Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH

Published byAubrey McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH"— Presentation transcript:

1 Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH Robert.sherman@sinclair.edu

2 Steganography and Cryptography Fascinating but difficult topics for students Fascinating but difficult topics for students Very strong mathematical link Very strong mathematical link We use encryption almost every time we’re online We use encryption almost every time we’re online How can we educate, excite and motivate our students!! How can we educate, excite and motivate our students!!

3 Steganography and Cryptography Cryptography and Network Security Cryptography and Network Security William Stallings, 5 th Edition William Stallings, 5 th Edition Prentice Hall Prentice Hall ISBN: 0-13-609074-9 ISBN: 0-13-609074-9

4 Steganography and Cryptography http://en.wikipedia.org/wiki/Stegano graphy http://en.wikipedia.org/wiki/Stegano graphy http://en.wikipedia.org/wiki/Stegano graphy http://en.wikipedia.org/wiki/Stegano graphy Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity.security through obscuritysecurity through obscurity

5 Steganography and Cryptography http://en.wikipedia.org/wiki/Steg anography http://en.wikipedia.org/wiki/Steg anography http://en.wikipedia.org/wiki/Steg anography http://en.wikipedia.org/wiki/Steg anography The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion. cryptography

6 Steganography and Cryptography Digital cameras and image sizes Digital cameras and image sizes Nikon D300 has a 12 megapixel sensor Nikon D300 has a 12 megapixel sensor Approximately 4000 x 3000 pixels Approximately 4000 x 3000 pixels Common image storage techniques uses 3 bytes or 24 bits for each pixel Common image storage techniques uses 3 bytes or 24 bits for each pixel One byte used for red, green and blue color associated with each pixel One byte used for red, green and blue color associated with each pixel

7 Steganography and Cryptography 12 megapixel image could be as large as 36 megabytes in size 12 megapixel image could be as large as 36 megabytes in size That image is commonly compressed and stored as a JPEG file type That image is commonly compressed and stored as a JPEG file type That image stored as a JPEG fine image would be 6-8 MBs That image stored as a JPEG fine image would be 6-8 MBs Steganography uses the least significant bit of each byte for the purpose of holding the “hidden” data Steganography uses the least significant bit of each byte for the purpose of holding the “hidden” data

8 Steganography and Cryptography Steganography is the ability to hide an object inside another object Steganography is the ability to hide an object inside another object The viewer is not even aware of the hidden object The viewer is not even aware of the hidden object For example consider these two different pictures: For example consider these two different pictures:

9 Steganography and Cryptography

10

11

12 Actually these two pictures are not the same Actually these two pictures are not the same The picture on the right has a text document hidden inside of it The picture on the right has a text document hidden inside of it A secret message that the viewer doesn’t even know exists!! A secret message that the viewer doesn’t even know exists!!

13

14 Steganography and Cryptography jphide: a tool to embed a file in a digital image jphide: a tool to embed a file in a digital image jpseek: a tool to retrieve a file from a digital image jpseek: a tool to retrieve a file from a digital image Requires a shared secret (password) known to both parties Requires a shared secret (password) known to both parties

15 Steganography and Cryptography For example…….

16 http://www.outguess.org/detection. php http://www.outguess.org/detection. php http://www.outguess.org/detection. php http://www.outguess.org/detection. php

17 Steganography and Cryptography “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” USA Today, 10 July, 2002. “Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com….The volume of the messages has nearly doubled in the past month, indicating to some U.S. intelligence officials that al-Qaeda is planning another attack.” USA Today, 10 July, 2002. “Authorities also are investigating information from detainees that suggests al Qaeda members -- and possibly even bin Laden -- are hiding messages inside photographic files on pornographic Web sites.”- CNN, 23 July, 2002 Wired News reported that messages are being hidden in images posted on Internet auction sites like eBay or Amazon. Some government sources suspect that Laden’s pre- recorded videos that are re-played on TV stations around the world contain hidden messages. Could the 9/11 attacks have been one of these activities?Could the 9/11 attacks have been one of these activities? Intelligence experts suspect that individuals use embedded Internet messages to communicate covertly.Intelligence experts suspect that individuals use embedded Internet messages to communicate covertly. Will future terrorist attacks be coordinated thus?Will future terrorist attacks be coordinated thus? After September 11th, the popular press reported on a regular basis that the al Qaeda terrorist network was using steganography to pass information covertly

18 Steganography and Cryptography “We will use whatever tools we can—emails, the Internet—to facilitate jihad…We have the best minds working with us.” “We will use whatever tools we can—emails, the Internet—to facilitate jihad…We have the best minds working with us.” -Sheik Ahmed Yassin, founder of Hamas -Sheik Ahmed Yassin, founder of Hamas Our adversaries rely upon stealthy communications to conceal their illicit activities

19 Steganography and Cryptography We use it nearly every day! We use it nearly every day! It’s been used for thousands of years! It’s been used for thousands of years! It protects our communications, transactions and data! It protects our communications, transactions and data! It helps keep us safer! It helps keep us safer!

20 Ciphers provide a method of taking normal text (plaintext) and converting it to encrypted text (ciphertext). Ciphers provide a method of taking normal text (plaintext) and converting it to encrypted text (ciphertext). You might see the text but it would be unintelligble to you. You might see the text but it would be unintelligble to you. Substitution ciphers are one of the oldest forms and have been used for thousands of years to encrypt communication. Substitution ciphers are one of the oldest forms and have been used for thousands of years to encrypt communication. Steganography and Cryptography

21 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C A substitution cipher might look like this:

22 Steganography and Cryptography The money is hidden in the backpack Becomes….

23 Becomes…. Wkh prqhb lv klgghq lq wkh edfnsdfn Steganography and Cryptography

24 iuhh slccd iru oxqfk wrgdb Becomes… Steganography and Cryptography

25 iuhh slccd iru oxqfk wrgdb Becomes… Free pizza for lunch today

26 Steganography and Cryptography The “key” in this example is 3 The “key” in this example is 3 The “key” is used in both the encryption and the decryption process The “key” is used in both the encryption and the decryption process The “key” must be known to both parties but kept secret from others! The “key” must be known to both parties but kept secret from others!

27 Steganography and Cryptography Symmetric cryptography Symmetric cryptography Also known as “secret key”Also known as “secret key” A single key performs both functions: encrypt and decryptA single key performs both functions: encrypt and decrypt If the key becomes known by others, confidentiality is lostIf the key becomes known by others, confidentiality is lost How many keys are needed?! How many keys are needed?!

28 Steganography and Cryptography Asymmetric cryptography Asymmetric cryptography Two keysTwo keys One public; one privateOne public; one private One encrypts and the other decryptsOne encrypts and the other decrypts The public key is available to everyoneThe public key is available to everyone The private key is known only to its ownerThe private key is known only to its owner

29 Steganography and Cryptography We use cryptography on the web every day! We use cryptography on the web every day! Secure web sites Secure web sites HTTPS and digital certificates HTTPS and digital certificates https://mail.sinclair.edu/exchange/ https://mail.sinclair.edu/exchange/ https://mail.sinclair.edu/exchange/

30

31

32

33

34

35 Steganography and Cryptography Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Socket Layer (SSL) and Transport Layer Security (TLS) Client and server exchange a sequence of messages that results in the server providing its certificate to the client Client and server exchange a sequence of messages that results in the server providing its certificate to the client The client (browser) chooses a “key” and encrypts it with the server’s public key and sends it to the server The client (browser) chooses a “key” and encrypts it with the server’s public key and sends it to the server

36 Steganography and Cryptography The server decrypts that key (using its private key) The server decrypts that key (using its private key) The client and server have now securely exchanged a “secret key” The client and server have now securely exchanged a “secret key” That key is used by both parties to calculate another key using the Diffie Hellman algorithm That key is used by both parties to calculate another key using the Diffie Hellman algorithm

37 Steganography and Cryptography That key is used by both parties for the online session That key is used by both parties for the online session The key is used to encrypt and decrypt all messages exchanged between client and server The key is used to encrypt and decrypt all messages exchanged between client and server The key can be changed periodically during the connection and is discarded at the end of the session The key can be changed periodically during the connection and is discarded at the end of the session

38 Steganography and Cryptography We actually use both symmetric and asymmetric cryptography every time we visit a secure web site! We actually use both symmetric and asymmetric cryptography every time we visit a secure web site!

39 Steganography and Cryptography We can use Wireshark or any other network monitor tool to capture and view all of this traffic. For example…..

40 Related topics…. Hashing Hashing MD5MD5 SHA-1SHA-1 IPSec IPSec Another way to provide for secure transport of dataAnother way to provide for secure transport of data Virtual Private Networks (VPNs) Virtual Private Networks (VPNs)

41 Steganography and Cryptography What works for you? What works for you? Ideas to share? Ideas to share? Comments? Comments? Robert.sherman@sinclair.edu

Download ppt "Bob Sherman, MCSE, CISSP Sinclair Community College Dayton, OH"

Similar presentations

Cryptography Ch-1 prepared by: Diwan.

Cryptography Ch-1 prepared by: Diwan.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Wireless Encryption By: Kara Dolansky Network Management Spring 2009.

Wireless Encryption By: Kara Dolansky Network Management Spring 2009.
Overview of Digital Stenography

Overview of Digital Stenography
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
CSCI 530L Steganography and Steganalysis. Administrative issues If you have not yet signed up for a Lab Section, do so now. Most lab sections are full.

CSCI 530L Steganography and Steganalysis. Administrative issues If you have not yet signed up for a Lab Section, do so now. Most lab sections are full.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
CS 591 C3S C ryptography & S teganography S ecure S ystem By: Osama Khaleel.

CS 591 C3S C ryptography & S teganography S ecure S ystem By: Osama Khaleel.

Similar presentations

Ads by Google