As data hiding detection and forensic techniques have matured, people are creating more advanced stealth methods for spying, corporate espionage, terrorism, and cyber warfare all to avoid detection. Data Hiding provides an exploration into the present day and next generation of tools and techniques used in covert communications, advanced malware methods and data concealment tactics. The hiding techniques outlined include the latest technologies including mobile devices, multimedia, virtualization and others. These concepts provide corporate, goverment and military personnel with the knowledge to investigate and defend against insider threats, spy techniques, espionage, advanced malware and secret communications. By understanding the plethora of threats, you will gain an understanding of the methods to defend oneself from these threats through detection, investigation, mitigation and prevention.
- Provides many real-world examples of data concealment on the latest technologies including iOS, Android, VMware, MacOS X, Linux and Windows 7
- Dives deep into the less known approaches to data hiding, covert communications, and advanced malware
- Includes never before published information about next generation methods of data hiding
- Outlines a well-defined methodology for countering threats
- Looks ahead at future predictions fordata hiding
|Edition description:||New Edition|
|Product dimensions:||7.50(w) x 9.10(h) x 0.70(d)|
About the Author
Michael Raggo (CISSP, NSA-IAM, ACE, CSI) has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise. Michael is the author of “Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols” for Syngress Books. A former security trainer, Michael has briefed international defense agencies including the FBI and Pentagon, is a participating member of the PCI Mobile Task Force, and is a frequent presenter at security conferences, including Black Hat, DEF CON, DoD Cyber Crime, InfoSec, SANS, and OWASP.Chet Hosmer is the Chief Scientist and Sr. Vice President at Allen Corporation and a co-founder of WetStone Technologies, Inc. Chet has been researching and developing technology and training surrounding data hiding, steganography and watermarking for over a decade. He has made numerous appearances to discuss the threat steganography poses including National Public Radio's Kojo Nmadi show, ABC's Primetime Thursday, NHK Japan, CrimeCrime TechTV and ABC News Australia. He has also been a frequent contributor to technical and news stories relating to steganography and has been interviewed and quoted by IEEE, The New York Times, The Washington Post, Government Computer News, Salon.com and Wired magazine. Chet also serves as a visiting professor at Utica college where he teaches in the Cybersecurity Graduate program. Chet delivers keynote and plenary talks on various cyber security related topics around the world each year.
Read an Excerpt
Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols
By Michael Raggo, Chet Hosmer
Elsevier ScienceCopyright © 2013 Elsevier, Inc.
All rights reserved.
Excerpt<h2>CHAPTER 1</h2> <p>History of Secret Writing</p> <br> <p><b>CONTENTS</b><br> <br> Introduction 1<br> Cryptology 2<br> <i>Substitution Cipher 3<br> Caesar 3<br> Coded Radio Messages and<br> Morse Code 5<br> Vigenere Cipher 6<br> Transposition Cipher 8<br> Spartan Scytale 9<br> The Difference Between<br> Substitution Ciphers and<br> Transposition Ciphers 10<br> Steganography 10<br> Cardano's Grille 11<br> Invisible Ink 13<br> Microdots 13<br> Printer Tracking Dots 14<br> Watermarks 16</i><br> Summary 17<br> References 17<br></p> <br> <p><b>INFORMATION IN THIS CHAPTER:</b></p> <p>* Introduction</p> <p>* Cryptology</p> <p>* Steganography</p> <br> <p><b>INTRODUCTION</b></p> <p>Data Hiding transcends nearly every aspect of our daily lives, whether it be for good intent or evil. It stemmed from secret writing thousands of years ago, as cited by David Kahn and many historians. It originated in Egyptian civilization in the form of hieroglyphs, intended as symbolic representations of historical timelines for particular lords. Other cultures of the time, such as the Chinese, took a more physical approach to hiding messages by writing them on silk or paper, rolling it into ball, and covering it with wax to communicate political or military secrets. For added security measures, the ball was even be swallowed during transit. As civilization evolved, forms of covert communications became more sophisticated and cryptograms and anagrams advanced.</p> <p><b>David Kahn's</b> The Codebreakers is arguably the most comprehensive historical book about Secret Communications through the ages. Below is a timeline of some of the most notable innovations over the centuries dating back to Egypt and China (see <b>Figure 1.1</b>).</p> <p>As evident throughout history, secret writing evolved from the need for covert communications. And what is used by our own militaries today to protect us from evil intent, is also used by our enemies to attack our well being. As technology has evolved, so have the ways in which data hiding is used. Today, it is commonly used in corporate espionage, spy communication, malware, child exploitation, and terrorism. Malicious data hiding occurs daily all around us, and many times undetected.</p> <p>In this book we hope to enlighten you, the reader, with information about the many ways in which data hiding is used, from physical mediums to digital mediums. Although there is the ongoing threat of criminal activity, data hiding is actually a very interesting and fun hobby and for some people, a career. Let's begin by reviewing the history behind what brought us to digital data hiding, by reviewing many of the techniques of our ancestors and the basis behind cryptography and steganography.</p> <br> <p><b>CRYPTOLOGY</b></p> <p>Cryptograms and anagrams are commonly found in newspapers and puzzle books. Cryptograms substitute one character for another. In terms of the alphabet, one letter is substituted for another. The goal of the cryptogram is for the individual to determine what letters are substitutes for others, and use this substitution to reveal the original message. In anagrams, the characters that make-up a message are rearranged rather than substituted.</p> <p>In either case, the message is made secret by the method or algorithm used to scramble it. There is typically also a key known only to the sender and receiver, such that no one else can read or decipher the message. This secret message is commonly referred to as a cipher text. An eavesdropper cannot read the message unless they determine the algorithm and key. The process of decoding the message is referred to as <i>cryptanalysis</i> (see <b>Figure 1.2</b>).</p> <br> <p><b>Substitution Cipher</b></p> <p>In cryptography, a substitution cipher is a method of encryption in which plaintext is substituted with cipher text using a particular method or algorithm. The plaintext can be replaced by letters, numbers, symbols, etc. The algorithm defines how the substitution will occur and is based upon a key. Therefore, the recipient of the message must know the algorithm and the key (or keying mechanism) in order to decipher the message. When the recipient receives the encrypted message, he/she will use this known substitution algorithm, to decipher the message to reveal the plaintext message.</p> <br> <p><b><i>Caesar</i></b></p> <p>Julius Caesar (100–44 B.C.) initially created a substitution cipher for military purposes that involved substituting Greek letters for Roman letters, thereby making the message unreadable to the enemy. Caesar later created the more commonly known Shift Cipher. Caesar simply shifted the letters of the alphabet by a specified ammount. This shifted alphabet was then used for the substitution cipher. In both cases, the original alphabet was substituted by a different character substitution, also referred to as a cipher alphabet or monoalphabetic cipher. For example:</p> <p>A B C D E F G H I J K L M N O P Q R S T U V W X Y Z F G H I J K L M N O P Q R S T U V W X Y Z A B C D E</p> <p>Using the cipher alphabet we can generate a ciphertext message:</p> <p>Plaintext Message=STEGANOGRAPHY RULES</p> <p>Ciphertext Message=XYJLFILWFUMD WZQJX</p> <br> <p>Although considered a weak cipher by today's standards with the computing power available today, it still exists today primarily in the form of entertainment from everything from newspaper cryptograms to children's secret decoder rings. For example, one of the promotional items from the <b>Johnny Quest</b> cartoon was a secret decoder ring. Children could use the ring to encode secret messages in a substitution cipher format. A little known fact about the decoder ring is that it also included a secret compartment, as well as a sun flasher (see <b>Figure 1.3</b>).</p> <p>Caesar's language substitution cipher approach was also used in WWII by the Navajo code talkers. At the time, the Navajo Indians spoke in a dialect unfamiliar to most other people, including other Indian tribes. As a result, the 29 Navajos were recruited into the Marine Corps to support the war effort. The Marine Corps used the Navajo Code as a secure means of translating English to Navajo for communications while on the battlefield. Since Navajo speak was unknown to anyone except Navajo tribe members and a handful of Americans, it was practically impossible to impersonate.</p> <br> <p><b><i>Coded Radio Messages and Morse Code</i></b></p> <p>In the 1830s, Samuel Morse created a code for sending messages over telegraph. Morse substituted a series of dots and dashes to represent each letter of the alphabet. This code commonly known today as Morse code, was a simple substitution of a character for a letter of the alphabet and punctuation (see <b>Figure 1.4</b>).</p> <p>An example of the Morse code substitution cipher is used in the Rush song "YYZ." Interestingly enough YYZ is the airport code for Toronto, Canada, Rush's home town. In Morse code, the letter Y is "-. - -" and the letter Z is "-. ." Coverting YYZ to Morse code you have: YYZ = "-. - - -. - - - -. ." or "dash dot dash dash dash dot dash dash dash dash dot dot." Unbeknownst to most people, this is the basis for the intro to the song.</p> <p>Some argue that Morse code is not a substitution cipher, because its intentions were not to hide the message, but rather use it as a form of communications at a time when telephone was yet to be invented. Yet it is a form of substitution and represents a form of code substitution. And transposition forms of it were used during the last few wars. In fact, most people listening to the song YYZ have no idea that it even begins with Morse code, thereby making this a form of message hiding (steganography).</p> <br> <p><b><i>Vigenere Cipher</i></b></p> <p>The <b>Vigenere cipher</b> was originally created by a group of intellectuals but was finally organized into a cipher by the fellow whose name it acquired Blaise de Vigenere. Rather than base the substitution on a single alphabet of letters, Vigenere created it based on 26 alphabets (see <b>Figure 1.5</b>).</p> <p>Using only one column in the Vigenere table would be the equivalent of the <b>Caesar Shift Cipher</b>. Therefore the Vigenere table is designed such that multiple rows are used. A different row is used for each letter to be ciphered. This is performed by assigning a keyword to the ciphering approach. For example, if we chose a keyword of "combo" and use the Vigenere table we could cipher the following message:</p> <p>Message: thekeyisunderthedoormat</p> <p>Keyword: combo</p> <p>Ciphertext: vvqlsawevbfsduvgamu</p> <br> <p>This form of substitution cipher is known as polyalphabetic, because it uses multiple alphabets to perform the ciphering, as opposed to the monoalphabetic Caesar Shift Cipher. When released, the Vigenere cipher was impenetrable. For example, the Caesar Shift Cipher could be cracked by a cryptanalyst using frequency analysis, whereby certain letters such as e and n are more commonly found in words, whereas x and z not. Understanding this flaw allowed cryptanalysts to decrypt a message. <b>Figure 1.6</b> outlines English language letter frequency from highest frequency to lowest frequency of occurrence.</p> <p>In addition to frequency analysis, cryptanalysts also used linguistic characteristics to decipher messages. For example, the combination of "io" appears quite commonly in a word in the English language, whereas the combination of "oi" is rare. Ancient cryptanalysts would actually use lists of letters that are never found together in a word, thus allowing certain combinations to be eliminated immediately. But this assumes that you know the language that the message is written in, which is not always the case. Could it be Spanish, French, or something else? This distinction is critical to the cryptanalyst.</p> <p>The Vigenere cipher had far more keys in its substitution implementation, making it practically impossible to crack using frequency analysis or linguistic analysis. Vigenere also included the complexity of the vast number of possible keys and key lengths. It is for this reason that the Vigenere cipher endured hundreds of years of secure use until 1854 when Charles Babbage was credited with performing successful cryptanalysis on the Vigenere cipher. Many tools exist today on the web for enciphering messages using the Vigenere cipher. These tools are commonly found on the Internet, thus allowing virtually anyone the ability to encode a message (see <b>Figure 1.7</b>).</p> <p>Even though the Vigenere cipher is considered inherently weak by today's standards and computing power, it is still found in many ciphering implementations. For example, a hybrid of the Vigenere cipher is used in the <b>Cisco</b> IOS found on routers and other networking devices. Although MD5 (Message Digest Algorithm) hashing is a supported option within the IOS, many Cisco devices still use the Password 7 hashing (a hybrid of the Vigenere cipher). There are a plethora of tools available for decoding the Password 7 hashing for the Cisco IOS. Therefore it is highly recommended that network administrators change the default hashing mechanism from Password 7 to MD5, since the weaknesses in the Vigenere cipher are well known (see <b>Figure 1.8</b>).</p> <br> <p><b>Transposition Cipher</b></p> <p>Another form of enciphering technique is known as a transposition cipher. This involves rearranging the letters of a plaintext message. The letters themselves remain intact, but are rather simply repositioned. Transposition ciphers are also commonly found in newspapers and puzzle magazines and are commonly referred to as "jumbles" or anagrams. For example,</p> <p>Hiddenmessage => dihegassemned</p> <p>These types of transposition ciphers can be relatively easy to crack. So let's take a look at some more complex implementations of transposition ciphers.</p> <br> <p><b><i>Spartan Scytale</i></b></p> <p>Probably one of the oldest known implementations of the transposition cipher was the <b>Spartan Scytale</b> (also commonly spelled as Skytale). In ancient Greece (around 475 B.C.), the Spartan army commanders created a Scytale, a device they designed for sending secret messages (<b>Figure 1.9</b>). The army commanders would wrap a strip of parchment or leather around the Scytale wooden staff. They would then write the secret message along the length of the staff. The message would then be unwound from the staff and delivered to another commander. If intercepted by the enemy, the message would be meaningless without the correct size wooden staff, and would appear as a jumble of letters. The receiving commander would then take his identical Scytale and would wrap the message strip around it to reveal the secret message. This repositioning technique is one of the earliest known transposition ciphers.
Excerpted from Data Hiding by Michael Raggo. Copyright © 2013 by Elsevier, Inc.. Excerpted by permission of Elsevier Science.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.
Table of Contents
Chapter 1 History of Secret Writing
Chapter 2 Four Easy Data Hiding Exercises
Chapter 3 Steganography
Chapter 4 Multimedia Data Hiding
Chapter 5 Data Hiding among Android Mobile Devices
Chapter 6 Apple iOS Data Hiding
Chapter 7 Operating System Data Hiding
Chapter 8 Virtual Data Hiding
Chapter 9 Data Hiding in Network Protocols
Chapter 10 Forensics and Anti-Forensics
Chapter 11 Mitigation Strategies
Chapter 12 Futures