Overcoming the suspicion in transmission scheme based on CDES
Oral exam Speaker : Wei-Shin Pan
Advisor : Quincy Wu
2
Outline
• Introduction • Related work
– A Confused Document Encrypting Schemes and its Implementation (Lin & Lee ,1998)
• System model– CDES module – Compression module – Encryption module – Image hiding module
• Implementation– Environment– Experiment
• Conclusion & Future work
4
• The “Personal Privacy” becomes a popular section in information security over Internet.
• Information Hiding ( Steganography ) and Cryptography accomplish secret communication between you and me.
6
Motivation
• Provide a secret communication service for Email over Internet and demonstrate how Email services can be protected in my system
• CDES (Confused Document Encrypting Scheme) is a technique for data hiding, which sends a meaningful message to deceive the eavesdropper and increase the security
• Add the image hiding technique
7
Transmitting many cheating text files
+Plaintext index file (PIF)
A Confused Document Encrypting Scheme and its Implementation (Lin & Lee ,1998)
Plaintext
From : [email protected] : [email protected]: Hello !Body---------------------------------------------------------------------------Confused Document Encrypting SchemeAttachments-----------------------------------------------------------------(1) ID-0005.txt(2) ID-0019.txt(3) ID-5597.txt(4) ID-2468.txt(5) ID-9870.txt(5) Encrypted plaintext index file + (Encrypted-ID 0019)
An encrypted file
Eavesdropper
Concept
8
Emoticon
It is a main method in my concept. It uses the image hiding technique to hide the PIF file in an image file. For example, (Smile face), (Sad face).
Text
9
Information Hiding
• Use any media to hide secret information.
• the hacker cannot sense something when he intercepts the media, because it is common behavior.
Secret information
11
CDES
• Confused Document Encrypting Scheme (CDES), Lin& Lee,1998 [1]
• Elements of CDES– Cheating text– Plaintext – Character position table (CPT)– Plaintext Index file (PIF)– Key
12
Does the cheating text contains all of the
different characters in the plaintext?
Generate the character’s position table (CPT) of the cheating text
Input cheating text
Input plaintext
Encrypt the ID
Generate plaintext index file (PIF) by random
Randomly generate an ID for the cheating text
Compress the PIF
Encrypt the compressed PIF
Put the encrypted ID in the head of the encrypted and compressed PIF
Send out the compressed and encrypted PIF and the cheating text involving an ID
Receiver
Sender
2-nd key
1-st key
No
Yes
(CDES,Lin&Lee,1998 [1])
Sender
13
Decrypt the encrypted ID in the given PIF
Does find out the corresponding cheating
text?
Decrypt the given PIF
Generate the character’s position table (CPT) of the cheating text
Decompress the given PIF
Use the CPT and the PIF to reverse the original plaintext
Plaintext output
Receiver
(CDES,Lin&Lee,1998 [1])
No, wait the correct cheating text to come
2-nd key
1-st keyYes
No
CPT & PIF
14
Input Plaintext : Cat is my pet.{C, a , t , i, s , m , y , p , e , . , □}Cheating text : Computer security is important.{C, o , m , p, u , t , e , r , s , c , i , y , a , n , . , □}
Character Position record
C 1o 2 , 25m 3 , 23p 4 , 24u 5 , 13t 6 , 16 ,
27 , 30e 7 , 11r 8 , 14, 26s 10 , 20c 12i 15 , 19 ,
22y 17a 28n 29. 31□ 9 , 18 , 21
Table 1. Characters Position Table(CPT)
1 28 6 … … … …
Plaintext index file(PIF)
16
CDES module
Plaintext Cheating text
CPT generated
PIF generated
Compression module
Encryption module
Compress the PIF
Encrypt the compressed PIF
Image-Hiding module
Hiding the PIF in image
System model
Send out via E-mail
17
Text + photo
今晚我們去喝杯 City咖啡吧 .
Cheating text
PIF
這裡是秘密訊息 : 今晚8:00 在科三 409 見面
The proposal is based on Confused Document Encrypting Scheme
Sent out via Email
It looks OK !
Eavesdropper
18
CDES Module
• Feature– Sender :Generate the CPT by the cheating
text, and the plaintext will generate PIF by CPT
– Receiver :Use the CPT and the PIF to reverse the original plaintext
19
Compression Module
• Feature– It provides compression/decompression for
the plaintext index file(PIF), because the PIF size will be large.
– It uses the LZMA algorithm
20
Data Compression
• Reduce the data size.• Decrease transmission time• Increase security of data• Lower the cost• Compression type
– Lossless data compression (Huffman coding, LZ series)– Lossy data compression (Prediction by Partial Match series)
21
LZMA algorithm
• Dictionary coding – Dictionary size increased → Higher compression
rate ↑ and lower speed ↓Example:ABCDEFBCGXY1. {AB,BC,CD,DE,EF) will be added to the
dictionary and translated to a smallest unique-code .
2. Later, if BC has been stored in the dictionary, so it will be translated to a smallest unique-code ,and add the strings {BCG,XY} to the dictionary.
22
從窗戶外看到的景色會先存在眼睛的緩衝區從窗戶外看到的景色會先存在眼睛的緩衝區
台中我看過的地方我看過的地方
台南台中台南1
2台中 雲林
雲林 3
大腦儲存區 ( 字典 )
這地方我看過了,所以直接轉換成代碼 這地方我看過了,所以直接轉換成代碼 11 ,不再存入字典,不再存入字典
第一次看過這裡,將它存入字典第一次看過這裡,將它存入字典
LZMA Diagram
23
Encryption Module
• Feature– Encrypt the plaintext index file (PIF)– It uses the Blowfish algorithm
24
Cryptography
• It will modify the file or message to a unreadable content and receiver must use a key to decrypt the content.
M
(Encryptor) E
KEY1
(Decryptor) D
KEY2
M = Dk2(C)
Hacker
C = Ek1(M)
M ( Plaintext) = original messageC ( Cipher text) = encrypted message
Ek (M) = Encryption function
Dk (C) = Decryption function
Public area
Private area
25
Blowfish algorithm
• Symmetric block cipher
• Key sizes : 32-448 bits
• Block sizes : 64 bits
• Structure : Feistel network
• Easy to implement
• Fast encryption
26
Image-hiding Module
• Feature – It provides image hiding for the plaintext index
file (PIF)– It uses the” JPHS“ (open source software)– It uses the Blowfish algorithm to encrypt the
PIF in an image
29
Do you want to have a coffee with me ?
Do you want to have a coffee with me ?
這裡是秘密訊息 : Even if I knew that tomorrow the world would go to pieces,
I would still plant my apple tree.
31
Flow chart (Sender)
Read the plaintext
Read the cheating text
Generate the CPT of the cheating text
Generate the plaintext index file
Compress the PIF
Encrypt the compressed PIF
1-st Key
Hiding the PIF in image
Compose a mail to receiver
From : [email protected]
Subject: Hello ,magicpanx !
Do you want to have a coffee with me?
Attached file :
ncnu.jpg
PIF embedded
Cheating text
2-nd Key
32
Flow chart (Receiver)
From : [email protected]
Subject: Hello ,magicpanx !
Do you want to have a coffee with me?
Attached file :
ncnu.jpg
PIF embedded
Cheating text
Read the cheating text
Seek PIF from the attach image
Decrypt the PIF
2-nd Key
1-st Key
Generate the CPT of the cheating text
Decompress the PIF
Using the CPT and the PIF to reverse the original plaintext
Plaintext outputEven if I knew that tomorrow the world would go to
pieces, I would still plant my apple tree.
Plaintext
35
Conclusion
• Increase the security in email services
• In original CDES, the PIF was sent in encrypted form, which looks meaningless and suspicious
• Through the behavior observed in chatting, the image hiding technique is applied to hide the PIF in an emoticon or a photo, which looks meaningful
36
Future work
• The framework can use for instant message (IM), like Windows Live Messenger, Yahoo Messenger in the future work.
• Because human use the emoticon and photo in the chat, it has been a common behavior.
37
Reference
• [ 1 ] Chu-Hsing Lin and Tien-Chi Lee, “A Confused Document Encrypting Scheme and its Implementation”,Computers & Security,Vol. 17, No. 6, pp.543-551, 1998.
• [ 2 ]Wen-Hung Yeh and Jing-Jang Hwang, “Hiding Digital Information Using a Novel System Scheme”, Elsevier Science Ltd, 2001.
• [ 3 ]Yeh, W. H. and Hwang J. J., "A scheme of hiding secret Chinese information in confused documents" , Journal of Information Management, Vol.7 (2),2001b, pp. 183-191
• [ 4 ]Bi-feng Liang, etc, “On the study and implementation for confused document encrypting scheme of data hiding”, Technical Report, Department of Information Management, Ta Hwa Institute of Technology, R.O.C.,2002.
• [ 5 ]Tzu-jung Yao and Quincy Wu, "On the Study of Overhead Reduction for Confused Document Encrypting Schemes", International Conference on Multimedia Computing and Information Technology (MCIT 2010) University of Sharjah(UoS), Sharjah, United Arab Emirates (UAE), March 2-4, 2010.