Thank You
ISSA Egypt Chapter
http://www.issa-eg.org
Mohamed N. El-Guindy