![Page 1: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/1.jpg)
Steganography and Watermarking
Part II.C. Techniques and Tools:
Forensic Data Analysis
CSF: Forensics Cyber-Security Fall 2015
Nuno Santos
![Page 2: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/2.jpg)
Summary
2015/16 CSF - Nuno Santos 2
} Introduction to steganography
} Introduction to watermarking
![Page 3: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/3.jpg)
Remember were we are
2015/16 CSF - Nuno Santos 3
} Our journey in this course:
} Part I: Foundations of digital forensics
} Part II: Techniques and tools
} A. Computer forensics
} B. Network forensics
} C. Forensic data analysis Current focus
![Page 4: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/4.jpg)
Part II. Forensic data analysis
2015/16 CSF - Nuno Santos 4
} General techniques for (anti-)forensic data analysis that work independently of the data provenance
} In the rest of this course we’ll focus on two techniques:
} Data carving
} Steganography Today
![Page 5: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/5.jpg)
Introduction to steganography
2015/16 CSF - Nuno Santos 5
![Page 6: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/6.jpg)
Can you spot a difference between these images?
2015/16 CSF - Nuno Santos 6
Image A Image B
![Page 7: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/7.jpg)
Do they carry the same amount of information?
2015/16 CSF - Nuno Santos 7
} No! Image B hides a secretly encoded message
Image B
Bob stole the bank decode
Hidden message
![Page 8: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/8.jpg)
Steganography defined
2015/16 CSF - Nuno Santos 8
} Steganography: Art and science of communicating in a way that hides the existence of a message } From the Greek words steganos and graphy
} Steganography simply takes one piece of information (secret) and hides it within another (carrier / cover)
steganography
στεγανός
covered
γραφία
writing
![Page 9: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/9.jpg)
Cryptography vs. steganography
2015/16 CSF - Nuno Santos 9
} Cryptography } Is about protecting the content of messages (their meaning)
} Steganography } Is about concealing the existence of messages
![Page 10: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/10.jpg)
Why is it relevant to forensic investigators?
2015/16 CSF - Nuno Santos 10
} Used for concealment of communications in various crimes, e.g., terrorism, botnet management, data exfiltration, etc.
Hidden file upload Hidden file download
Hidden bidirectional communication
![Page 11: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/11.jpg)
Early steganography in Ancient Greece: Tattoos
2015/16 CSF - Nuno Santos 11
} In the 5th century BC, Histaiacus shaved a slave’s head, tattooed a message on his skull and the slave was dispatched with the message after his hair grew back } He wanted to instigate revolt against Persians
Today, planning the escape: tattoo contains hidden blueprints of Fox River
State Penitentiary
![Page 12: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/12.jpg)
In Ancient Rome: Invisible ink
2015/16 CSF - Nuno Santos 12
} Ancient Romans used to write between lines using invisible ink } Based on various natural substances
such as fruit juices, urine, and milk } Messages appear only when heated
Using lemon
Using milk The XXI century way: UV pen
![Page 13: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/13.jpg)
During the I and II World War: Microdot
2015/16 CSF - Nuno Santos 13
} A secret message was photographically reduced to the size of a period, and affixed as the dot for letter 'i' or other punctuation on a paper with a written message } Permitted the transmission of large amounts of printed data,
including technical drawings
![Page 14: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/14.jpg)
Another example from the WWs: Null-Cipher
2015/16 CSF - Nuno Santos 14
} Message sent by a German spy during World war-I:
PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE
NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.
![Page 15: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/15.jpg)
Another example from the WWs: Null-Cipher
2015/16 CSF - Nuno Santos 15
} Null cipher: plaintext is mixed with a large amount of non-cipher material (termed null characters)
PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE
NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY.
Pershing sails from NY June I
![Page 16: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/16.jpg)
Ideas from modern times: Drawings
2015/16 CSF - Nuno Santos 16
} In 1945, Morse code was concealed in a drawing } Hidden information is encoded onto the grass length alongside the river
![Page 17: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/17.jpg)
More drawings: Pictographs
2015/16 CSF - Nuno Santos 17
} Secret message hidden in an apparently innocuous sequence of pictographs
} In the short story of Sherlock Holmes 'The Adventures of the Dancing Men' a man tells Holmes that his wife, Elsie, receives notes with dancing men on them
![Page 18: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/18.jpg)
More drawings: Pictographs
2015/16 CSF - Nuno Santos 18
} Dancing men turned out to be a secret code } Men with a flag denote the last letter of a word
![Page 19: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/19.jpg)
More old ideas
2015/16 CSF - Nuno Santos 19
} Pinpricks in maps
} Dotted I’s and crossed T’s
} Deliberate misspellings or errors, e.g., errors in trivia books, etc
} Unusual languages: e.g., navajo, peculiar sounds used esp., in Guerilla warfare
![Page 20: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/20.jpg)
Steganography classification
2015/16 CSF - Nuno Santos 20
} Classical steganography: stenographic techniques invented prior to the use of digital media for communication
} Technical steganography } Uses technical (physical or
chemical) means to conceal the existence of a message
} Linguistic steganography } Uses the linguistic structure
as the space in which information is hidden
![Page 21: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/21.jpg)
Digital steganography
2015/16 CSF - Nuno Santos 21
} Digital steganography works by encoding secret bits in files, such as photos or audio files, with secret data } The secret message and the carrier message are digital objects
![Page 22: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/22.jpg)
Why digital steganography works
2015/16 CSF - Nuno Santos 22
} Digital steganography is based on two principles:
1. Digital image or sound files can be altered to a certain extent without loosing their functionality
2. Humans are unable to distinguish minor changes in image color or sound quality
![Page 23: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/23.jpg)
Problem formulation: Prisoners’ problem
2015/16 CSF - Nuno Santos 23
} Dave and Tyler are arrested in different cells and want to develop an escape plan, but all communication is arbitrated by the warden
} The warden won’t let them use encryption and won’t allow them to communicate at all if suspicious communications are detected
} Thus, both parties must hide meaningful info in harmless messages
![Page 24: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/24.jpg)
General model of a steganographic system
2015/16 CSF - Nuno Santos 24
} Stegotexts should be indistinguishable from covertexts } A third person watching such a communication should not be able to
find out whether the sender has been active, and when, i.e., if he really embedded a message in the covertext
![Page 25: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/25.jpg)
A common digital steganography technique: LSB
2015/16 CSF - Nuno Santos 25
} Least Significant Bit (LSB) } The one’s bit of a byte is used to encode hidden information
} Example: Suppose we want to encode the letter A in the following 8 bytes of a carrier file } “A” à ASCII 65 or binary 01000001
01011101 11010000 00011100 10101100 11100111 10000111 01101011 11100011
becomes
01011100 11010001 00011100 10101100 11100110 10000110 01101010 11100011
![Page 26: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/26.jpg)
LSB can be effectively applied to image files
2015/16 CSF - Nuno Santos 26
} 24-bit RGB image files } Each pixel encoded by 3 byte values for red, green, and blue
(0, 0, 0) is black (255, 255, 255) is white (255, 0, 0) is red (0, 255, 0) is green (0, 0, 255) is blue (255, 255, 0) is yellow (0, 255, 255) is cyan (255, 0, 255) is magenta
![Page 27: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/27.jpg)
LSB modification adds just a little color noise
2015/16 CSF - Nuno Santos 27
} Tweaking the LSB is only a small change in image color } R = 140 = 10001100b } R’ = 141 = 10001101b
LSB modified to hide info Original image
![Page 28: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/28.jpg)
What kind of data can be used as payload?
2015/16 CSF - Nuno Santos 28
} An arbitrary sequence of binary data } Namely, text or another image
} You can add encrypted data too
![Page 29: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/29.jpg)
It’s possible to use different bits for encoding
2015/16 CSF - Nuno Santos 29
} Different results in terms of capacity and added noise } More bits means higher capacity, but higher noise } Emerges a side effect named banding
4 LSB modified produces banding
6 bits
7 bits
All 8 bits
![Page 30: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/30.jpg)
What if we change the most significant bit?
2015/16 CSF - Nuno Santos 30
} Here’s the result:
} Why is it so?
Bit 8 vs. Bit 1
![Page 31: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/31.jpg)
Pixels of a carrier image to be used
2015/16 CSF - Nuno Santos 31
} As more pixels are used, chances of detection increase } According to researchers on an average only 50% of the
pixels actually change from 0-1 or 1-0
} Select the pixels for holding the data on the basis of a key which can be a random number } The key serves as seed to a random number generator
![Page 32: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/32.jpg)
LSB: The good, the bad, and the ugly
2015/16 CSF - Nuno Santos 32
} The good } Simple to implement } Allows for large payload: Max payload = b * p
} b = number of bytes per pixel, p = number of pixels of cover image
} The bad } Easy to figure out message if attacker knows the msg is there
} Vulnerable to statistical analysis
} The ugly } Integrity is extremely frail } Easy for attacker to corrupt the message
} E.g., just randomize the LSBs himself } Vulnerable to unintentional corruption
} E.g., image cropping, conversion to jpeg and back, etc
![Page 33: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/33.jpg)
Digital steganography techniques
2015/16 CSF - Nuno Santos 33
} Substitution methods } Substitute redundant parts of a cover with a secret message } Bit plane methods (LSB), palette-based methods
} Transform method techniques } Embed secret info in a transform space of a signal (e.g.,
frequency domain) } Distortion techniques
} Store information by signal distortion and measure the deviation from the original cover in the decoding step
} Cover generation methods } Encode information by creating a cover object (e.g., fractal
generation)
![Page 34: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/34.jpg)
Steganography tools
2015/16 CSF - Nuno Santos 34
} Steganos } S-Tools (GIF, JPEG) } StegHide (WAV, BMP) } Invisible Secrets (JPEG) } JPHide } Camouflage } Hiderman } Many others…
![Page 35: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/35.jpg)
Watermarking
2015/16 CSF - Nuno Santos 35
![Page 36: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/36.jpg)
Steganography vs. Watermarking: Goals
Steganography Watermarking
2015/16 CSF - Nuno Santos 36
} An eavesdropper must not be able to detect the presence of m in d’
} Primarily for 1-to-1 communication
} An eavesdropper cannot remove or replace m in d’
} Primarily for 1-to-many communication
} Both techniques hide a message m in some cover data d, to obtain d’, practically indistinguishable from d
} However, they have different goals:
![Page 37: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/37.jpg)
Steganography vs. Watermarking: Requirements
Steganography Watermarking
2015/16 CSF - Nuno Santos 37
} Robustness not typically an issue
} Capacity desired for message is large
} Always invisible } Typically dependent on
file format
} Robustness of watermark is a main issue
} Known watermark may be there
} Can be visible or invisible } Watermark can be
considered to be an extended data attribute
![Page 38: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/38.jpg)
The “magic” triangle
2015/16 CSF - Nuno Santos 38
} Trade-off between capacity, security, and robustness
Security Robustness
Capacity
Secure steganographic techniques
Digital watermarking
Naïve steganography
![Page 39: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/39.jpg)
Watermarking applications
2015/16 CSF - Nuno Santos 39
} Copyright protection } Embed info about owner to prevent others from claiming copyright } Require very high level of robustness
} Copy protection } Embed watermark to disallow unauthorized copying of the cover } For example, a compliant DVD player will not playback or data
that carry a "copy never" watermark
} Content authentication } Embed a watermark to detect modifications to the cover } The watermark in this case has low robustness, "fragile"
![Page 40: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/40.jpg)
Watermarking examples
2015/16 CSF - Nuno Santos 40
} Detect bill counterfeiting
Embedded watermark
![Page 41: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/41.jpg)
Examples: UV watermarking
2015/16 CSF - Nuno Santos 41
} Embedded watermark visible under UV light
![Page 42: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/42.jpg)
Examples: Machine ID codes in laser printers
2015/16 CSF - Nuno Santos 42
} Some printers print yellow tracking dots on their output } Printed in a regularly repeating pattern across the entire page
![Page 43: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/43.jpg)
Examples: Machine ID codes in laser printers
2015/16 CSF - Nuno Santos 43
} With a blue light, it’s easier to locate the tracking dots
![Page 44: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/44.jpg)
Examples: Machine ID codes in laser printers
2015/16 CSF - Nuno Santos 44
} Here, the dots are highlighted
![Page 45: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/45.jpg)
Examples: Machine ID codes in laser printers
2015/16 CSF - Nuno Santos 45
} By decoding the tracking dots, the ID can be recovered
![Page 46: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/46.jpg)
A final historical example
2015/16 CSF - Nuno Santos 46
“In 1981, photographic reprints of confidential British Cabinet Documents were being printed in newspapers. Rumor has it that to determine the source of the leak, Margaret Thatcher arranged to distribute uniquely identifiable copies of the documents to each of the ministers. Each copy had a different word spacing that was used to encode the identity of the recipient.”
Digital Watermarking, Cox
![Page 47: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/47.jpg)
Digital watermark
2015/16 CSF - Nuno Santos 47
} A digital signal or pattern inserted into a digital image
![Page 48: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/48.jpg)
A simple technique: Checksum embedding
2015/16 CSF - Nuno Santos 48
} Recover the watermark by applying a checksum function to each pixel of auth image and check LSBs
Perturb
f ( ) = 1 Corresponding pixels
Authenticated image Binary logo
![Page 49: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/49.jpg)
A simple technique: Checksum embedding
2015/16 CSF - Nuno Santos 49
} Three key-dependent binary valued functions fR, fG, fB
fR,G,B : {0, 1, …, 255} → {0,1},
} are used to encode a binary logo B. The values are perturbed in such a manner so that
B(i,j) = fR(R(i,j)) ⊕ fG(G(i,j)) ⊕ fB(B(i,j)) for all (i,j) } The image authenticity is verified by checking the relationship
B(i,j) = fR(R(i,j)) ⊕ fG(G(i,j)) ⊕ fB(B(i,j)) for each pixel (i,j)
![Page 50: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/50.jpg)
A simple technique: Checksum embedding
2015/16 CSF - Nuno Santos 50
![Page 51: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/51.jpg)
Attacking a watermarked image
2015/16 CSF - Nuno Santos 51
} Three effects make detection of watermarking useless
1. Watermark cannot be detected
2. False watermarks are detected
3. Unauthorized detection of watermark
![Page 52: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/52.jpg)
Watermark attacking methods
2015/16 CSF - Nuno Santos 52
Aim for complete removal of the watermark, ideally restore the original object (e.g., lossy compression)
Don’t remove, but distort the watermark detector sync with the embedded info (e.g., rotation)
Aim at cracking the security methods of watermarking schemes (e.g., brute force key search)
Aim at attacking the algorithms of the watermarking application (e.g., watermark inversion, estimate watermark)
![Page 53: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/53.jpg)
Conclusions
2015/16 CSF - Nuno Santos 53
} Digital steganography is an increasingly used technique for concealing communications within criminal activities and is difficult to mitigate by investigators
} On the other hand, digital watermarking helps investigators to trace the real identity of digital media
} Both fields are relatively young, and research is ongoing in order to increase the security and robustness of these techniques
![Page 54: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/54.jpg)
References
2015/16 CSF - Nuno Santos
} Primary bibliography } Abbas Cheddad, Joan Condell, Kevin Curran and Paul Mc
Kevitt. Digital Image Steganography: Survey and Analysis of Current Methods. Signal Processing, Volume 90, Issue 3, March 2010
54
![Page 55: Steganography and Watermarking - ULisboa · PDF fileSteganography and Watermarking Part II.C. Techniques and Tools: Forensic Data Analysis CSF: Forensics Cyber-Security Fall 2015 Nuno](https://reader034.vdocument.in/reader034/viewer/2022051202/5a76412f7f8b9a4b538d139e/html5/thumbnails/55.jpg)
Next class
CSF - Nuno Santos
} Project defense
2015/16 55