38.5 STEGANOGRAPHY

38.5 STEGANOGRAPHY

Steganography is defined as "the art of information hiding" or "covered writing". Suppose you send a message:

 HOW    ARE    YOU?    ICAN    MEETYOU    SOON. 

The spaces between the successive words are 3, 7, 5, 0, 8, 0, 4 (between HOW and ARE there are four spaces, between ARE and YOU seven spaces and so on). The number 3750804 can convey a telephone number. This is covered writing.

A more sophisticated steganography technique is to embed secret messages in image files, voice files or video clippings. For instance, the photograph shown in Figure 38.9 has a secret message embedded in it (but you will not know what the secret message is!). The secret message can be text or another image.

Figure 38.9: Secret message embedded in an image.

The process of steganography is shown in Figure 38.10. The secret message is encrypted using an encryption key and is embedded in an image (or voice or video file). The image containing the secret message is transmitted over the network. The modified image is called a stegano. At the receiving end, the secret message is extracted from the stegano, and the message is decrypted. The important requirement in steganography is that the image modified with the secret message should look normal. A number of techniques are used to meet this requirement by applying many image analysis algorithms. For instance, the least significant bit of each pixel may contain one bit of the secret message. By modifying the least significant bit, the image quality is not going to degrade much. Hence, the modified image looks almost normal.

Figure 38.10: Process of steganography.

Steganography is the art of information hiding. Secret messages can be sent by hiding them within text, image, voice, or video.

Another technique used is to modify only certain portions of the image (for instance, the background portion of the image in Figure 38.9). Similarly, a secret message can be embedded in a voice file by replacing the least significant bit of each PCM-encoded voice sample with one bit of the secret message.

Steganography is a very powerful technique for sending secret information. Unfortunately, it has been used extensively by terrorists and other antisocial elements, but not by organizations to provide a public service.

38.5.1 Digital Watermarking

Steganographic technique, when applied to digital images, digital voice, or digital video files, is known as digital watermarking. Hence, hiding a secret message in multimedia content using digital techniques is digital watermarking. The secret message is known as a watermark. The watermark can be text, image, voice, or video. This secret message is embedded in another document known as the cover document. The cover document can also be text, image, voice, or video.

Digital watermarking is a mechanism wherein information can be hidden in multimedia content using digital techniques. Secret messages (text, image, voice, or video) can be hidden in a cover document, which can also be text, image, voice, or video.

Software product development organizations use digital watermarking techniques to embed copyright information, product serial number, and so on in an image such as the company logo. If you want to hide copyright information and serial number of your software product, you can create a JPEG image of your company logo and embed the copyright message and serial number in this logo. The copyright message is not visible to the eye. If the software is pirated and installed on another system, your company can analyze the logo and find out from whom the software is copied.

38.5.2 Secure Multimedia Communication

The layered architecture for secure multimedia communications is shown in Figure 38.11. In addition to cryptography and key management, a new layer that uses steganography needs to be introduced. Any data, voice, fax, or video application can use steganography to transmit secret information. Images can be used as passwords using this architecture.

Figure 38.11: Layered architecture for secure multimedia communication.

In the future, attacks based on steganography are likely to increase because of the widespread use of convergence technologies, particularly voice and video communication over IP networks. The surveillance equipment discussed earlier in this chapter needs to take care of these aspects as well. Organizations involved in public service such as banks, insurance agencies, and governments also need to use steganography to provide more secure communications.

Presently, encryption devices are used for data applications. Devices that can encrypt data, voice, and fax messages are used at the two ends of the communication link, as shown in Figure 38.12.

Figure 38.12: Multimedia security products.

Combining steganography and encryption provides a highly secure communication system. With the advent of convergence, more security threats are also likely, due to steganography.

The security device must be capable of low bit rate coding of messages and also support encryption and steganography. Such products can provide real secure information transfer. A representative application that uses biometrics and steganography is shown in Figure 38.13.

Figure 38.13: An example of biometrics and steganography.

Consider a bank that provides Internet banking. At present, the user logs into a Web server, types his account number, credit card number, and so forth for a bank transaction. The information typed is encrypted and sent to the server. Sometimes the credit card information is stolen. This is due to the fact that encryption alone does not provide full security. As shown in Figure 38.13, encryption and steganography can be combined. The fingerprint (biometric information) is converted into an image, and the encrypted credit card information is embedded into the image. At the receiving end, the stegano is analyzed, and the fingerprint and credit card information are extracted. The fingerprint is validated against the stored database of fingerprints. Similarly, credit card information is also validated. If the bank uses a proprietary algorithm for steganography, then a very highly secure application can be built.

By combining biometric security measures and steganography, highly secure banking applications can be developed. Biometric techniques such as fingerprint recognition can be done in conjunction with credit card verification.

Summary

In this chapter, the various issues involved in information security are discussed. Every organization needs to take measures to protect its information. Surveillance of voice, fax, and data is required to do this.

To provide secure communication, the two important cryptographic techniques are private key algorithm and public key algorithms. In private key algorithms, a private key is shared by the participants to encrypt and decrypt the data. The most widely used private key encryption algorithm is Data Encryption Standard (DES) developed by the U.S. Department of Defense. In public key encryption, two keys are used—a public key and a private key.

Steganography is a technique in which secret information is embedded in an image, a voice file, or a video file. In embedding the secret message, it has to be ensured that the original image does not change much. The simple technique to achieve this is by replacing the least significant bit of each pixel by one bit of the secret message. Steganography is a powerful technique and, by combining steganography and encryption, highly secure communication systems can be developed.

References

• M. Barni et al. "Watermark Embedding: Hiding a Signal Within a Cover Image." IEEE Communications Magazine, Vol. 39, No. 8, August 2001

• L.L. Peterson and B.S. Davie. Computer Networks: A Systems Approach. Morgan Kaufman Publishers Inc., 2000.

• A.S. Tanenbaum. Computer Networks. Prentice Hall Inc., 1996.

Questions

1. Describe the various surveillance equipment used for surveillance of voice, fax, and data.

2. What is steganography? Explain the process of steganography.

3. What is digital watermarking? What are its uses?

4. Explain the various mechanisms for encryption.

5. Distinguish between secret key algorithms and public key algorithms.

6. Explain the RSA algorithm.

7. What is a firewall? Explain the various options for development of firewalls.

Exercises

Answers

1.	To store one second of voice conversation using PCM, the storage requirement is 8 Kbytes. To store 100 hours of conversation, Storage requirement = 360,000 × 8 KB = 360 × 8MB = 2880MB = 2.8GB
2.	Listing C.15 encrypts the given message using RSA algorithm in C. Listing C.15: Encryption using RSA algorithm. #include "stdio.h" #include "stdlib.h" #include "math.h" int main(void) { int p=7,q=11; int n, e, d, res1, k; int flag=0; int i=0,ch; double fraction, integer; double ex, d1; char Message[] = {9,8,4,8,1,4,4,3,3,7,'\0'}; char EncryptedMessage[20]; char DecryptedMessage[20]; n = p * q; k = (p -1) * (q - 1); e = p; while(flag != 1){ i++; res1 = (k*i) + 1; if((res1%e) == 0){ d = res1 / e; flag = 1; } } printf("\n\n\t\t\t\tRSA Algorithm\n\n"); printf("\n Public key: <%d,%d> ",e, n); printf("\n Private key: <%d,%d> \n", d, n); printf("\n Original Message: "); for(i=0;i<strlen(Message);i++){ printf("%d ",Message[i]); ch =(int)(Message[i]); ex = pow((double)ch,(double)e); d1 = (ex / n); fraction = modf(d1, &integer); EncryptedMessage[i] = (char)(fraction * n); } EncryptedMessage[i] = '\0'; printf("\n Encrypted Message: "); for(i=0;i<strlen(EncryptedMessage);i++){ printf("%d ",EncryptedMessage[i]); } printf("\n"); return 0; } When you execute the program, the public key, private key, original message and encrypted message will be displayed as shown in Figure C.19. Figure C.19: RSA algorithm output screen.
3.	You can obtain the details form http://www.iseeyes.com, http://www.audiosoft.com.
4.	You can obtain Steganography software from http://www.outguess.com or http://www.stegoarchive.com.
5.	The hackers use trial-and-error methods to break the algorithms, and hence statistically, they will succeed! Every credit card holder is given a PIN, which is a 4-digit number. If the hacker tries these numbers systematically, he has to try all the possible 9999 combinations to succeed. However, the credit card company generates the PIN using an algorithm, and if the algorithm is stolen, the job is very simple!
6.	To tap a telephone, you need to have a PC into which the interactive voice response hardware (a PC add-on card) is plugged in. The IVR hardware has to be connected in parallel to the telephone. The software running on the PC should be automatically invoked when the telephone is lifted, and the entire conversation needs to be recorded on the PC.

Projects

1. Develop software to tap the telephone conversations in your office. You can connect a voice/data modem in parallel to the telephone. The modem is connected to a PC. When an incoming call is received and the telephone is picked up, the conversation has to be recorded in the PC automatically.

2. Develop a microcontroller (for example, 8051 or 8085) based embedded system that can be connected in parallel to the telephone for tapping telephone calls. The embedded system should have enough memory to store speech up to 15 minutes. You can use low bit rate coding chips to reduce the memory requirement.

3. Develop steganography software to embed secret text messages in a voice file. To ensure that there is no degradation in the voice quality, you can replace the least significant bit of each voice sample value with one bit of the secret message. You also need to write the software to retrieve the secret message from the stegano.

4. Develop steganography software to embed secret text messages in an image file. You can use the same strategy as in Project #3 or use a more sophisticated image processing technique.

5. Develop software that implements the Data Encryption Standard (DES) algorithm.

6. Develop a firewall that can be run on the proxy server of your LAN whose job is to filter all packets from a given IP address. This IP address corresponds to the address of a node on the LAN.