Encryption: Image Representation Privacy/Cryptography

Information Security for… Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability Pervasiveness of email/networks Online storage of sensitive information Insecure technologies (e.g., wireless) Trend towards paperless society Weak legal protection of email privacy

History 50 B.C. Julius Caesar uses cryptographic technique 1466 Leon Alberti develops a cipher disk 1861 Union forces use a cipher during Civil War 1919 Germans develop the Engima machine for encryption 1942 Navajo windtalkers help with secure communication during World War II 1948 Claude Shannon develops statistical methods for encryption/decryption 1976 IBM develops DES 1976 Diffie – Hellman develop public key / private key cryptography 1977 Rivest – Shamir – Adleman develop the RSA algorithm for public key / private key

Basic Terminology Cryptography deals with creating documents that can be shared secretly over public communication channels Cryptographic documents are decrypted with the key associated with encryption, with the knowledge of the encryptor The word cryptography comes from the Greek words: Krypto (secret) and graphein (write) Cryptanalysis deals with finding the encryption key without the knowledge of the encryptor Cryptosystems are computer systems used to encrypt data for secure transmission and storage

Types of Secret Writing Steganography Cryptography Substitution Transposition Code Cipher

Basic Terminologies Steganography is the practice of concealing messages or information within other nonsecret text or data. The goal is to hide information. Encryptions goal is to make information unreadable . Steganography does not increase file size for hidden messages

Steganography Videos https://www.youtube.com/watch?v=TWEXCYQKyDc - Watch until 5:15 https://www.youtube.com/watch?v=cgtQHi4w9yM

Steganography Examples The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In this method, we can take the binary representation of the hidden_data and overwrite the LSB of each byte within the cover_image. If we are using 24-bit color, the amount of change will be minimal and indiscernible to the human eye. As an example, suppose that we have three adjacent pixels (nine bytes) with the following RGB encoding:

Example: 10010101 00001101 11001001 10010110 00001111 11001010 10011111 00010000 11001011 Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually compressed prior to being hidden): 101101101. If we overlay these 9 bits over the LSB of the 9 bytes above, we get the following (where bits in bold have been changed): 10010101 00001100 11001001 10010111 00001110 11001011 10011111 00010000 11001011

Steganography Steganography – covered writing – is an art of hiding information Popular contemporary steganographic technologies hide information in images New York Times, August 3rd, 2001 http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

Hiding information in pictures

Hiding information in pictures

Questions Please complete the question sheet over Steganography and Cryptography.

Caesar Cipher A substitution cipher where each plaintext letter is replaced by some letter a fixed number of spaces down in the alphabet

Caesar Cipher Open the following link https://www.khanacademy.org/computing/computer-science/cryptography/crypt/v/intro-to-cryptography Watch the first two videos (What is cryptography and The Ceaser Cipher Go to the third link and open up the Ceaser Cipher Exploration and complete the worksheet.

Basic Terminologies Keys are rules used in algorithms to convert a document into a secret document Keys are of two types: Symmetric Asymmetric A key is symmetric if the same key is used both for encryption and decryption A key is asymmetric if different keys are used for encryption and decryption

ROT13 Network data encryption / decryption using ROT13 algorithm Rotates characters by 13 places ‘A’  ‘N’, ‘M’  ‘Z’, ‘a’  ‘n’, ‘m’  ‘z’ Encryption Example: ‘Hello World’ encrypts to ‘Uryyb Jbeyq’ Decryption Example: ‘Uryyb Jbeyq’ decrypts to ‘Hello World’

Public Key Cryptography Private (symmetric, secret) key – the same key used for encryption/decryption Problem of key distribution – how to get the key safely into hands of both parties Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption Key distribution problem solved Very popular technique: Large Prime Numbers

Transmitting over an insecure channel Alice wants to send Bob a private message. Apublic is Alice’s public key. Aprivate is Alice’s private key. Bpublic is Bob’s public key. Bprivate is Bob’s private key.

Hello Bob, Wanna get together? Alice Bob encrypt using Bpublic decrypt using Bprivate

OK Alice, where do we meet? Bob decrypt using Aprivate encrypt using Apublic

Bob’s Dilemma: Authenticity of Communication Nobody can read the message from Alice, but anyone could produce it. How does Bob know that the message was really sent from Alice? What if it was from ex-girlfriend, Suzy? Bob may be comforted to know that only Alice can read his reply.

Alice can sign her message! Alice can create a digital signature and prove she sent the message (or someone with knowledge of her private key). The signature can be a message digest encrypted with Aprivate. Helps to prevent: Impostor attacks Content tampering

Digital Certificates Issued by trusted third parties known as Certificate Authorities (CAs) Verisign is a trusted third party Used to authenticate an individual or an organization Digital Certificates are usually given for a period of one year They can be revoked It is given at various security levels. The higher the security level, the CA verifies the authenticity of the certificate seeker more.

Digital Certificates Digital Certificates are part of the authentication mechanism. The other part is Digital Signature. When a user uses the digital signature, the user starts with their private key and encrypts the message and sends it. The receiver uses the sender’s public key and decrypts the message In traditional encryption, the sender uses the public key of the receiver and encrypts the message and sends it and the receiver decrypts the message with their private key

Potential Problems with Cryptographic Technologies? False sense of security if badly implemented Government regulation of cryptographic technologies/export restrictions Encryption prohibited in some countries

Video Example Example of public key cyrptography using color mixing http://www.youtube.com/watch?v=3QnD2c4Xovk&feature=g-all-esi

Privacy

Criminals Caught by Bits Dennis Rader, the “BTK Killer” http://en.wikipedia.org/wiki/Dennis_Rader Killed 10 people over 17 year period Arrested in 2005 From Wikipedia: “Police found metadata embedded in a deleted Microsoft Word document that was, unbeknownst to Rader, on the disk. The metadata, recovered using the forensic software EnCase, contained "Christ Lutheran Church", and the document was marked as last modified by "Dennis". A search of the church website turned up Dennis Rader as president of the congregation council. Police began surveillance of Rader.

Criminals Caught by Bits Video: 36:40 – 38:00 http://www.youtube.com/watch?v=S9UmhGV9fGE