Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH

Slides:



Advertisements
Similar presentations
Cryptography Ch-1 prepared by: Diwan.
Advertisements

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Overview of Digital Stenography
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
CSCI 530L Steganography and Steganalysis. Administrative issues If you have not yet signed up for a Lab Section, do so now. Most lab sections are full.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
CS 591 C3S C ryptography & S teganography S ecure S ystem By: Osama Khaleel.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Chapter 20: Network Security Business Data Communications, 4e.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Exploring Steganography: Seeing the Unseen Neil F. Johnson Sushil Jajodia George Mason University.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
Linux Networking and Security Chapter 8 Making Data Secure.
S TEGANOGRAPHY The Art of Message Hiding. Cryptography: Securing Information in the Digital Age Part 1: Introduction to Steganography Part 2: Hands-on.
每时每刻 可信安全 1The DES algorithm is an example of what type of cryptography? A Secret Key B Two-key C Asymmetric Key D Public Key A.
Computer encryption is… Based on the science of cryptography.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Dr. Susan Al Naqshbandi The word “Cryptography” is derived from Greek words κρυπτός kryptós meaning “hidden” and γράφω gráfo meaning.
Types of Electronic Infection
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.
Public Key Encryption.
Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Invitation to Computer Science 5 th Edition Chapter 8 Information Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Digital Steganography Jared Schmidt. In This Presentation… Digital Steganography Common Methods in Images Network Steganography Uses Steganalysis o Detecting.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.
ENGR 101 Compression and Encryption. Todays Lecture  Encryption  Symmetric Ciphers  Public Key Cryptography  Hashing.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
PRESENTATION ON SECURE SOCKET LAYER (SSL) BY: ARZOO THAKUR M.E. C.S.E (REGULAR) BATCH
Web Security.
Digital Steganography
Web Applications Security Cryptography 1
Cryptography And Network Security
IS3230 Access Security Unit 9 PKI and Encryption
Visit for more Learning Resources
Unit 8 Network Security.
Presentation transcript:

Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH

Steganography and Cryptography Fascinating but difficult topics for students Fascinating but difficult topics for students Very strong mathematical link Very strong mathematical link We use encryption almost every time we’re online We use encryption almost every time we’re online How can we educate, excite and motivate our students!! How can we educate, excite and motivate our students!!

Steganography and Cryptography Cryptography and Network Security Cryptography and Network Security William Stallings, 5 th Edition William Stallings, 5 th Edition Prentice Hall Prentice Hall ISBN: ISBN:

Steganography and Cryptography graphy graphy graphy graphy Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.security through obscuritysecurity through obscurity

Steganography and Cryptography anography anography anography anography The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion. cryptography

Steganography and Cryptography Digital cameras and image sizes Digital cameras and image sizes Nikon D300 has a 12 megapixel sensor Nikon D300 has a 12 megapixel sensor Approximately 4000 x 3000 pixels Approximately 4000 x 3000 pixels Common image storage techniques uses 3 bytes or 24 bits for each pixel Common image storage techniques uses 3 bytes or 24 bits for each pixel One byte used for red, green and blue color associated with each pixel One byte used for red, green and blue color associated with each pixel

Steganography and Cryptography 12 megapixel image could be as large as 36 megabytes in size 12 megapixel image could be as large as 36 megabytes in size That image is commonly compressed and stored as a JPEG file type That image is commonly compressed and stored as a JPEG file type That image stored as a JPEG fine image would be 6-8 MBs That image stored as a JPEG fine image would be 6-8 MBs Steganography uses the least significant bit of each byte for the purpose of holding the “hidden” data Steganography uses the least significant bit of each byte for the purpose of holding the “hidden” data

Steganography and Cryptography Steganography is the ability to hide an object inside another object Steganography is the ability to hide an object inside another object The viewer is not even aware of the hidden object The viewer is not even aware of the hidden object For example consider these two different pictures: For example consider these two different pictures:

Steganography and Cryptography

Actually these two pictures are not the same Actually these two pictures are not the same The picture on the right has a text document hidden inside of it The picture on the right has a text document hidden inside of it A secret message that the viewer doesn’t even know exists!! A secret message that the viewer doesn’t even know exists!!

Steganography and Cryptography jphide: a tool to embed a file in a digital image jphide: a tool to embed a file in a digital image jpseek: a tool to retrieve a file from a digital image jpseek: a tool to retrieve a file from a digital image Requires a shared secret (password) known to both parties Requires a shared secret (password) known to both parties

Steganography and Cryptography For example…….

php php php php

Steganography and Cryptography “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” USA Today, 10 July, “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” USA Today, 10 July, “Authorities also are investigating information from detainees that suggests al Qaeda members -- and possibly even bin Laden -- are hiding messages inside photographic files on pornographic Web sites.”- CNN, 23 July, 2002 Wired News reported that messages are being hidden in images posted on Internet auction sites like eBay or Amazon. Some government sources suspect that Laden’s pre- recorded videos that are re-played on TV stations around the world contain hidden messages. Could the 9/11 attacks have been one of these activities?Could the 9/11 attacks have been one of these activities? Intelligence experts suspect that individuals use embedded Internet messages to communicate covertly.Intelligence experts suspect that individuals use embedded Internet messages to communicate covertly. Will future terrorist attacks be coordinated thus?Will future terrorist attacks be coordinated thus? After September 11th, the popular press reported on a regular basis that the al Qaeda terrorist network was using steganography to pass information covertly

Steganography and Cryptography “We will use whatever tools we can— s, the Internet—to facilitate jihad…We have the best minds working with us.” “We will use whatever tools we can— s, the Internet—to facilitate jihad…We have the best minds working with us.” -Sheik Ahmed Yassin, founder of Hamas -Sheik Ahmed Yassin, founder of Hamas Our adversaries rely upon stealthy communications to conceal their illicit activities

Steganography and Cryptography We use it nearly every day! We use it nearly every day! It’s been used for thousands of years! It’s been used for thousands of years! It protects our communications, transactions and data! It protects our communications, transactions and data! It helps keep us safer! It helps keep us safer!

Ciphers provide a method of taking normal text (plaintext) and converting it to encrypted text (ciphertext). Ciphers provide a method of taking normal text (plaintext) and converting it to encrypted text (ciphertext). You might see the text but it would be unintelligble to you. You might see the text but it would be unintelligble to you. Substitution ciphers are one of the oldest forms and have been used for thousands of years to encrypt communication. Substitution ciphers are one of the oldest forms and have been used for thousands of years to encrypt communication. Steganography and Cryptography

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C A substitution cipher might look like this:

Steganography and Cryptography The money is hidden in the backpack Becomes….

Becomes…. Wkh prqhb lv klgghq lq wkh edfnsdfn Steganography and Cryptography

iuhh slccd iru oxqfk wrgdb Becomes… Steganography and Cryptography

iuhh slccd iru oxqfk wrgdb Becomes… Free pizza for lunch today

Steganography and Cryptography The “key” in this example is 3 The “key” in this example is 3 The “key” is used in both the encryption and the decryption process The “key” is used in both the encryption and the decryption process The “key” must be known to both parties but kept secret from others! The “key” must be known to both parties but kept secret from others!

Steganography and Cryptography Symmetric cryptography Symmetric cryptography Also known as “secret key”Also known as “secret key” A single key performs both functions: encrypt and decryptA single key performs both functions: encrypt and decrypt If the key becomes known by others, confidentiality is lostIf the key becomes known by others, confidentiality is lost How many keys are needed?! How many keys are needed?!

Steganography and Cryptography Asymmetric cryptography Asymmetric cryptography Two keysTwo keys One public; one privateOne public; one private One encrypts and the other decryptsOne encrypts and the other decrypts The public key is available to everyoneThe public key is available to everyone The private key is known only to its ownerThe private key is known only to its owner

Steganography and Cryptography We use cryptography on the web every day! We use cryptography on the web every day! Secure web sites Secure web sites HTTPS and digital certificates HTTPS and digital certificates

Steganography and Cryptography Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Client and server exchange a sequence of messages that results in the server providing its certificate to the client Client and server exchange a sequence of messages that results in the server providing its certificate to the client The client (browser) chooses a “key” and encrypts it with the server’s public key and sends it to the server The client (browser) chooses a “key” and encrypts it with the server’s public key and sends it to the server

Steganography and Cryptography The server decrypts that key (using its private key) The server decrypts that key (using its private key) The client and server have now securely exchanged a “secret key” The client and server have now securely exchanged a “secret key” That key is used by both parties to calculate another key using the Diffie Hellman algorithm That key is used by both parties to calculate another key using the Diffie Hellman algorithm

Steganography and Cryptography That key is used by both parties for the online session That key is used by both parties for the online session The key is used to encrypt and decrypt all messages exchanged between client and server The key is used to encrypt and decrypt all messages exchanged between client and server The key can be changed periodically during the connection and is discarded at the end of the session The key can be changed periodically during the connection and is discarded at the end of the session

Steganography and Cryptography We actually use both symmetric and asymmetric cryptography every time we visit a secure web site! We actually use both symmetric and asymmetric cryptography every time we visit a secure web site!

Steganography and Cryptography We can use Wireshark or any other network monitor tool to capture and view all of this traffic. For example…..

Related topics…. Hashing Hashing MD5MD5 SHA-1SHA-1 IPSec IPSec Another way to provide for secure transport of dataAnother way to provide for secure transport of data Virtual Private Networks (VPNs) Virtual Private Networks (VPNs)

Steganography and Cryptography What works for you? What works for you? Ideas to share? Ideas to share? Comments? Comments?