Upload File

your secrets lost before your eyes

prev
next
out of 3
Download Your Secrets Lost Before Your Eyes

Upload: charteris-plc

Post on 30-May-2018

216 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/14/2019 Your Secrets Lost Before Your Eyes

    1/3

    TECHNOLOGY I DATA THEFT

    Your secretslost before yourvery eyes!by Alan Woodward

    34 I F x & M M J U LY 2 0 0 7

    Or in some cases even up to around5,000 words. More than enough tobetray all your most precious andcommercially sensitive data, from designsof revolutionary products you're planningon being the first to bring to market, toultra-sensitive lists of hard-woncustomers; you name it . But dataconcealed in pictures? It may sound likethe basis for a plot sequence in the nextMission Impossible movie, but it isn't. It 'sreal. And unless you are prepared to letany Tom, Dick or Harry cruise aroundyour precious data, you need to be awareof the th reat it poses.

    The technique is calledsteganography, from Ancient Greek,meaning hidden or covered writ ing, justas that lumbering dinosaur,the stegosaurus, is sonamed because its backwas covered in thoselarge bony plates whose real purposeis a mystery even today. Butsteganography wasn' t a mystery to theAncient Greeks; indeed they most l ikelyinvented it. The Greek historianHerodotus records that in 312 Be,Histaeus of Miletus coRlmanded the

    head of his most trusted slave to beshaved and tattooed with a vitallyimportant secret messageon it. Once the slave'shair had grown, hidingthe message,Histaeus used him asan emissary to afriendly power viaenemy terri tory toinstigate a revolt againstthe Persians.

    This example fromhistory shows whysteganographic writing is sucha dangerous threat to security.Friends who betray us arealways a more potent threatthan people we recognise as

    enemies from theoutset, and

  • 8/14/2019 Your Secrets Lost Before Your Eyes

    2/3

    TECHNOLOGY I DATA THEFT

    Whafs actually happening whenyou carry out what looks like asimple drag and drop?

    An electronic image is comprised ofthousands of 'picture elements' or 'pixels' .A pixel is a binary number that providesinformation on the colour or (in a blackand white picture) the shade of grey thatshould be displayed in that particularpixel. The binary number will looksomething like this: 10011011 etcdepending on the pixel in quest ion. Theindividual numbers (the' l' or the '0') areknown as 'bits' and the fur ther along yougo to the right the less significant the bitsbecome in defining the precise colour ofthe pixel.

    FX& M M I 35ULY 2007

    Why does the opportunity forsteganography exist?Because while each pixel is defined by aseries of bits, some of these bits can bechanged without affecting the resultingpixel to any discernible extent . In acomputerised image whose size is 256by 256 pixels, making a total of 65,536pixels, there would easi ly be room toconceal say, about 5,000 words of data.

    This method of concealment isknown as 'bit twiddling' . An obvious placeto conceal a secret message would bewithin a computerised picture that doesnot show any apparent changes.

    Bit twiddling is the most commonway to conceal text within acomputerised image. There are manymore techniques, though, particularlywhen using image formats such as thenow ubiquitous jpeg which many will

    have encountered through theirdigital cameras.

    An apparently innocuouspicture of - of example - anemployee's child's f irst day at

    school taken with a standard family

    The point is that any encryptedmessage will tend to raise suspicionsbecause even though it can't readily beread you will know it's been encryptedand will instantly conclude thatsomething fishy's going on.

    In the highly competitive ocean ofmodern business, the threat ofsteganography has recently become amajor issue in corporate life. It's actuallybeen a significant threat for severalyears due to the increased computingpower available on everyone's desktop,but people have been distracted bypublic ity about cryptography andsteganography has rather remained inthe background. It's a particularlyworrying threat now because of theenormous computing power ondesktops today, the massive volume ofelectronic communications, and thenumber of freely available tools thatallow even a routine user to employsteganographic techniques.

    By far the biggest type of threat isthe potential for concealingsteganographic writing withincomputerised images. With Windowsyou can literally drag and drop yourhidden text onto a picture and the deedis done. As Gordon Gekko reminded usin the film Wall Street (1985), the mostvaluable commodity of all isinformation. And it's precisely thatwhich can so easily be given awaytoday - or sold - using image-basedsteganographic techniques.

    steganographic messages look friendlyand innocent. You could devise a simplesteganographic message by agreeing withyour recipient that your real message wil lconsist of the first letter of every word ofyour apparent message. 'Bring us yourinvoice by Monday', for example, wouldreally mean 'BUY IBM: In steganographicwriting the apparent message is knownas the covertext and the real message iscalled the plaintext.

    The innocuous appearance of thecovertext in the example i llustrates whysteganographic writ ing doesn' t tend to setalarm bells ringing. It looks innocent,whereas the message 'BUY IBM'encrypted in a simple code thatconsisted, say, of substituting each letterfor the next letter in the alphabet - 'CVZJCN' - obviously looks dodgy and would

    be certain to awaken thesuspicions of even

    the mostcredulousmember ofan industrialespionagepreventionteam.

    www.fx-mm.com

    j

  • 8/14/2019 Your Secrets Lost Before Your Eyes

    3/3

    TECHNOLOGY I DATA THEFT

    digital camera could easily be used toconceal a damaging leak. The leak couldbe so fatal that by the time the schoolterm ends, thousands of other mumsand dads at the business from which theinformat ion was leaked wil l have had tofind new jobs - if they can.

    Whars the best way toguard against the hazard ofmodern image-basedsteganographic betrayal?The first step is to recognise that it is apotential problem and get help tounderstand what tools are likely to beavailable to a malic ious team member.You also need to know the manner inwhich these tools can be used becausethey often leave litt le trace of theirpresence - some are even termed 'zerofootpr int ' by those who develop them.

    36 I FX & M M J U LY 2 0 07

    Yet help is at hand becausededicated teams of experts have beenmaking available tools to help detectsteganography. The technique they use isknown as 'steganalysis'.Steganalysis is as much an art as ascience. The detection tools need to beused so that the appropriate steganalysisresource is used in the appropriatesituation. Admittedly, this is not easy,when the range of steganography toolsand the steganalysis counterparts haveproliferated and are prol iferating just asthe threat from viruses did when theyfirst emerged into the IT environment.

    At Charteris we began our own antisteganography work as a technicalexercise but were soon alarmed at whatour experiments were telling us, not justabout the power of the steganographytools available but also about the degree

    of care that needs to be appliedto combat this potent securityhazard.

    Taking the threat of betrayalby apparently innocuous pixelsseriously will lead you to putinto practice the measuresnecessary to defend against it.And you do need to take thisthreat very seriously indeed. Thestegosaurus may be long extinct,but steganographic treachery is,unfortunately, here to stay.

    Alan Woodward is ChiefTechnology Officer at thebusiness and informationtechnology consultancy Charterispic, which has developedmethods of combat ing thethreat of image-basedsteganography. Tel: 0207 6009199. Email:[email protected]

    J


Your child's eyes

Open your eyes

Kiana Lee Secrets of Your Face - index-of.co.ukindex-of.co.uk/Psychology-Communication/Secrets of Your Face.pdf · Secrets of Your Face ... them to start talking and don’t interrupt

Trust your eyes

In Your Eyes

Caring for Your Eyes

Don't close your eyes

Writing with your eyes

Our secrets are not your secrets - Atlas of Living Australia

Open Your Eyes Final

KEEPING SECRETS SECRET – BATTLING … Your...KEEPING SECRETS SECRET – BATTLING INDUSTRIAL ESPIONAGE Protecting Your Confidential Information & Trade Secrets January 24, 2006 Bruce

Diabetes + Your Eyes

KEEP YOUR EYES AWAY

Open Your Eyes FLYER

MORE for your EYES

Close Your Eyes (excerpt)

Secrets To And Burning Fat - Amazon Web Serviceshotmetabolism.s3.amazonaws.com/special/report/fatlossfor/...Secrets To Increasing Your Metabolism Secrets To Increasing Your Metabolism

Secrets to Shrinking Your Storage with VMware - …hosteddocs.toolbox.com/secrets to shrinking your storage for vmware...Secrets to Shrinking Your Storage for VMware ... 643-2050 E-mail:

OPEN YOUR EYES Leseprobe

Close your eyes

Understanding your eyes

Your SAS Secrets Exposed!

Heaven in Your Eyes

Open Your Eyes - Plasmet

MS and your eyes

Don't Believe Your Eyes!

Life Before Your Eyes

Aspire 5110/5100/3100 Series - static.highspeedbackbone.netstatic.highspeedbackbone.net/pdf/Acer_AS5100_Notebook_UG.pdf · vii Eyes • Rest your eyes frequently. • Give your eyes

BOCHUR - Guard Your Eyes

Yanni- -In Your Eyes

BELIEVE YOUR EYES

Yanni in Your Eyes

Building Your Personal Brand-secrets

Getting your eyes tested....It is important to look after your eyes. You cannot always tell if there is something wrong with your eyes. It is important to get your eyes tested regularly,

Close Your Eyes-buble