Hiding in plain sight Principles f stegangraphy CS349 Cryptgraphy Department f Cmputer Science Wellesley Cllege The prisners prblem Stegangraphy 1-2 1
Secret writing Lemn juice is very nearly clear s it it des nt shw n paper when dry. When heated, the lemn juice starts t burn. The released carbn shws up as brwn writing n the page. *Many thanks t Planet Science at www.scienceyear.cm. Stegangraphy 1-3 Acrstics Yur friend Wendy is nt such a bad srt. The key is t get her t tell yu abut Wellesley. She is excited abut her 15th reunin and has sme half baked idea abut ging incgnit. Wish we weren t in this place s we culd g t. I m sure that this weekend is ging t rain. Wuldn t that take the cake. Our friend waits all year fr the pprtunity t Leave wrk early and the weather at its best will be dreadful. Well, we must wait fr dawn t knw fr sure. Stegangraphy 1-4 2
Grilles The grille, credited t Gernim Cardan, imprves upn the simple acrstic. Cardan suggested cpying ut the message three times, t remve any irregularities in the size r spacing f the letters. Stegangraphy 1-5 Musical acrstics Gaspar Schtt (1608-1666) discussed hiding messages in music scres where each nte crrespnded t a letter. J.S. Bach embedded his name in the rgan chrale Vr deinen Thrn using the rule: if the ith nte f the scale ccurs k times, then the kth letter f the allphabet is t be entered in the ith place. Stegangraphy 1-6 3
Framewrk fr secret cmmunicatin Stegangraphy 1-7 Pure versus secret key stegangraphy Pure stegangraphic systems d nt require prir exchange f secret infrmatin ther than an agreement n the embedding and extractin algrithms. Secret key stegangraphy system are similar t symmetric ciphers: the sender chses a cver c and embeds the secret message int c using a secret key. Stegangraphy 1-8 4
Kerckhff s 1 st principle f cryptgraphy Assume the methd used t encipher data is knwn t the ppnent; security must lie nly in the chice f the key.* *Hw des this apply t stegangraphy? Stegangraphy 1-9 Perfect security Let P S the prbability distributin f stegcvers sent via the channel, and P C the prbability distributin f the set f cvers. A stegangraphic system is called e-secure against passive attackers, if D(P C P S ) e, and perfectly secure if e = 0. Where, P D(P C P S ) = P C (q)lg C (q) Â 2 qœq P S (q) is the relative entrpy between the tw distributins P C and P S. Stegangraphy 1-10 5
A perfectly secure steg system Therem. There exists a perfectly secure stegangraphic system. Prf. Let C be the set f all bit strings f length n, P C the unifrm distributin n C, and e Œ C the secret message. The sender selects ne c Œ C at randm and cmputes s = c XOR e. The resulting steg-cvers s are unifrmly distributed n C, s P C = P S. Stegangraphy 1-11 Detecting secret messages T decide whether a cver cntains secret infrmatin r nt Wendy defines a test functin secretinf: C -> {true, false}. Wendy makes a type-ii errr (prbability b) if she fails t detect a hidden message. She makes a type-i errr (prbability a) if she falsely detects a hidden message in a cver that has nne. Stegangraphy 1-12 6
Cachin s Therem Therem. In an e-secure steg system, a lg 2 a 1 - b + (1 -a)lg 1 -a 2 e b In particular, if a = 0, then b 2 -e Stegangraphy 1-13 Hiding in the nise The general principle underlying mst stegangraphic methds is t place the secret message in the nise cmpnent f a signal. If this is pssible in such a way that the result is indistinguishable frm true randm nise, an attacker has n chance f detecting a secret cmmunicatin. Stegangraphy 1-14 7
Wendy ges n the ffensive Stegangraphic systems are extremely sensitive t cver mdificatins. An active attacker, wh is nt able t extract r prve the existence f a secret message might simply add randm nise t the transmitted cver and s try t destry the infrmatin. Stegangraphy 1-15 Rbustness A secret key stegangraphic system is P-rbust fr sme class P f mappings C -> C, if fr all p Œ P D K (p(e K (c, m))) = D K (E K (c,m)) = m. There is a trade-ff between security and rbustness. The mre rbust a system, the less secure since rbustness can nly be achieved by redundant infrmatin. Stegangraphy 1-16 8
Resistance t minr changes Supraliminal channel: Infrmatin hidden in plain sight, s bviusly, in fact that it is impssible t mdify withut grss mdificatin f the transmitted bject. Cver-plt: A frmal descriptin f the perceptually significant parts f the cver. Cver-plt functin: A mapping f frm cver-plts t {0, 1} n. Stegangraphy 1-17 Alice uses a supraliminal channel Stegangraphy 1-18 9