Presentation on

Steganography and Cryptography

By
Ajay Taneja, Training Branch, NCRB

Steganography

What is Steganography?

The word steganography comes from the Greek steganos , meaning covered or secret, and graphy , meaning writing or drawing.
Steganography means covered writing.

Steganography takes one piece information and hides it within another

of

Contd

The files can then be exchanged without anyone knowing what really lies inside of them An image of the space shuttle landing might contains a hidden message. Nowadays Steganography is used for hiding copy rights and other commercial information.

Steganography Terms

A file which has hidden information inside of it. Stego-Medium The medium in which the information is hidden Message The data to be hidden (can be a plain text or encrypted one) Redundant Bits Pieces of information inside a file which can be overwritten or altered without any damage Carrier File

Steganography Process

The data to be concealed is compressed and hidden within another file. The first step is to find a file which will be used to hide the message (also called a carrier or a container.) The next step is to embed the message one wants to hide within the carrier using a steganographic technique

Steganography Methods
The two most common methods are:

1. Least Significant Byte (LSB) 2. Injection

Least Significant Byte (LSB)

Usually files contains some bytes which are not really required/important. These areas can be replaced with hidden information without damaging the file. LSB method works best in picture files with high resolution LSB works with audio files having many different sounds of high bit rate. LSB method usually does not increase the file size but if hidden info. is large, file may be distorted. The covering media should be at least 8 to 10 times more than message size so that it will be non detectable.

Injection

Injection is quite a simple method which simply involves directly injecting the secret information into the carrier file. The main problem with this method is that it can significantly increase the size of the carrier file.

Steganography Methods contd..

Digitally embedding messages in other media such as :

Plain Text Hypertext Audio / Video Still Images

Steganography In Plain Text

Steganography with plain text can be done in following ways:
Using selected characters or words from a specially-crafted cover-text (example given below ) Introducing white-space characters that a text viewer wont display

Example Susan eats truffles. Under pressure, that Helps everything before 0wning Major Bullwinkle.

Steganography In Plain Text

Steganography with plain text can be done in following ways:
Using selected characters or words from a specially-crafted cover-text (example given below ) Introducing white-space characters that a text viewer wont display

Example Susan eats truffles. Under pressure, that helps everything before owning Major Bullwinkle.

Set Up the boMB

Steganography In Hypertext
Steganography with Hypertext can be done in following ways:
Similar methods as Plain Text Hypertext comment notation (viewsource) Arrangement of content on a given page Presence or absence of content elements (images, phrases, etc.)

Steganography In Images
In images data will be hided in visual itself. Some methods include are:

Using slightly different colors to hide a message Digital watermarking Digitally embedding a message into an image file

LSB method is used for hiding information in images An image of high quality and resolution is best for hiding data. ex. 24 Bit bitmap image file

Example of Embedding in Images

An image may have the following three pixels (9 bytes) in it somewhere:
(01010010, 10010110, 10100100) (10110100, 10010001, 01001110) (10110110, 00101110, 11010001)

If we wanted to hide the byte value 131 (10000011), we use the least significant bit from each byte to hide our byte:
(01010011, 10010110, 10100100) (10110100, 10010000, 01001110) (10110111, 00101111, 11010001)

LSB hiding in 24 bit bmp picture

The right picture contains 4862 hidden letters

LSB hiding using 1 bit and 4 bit

Hiding by 1 bit Hiding by 4 bits

Steganography In Audio
Messages can be hidden in common audio formatted files or the audio itself. Some methods include:

Transmitting a message in the human-inaudible audio spectrum Digitally embedding a message into an audio file

Digitally Embedding

Digitally embedding a message in a covermedium usually involves two steps:

Identify the redundant bits of a covermedium Deciding which redundant bits to use and then modifying them

Generally, redundant bits are likely to be the least-significant bits of each byte of the cover-medium

Digitally Embedding in Audio

Audio is a very inaccurate data format Slight changes will be indistinguishable from the original to the human ear In Audio, you can use the leastsignificant bits of each byte as redundant bits Use the redundant bits to minimize the impact of changes

Example: Audio Embedding

Lets assume an audio file had the following 8 bytes of data in it somewhere: 180, 229, 139, 172, 209, 151, 21, 104

In binary, this would be: 10110100-11100101-10001011-10101100-11010001-1001011100010101-01101000

If we wanted to hide the byte value 214 (11010110), we use the least significant bit from each byte to hide our byte: 10110101-11100101-10001010-10101101-11010000-1001011100010101-01101000 The changes result in the following bytes, which are so close to the originals that the difference will be inaudible: Modified: 181, 229, 138, 173, 208, 151, 21, 104 Original: 180, 229, 139, 172, 209, 151, 21, 104

Steganography In Video
Like Audio, messages can be hidden in common video formatted files or the video itself. Some methods include:

The presence or absence of objects in the recorded environment Visual Clues such as:

Hand or foot positions Eye-blink code

Digitally embedding a message into a video file

Pictorial Steganography System

Hiding messages
Message File Cover File Message File

Steganography Tool

Steganography Tool

Steg File (with hidden data)

Steg File (with hidden data)

Hiding messages

Extracting messages

Simple code to hide files in image in Windows

1. 2. 3. 4. 5. 6. 7. Create a new folder in C: or D: drive Place all the files in it that you want to hide Copy any image of yours in it (abc.jpg) Make a WINRAR archive of all the files that you need to hide (stegn.rar) Now open cmd (Start->Run->cmd) Go to the folders location Now just type the following command with name that corresponds to your file copy /b abc.jpg + stegn.rar stegn.jpg This command creates new image file stegn.jpg which contains both abc.jpg + stegn.rar files. Now the receiver can use WINRAR to open stegn.jpg file and extract the files which you had zipped earliar in step 2 above.

8. 9.

Steganalysis
The process utilized to detect and/or estimate potentially hidden information from observed data with little or no knowledge about the steganography algorithm and/or its parameters.

Cryptography

What is Cryptography?

Cryptography is the art and science of writing secret codes The term is derived from the Greek language krytos - secret graphos - writing Its an art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free. Cryptography is math oriented and uses patterns and algorithms to encrypt messages, text, words, signals and other forms of communication.

Contd.
Two main areas of cryptography are

Cipher Code

Cipher & Code

Code : This method involves the replacement of complete words or phrases by code words or numbers. Example in code encryption one may have R4D7 meaning Bin and T600 mean Laden and 63U0 meaning Dead. The code encrypted message would be "RD47 T600 63U0" for Bin Laden Dead. Cipher : Works on the principal of replacing individual letters by other numbers or letter. Example
Assign each letter a progressively higher number, where A=1, B=2, and so forth. Using this formula for example, the word "wiseGEEK", once encrypted, would read "23 9 19 5 7 5 5 11".

Cryptography Broken Down!!!

Two types of cryptosystems are there: Symmetric : Uses the same key (the secret key) to encrypt and decrypt a message. Asymmetric : Uses one key (the public key) to encrypt a message and a different key (the private key) to decrypt the message.

Symmetric Cryptosystem!

The sender and receiver know and use the same secret key. The sender uses the secret key to encrypt the message. The receiver uses the same secret key to decrypt the message.

Symmetric Challenges!

Agreeing on the key while maintaining secrecy. Trusting a phone system or some transmission medium. The interceptor can read, modify, an forge all messages

Key Management!!!

The generation, transmission, and storage of a key. All cryptosystems must deal with key management issues. Because all keys must remain secret there is often difficulty providing secure key management.

ASymmetric Cryptosystem!

Created to solve key management problems. Created by Whitfield Diffie and Martin Hellman in 1976. Encryption key: Public Key Decryption key: Private Key The public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Software's are available in the market for generating pairs of Public and Private key. After generating public and private key from software, send the public key to the person from whom you want encrypted message. The recipient will send the message encrypted with Public key to you and you can decrypt that message using corresponding Private key. It is virtually impossible to find the private key if you know the public key.

Hash functions

Cryptographic hash functions are designed to take a string of any length as input and produce a fixed length hash value Cryptography can be used for user authentication also, that is, providing the recipient with assurance that the encrypted message originated from a trusted source Hash functions are used instead of private key or public key cryptography The value derived from applying the hash function can be re-calculated at the receiving end, to ensure that the message has not been tampered with during transit

Hash functions

A cryptographic hash function at work. Note that even small changes in the source input drastically change the resulting output,

Steganography vs. Cryptography

Steganography goal is to keep the presence of a message secret, or hide the fact that communication is taking place Cryptography goal is to obscure a message or communication so that it cannot be understood Steganography and Cryptography make great partners. It is common practice to use cryptography with steganography

Thank You