Network Security and Cryptography Lecture 3&4

Network Security

and

Cryptography

Lecture 3 & 4

Uday Prakash Pethakamsetty

[email protected]

NS&C Dept. of ECE JNTUHCEH 2

Steganography

• an alternative to encryption• hides existence of message

– using only a subset of letters/words in a longer message marked in some way

– using invisible ink– hiding in LSB in graphic image or sound file

– Eg: Character marking• Invisible ink

• Pin punctures

• Typewriter correction ribbon

• Cryptography renders message unintelligible!• Steganography conceals the message!! i.e., to escape detection from any third party.

1/3/2013

steganography is a science and visual cryptography is a

technique to implement it

1/3/2013 NS&C Dept. of ECE JNTUHCEH 3

Developments in Steganography carriers

Steganography

• Ancient steganographic techniques:– Wax writing tables– Writing on stomachs of rabbits– Tattooed on the scalp of slaves– Invisible ink,….

• Modern steganographic techniques– Watermarking– Type writer correction– Spam-based– Digital Image based– Digital Audio signals– Changing document, image or any file properties– Null Cipher…


Steganography

• The steganography process generally involves placing ahidden message in some transport medium, called the carrier.The secret message is embedded in the carrier to form thesteganography medium. The use of a steganography key maybe employed for encryption of the hidden message and/or forrandomization in the steganography scheme.

• Steganography medium = hidden message + carrier + steganography key


Steganography- Framework


Cover Media

• Many options in modern communication systems:– Text, TCP/IP headers,…

• Perhaps most attractive are the multimedia objects: – Image

– Audio

– Video

• Generally, Image based steganography is more popular.


Steganography

• If system depends on secrecy of algorithm and there

is no key involved-PURE STEGANOGRAPHY

– Not desirable. Kerchoff’s principle. (one should always

assume that the analyst knows the encryption/decryption

algorithm. The resistance of the cipher to attack must be

based only on the secrecy of the key. So, Key must be

secured and KEY-DOMAIN must be large.)

• Secret Key based Steganography

• Public/Private Key based Steganography


Steganography classification• TS uses scientific methods to hide a message. Ex: Invisible

ink.

• LS hides the message in the carrier in some non-obvious

ways and is further categorized as semagrams or open

codes.

• Semagrams hide information by the use of symbols or signs.

• Open codes hide a message in a legitimate carrier message

in ways that are not obvious to an unsuspecting observer.

• Jargon code uses language that is understood by a group of

people but is meaningless to others.

• Covered ciphers hide a message openly in the carrier

medium so that it can be recovered by anyone who knows

the secret for how it was concealed.

• grille cipher employs a template that is used to cover the

carrier message.

• null cipher hides the message according to some

prearranged set of rules


Examples


Example 1 (Null Cipher):

President’s Embargo ruling should have immediate notice grave situation

affecting international law. Statement foreshadows ruin of many neutrals. Yellow

journals unifying national excitement immensely.

Apparently neutral’s protest is thoroughly discounted and ignored. Isman

hard hit. Blockade issue affects pretext for embargo on byproducts. Ejecting suets and

vegetable oils.

The German Embassy in Washington DC, sent these messages in telegrams to their

headquarters in Berlin during World War I (kahn 1996). Reading the first character

of every word in the first message or the second character of every word in the second

word in the second message will yield the following hidden text.

PERSHING SAILS FROM N.Y. JUNE 1

Example 2:

Susan eats truffles. Under pressure, that helps everything before owning major

Bullwinkle.

Reading the first letters in each word results in the following hidden text.

SET UP THE BOOM

LSB Embedding

• Least significant bits of picture frames

– 2048x3072 pixels with 24-bits RGB info

– Able to hide 2.3M message

• In ascending order of no. of bits embedded, the image becomes more and more meaning-less.


LSB Embedding-Steganalysis

• Neighborhood histogram of a cover image(top) and stegoimage with 40 KB message embedded (bottom).


Steganography

• Drawbacks– high overhead to hide relatively few info bits

– Virtually useless if system is known

• Improvement

– Using some “random” sequence of the last bit for

storing the data

– Challenge: produce such random sequence such

that the attacker cannot figure out the sequence!


Steganalysis

• Steganography-only attack: The steganography medium isthe only item available for analysis.

• Known-carrier attack: The carrier and steganographymedia are both available for analysis.

• Known-message attack: The hidden message is known.

• Chosen-steganography attack: The steganographymedium and algorithm are both known.

• Chosen-message attack: A known message andsteganography algorithm are used to create steganographymedia for future analysis and comparison.

• Known-steganography attack: The carrier andsteganography medium, as well as the steganographyalgorithm, are known.


Steganalysis

• Analyst( WENDY) can be passive:

– Examines all messages between Alice and Bob.

– Does not change any message

– For Alice and Bob to communicate, Stego-objectshould be indistinguishable from cover-object.

• Analyst can be active:

– Deliberately modifies messages by a little to thwartany hidden communication.

– Robust media watermarks provide a potential way forsteganography in presence of active Wendy(analyst).


Visual Cryptography

• Secret-sharing method that encrypts a secret

image into several shares but requires neither

computer nor calculations to decrypt the secret

image.

• Secret image is reconstructed visually, simply

by overlaying all the encrypted shares.

• Invented by Moni Naor & Adi Shamir


Cryptography vs Visual cryptography


Plain Text

Encryption

Cipher Text

Decryption

Plaintext

Plain Text (in the form of image)

Encryption (creating the shares)

Channel (FAX,Email)

Decryption (Human Visual system)

Secret Sharing

• Divide data N into p shares

• N can be constructed from any k shares out of the p shares.

• Complete knowledge of k-1 shares cant reveal any information about data N

• Written(k,p): k of p shares is necessary to reveal secret data.


Secret sharing-Example

5 thieves share a bank account

They don’t trust one another

They assume there will be no collusion between more than 2 of them.

The thieves split up the password for the account in such a way that:

Any 3 or more thieves working together can have access to account, but NOT < 3


VC-Basic logic

• This is the basic logic for the sub-pixellization in visual cryptography.


VC-How it works?

• Every single pixel is split into sub-pixels

• Human vision still perceives them as one pixel.

• Example(2,2) this 2 out of 2 method uses 2 foils, 1 pixel with 4 sub-pixels.

• This overlay results in black, so the original pixel was also black.


Computer representation of pixels

• Visual cryptography scheme represented in computer using n×m basis matrices.


Visual Cryptography

• For a set of p participants, a secret image N is encoded into p shadow images called shares.

• Each participant gets one share.

• K out of p participants are needed to combine shares and see secret image.


Visual Cryptography

• ADVANTAGES

1. Simple to implement

2. Encryption don’t require any NP-Hard problemdependency.

3. Decryption algorithm not required. So, even a layman can decrypt using his visual sense.

4. Cipher text can be sent through FAX or e-mail

5. Infinite computation power cant predict the message.


VC-Example(2,2)

Ex: Implementation of a (2,2) VTS


VC-Example(2,3)

Ex: Implementation of a (2,3) VTS


VC-How it works?

• Information is stored in an m n matrix N

• N[I,j]=1 means sub-pixel j in foil i is black

• N[I,j]=0 means sub-pixel j in foil i is white

• The overlay of the foils corresponds with theOR combinations of the m vectors in thematrix

• Grey level of the combined share isproportional to the hamming weight H(V) ofthe “OR”ed m-vector V.


VC & Steganography

• Decreases probability of attacker detecting a cryptosystem

• Simple method : Replace the Least significant bit of each pixel inan image with a bit of information from the secret– 2048x3072 pixels with 24-bits RGB info

– Able to hide 2.3M message

• Complex method : Redefining standards of black and white andchanging sub-pixel patterns

• Drawbacks– high overhead to hide relatively few info bits

– Virtually useless if system is known

• Improvement– Using some “random” sequence of the last bit for storing the data

– Challenge: produce such random sequence such that the attacker cannotfigure out the sequence!


VC&S Example

• Conceal a secret with two innocent-looking shares


VC for insecure groups

• Only certain groups of members can be trusted

• Instead of having a (2,3) threshold, only certain groups of people can recover the secret message.

• Groups of members are specified as qualified or forbidden


VC for insecure groups

TWO properties:

Contrast

When qualified users stack theirtransparencies they can correctly recover thehidden message.

Security

Even by inspecting all their shares, a forbiddenset of participants cant decide whetherhidden image pixel should be white or black.


VC for Insecure Groups-Example


VC for Insecure Groups-Example(2)


VCS-Related references

• Visual cryptography (1995)-Moni Naor & Adi Shamir• Constructions and bounds for visual cryptography (1996)- Ateniese, Blundo.• Visual cryptography: Threshol Schemes and information hiding (1999)- Xian, Heys,

Robinson• Extended capabilities for visual cryptography (1999)- Ateniese, Blundo.• Doug Stinson’s Visual cryptography Page

(http://cacr.math.uwaterloo.ca/~dstinson/visual.html)• Visual Cryptography

(http://www.dia.unisa.it/VISUAL/whatis.htmL)• Visual Cryptography Kit (www-lce.eng.cam.ac.uk/~fms27/vck) • Introduction to Steganography http://www.garykessler.net/library/fsc_stego.html.• Steganalysis programs, “stegparchive.com”• stegano.net• http://www.youtube.com/watch?v=TICwSUlhRWg


Documents

Network Security and Cryptography Lecture 3&4