Information Hiding

Cryptography & Steganography

Lesson 6
What is Cryptography

 Protecting information by transforming it into an

unreadable format
 Encryption is the process that transforms the data
into the unreadable format, Decryption restores it to
its original format.
 Used to prevent information from “falling into the
wrong hands”
 Data is only available to the people that are
supposed to see it
A little history
 Cryptography is not new
1900 BC hieroglyphics
60 BC Caesar cipher
– Simple substitution cipher
– Replace each letter with alphabet shifted K letters
– If K=3 then “hello” becomes “khoor”
Thomas Jefferson considered by some to be the father of U.S.
cryptography
Cryptography vital during World Wars
– German Enigma machine in WW II
“Lucifer” IBM project in late 1960’s became successful
commercial product
How does it work

 A few terms
Plaintext – the original message
Ciphertext – the encrypted message
Encryption – how the message is scrambled
Decryption – how the message is unscrambled
Cryptographic system – specific method of encryption and
decryption (also called a cipher or cryptosystem)
Transposition – rearranging elements
Substitution – replacing elements
How does it work

 Encryption is NOT the same as a code

 Code – words are substituted for other words
 Navajo code talkers from WW II
“dah-he-tih-hi (hummingbird) substituted for “fighter
plane”
“besh-lo” (iron fish) meant “submarine”
How does it work

 Encryptkey(Plaintext) = Ciphertext
 Decryptkey(Ciphertext) = Plaintext
 Must know method and key (if used)
 Not all crypto methods use keys
How does it work

 Caesar cipher
Plaintext = “hello”
Encryption method = substitute letter with letter plus 3
Encrypt(“hello”) = Ciphertext = “khoor”

 How can we make this method more secure?

How does it work

 Caesar cipher with incrementing substitution

Plaintext = “hello”
Encryption method = substitute letter with letter(I)
where I starts at 3 and increments 1 for each letter
Encrypt(“hello”) = Ciphertext = “kiqrv”
 Digital Cryptography
 Block Ciphers
Operate on blocks of plaintext and ciphertext – usually 64
bits.

 Stream Ciphers
Convert plaintext to ciphertext 1 bit at a time.

Key K Keystream Key K Keystream

Generator Generator
Keystream Ki Keystream Ki
Plaintext Ciphertext Plaintext
Pi XOR XOR Pi
Ci
Different Methods

 Symmetric – same key is used for both encryption

and decryption (also called private key
encryption)
DES - Data Encryption Standard
– Loosely based on Lucifer which used 112 bit keys
– NSA asked that the key length be shortened to 56 bits
Triple-DES – variant of DES
AES - Advanced Encryption Standard
IDEA – International Data Encryption Algorithm
Different Methods

 DES
Encrypts 64-bit blocks using a 56-bit key
64-bit block is permutated
64-bit block split into two 32-bit blocks
Each sub-block is combined with the key and
processed 16 times
Sub-blocks are joined and sent through an inverse
permutation process
How DES works
How DES works
How DES works
 S-Boxes
Integral part of DES algorithm
Selects which 32 bits to use after the key and 32-bit
data block have been shifted and combined
Some suspect NSA inserted a “trap door” into the S-
Box function
U.S. Senate officially cleared NSA of any improper
manipulation of the DES algorithm though official
findings are classified
 Triple DES

Encipher

DES DES-1 DES

Plaintext K1 K2 K1 Ciphertext

DES-1 DES DES-1

Decipher
Different Methods

 Skipjack – developed and released by NSA

Uses 80-bit keys
Used in Clipper chip
– Meant to help FBI combat criminals using encryption
– Built in back door for law enforcement
– Government has “master key”
– Key escrow – session key held for later release to law
enforcement when needed
Government tried to force this as a standard
Not widely accepted
Different Methods

 Problems with symmetric methods

Same key is used to encrypt and decrypt
Shared key is more likely to be compromised
Possible to brute force short keys
Certain keys are weak
Different keys can produce identical ciphertext
Distribution of keys
Different Methods

 Asymmetric – uses two different keys (also called

public key)
Private key – known only to one party
Public key – available to anyone
Diffie-Hellman
– 1976 - First discussion of public-key distribution system
RSA (named for its inventors Ron Rivest, Adi Shamir,
and Leonard Adleman)
PGP (Pretty Good Privacy)
Different Methods

 Diffie-Hellman Method
Ciphertext = Encrypt public key[Plaintext]
Plaintext = Decrypt private key[Ciphertext]
Each party creates their own private key
Each party computes a public key using a mathematical
function of the private key
Public keys are exchanged
Message key is computed from other person’s public key and
your own private key
If the math is right, the message key is the same on both sides
Uses of Public Key Cryptography

 Digital Signatures
Used to authenticate digital material
Prove identity and validity of action or material
 Transmission of symmetric key (public key
encryption is generally slower)
Uses of Public Key Cryptography

 Digital Signatures and Public Key Encryption

Message encrypted or signed with private key of sender
and public key of recipient
Recipient decrypts with own private key and sender’s public
key
Only sender has the right private key so if it decrypts it must
have come from the sender
NOTE: Assumes keys have not been compromised
Uses of Cryptography
 SSL – Secure Socket Layer
Used to encrypt web-based transactions
Usually 40, 56, or 128-bit key lengths
Very popular with e-tailers
Look for little padlock on your browser
 TLS – Transport Layer Security protocol
Developed by Internet Engineering Task Force (IETF) and based
on SSL
 SET – Secure Electronic Transactions
The SET™ Specification, is an open technical standard for the
commerce industry developed by Visa and MasterCard as a way to
facilitate secure payment card transactions over the Internet.
Uses of Cryptography

 Digital Certificates
Used to encode and verify messages
Requires a Certificate Authority that creates a digital
certificate based on a private key and other
authentication information
Implements the “trusted third party” concept
X.509 is a popular standard for defining digital
certificates
Uses of Cryptography

 VPN (Virtual Private Network)

Connects geographically separate offices using public
communication means
Packets are usually “tunneled” – entire packet is encrypted
and encapsulated in a new packet before sending
Hardware or software based
Sometimes integrated into firewalls
Usually cheaper than leased lines
Very good for mobile employees that need access to the
company network
Uses of Cryptography

 Key Escrow and Key Recovery

Keys held in “reserve” in case the original keys are
lost or damaged
Usually split between two parties, each with half of
the key
Often requires two or more people to access and
recover key
Breaking Crypto
 Weaknesses
The human factor
– Two person authentication
Security of key and message
Key length
– Short keys can be broken even with a good algorithm
Algorithm
– Very difficult to develop a secure algorithm
– Weak algorithm can be insecure even with a long key
Breaking Crypto

 Differential Cryptanalysis
Look for differences in pairs of messages
Only works on certain ciphers
 Linear Cryptanalysis
Looks for simple approximation of encryption function
 Differential Power Analysis
Measures power consumption of hardware encryption
devices
DPA
Breaking Crypto

 Brute Force
Just try different keys until you get one that works
 DES Challenge
Worked off of 56 bit keys
Sponsored by RSA to show weaknesses in DES
Electronic Frontier Foundation built special system (DES Cracker)
to crack DES in 56 hours
Jan 19, 1999 – Distributed.Net cracks 56-bit DES in 22 hours and
15 minutes using 100,000 PCs on Internet and DES Cracker
Testing 245 billion keys per second
Depends on where key falls in possible keyspace
Breaking Crypto

 Crypto potentially vulnerable to advances in

computing power
 Moore’s Law
Named after creator Gordon Moore of Intel
Computing power advances a factor of 10 every 3.3
years
Computing power advances a factor of 100 every
decade
Breaking Crypto

 56-bit DES broken in less than a day

Roughly 70 thousand trillion possible keys
 128-bit DES would have 3 * 10^38 possible keys
1 billion processors capable of processing 100 million
keys/sec would take 10^20 years to try all keys
 Cracking just needs to find a suitable key, not try
every combination
Hiding Information
 Cryptography – concerned with protecting the content of
information but is not concerned with hiding its existence.
 Covert Channels – “communication paths that were neither
designed nor intended to transfer information at all.”
 Anonymity – “finding ways to hide the metacontent of messages
(i.e. the sender and the recipients of a message).”
 Steganography – concerned with hiding the existence or
presence of a message.
 Watermarks – used to indicate ownership
Visible digital watermarks
Imperceptible digital watermarks
Applications of Information Hiding
 Unobtrusive communications – important on the modern
battlefield.
Detection of a signal may lead quickly to the sender being
attacked.
 Automatic monitoring of copyrighted material on the Web
A ‘bot’ can search the web for copies of marked material
identifying illegal copies
 Tamper proofing – information hidden may be a signed
“summary” or a hash value which can be used to detect
unauthorized modifications.
 Data augmentation – information can be added for the
benefit of the public (e.g. details about the work,
annotations, purchasing info, …)
Steganography
 Steganography
 Literally means “covered writing”
 The practice of hiding a message in such a manner
that its very existence is concealed.
Done by embedding the message in some medium such
as a document, image, sound recording, or video.
Those who know the medium contains a message can
extract it.
For those who don’t know about it, the message will be
completely invisible.
 Related concept is digital “watermarking”
Steganography -- historical examples

 In the Histories of Herodotus

Demaratus wanted to notify the Spartans that
Xerxes planned to invade Greece. He had the wax
scraped off of writing tablets, the message carved
into the wood, then recovered with the wax. The
message was thus hidden.
 Shave the head of a messenger, tattoo the
message on his head, let his hair grow back.
 Codes, invisible ink, microdots
Historical example:
Encoded messages
 “Pershing sails from N.Y. June 1”
Example 1: President’s embargo ruling should have
immediate notice. Grave situation affecting international law,
statement foreshadows ruin of many neutrals. Yellow journals
unifying national excitement immensely.
Example 2: Apparently neutral's protest is thoroughly
discounted and ignored. Isman hard hit. Blockade issue
affects pretext for embargo on byproducts, ejecting suets and
vegetable oils.
Classic Steganography Model
 “Prisoners’ problem”
Alice and Bob are arrested for some crime and are thrown in
two different cells.
They want to develop an escape plan, but all communication
between them is arbitrated by the warden.
The warden will not let them communicate using encryption
and in fact will not allow them to communicate at all if
suspicious communications are detected.
Thus, both parties must communicate “invisibly”
– e.g. they must be able to hide meaningful information in some
harmless message.
The warden may alter messages or forge messages as well
so the system they develop must be able to handle these
occurrences.
Stego Process
Cover
objects

Stego Stego Transmission over

Scheme object insecure channel
Secret
Message
Stego Key

Stego Stego Secret

object Scheme Message

Stego Key
Stego Keys
 Private key steganography
Similar to a symmetric cipher
Only individuals knowing the secret key can extract the
hidden message
 Public Key steganography
Does not rely on the exchange of a secret key
Requires the use of two keys, one public and one private, for
each individual
Public key of receiver used in embedding process, private
key of receiver used in extraction process
 Steganographic Classifications
 Substitution systems – substitute redundant parts of a cover with a
secret message.
Least significant bit replacement
Unused or reserved space (e.g. files)
 Transform domain techniques – embed secret information in a transform
space of the signal (e.g., in the frequency domain).
 Spread spectrum techniques – adopting ideas from spread spectrum
communication
 Statistical methods – encode info by changing several statistical
properties of a cover and use hypothesis testing in the extraction process
 Distortion techniques – store information by signal distortion and
measure the deviation from the original cover in the decoding step.
 Cover generation methods – encode information in the way a cover for
secret communication is created.
 Hiding images in files
 Takes advantage of coding scheme
For pictures, each pixel represented by 1 or more bytes.
If the least significant bit is used to encode the message, small
variations in the picture may occur but the message will be hidden
inside.
A 400 x 300 image will have 120,000 pixels thus
– if 8 bit coding scheme (256 colors) 120,000 bits of coded message can be
encrypted or 15,000 bytes (characters).
– If RGB scheme used with 3 bytes/pixel (one for each color RGB) even more
data can be hidden since the resulting file is much larger.
Steganography
111 000 000 000 111
000 111 000 111 000
000 000 111 000 000
000 111 000 111 000
111 000 000 000 111

111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111

CAB = 01000011 01000001 01000010

8 shades of gray

000 001 010 011 100 101 110 111

 Steganography

111 000 000 000 111

000 111 000 111 000
000 000 111 000 000
000 111 000 111 000
111 000 000 000 111

CAB = 0 1 0 0 0 0 1 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 1 0
Original = 111 000 000 000 111 000 111 000 111 000 000 000 111 000 000 000 111 000 111 000 111 000 000 000 111

Hidden = 110 001 000 000 110 000 111 001 110 001 000 000 110 000 000 001 110 001 110 000 110 000 001 000 111

8 shades of gray

000 001 010 011 100 101 110 111

 Steganography
Hidden = 110 001 000 000 110 000 111 001 110 001 000 000 110 000 000 001 110 001 110 000 110 000 001 000 111

110 001 000 000 110

000 111 001 110 001
000 000 110 000 000
001 110 001 110 000
110 000 001 000 111
original

hidden

original

8 shades of gray

000 001 010 011 100 101 110 111

Example (hideseek on gif file)

Original

Version with hidden text

Text: “This is a MacGregor 26X.”

 Example (hideseek on gif file)

Original Version with hidden text

Text: “This is a MacGregor 26X under power.

Cool looking boat with lots of neat features.

Uses water ballast system so very easily trailered.

This also results in an extremely shallow draft so

it can be easily beached..”
Example (PGE on jpg file)

Original Picture with hidden text

Text: “A sample text to hide.”

 Example (PGE on jpg file)

Original Picture with hidden text

Text: “A sample text to hide.

This is a larger file to hide.

The photo is cool, how did that car get

underneath the jet in the first place?”
 Example (Hide4pgp with wav)

Original Wav file with hidden text

Text: “An example of text hidden in a sound file.”
Steganography (TextHide)
Steganography (TextHide)
Some problems for stego
 Steganographic systems are extremely sensitive to
cover_object modifications (e.g. smoothing, filtering,
compressions).
 Lossy compression can result in total loss of the hidden
message.
Lossy compression techniques attempt to remove
imperceptible (“unneeded”) signal components to reduce the
size. The message may thus be lost entirely.
 Addition of noise may also modify the hidden message
and may not be able to be filtered out.
 What can you do about it?
 First of all, why worry?
There are some legitimate concerns but often there are many other easy ways to
conceal/capture info.
 Detection
Watermarks harder than complete stego images
Any manipulation of image introduces distortion
Changes between colors rarely occur in 1-bit shifts
– (not true of gray-scale)
one way to foil is to use color palettes that change dramatically with 1-bit shifts
Steganalysis
 Attempt to detect the existence of hidden information
Stego-only attack: only the stego-object is available for analysis
Known cover attack: the original cover-object and stego-object are
both available.
Known message attack: the hidden message and the stego-object
are available.
Chosen stego attack: The stego tool (algorithm) and stego-object
are known.
Chosen message attack: goal is to determine the specific stego tool
or algorithm
Known stego attack: the tool (algorithm) is known and both the
original and steg-objects are available.
Digital Watermarking
 Like steganography, is a technique used to
imperceptibly convey information by embedding it into
the cover-data.
Stego as described so far typically used for point-to-point
communication
– Methods usually not robust enough to handle more than minor
technical modifications of the data as a result of events such as
compression or format conversion.
Watermarking has the additional notion of resilience against
attempts to remove the hidden data.
Watermarking
 All methods share same components:
Watermark embedding system
Watermark recovery system
Watermark W

Digital Watermarked
Cover Data I
Watermark Data I’

Secret/public key K
Watermark W
or original data I
Watermark Watermark or
Test Data I’
detection Confidence measure

Secret/public key K
Watermarking Applications
 Watermarking for Copy and Copyright
protection.
 Fingerprinting for “traitor tracking”
Useful in monitoring or tracing back unauthorized
copies
 Image authentication
Summary
 What is the Importance and Significance of this
material?

 How does this topic fit into the subject of “Voice

and Data Security”?

This is a hidden message—you find it you win--RJK