cryptographic steganography
play

Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans - PowerPoint PPT Presentation

Jun 29, 2023 •544 likes •834 views

Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of Surrey Spring 2007 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 1 / 27 Learning Outcomes be able to apply cryptographic

  1. Cryptographic Steganography CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of Surrey Spring 2007 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 1 / 27

  2. Learning Outcomes be able to apply cryptographic methodology to evaluate stego-systems. understand the Backes-Cachin Stego-system as an example of a Cryptographic Approach to Steganography be able to compare the above stego-systems to systems based on Data Hiding, in terms of security and practicality. Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 2 / 27

  3. Reading Core Reading Michael Backes and Christian Cachin: ‘Public-Key Steganography with Active Attacks’. in Theory of Cryptography, Springer Lecture Notes in Computer Science, volume 3378/2005. Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 3 / 27

  4. The security model Overview and example Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 4 / 27

  5. The security model Overview and example Chosen cover-text oracle model Alice chooses a key pair ( k P , k S ) 1 Eve can choose any ciphertext c and get decryption d k S ( c ) from 2 an oracle Eve chooses a message m 3 Alice draws b ∈ { 0 , 1 } at random, and creates c ∗ , where 4 if b = 1, c ∗ is a random (innocent) covertext if b = 0, c ∗ is a stegogramme containing m Eve can choose ciphertexts c � = c ∗ and get decryption d k S ( c ) with 5 some exceptions from an oracle Eve makes a guess ˆ b ∈ { 0 , 1 } , and wins if ˆ b = b . 6 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 5 / 27

  6. The security model Overview and example Security assessment in general Hypothetical attacker (Eve) Do some research Make a guess A random guess ( ˆ b is uniformly distributed) wins 50% of the time. Note that b is uniformly distributed. If Eve is unable to win significantly more than 50 % of the time, then the system is secure Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 6 / 27

  7. The security model Overview and example The oracle The oracle is Eve’s research tool, answers decryption queries Eve may chose cipher-/cover-texts the Oracle decrypts with the secret key Eve does not have the secret key, she can only use it via the Oracle. Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 7 / 27

  8. The security model Overview and example Chosen cipher-text oracle model Alice chooses a key pair ( k P , k S ) 1 Eve can choose any ciphertext c and get decryption d k S ( c ) from 2 an oracle Eve chooses messages m 0 and m 1 3 Alice draws b ∈ { 0 , 1 } at random, 4 outputs ciphertext c ∗ = E k P ( m b ) Eve can choose ciphertexts c � = c ∗ and get decryption d k S ( c ) with 5 some exceptions from an oracle Eve makes a guess ˆ b ∈ { 0 , 1 } , and wins if ˆ b = b . 6 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 8 / 27

  9. The security model Overview and example Probabilistic cipher Observe that E k ( m ) is non-deterministic Same message and key gives different ciphertexts Ciphertext randomly chosen (according to probability distribution) Suppose Eve gets decryption m = D s ( c ) , pass m to Alice Alice’s encryption c ∗ = E k ( m ) � = c most of the time Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 9 / 27

  10. The security model Overview and example Overview Alice chooses keys 1 Eve executes her first attack A 1 2 Alice generates a cipher-/stego-text 3 from message(s) generated by A 1 Eve executes her second attack A 2 4 Eve makes a guess, 5 which message was encrypted? (cipher) has the message been embedded? (stego) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 10 / 27

  11. The security model Key features Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 11 / 27

  12. The security model Key features Adaptive Eve choses cipher-/cover-texts one by one choses based on previous decryptions Compared to non-adaptive, Eve makes a list of ciphertexts first, then the Oracle decrypts all of them Eve cannot add further ciphertexts after decryptions are obtained Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 12 / 27

  13. The security model Security definition Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 13 / 27

  14. The security model Security definition The second attack In the first attack, the oracle answers any request. In the second attack, restricted oracle For CCA-security, returns not-allowed when asked to decrypt c ∗ For RCCA-security, returns not-allowed if c decrypts to m or ⊥ ( m 1 or m 2 ) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 14 / 27

  15. The security model Security definition Replayability With the CCA-oracle, Eve can get decryption of c = c ∗ || z , where z is rubbish which will be ignored by the decoder, so that c and c ∗ has the same decoding. thus CCA-security may be insufficient. RCCA-security is designed to prevent this The RCCA-oracle will refuse to decrypt c = c ∗ || z . because D s ( c ) = D s ( c ∗ ) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 15 / 27

  16. The security model Security definition (R)CCA-security Cryptosystem Indistinguishability of encryptions against an adaptive chosen-ciphertext attack (CCA-security) replayable CCA-security (RCCA-security) Steganography steganographically secure against adaptive chosen-covertext attacks (SS-CCA) steganographically secure against replayable adaptive chosen-covertext attacks (SS-RCCA) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 16 / 27

  17. A cryptographic stego-system Overview Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 17 / 27

  18. A cryptographic stego-system Overview Cipher and Stego-system Similarities (R)CCA-security is analogously defined for Steganography Crypto-graphy Theorem An SS-(R)CCA stego-systems can be constructed from an (R)CCA-secure cryptosystem with pseudo-random ciphertexts. Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 18 / 27

  19. A cryptographic stego-system Overview Pseudo-random ciphertexts Definition A cryptosystem has pseudo-random ciphertexts if the encryption of a known message m is indistinguishable from a random text. For any message m , Alice draws random b , and gives Eve if b = 0, c = E k ( m ) if b = 1, c is drawn uniformly at random Eve knows m , k , and c , and tries to guess b If she cannot do better than a random guess, then ciphertexts are pseudo-random. Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 19 / 27

  20. A cryptographic stego-system Algorithm Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 20 / 27

  21. A cryptographic stego-system Algorithm Encoding Algorithm Backes and Cachin Input: Security parameter k Public Key ( p , g ) Message m Output: Cover-text c y = E p ( m ) write y = y 1 || y 2 || . . . || y t for i = 1 , 2 , ldots , t c i := Sample ( k , g , y i ) end for return ( c 1 , . . . , c t ) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 21 / 27

  22. A cryptographic stego-system Algorithm The Sample Algorithm Backes and Cachin Input: Security parameter k Function g : C → { 0 , 1 } f Message { 0 , 1 } f Output: Cover-text c j := 0 repeat R x ← C j := j + 1 until g ( x ) = b or j = k return x Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 22 / 27

  23. A cryptographic stego-system Algorithm Decoding Algorithm Backes and Cachin Input: Security parameter k Secret Key ( s , g ) Covertext c = ( c 1 , . . . , c t ) Output: Message m for i = 1 , 2 , ldots , t y i := g ( c i ) y := y 1 || y 2 || . . . || y t return D s ( y ) Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 23 / 27

  24. A cryptographic stego-system Potential issues Outline The security model 1 Overview and example Key features Security definition A cryptographic stego-system 2 Overview Algorithm Potential issues Exercises 3 Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 24 / 27

  25. A cryptographic stego-system Potential issues Do pseudo-random ciphertexts exist? Pseudo-random ciphertexts possible against chosen plaintext attacks (CPA) But CCA is harder However, we can encrypt twice Encrypt using a CCA-secure system first; and then Encrypt using a CPA-secure system with pseudo-random ciphertexts Refer to cryptography for complete details Dr Hans Georg Schaathun Cryptographic Steganography Spring 2007 25 / 27

Recommend

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004

Steganography Implementation & Detection Robert Krenn rkrenn@xidc.nl January 21, 2004 Overview What is steganography? Implementations Detection Defeating steganography Conclusion Questions What is steganography?

488 views • 34 slides
Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio

Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio

Steganography with Public-Key Cryptography for Videoconference XXX CNMAC - Set/2007 Fbio Borges de Oliveira Steganography with Public-Key Cryptography for Videoconference p.1/26 Steganography Source: Steganography: Steganography with

786 views • 34 slides
Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd

Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd

Steganography and Steganalysis in digital age Tom Pevn Agent Technology Center, CTU 3rd December 2009 T. Pevn | Steganography and Steganalysis 1/30 Outline 1 Introduction What is steganography and steganalysis Definition of security

310 views • 30 slides
Cryptographic Foundations History of Cryptography 2 Confidential Communication Eve Dear Dear

Cryptographic Foundations History of Cryptography 2 Confidential Communication Eve Dear Dear

IN3210 Network Security Cryptographic Foundations History of Cryptography 2 Confidential Communication Eve Dear Dear Bob Bob .... .... Alice Bob 3 Confidential Communication A B 4 Steganography Examples: Tattoo on head

1.45k views • 116 slides
On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej

On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej

On the Gold Standard for Security of Universal Steganography Sebastian Berndt and Maciej Likiewicz Institute of Theoretical Computer Science, Universitt zu Lbeck EUROCRYPT, 2018 Steganography / Subliminal Communication Modern

652 views • 36 slides
On Dangers of Overtraining Steganography to Incomplete Cover Model Jan Kodovsk, Jessica

On Dangers of Overtraining Steganography to Incomplete Cover Model Jan Kodovsk, Jessica

On Dangers of Overtraining Steganography to Incomplete Cover Model Jan Kodovsk, Jessica Fridrich, Vojt ech Holub September 30, 2011 / MMSEC On Dangers of Overtraining Steganography to Incomplete Cover Model 1 / 14 Steganography

259 views • 15 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami

What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami

What Time Is It? Steganography in File System Metadata Sebastan Neuner, SBA Research whoami Security Researcher at SBAResearch Bug Hunter / Pentester CTFs!!11elf 2/40 What to Expect Today What is steganography Examples

489 views • 45 slides
HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

BlackHat Europe 2010, Barcelona Mario Vuksan, Tomislav Pericin & Brian Karney HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda Introduction to steganography in archives Introduction to

606 views • 46 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

452 views • 14 slides
Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel

Mobile VoIP Steganography From Framework to Implementation Marcus Nutzinger Rainer Poisel Jrgen Wurzer Institute of IT Security Research St. Plten University of Applied Sciences DeepSec 2010 November 25 th 2010 Mobile VoIP Steganography

528 views • 27 slides
Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Perfect vs. Imperfect Steganography Stegosystems can be divided into two classes: Perfectly

Fisher Information Determines Capacity of -secure Steganography Tom Filler and Jessica Fridrich Dept. of Electrical and Computer Engineering SUNY Binghamton, New York 11th Information Hiding, Darmstadt, Germany, 2009 Perfect vs.

391 views • 24 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda

BlackHat Europe 2010, Barcelona BlackHat Europe 2010, Barcelona Mario Vuksan, Tomislav Pericin & Brian Karney HIDING IN THE FAMILIAR: STEGANOGRAPHY AND VULNERABILITIES IN POPULAR ARCHIVES FORMATS Agenda Introduction to steganography in

696 views • 43 slides
How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic

Department of Informatics Security and Privacy Maximilian Blochberger How to prevent cryptographic pitfalls by design February 3, 2019 How to prevent cryptographic pitfalls by design Goal Raise awareness of cryptographic misuse Disclaimer

910 views • 29 slides
A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld

A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld

A Study of Embedding Operations and Locations for Steganography in H.264 Video A Study of Embedding Operations and Locations for Steganography in H.264 Video Andreas Neufeld and Andrew D. Ker Oxford University Department of Computer Science

547 views • 19 slides
Can We Do Better than F5 Image Steganography? Francisco Ruiz, IIT Forensecure 2017 JPEG

Can We Do Better than F5 Image Steganography? Francisco Ruiz, IIT Forensecure 2017 JPEG

Can We Do Better than F5 Image Steganography? Francisco Ruiz, IIT Forensecure 2017 JPEG embedding 0.05 DCT AC coefficients: blocks x (luma + 2 0.04 chroma) x 64 Most of them are 0.03 zeros: good compression 0.02 Next in

339 views • 15 slides
Towards Linguistic Steganography: A Systematic Investigation of Approaches, Systems, and Issues

Towards Linguistic Steganography: A Systematic Investigation of Approaches, Systems, and Issues

A project completed as part of the requirements for the BSc (Hons) of Science of Computing entitled Towards Linguistic Steganography: A Systematic Investigation of Approaches, Systems, and Issues by Richard Bergmair Towards Linguistic

480 views • 44 slides
Improved Detection of LSB Steganography in Grayscale Images Andrew Ker adk@comlab.ox.ac.uk

Improved Detection of LSB Steganography in Grayscale Images Andrew Ker adk@comlab.ox.ac.uk

Improved Detection of LSB Steganography in Grayscale Images Andrew Ker adk@comlab.ox.ac.uk Royal Society University Research Fellow at Oxford University Computing Laboratory Information Hiding Workshop 2004 Summary This presentation will

560 views • 32 slides
Towards Reversible De-Identification in Video Sequences Using 3D Avatars and Steganography Karla

Towards Reversible De-Identification in Video Sequences Using 3D Avatars and Steganography Karla

6th COST Action IC1206 Meeting, WG2 Towards Reversible De-Identification in Video Sequences Using 3D Avatars and Steganography Karla Brki University of Zagreb Faculty of Electrical Engineering and Computing HR-10000 Zagreb, Croatia

205 views • 18 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

947 views • 69 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

1.12k views • 37 slides
Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography

Covert channels in TCP/IP: attack and defence The creation and detection of TCP/IP steganography for covert channels and device fingerprinting Steven J. Murdoch and Stephen Lewis http://www.cl.cam.ac.uk/users/ { sjm217 , srl32 } Computer

915 views • 36 slides
Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides

More recommend