File000133

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Scenario
A couple from Manchester was charged of plotting a terrorist act.
Taxi driver Habib Ahmed of Elmfield Street, Cheetham Hill and his
wife Mehreen Haji were held in police custody in London.
Ahmed, age 27, was accused of making computer records of
possible terror targets and undergoing a course of weapons
training at a Pakistani terror camp between April and June of
2006. 25-year-old Haji was accused of providing just under £4,000
to finance her husband's alleged terrorist activities.
The police seized the computer from Ahmed and also recovered a
significant amount of material from the computers.

EC-Council
News: New Software Can Easily Read
Messages Hidden in Noisy Digital Images
Source: http://www.thaindian.com/

EC-Council
Module Objective
• Steganography
• Model of Stegosystem
• Classification Of Steganography
• Different Forms of Steganography
• Issues in Information Hiding
• Cryptography
• Steganography vs. Cryptography
• Stego-forensics
• Watermarking
• Steganography tools
This module will familiarize you with:

EC-Council
Module Flow
Steganography
Classification Of
Steganography
Model of Stegosystem
Issues in Information
Hiding
Different Forms of
Steganography
Steganography vs.
Cryptography
Cryptography
Steganography Detection
Steganography tools
Watermarking

EC-Council
Steganography
Steganography is defined as “The art and science of hiding information by
embedding messages within other, seemingly harmless messages”
It involves placing a hidden message in some transport medium
The meaning is derived from two Greek words mainly “Stegos” which means
secret and “Graphie” which means writing

EC-Council
Model of Stegosystem
Stegosystem describes the process that is used in performing
steganography

EC-Council
Steganography Concepts

EC-Council
Application of Steganography
Steganography is used to hide communication
In military applications, where even the knowledge of
communication between two parties can be critical
Health care especially medical imaging systems, may benefit from
information hiding techniques
Other areas where steganography is used are workplace
communication, digital music, terrorism, and the movie industry

EC-Council
Classification of Steganography
Steganography
Technical
Steganography
Linguistic
Steganography
Semagrams
Visual Semagrams
Text Semagrams
Open codes
Jargon code Covered Ciphers
Null Cipher
Grill Cipher
Digital
Steganography

EC-Council
Technical Steganography
Technical steganography uses the physical or chemical means
to hide the existence of a message
Some of the technical steganography types include use of
invisible ink or microdots
Microdots method is a page sized photograph minimized to
1mm in diameter
The photograph is reduced with the help of reverse microscope

EC-Council
Linguistic Steganography
Linguistic steganography hides the message in the carrier in some non-
obvious ways
It is further categorized into semagrams and open codes
• Visual semagrams use innocent-looking or everyday physical objects
to convey a message, such as doodles or the positioning of items on a
desk or website
• Text Semagrams hide a message by modifying the appearance of the
carrier text, such as subtle changes in the font size or type, adding extra
spaces, or different flourishes in letters or handwritten text
Semagrams hide information using symbols or
signs:

EC-Council
Linguistic Steganography (cont’d)
• Text is carefully constructed
• Positioning text conceals messages
Open codes Steganography:

EC-Council
Open codes Steganography is divided into:
• It is a language that a group of people can
understand but is meaningless to others
The Jargon code:
• The message is hidden openly in the carrier
medium so that anyone who knows the secret
of how it was concealed can recover it
• It is again categorized into Null ciphers and
Grille Ciphers
Covered ciphers:

EC-Council
• A null cipher is an ancient form of encryption where the
plaintext is mixed with a large amount of non-cipher
material
• It can also be used to hide ciphertext
Null Ciphers:
• In this technique, a grille is created by cutting holes in a
piece of paper
• When the receiver places the grille over the text, the
intended message can be retrieved
Grille Ciphers:

EC-Council
Digital Steganography Techniques
Digital Steganography hides secret messages in digital media
• Injection
• Least Significant Bit (LSB)
• Embedding during Transform Process
• Spread Spectrum Encoding
• Perceptual Masking
• Cover Generation Technique
• Statistical Method Technique
• Distortion Technique
The techniques used in digital
steganography:

EC-Council
Injection
The secret message is injected into the host’s medium
Drawback: The host file gets larger and makes it easier to detect the message
Example: In the web page, the message ‘This is a sample of Stego’ is displayed, whereas in
the source code of the web page, a secret message ‘This is the hidden message” is viewed

EC-Council
Least Significant Bit (LSB)
In LSB, the right hand side bit in the binary notation is substituted with the
bit from the embedded message
Data is no longer secure if the attacker knows LSB substitution technique is
used

EC-Council
Transform Domain Techniques
A transformed space is generated when the file is compressed
at the time of transmission
This transformed space is used for hiding the data
Discrete Cosine Transform (DCT), Discrete Fourier
Transform (DFT), and Wavelet Transform are used to embed
secret data during the transformation process

EC-Council
Spread Spectrum Encoding
Techniques
• In direct sequence, the stream of information is divided into small
parts, each of which is allocated across to a frequency channel across
the spectrum
Direct Sequence
• In frequency spectrum, the bandwidth spectrum is divided into many
possible broadcast frequencies
Frequency Spectrum
It encodes a small band signal into a wide band cover
The encoder modulates a small band signal over a carrier
Spread Spectrum Encoding techniques are of two types:

EC-Council
Perceptual Masking
Perceptual masking is a type of steganography that refers to
masking of one signal over the other making it difficult for the
observer to detect
Masking tone
Level (dB)
time
Inaudible tones (under curve)
freq

EC-Council
Cover Generation Technique
A cover is generated to hide the information, contrary to the one that
chooses a cover object to hide the data
Spam Mimic tool is used to embed a text message into a spam
message that is emailed to the desired destination

EC-Council
Statistical Method Technique
This method uses the 1-bit
steganographic scheme
It embeds one bit of information in the
digital carrier

EC-Council
Distortion Technique
This technique creates a change in
the cover object in order to hide the
information
The secret message is recovered by
comparing the distorted cover with
the original one
Original image
Distorted image

EC-Council
Different Forms of Steganography
• Text file steganography
• Image File steganography
• Audio File steganography
• Video File steganography
Steganography comes in different
forms:
Text
File
Image
File
Audio
File
Video
File

EC-Council
Text File Steganography
• It uses spaces in between words or sentences to hide the
data
Open space steganography
• It modifies the word order or uses punctuation for hiding
the data
Syntactic steganography
• It uses synonyms to encode the secret message
Semantic steganography
Steganography in the Text files include:

EC-Council
Image File Steganography
• GIF- Graphic Interface Format
• BMP- A Microsoft standard image
• JPEG- Joint Photographic Experts
• TIFF- Tag Image File Format
Four image file compressions
commonly used in steganography:
Image file properties relate to how digital images vary
in terms of their resolution, width, and height

EC-Council
Steganography Techniques in
Image File
Least Significant Bit Insertion in
Image files
Masking and Filtering in Image
files
Algorithms in Image files

EC-Council
Image Files
The rightmost bit is called the Least Significant Bit (LSB)
The LSB of every byte can be replaced with minor change to the overall
file
The binary data of the secret message is broken up and then inserted
into the LSB of each pixel in the image file
• Using the Red, Green, Blue (RGB) model, a stego tool makes a copy of
an image palette
• The LSB of each pixel 8-bit binary number is replaced with one bit
from the hidden message
• A new RGB color in the copied palette is created
• The pixel is changed to the 8-bit binary number of the new RGB color
Hiding the Data:

EC-Council
Image Files (cont’d)
• 01001101 00101110 10101110 10001010 10101111 10100010 00101011
101010111
• The letter “H” is represented by binary digits 01001000. To
hide this “H” above stream can be changed as:
• 01001100 00101111 10101110 10001010 10101111 10100010 00101010
101010110
• To retrieve the “ H”combine all LSB bits 01001000
Recovering the data :
• The stego tool finds the 8-bit binary number of each pixel RGB color
• The LSB of each pixel's 8-bit binary number is one bit of the hidden data file
• Each LSB is then written to an output file
Example: Given a string of bytes

EC-Council
Process of Hiding Information in
Image Files

EC-Council
Masking and Filtering in Image
Files
Masking technique hides data in a similar way like watermarks on the
actual paper
Masking and filtering techniques hide information by marking an image
which can be done modifying the luminance of parts of the image
Masking and filtering techniques are mostly used on 24 bit and
grayscale images
Masking techniques hide information in such a way that the hidden
message is more integral to the cover image than simply hiding data in
the "noise" level
Masking adds redundancy to the hidden information

EC-Council
Algorithms and Transformation
Another steganography technique is to hide data in mathematical
functions that are in compression algorithms
JPEG images use the Discrete Cosine Transform (DCT) technique to
achieve image compression

EC-Council
(C0nt’d)
• Take the DCT or wavelet transform of the cover image and find the
coefficients below a specific threshold
• Replace these bits with bits to be hidden
• Take the inverse transform and store it as a regular image
Hiding data:
• Take the transform of the modified image and find the coefficients below a
specific threshold
• Extract bits of the data from these coefficients and combine the bits into an
actual message
Recovering the data:

EC-Council
(C0nt’d)

EC-Council
Audio File Steganography
Information can be hidden in a audio file by using LSB or by
using frequencies that are inaudible to the human ear
High frequency sound can be used to hide information as
human ear cannot detect frequencies greater than 20,000
Hz
Information can be hidden using musical tones with a
substitution scheme

EC-Council
Low-bit Encoding in Audio Files
Low bit Encoding is a type of audio steganography, which is similar to Least Bit
Insertion method done through Image Files
Binary data can be stored in the least important audio files
The channel’s capacity is 1 kilo byte per second per kil0hertz

EC-Council
Phase Coding
• The original sound sequence is shortened into short segments
• A DFT (Discrete Fourier Transform) is applied to each segment
to create a matrix of the phase and magnitude
• The phase difference between each adjacent segment is
calculated
• For all other segments, new phase frames are created
• The new phase and original magnitude are combined to get a new
segment
• The new segments are concatenated to create the encoded output
The method is described below:
Phase coding is the phase in which an initial audio segment is
replaced by a reference phase that represents the data

EC-Council
Spread Spectrum
The encoded data is spread across as much as the frequency spectrum
Spread Spectrum can be clearly illustrated by using Direct Sequence Spread
Spectrum (DSSS)
Unlike phase coding, DSSS does introduce some random noise to the signal

EC-Council
Echo Data Hiding
In echo data hiding technique, an echo is embedded into the host audio
signal
Three Parameters of echo:
Initial Amplitude
Decay Rate
Offset

EC-Council
Video File Steganography
Discrete Cosine Transform (DCT) manipulation is used to
add secret data during the video transformation
The techniques used in audio and image files are used in
video files, as video consists of audio and image
A large amount of secret messages can be hidden in video
files since it is a moving stream of images and sound

EC-Council
Steganographic File System
Steganographic file system is a method to store the files in a
way that it encrypts and hides the data without the
knowledge of others
It hides the user’s data in other seemingly random files
It allows the user to give names and passwords for some files
while keeping other files secret

EC-Council
Issues in Information Hiding
• The embedding process distorts the cover to a point where it is visually
unnoticeable i.e., if the image is drastically distorted then the carrier is
insufficient for the payload, and if the image is not distorted then the
carrier is adequate
Levels of Visibility:
• Redundancy is needed for a robust method of embedding the message,
but it subsequently reduces the payload
• Robustness and payload are opposites of each other i.e., less the payload,
more the robustness
Robustness vs. Payload:

EC-Council
Issues in Information Hiding
(cont’d)
• Some image and sound files are lossy or lossless
• The conversion of lossless information to a compressed lossy
information destroys the hidden information in the cover
• Example: Conversion of uncompressed bitmap to a compressed
estimated JPEG, changes the bits to include bits containing
embedded message
File format dependence:

EC-Council
Cryptography
Cryptography is an art of writing text or data in secret code
It encrypts the plain text data into unreadable format, which is
called cipher text
It is based on mathematical algorithms
These algorithms use a secret key for secure transformation

EC-Council
Model of Cryptosystem
Cyrptosystems are cryptography systems such as secure electronic mail systems
which might include methods for digital signatures, cryptographic hash functions,
key management techniques, and so on
It involves algorithms that take a key and covert plaintext to cypertext and
vice versa

EC-Council
Steganography vs. Cryptography
Steganography Cryptography
Steganography is the technique of hiding
information by embedding messages
within other messages
Cryptography is the technique of encoding
the contents of the message in such a way
that its contents are hidden from outsiders
The message is not visible, because it is
hidden behind the other message
The existence of the message is clear, but
the meaning is obscured
Only one private key is used
Two keys are used i.e. public key for
encryption and private key for decryption

EC-Council
Public Key Infrastructure (PKI)
PKI is used for secure and private data exchange over the Internet
It uses public and a private cryptographic key pair that is obtained and shared through a
trusted authority
PKI provides for a digital certificate that can identify an individual or an organization and
directory services that can store and, when necessary, revoke the certificates
It uses public key cryptography, which is the most common method on the Internet for
authenticating a message sender or encrypting a message
PKI consists of:
• A certificate authority (CA) that issues and verifies digital certificate
• A registration authority (RA) that acts as the verifier for the certificate authority before a digital certificate is issued to a
request
• One or more directories where the certificates (with their public keys) are held

EC-Council
Key Management Protocols
The primary goal of a key management scheme is to provide two communicating
devices with a common or shared cryptographic key
“Session key” is used to identity short-lived keys. This key does not require a session-
based communication model
"Master Key" is used to denote keys having a longer life period than a session key
Key Management Controller (KMC) provides a key to a communication unit that is
referred to as rekeying
KMC will assign keys to the communication units through Over-the-Air-Rekeying
(OTAR), i.e. the communication units are rekeyed over a radio channel

EC-Council
Watermarking

EC-Council
What is Watermarking?
During the manufacture of paper, the wet fiber is
subjected to high pressure to expel the moisture
If the press' mold has a slight pattern, this pattern
leaves an imprint, a watermark, in the paper, best
viewed under transmitted light
Digital watermarks are imperceptible or barely
perceptible transformations of the digital data; often
the digital data set is a digital multimedia object

EC-Council
Case Study

EC-Council
Steganography vs. Watermarking
Steganography Watermarking
The main goal of steganography is to hide a
message ‘m’ in some audio or video (cover)
data ‘d’, to obtain new data ‘D', practically
indistinguishable from ‘d’, by people, in
such a way that an eavesdropper cannot
detect the presence of ‘m’ in ‘d'
The main goal of watermarking is to hide a
message ‘m’ in some audio or video (cover)
data ‘d’, to obtain new data ‘D', practically
indistinguishable from ‘d’, by people, in
such a way that an eavesdropper cannot
remove or replace ‘m’ in ‘d'
Original message is hidden behind other
message
The original image is visible in
watermarking
Emphasizes on avoiding detection
Emphasizes on avoiding distortion of the
cover
Largest hidden message possible Usually small hidden message
It can be used for secret communication
It can be used for copyright protection,
image authentication

EC-Council
Types of Watermarks
• A visible watermark is robust
• Though not part of the foundation image, the
watermark's presence is clearly noticeable and often
difficult to remove
Visible watermarks:
• An invisible watermark's purpose is to identify
ownership or verify the integrity of an image or piece
of information
• It is imperceptible but can be extracted via
computational methods
Invisible watermarks:

EC-Council
Working of Different Watermarks
• The tampering with the image can be determined by observing the
position of tampering caused due to any alteration
Semi-fragile:
• Fragile watermark has low robustness when the data is modified, it
destroys the embedded information with a small change in the content
Fragile:
• Robust watermark has high robustness when the data is modified
• It can be visible or invisible and is difficult to remove or damage the
robust watermark
Robust:

EC-Council
Attacks on Watermarking
• These attacks attempt to diminish or remove the presence
of watermarks in a suspect image without rendering the
image
Robustness Attacks:
• In a presentation attack, the watermarked content is
manipulated, so a detector cannot find it
Presentation Attack:
• Interpretation attacks seek to falsify invalid or multiple
interpretations of a watermark
Interpretation Attacks:
• Legal attacks is the ability of an attacker to cast doubt on
the watermarking scheme in the courts
Legal Attacks:

EC-Council
Application of Watermarking
A popular application of watermarking techniques is to provide a proof of ownership of
digital data by embedding copyright statements into video or image digital products
Data augmentation - to add information for the benefit of the public
Automatic audit of radio transmissions
Automatic monitoring and tracking of copy-write material on WEB

EC-Council
Currency Watermarking
Watermarking is used on the currency note to protect from counterfeiting
Watermarks on currency note can be seen when held against the light that shows an image
similar to the printed image on the note
The image of the watermark is caused due to difference in thickness of the note
A highlighted feature of ultra thin paper is an added security effect in watermarking

EC-Council
Digimarc's Digital Watermarking
Digimarc's digital watermarking technologies allow users to embed a digital code into audio, images, video,
and printed documents that is imperceptible during normal use but readable by computers and software
It is a special message embedded in an image, whether it is a photo, video, or other digital content
Digimarc's software embeds these "imperceptible" messages by making subtle changes to the data of the
original digital content
These watermarks can then be "read" to validate the original content

EC-Council
Watermarking – Mosaic Attack
Mosaic attack works by splitting an image into multiple pieces and stitching them together
using javascript code
The web browser simply ‘sticks’ them back together at display time
Both images are watermarked with Digimarc; but the watermark is unreadable in small parts
The attack works because copyright marking methods have difficulties to embed watermarks
in small images (typically below 100×100 pixels)
Watermarked image
Split into 9 pieces

EC-Council
Mosaic Attack – Javascript Code

<img SRC="kings_chapel_wmk1.jpg’ BORDER="0’ ALT="1/6’
width="116’ height="140">

EC-Council
2Mosaic – Watermark Breaking
Tool
2Mosaic is a 'presentation' attack against digital watermarking systems
It consists of chopping an image into a number of smaller sub images, which are
embedded in a suitable sequence in a web page
Common web browsers render juxtaposed sub images stuck together, so they
appear similar to the original image

EC-Council
Steganography Detection

EC-Council
How to Detect Steganography
• Steganographic investigators need to be familiar with the
name of the common steganographic software and related
terminology, and even websites about steganography
• Investigators should look for file names, web site references in
browser cookie or history files, registry key entries, e-mail
messages, chat or instant messaging logs, comments made by
the suspect, or receipts that refer to steganography
• These will provide hard clues for the investigator to look
deeper
• Finding similar clues for cryptography might also lead one
down this path
Software clues on the computer

EC-Council
(cont’d)
• Non-steganographic software might offer clues that the suspect hide files
inside other files
• Users with binary (hex) editors, disk wiping software, or specialized chat
software might demonstrate an inclination to alter files and keep information
secret
Other program files

EC-Council
(cont’d)
• Look for the presence of a large volume of the
suitable carrier files
• While a standard Windows computer will
contain thousands of graphics and audio files,
for example, majority of these files are small
and are an integral part of the graphical user’s
interface
• A computer system with an especially large
number of files that could be steganographic
carriers are potentially suspected; this is
particularly true if there are a significant
number of seemingly duplicate "carrier" files
Multimedia files

EC-Council
(cont’d)
• The type of crime being investigated may also make an investigator think
more about steganography than other types of crime
• Child pornographers, for example, might use steganography to hide their
wares when posting pictures on a web site or sending them through e-mail
• Crimes that involve business-type records are also good steganography
candidates because the perpetrator can hide the files but still get access to
them; consider accounting fraud, identity theft (lists of stolen credit cards),
drugs, gambling, hacking, smuggling, terrorism, and more
Type of crime

EC-Council
Detecting Steganography
• Identifies whether the image is modified or not by determining its
statistical properties
Statistical tests:
• Stegdetect
• Stegbreak
Tools used:
Detecting steganography is a difficult task especially during low payloads
The different ways of detecting steganography:

EC-Council
Detecting Steganography
(cont’d)
• It breaks the encoded password with the help of dictionary
guessing
Stegbreak:
The different ways of detecting steganography are:

EC-Council
Detecting Text, Image, Audio,
and Video Steganography
• For the text files, the alterations are made to the character positions for
hiding the data
• The alterations are detected by looking for text patterns or disturbances,
language used, and the unusual amount of blank spaces
Text file:
• The hidden data in image can be detected by determining the changes in
size, file format, the last modified timestamp, and the color palette
pointing to the existence of the hidden data
• Statistical analysis method is used for image scanning
Image file:
Information that is hidden in different file system can be detected in
the following ways:

EC-Council
Detecting Text, Image, Audio, and
Video Steganography (cont’d)
• Statistical analysis method can also be used for audio files since
the LSB modifications are also used on audio
• The inaudible frequencies can be scanned for information
• The odd distortions and patterns show the existence of the
secret data
Audio file:
• Detection of the secret data in video files include combination
of methods used in image and audio files
• Special code signs and gestures can also be used for detecting
secret data
Video file:

EC-Council
Counterfeit Detection
The methods used to protect and validate currency are:
• First Line Inspection method
• Second Line Inspection method
First line inspection method involves the first site determining authenticity of
the currency that is being exchanged
This type of inspection is detected by both the verifier and counterfeiter
This method of detection can be assessed by varied density of watermark,
Ultraviolet Fluorescence, and Microtext

EC-Council
Counterfeit Detection (cont’d)
Second-Line inspection methods cannot be detected by the naked eye and
requires additional devices
The methods of second line inspection:
• Isocheck/Isogram depends on the specific dots or lines
that leads to some pattern when printed
• Hidden watermarks can be applied in these patterns to
know the genuineness of the note when a filter is placed
Isocheck/Isogram:
• This method uses unique configurations of fibers
embedded in the paper
Fiber-Based Certificates of
Authenticity

EC-Council
Steganalysis
Steganalysis is the art and science of detecting hidden messages using
steganography
It is the technology that attempts to defeat steganography—by detecting the
hidden information and extracting it or destroying it

EC-Council
Steganalysis Methods/Attacks on
Steganography
• Only the stego-object is available for analysis
Stego-only attack:
• The stego-object as well as the original medium is available
• The stego-object is compared with the original cover object to
detect any hidden information
Known-cover attack:
• The hidden message and the corresponding stego-images are
known
Known-message attack:

EC-Council
Steganography (cont’d)
• The steganography algorithm is known and both the
original and stego-object are available
Known stego attack:
• The steganography algorithm and stego-object are known
Chosen-stego attack:
• Active attackers can change the cover during the
communication process
Disabling or active attack:

EC-Council
Steganography (cont’d)
• The steganalyst generates a stego-object from some
steganography tool or algorithm of a chosen message
• The goal in this attack is to determine patterns in the stego-object
that may point to the use of the specific steganography tools or
algorithms
Chosen-message attack:

EC-Council
Disabling or Active Attacks
• It softens the transitions and averages the adjacent pixels with significant
color change
Blur:
• Random noise injects Random colored pixels to an image
• Uniform noise inserts slightly similar pixels and colors of the original
pixel
Noise:
• It reduces the noise in the image by adjusting the colors and averaging
the pixel values
Noise Reduction:
• It increases the contrast between the adjacent pixels
Sharpen:

EC-Council
Disabling or Active Attacks
(cont’d)
• It moves the image around a central point
Rotate:
• It is an interpolation process where the raggedness while expanding an
image is reduced
Resample:
• Soften is a uniform blur to an image that smoothens the edges and
decreases the contrasts
Soften:

EC-Council
Stego-Forensics
Stego-Forensics is a stream of forensic science dealing with steganography
techniques to investigate a source or cause of a crime
Different methods of Steganalysis can be used to unearth secret communications
between antisocial elements and criminals

EC-Council
Steganography in the Future
• Protection of the intellectual property
• Individuals or organization using steganographic carriers for
personal or private information
Legitimate uses of steganography in the
future:

EC-Council
Hiding Information in DNA
In the near future, biological data such as DNA may be a
viable medium for hidden messages
This could be particularly useful for "invisible"
watermarking that biotech companies could use to prevent
unauthorized use of their genetically engineered material
Three researchers in New York successfully hid a secret
message in a DNA sequence and sent it across the country

EC-Council
Unethical Use of Steganography
Criminal communications
Fraud
Hacking
Electronic payments
Gambling and pornography
Harassment
Intellectual property offenses
Viruses

EC-Council
TEMPEST
TEMPEST is an official acronym for "Telecommunications Electronics Material Protected
From Emanating Spurious Transmissions" and includes technical security countermeasures;
standards, and instrumentation, which prevent (or minimize) the exploitation of the security
vulnerabilities by technical means
TEMPEST and its associated disciplines involve designing circuits to minimize the amount
of "compromising emanations" and to apply appropriate shielding, grounding, and bonding
These disciplines also include methods of radiation screening, alarms, isolation
circuits/devices, and similar areas of equipment engineering

EC-Council
TEMPEST (cont’d)
When modern electrical devices operate, they generate electromagnetic fields
Digital computers, radio equipment, typewriters, generate massive amounts of electromagnetic signals
which if properly intercepted and processed, will allow certain amounts of information to be
reconstructed based on these "compromising emanations"
Anything with a microchip, diode, or transistor, gives off these fields
These compromising emanation signals can then escape out of a controlled area by power line
conduction, other fortuitous conduction paths such as the air conditioning duct work, or by simply
radiating a signal into the air (like a radio station)

EC-Council
TEMPEST (cont’d)
An excellent example of these compromising emanations may be found in modems and fax
machines which utilize the Rockwell DataPump modem chip sets and several modems made
by U.S. Robotics
When these modems operate, they generate a strong electromagnetic field which may be
intercepted, demodulated, and monitored with most VHF radios
This is a serious problem with many speaker phone systems used in executive conference
rooms
This is also a serious problem with many fax machines, computer monitors, external disc
drives, CD-R drives, scanners, printers, and other high bandwidth or high speed peripherals

EC-Council
TEMPEST (cont’d)
To deal with this "signal leakage" issue, the government developed a series of
standards which lay out how equipment should be designed to avoid such leakage
The TEMPEST standards are measurements which were adjusted by the NSA
A TEMPEST approved computer will be in a special heavy metal case, special
shielding, a modified power supply, and few other modifications

EC-Council
Emission Security or
Emanations Security (EMSEC)
Electronic based information systems produce unwanted emanations
These emanations are the electromagnetic radiation emitted from the information
handling devices
Emanations may also pose a security risk
Emanation Security involves measures designed to deny information of value to be
given to the unauthorized persons that may be derived from the interception and
analysis of the compromising emanations
Emanation security deals with protection against spurious signals emitted by the
electrical equipments in the system, such as electromagnetic emission (from displays),
visible emission, and audio emission (sounds from printers, etc)

EC-Council
News: Keyboard Sniffers to Steal
Data
Figure: The attacks were shown to
work at a distance of 20 meters
Source: http://news.bbc.co.uk/2/hi/technology/7681534.stm

EC-Council
Van Eck Phreaking
Van Eck phreaking is the process of eavesdropping on the contents of a CRT or LCD display
by detecting its electromagnetic emissions
Information that drives the video display takes the form of high frequency electrical signals
These oscillating electric currents create electromagnetic radiation in the RF range
These radio emissions are correlated to the video image being displayed, so in theory they
can be used to recover the displayed image

EC-Council
Legal Use of Steganography
• Steganographically watermark the intermediation materials
after the authorization and under the public prosecutor control
with predefined marks
• Trace the trade materials
• Provide network nodes where the trade material is monitored
• Build an international data bank to collect data on the trading
controlled by the investigative bodies
Law enforcement agencies use
steganography to:

EC-Council
Steganography Tools

EC-Council
Steganography Tools
S- Tools
Steghide
Mp3Stego
Invisible Secrets 4
Stegdetect
Stego Suite – Steg Detection Tool
Stego Watch
Snow
Fort Knox
ImageHide
Blindside
Camera/Shy
Gifshuffle
Data Stash
JPHIDE and JPSEEK
wbStego
OutGuess
Masker
Cloak
StegaNote
Stegomagic
Hermetic Stego
StegSpy

EC-Council
Steganography Tools (cont’d)
Stealth tool
WNSTORM
Xidie
CryptArkan
Info Stego
Scramdisk
Jpegx
CryptoBola JPEG
ByteShelter I
Camouflage
Stego Analyst
Steganos
Pretty Good Envelop
Hydan
EzStego
Steganosaurus
appendX
Stego Break
Stego Hunter
StegParty
InPlainView
Z-File
MandelSteg and GIFExtract

EC-Council
Steganography Tool: S- Tools
S- Tools can hide multiple applications in a single object

EC-Council
Steganography Tool: Steghide
• Compression of the embedded data
• Encryption of the embedded information
• Automatic integrity checking using a checksum
• Support for JPEG, BMP, WAV, and AU files
Features :
Steghide is a steganography program that is able to hide data in various
kinds of image- and audio-files

EC-Council
Steghide: Screenshot

EC-Council
Tool: Mp3Stego
MP3Stego will hide information in MP3 files during the compression process
The data is first compressed, encrypted, and then hidden in the MP3 bit stream

EC-Council
Tool: Invisible Secrets 4
Invisible Secrets 4 encrypts the data and files for secure transfer across the
net
It hides the encrypted data or files in places that appear totally innocent,
such as picture or sound files, or web pages
With this tool, the user may encrypt and hide files directly from Windows
Explorer, and then automatically transfer them by e-mail or via the
Internet
It also allows to hide information in five files types: JPEG, PNG, BMP,
HTML, and WAV

EC-Council
Tool: Invisible Secrets 4 (cont’d)
• Strong file encryption algorithms
• Passwords can be stored in the encrypted
password lists
• Ability to create self-decrypting packages
• It is a shell integrated (available from Windows
Explorer), so the file encryption operations are
easier than ever
• Real-random passwords can also be generated
Features:

EC-Council
Invisible Secrets 4

EC-Council
Tool: Stegdetect
Stegdetect is an automated tool for detecting steganographic
content in images
It is capable of detecting different steganographic methods
to embed hidden information in JPEG images
Stegbreak is used to launch dictionary attacks against Jsteg-
Shell, JPHide, and OutGuess 0.13b

EC-Council
Stego Suite – Steg Detection Tool
Stego Watch allows users to detect digital steganography, or
the presence of communications hidden in digital image or
audio files
It can extract information that has been embedded with some
of the most popular steganography tools using a dictionary
attack
Stego Break is an application designed to obtain the
passphrase that has been used on a file found to contain
steganography
Currently, Stego Break can crack passphrases for JP Hide ‘n
Seek, F5, Jsteg, and Camouflage steganography embedding
applications

EC-Council
Stego Watch

EC-Council
Tool: Snow
Snow is a whitespace steganography program and is used to conceal messages
in ASCII text by appending whitespace to the end of lines
Because spaces and tabs are generally not visible in text viewers, the message
is effectively hidden from the casual observers. If the built-in encryption is
used, the message cannot be read even if it is detected
• http://www.darkside.com.au/snow/

EC-Council
Fort Knox uses MD5, Blowfish, and
CryptAPI algorithms
ImageHide is a steganography
program which hides loads of text in
images and it does simple
encryption and decryption of data

EC-Council
Blindside can hide files of any file
type within a windows bitmap image
Camera/Shy works with Windows and
Internet Explorer, and allows sharing of
censored or sensitive information buried
within an ordinary GIF image

EC-Council
Data Stash is a security tool that
allows hiding of the sensitive data files
within other files
Gifshuffle is used to conceal
messages in GIF images by shuffling
the colormap, which leaves the image
visibly unchanged

EC-Council
JPHIDE and JPSEEK are programs
which allow hiding of a file in a jpeg
visual image
wbStego is a tool that hides any type of
file in bitmap images, text files, HTML
files, or Adobe PDF files

EC-Council
Masker is a program that encrypts files,
that requires a password to open and then
it hides files and folders inside carrier files,
such as image files, video, program, and
sound files
OutGuess is a universal steganographic
tool that allows the insertion of hidden
information into the redundant bits of
data sources

EC-Council
StegaNote is the tool used to
protect the sensitive information in a
secure way
Cloak is a powerful security tool
designed to protect and secure the
personal information and
documents from the third party

EC-Council
Stegomagic hides any kind of file
or message in TEXT, WAV , BMP 24
bit, and BMP 256 color files
Hermetic Stego is a program for
hiding a message file in a single BMP
image or in a set of BMP images

EC-Council
StegSpy is a tool that will detect
steganography and the program used
to hide the message
Stealth tool takes a PGP 2.x encrypted
message, and strips any standard
headers off to ensure that the result
looks like random noise

EC-Council
Xidie enables hiding and encryption of
files and allows the encryption of sensitive
information, while at the same time hiding
it in a file that will not look suspicious
WNSTORM is used to encrypt files to
keep prying eyes from invading privacy

EC-Council
CryptArkan encrypts and hides data
files and directories inside one or more
container files
Info Stego allows the protection of the
private information, communication secret,
and legal copyright using information
watermark, and data encryption technology

EC-Council
Scramdisk is a program that allows
the creation and use of the virtual
encrypted drives
Jpegx encrypts and hides messages in
jpeg files to provide an ample medium
for sending secure information

EC-Council
CryptoBola JPEG stores only the
cypher text without any additional
information such as file name, type,
length, etc.
ByteShelter I hides data in .doc
files and MS Outlook e-mail
messages

EC-Council
Camouflage allows the hiding of files by scrambling them and then
attaching them to the host file

EC-Council
Stego Analyst is a full featured imaging and analysis tool allowing
investigators to search for visual clues
Steganos combines Cryptography and Steganography for securing
information
Pretty Good Envelop is a program suite for hiding a (binary)
message in a larger binary file, and retrieving such a hidden message
Hydan steganographically conceals a message into an application

EC-Council
EzStego is an easy to use tool for private communication by hiding
an encrypted message in a GIF format image file
Steganosaurus is a plain text steganography utility which encodes
a (usually encrypted) binary file as gibberish text
appendX is a steganography tool which simply appends data to
other files (like JPEGs or PNGs) to hide it

EC-Council
Stego Break is a built-in utility designed to obtain the pass phrase
that has been used on a file found to contain steganography
Stego Hunter is designed to quickly, accurately detect steganography
programs
StegParty is a system for hiding information inside plain-text files
InPlainView allows hiding of any type of information within a BMP
file, as well as recover it

EC-Council
• Z-File Camouflage&Encryption System, integrates compression,
encryption, and camouflage technology to protect personal privacy and
business core data
• The file will be effectively compressed, strongly encrypted, and implanted
into an ordinary image
Z-File
• It gives an increased level of security compared to sending PGP-encrypted
email over the Internet
• MandelSteg will create a Mandelbrot image storing the data in the specified
bit of the image pixels
• GIFExtract can be used by the recipient to extract the bit-plane of the
image
MandelSteg and GIFExtract

EC-Council
Summary
Steganography is the method of hiding information by embedding messages within other, seemingly
harmless messages
Cryptography is the technique of encoding the contents of the message in such a way that its contents are
hidden from outsiders.
The main goal of watermarking is to hide a message ‘m’ in some audio or video (cover) data ‘d’, to obtain
new data ‘D', practically indistinguishable from ‘d’, by people, in such a way that an eavesdropper cannot
remove or replace ‘m’ in ‘d'
Watermarking techniques is used to provide a proof of ownership of digital data, and data augmentation
Steganalysis is the technology that attempts to defeat steganography—by detecting the hidden information
and extracting it or destroying it
Steganography is used to secure secret communications

EC-Council

File000133

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (14)

Destaque

Destaque (13)

Semelhante a File000133

Semelhante a File000133 (20)

Mais de Desmond Devendran

Mais de Desmond Devendran (20)

Último

Último (20)

File000133