Softpanorama
(slightly skeptical)
Open Source Software Educational Society
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
Softpanorama |
May the source be with you, but remember the KISS principle ;-)
Softpanorama Search
|
| See Also | Recommended Books | Recommended Links | Tutorials | FAQs and References | Recommended Papers | |
| Symmetric Crypto | Random Generators | Hashes | Digital signatures | Certificates | Compression and crypto | Digital Code Signing |
| Usenet | Magazines | eBooks | University Courses | History | Humor | Etc |
Cryptanalysis:
|
Although cryptography is an ancient art, it had not been widely used until now. Before, say 1990 outside of government classified systems and military the primary users of encryption have been financial institutions with their electronic fund transfer operations. The advent of the Internet in late 80th/early 90th as a cheap vehicle for transferring information electronically to all parts of the world and its inherent lack of security has inspired the use of encryption as a protection for sensitive information. As a direct result, new and rather esoteric encryption algorithms has been developed and put in widespread use to meet those challenges.
One result of the growing economic use of the Internet is the recognition by users and vendors alike that there is a need to provide a mechanism to protect the confidentiality of Internet users and the content of their transactions. Here encryption naturally comes to into play.
This page may help students by providing annotated links to the main topics in cryptography algorithms, including single-key cryptography algorithms, public-key cryptography algorithms, key negotiation algorithms, message authentication algorithms (digital signatures).
Please note that many of those algorithms represent a new areas of computer science.
In Internet age cryptography is important for the same reasons that photo IDs were important before and fences were important even before that. Cryptography offers three essential services that protect internet user and his/her data from theft and fraud. These services are authentication, integrity, and confidentiality.
There's a saying that "on the Internet, nobody knows you're a dog." And one of the things that make Internet so attractive, I would say addictive, is the anonymity it offers. But if you're trying to conduct business, it's a drawback. Customers need to know that they're ordering from real businesses. Cryptography offers a solution. Certificates are sometimes called "digital IDs," because they can be used to verify the identity of someone you don't know. This process is called "authentication". Certificates can be used with another technique, "digital signatures", to ensure that nobody impersonate you and/or to protect the integrity of data. It's very easy to forge email (although primitive forging is easy to detect), but it's really hard to forge a digitally signed email message.
The level we discuss this subject is very basic and mainly oriented on CS students of Network Security course or similar. I would like to stress again that I not specialist in this particular area, but I hope it still useful for computer science students, especially to students of "Network Security" course that I used to teach.
Dr. Nikolai Bezroukov
|
|||||||
Program Hides Secret Messages in Executables
By Kevin Poulsen, SecurityFocus Feb 24 2003 12:31AM
Netizens with extreme privacy needs got a new tool for their cyber utility belts recently with the release of an application that lets users hide secret messages in virtually any executable computer program, without changing the program's size or affecting its operation.
The tool is called "Hydan," an old English word for the act of hiding something, and it's part of a research project by Columbia University computer science masters student Rakan El-Khalil, who showed off the program to a small group of open-source programmers and hackers gathered at the second annual CodeCon conference in San Francisco on Sunday.
Hydan is a novel development in the field of steganography -- the science of burying secret messages in seemingly innocuous content. Popular stego programs operate on image and music files, where a secret missive can be hidden without altering the content enough to be perceived by human senses. But because they contain instructions for a computer's processor, executable files are less forgiving of tampering. Improperly changing a single bit of executable code can render an application completely unusable.
El-Khalil's research focused on redundancies in the Intel x86 instruction set -- places where at least two different instructions are effectively the same. Each choice between two redundant options can represent a single bit of data. "The problem with program binaries is there is just not a lot of redundancy in them," said El-Khalil.
He found some of that useful redundancy in the instructions that tell the computer to add or subtract.
A computer instruction to add the number 50 to another value, for example, can be replaced with an instruction to subtract the number -50 instead. Mathematically, the instructions are the same. In choosing between the two, a stego program can get one bit of covert storage out of each addition or subtraction operation in the executable -- without changing the way the application runs, or adding a single byte to its size. "If we use a scenario in which addition is zero, and subtraction is one, we can just go through and flip them as needed," El-Khalil explained.
El-Khalil concedes that the method is imperfect -- an application that's been impressed with a secret message has considerably more "negative subtractions" than an unadulterated program, making it easy to pick out through a statistical analysis. Hydan could also break programs that are self-modifying or employ other unconventional techniques. And it's less efficient than stego programs for image and sound files: good steganography for a JPEG file can hide one byte of storage in 17 bytes of image, while Hydan's ratio is one byte of storage to 150 bytes of code.
Future versions of Hydan will boost that capacity by finding different places to code data, such as in the order of a program's functions, and the order in which arguments are passed to those functions. For now, the application is still powerful enough to secretly stash the United States Constitution and the Declaration of Independence in a single copy of Microsoft Word.
Beyond the covert uses, the technology could be used to attach a digital signature to an application, or to embed an executable with a virtual watermark.
Question H: How flexible is your design?
Discussion: That question isn't what you think. A better way of phrasing it would be "How ambiguous is your design?". Flexibility in an abstract crypto design is a Good Thing. Ambiguity in a specification is a Bad Thing. Unfortunately, a cryptographer's flexibility is an implementor's ambiguity, or more bluntly an implementor's nightmare. An example of this is IPsec's IKE,
which is so flexible/ambiguous that no two people can agree on what it should look like. As a result, even after years of work, there are still implementations that can't (or barely) interoperate, and even when they interoperate it's often only because implementors figured out what the other side was doing and adapted their code to match it.
Resolution: Once you've impressed everyone with the power and flexibility of your design, provide a sketch of a simple, straightforward, easy-to-get-right profile that implementors can work with. This is a standard feature of protocol specifications, either done explicitly (MUST/SHOULD/MAY) or implicitly when everyone ignores all but the most simple, straightforward part
of the specification. Another way of looking at this is that if implementors are going to ignore much of your design in order to make implementation practical, you want to be the one deciding which bits get used and which don't.
See also: Question G.
Question I: How big a problem are you really solving?
Discussion: Many problems pointed out in crypto papers are relatively insignificant to non-cryptographers, or can be fixed with a trivial update of existing code rather than by changing the crypto design. For example, the "correct" solution to various attacks (real and theoretical) on PKCS #1 v1.5 padding is for implementors to switch to something better such as OAEP, Simple
RSA, PSS, or whatever they're wearing in Santa Barbara this year. However, since the problem can also be resolved with "Don't do that, then", it's easier to stick with an existing solution rather than re-engineering everything to use a new protocol (see the Final Thoughts for a longer discussion on this).
Resolution: Unlike cryptographers, implementors probably won't appreciate the advantages of a design secure in the IND-CCAn+1 model where the previous was only IND-CCAn if it requires a complete redeployment of all of their products. Don't expect to see a new design widely adopted any time soon unless (a) it's being deployed in a greenfields development or (b) you've found a hole
exploitable in O(1) time by an army of script kiddies.
2002/185 ( PDF ) Turing, a fast stream cipher Greg Rose and Philip Hawkes 2002/182 ( PS PS.GZ ) Oblivious Keyword Search Wakaha Ogata and Kaoru Kurosawa 2002/142 ( PDF ) On the Applicability of Distinguishing Attacks Against Stream Ciphers Greg Rose and Philip Hawkes 2002/131 ( PS PS.GZ PDF ) An Improved Pseudorandom Generator Based on Hardness of Factoring Nenad Dedic and Leonid Reyzin and Salil Vadhan
Since graduating in theoretical physics and electrical engineering some 30+ years ago I have had an interest in cryptography and this has developed with the advent of progressively more powerful home computers. In recent years I have played with a number of algorithms where I have taken a particular interest in the techniques involved in making algorithms go as fast as possible.
CSE207C Lattices in Cryptography and Cryptanalysis
Cryptanalysis of CipherSaber-1
Cryptanalysis of Contents Scrambling System
Links to papers about cryptanalysis of block ciphers
FM 34-40-2 Basic Cryptanalysis
Cryptography, Encryption and Stenography
Springer LINK Lecture Notes in Computer Science 2133
Public-Key Crypto-systems Using Symmetric-Key Crypto-algorithms
Bruce Christianson, Bruno Crispo, and James A. Malcolm
Abstract. The prospect of quantum computing makes it timely to consider the future of public-key crypto-systems. Both factorization and discrete logarithm correspond to a single quantum measurement, upon a superposition of candidate keys transformed into the fourier domain. Accordingly, both these problems can be solved by a quantum computer in a time essentially proportional to the bit-length of the modulus, a speed-up of exponential order.
At first sight, the resulting collapse of asymmetric-key crypto-algorithms seems to herald the doom of public-key crypto-systems. However for most security services, asymmetric-key crypto-algorithms actually offer relatively little practical advantage over symmetric-key algorithms. Most of the differences popularly attributed to the choice of crypto-algorithm actually result from subtle changes in assumptions about hardware or domain management.
In fact it is straightforward to see that symmetric-key algorithms can be embodied into tamper-proof hardware in such a way as to provide equivalent function to a public-key crypto-system, but the assumption that physical tampering never occurs is too strong for practical purposes. Our aim here is to build a system which relies merely upon tamper-evident hardware, but which maintains the property that users who abuse their cryptographic modules through malice or stupidity harm only themselves, and those others who have explicitly trusted them.
LNCS 2133, p. 182 ff.
AES and Beyond- The IETF and Strong Crypto Nortel slides about some crypto issues in networking. Pretty basic, but still useful.
Crypto Scientists Crack Prime Problem
Recently, a group of Indian scientists made news by announcing an algorithm that appears to be able to tell quickly whether a number is prime or not.
If you're mathematically minded, the actual downloadable primality.pdf is worth reading.
So what does this actually mean for cryptography? First, a little background.
Many of the popular common crypto algorithms work because of "something to do with prime numbers". Most security books are about that vague. So math research about primes could have interesting effects on our field. But is being able to determine whether a number is prime quickly going to be able to help or hinder us? Let's look at the RSA algorithm as an illustrative example. (It lost its patent a few years back, so it's okay to discuss now.)
... ... ...
Public key crypto algorithms such as RSA depend on there being two keys used to encrypt and decrypt a message. (Hence, the "generate a key pair" step you see when setting up many applications that use cryptography.) Every user has a complimentary set made up of a private key and a public key. Anything encrypted with the private key can be decrypted with the public key, and anything encrypted with the public key can be decrypted with the private key. Only you should have a copy of your private key, but anyone can have your public key because it's, well, public. If someone encrypts traffic with your public key, it doesn't matter to you because only you can decrypt it.
So, you're probably thinking, if I have a message to send to Jane, I want to encrypt it. I can't encrypt it with my public key, because she doesn't have my private key to decrypt it. So I'll encrypt it with my private key, and she can decrypt it with my public key. Right? Not quite, but this is a really common mistake. Sure, Jane can decrypt the message with your public key. But so can anyone else. What you need to do is encrypt the message with Jane's public key, so that only Jane's private key (which only Jane should have) can decrypt it.
So, the RSA algorithm says this:
- Take two large prime numbers.
- When multiplied together, they have a product N.
- Find two numbers E and D, such that:
- When E is multiplied by D, that should be equal to one mod (p-1)(q-1).
- What this boils down to is that E and N have to be relatively prime.
- They can't share any common components.
8 and 9 are relatively prime. When broken down as much as possible,
8 = 2 x 2 x 2
9 = 3 x 3Nothing in common.
8 and 20 are not relatively prime.
8 = 2 x 2 x 2
20 = 2 x 2 x 5They have 2 in common, so they're not relatively prime.
If E and D are chosen correctly, then let's make C the ciphertext and P the plaintext.
C = M to the E power mod N
M = C to the D power mod NSo, something encrypted with N and E (the public key) can be solved for M -- decrypted into the plaintext. Something encrypted with N and D (the private key) can be solved for the ciphertext C. And since E and D fit together in a defined mathematical relationship as above, you cannot automatically deduce one from the other, but can encrypt and decrypt. The beauty of the modulus is that it's a one way operation. You know what the remainder is, but you'll have to try brute-forcing it to figure out whether it's C multiplied by one with a remainder of three, by two with a remainder of three... by forty thousand with a remainder of three... [grin] That takes a lot of time.
If you want to see an example of this worked out with numbers, there's a clear one at http://math.kennesaw.edu/maa/talks/RSAEncryptionAlgorithm.htm
So, back to our original point. Being able to quickly determine whether a number is prime -- what effect does that have on all this? Well, one of the weakest points about RSA and other public key algorithms is that their large prime numbers are only probably prime. It's really hard to tell whether a number with eight zillion digits is actually prime or not -- you have to try dividing it by every prime number up to half of its value or so. That's very time consuming. Since those of us that use PGP, etc., don't want to wait too long for our keys to be generated, the RSA algorithm picks values for P and Q that are very likely to be prime, but that's not known for certain.
If those numbers aren't actually prime, then there may be different solutions for the equations other than the ones that are supposed to work. So, someone might be able to decrypt a message without having the matching key -- they'd just need a matching key, if there were more than one. (That's what could happen if P and Q aren't prime.) If the new algorithm can determine whether P and Q are really prime and they're not for a given key pair, that could lead to a weakness in RSA. But if that's the case, RSA and other algorithm authors could modify their software to use the new algorithm to ensure that P and Q really are prime, and that would defeat that sort of attack.
There's a lot of sound and fury at the moment about this article, and many people are freaking out about it, but I don't think it's anything to worry about. Mathematicians haven't fully satisfied themselves yet that it's a good tester for primes -- I don't think we'll be seeing exploit code in the near future.
Information on cryptography useful collection of links:
[Oct 20, 2002] Crypto++ Library 5.0 - a Free C++ Class Library of Cryptographic Schemes
[Oct 20, 2002] Speed Comparison of Popular Crypto Algorithms
Here are speed benchmarks for some of the most popular hash algorithms and symmetric and asymmetric ciphers. All were coded in C++ or ported to C++ from C implementations, compiled with Microsoft Visual C++ 6.0 SP4 (optimize for speed, blend code generation), and ran on a Celeron 850MHz processor under Windows 2000 SP 1. Two assembly routines were used for multiple-precision addition and subtraction.
Algorithm Bytes Processed Time Taken Megabytes(2^20 bytes)/Second CRC-32 1073741824 8.682 117.945 Adler-32 2147483648 6.970 293.831 MD2 8388608 11.276 0.709 MD5 1073741824 10.165 100.738 SHA-1 536870912 10.565 48.462 SHA-256 268435456 10.345 24.746 SHA-512 67108864 7.761 8.246 HAVAL (pass=3) 536870912 7.922 64.630 HAVAL (pass=4) 536870912 12.337 41.501 HAVAL (pass=5) 268435456 7.090 36.107 Tiger 268435456 10.325 24.794 RIPE-MD160 268435456 8.332 30.725 Panama Hash (little endian) 1073741824 7.401 138.360 Panama Hash (big endian) 1073741824 11.797 86.802 MDC/MD5 268435456 9.884 25.900 Luby-Rackoff/MD5 67108864 8.402 7.617 DES 134217728 9.945 12.871 DES-XEX3 134217728 11.716 10.925 DES-EDE3 33554432 6.740 4.748 IDEA 134217728 11.286 11.341 RC2 33554432 7.912 4.044 RC5 (r=16) 536870912 12.988 39.421 Blowfish 134217728 7.091 18.051 Diamond2 67108864 11.086 5.773 Diamond2 Lite 67108864 9.403 6.806 3-WAY 201326592 12.728 15.085 TEA 134217728 12.799 10.001 SAFER (r=8) 67108864 10.565 6.058 GOST 134217728 12.829 9.977 SHARK (r=6) 268435456 12.878 19.879 CAST-128 134217728 7.090 18.054 CAST-256 134217728 9.995 12.806 Square 268435456 7.801 32.816 SKIPJACK 67108864 12.017 5.326 RC6 268435456 7.871 32.524 MARS 268435456 8.503 30.107 Rijndael 268435456 8.442 30.325 Twofish 268435456 9.974 25.667 Serpent 134217728 10.505 12.185 ARC4 536870912 8.122 63.039 SEAL 1073741824 8.672 118.081 WAKE 1073741824 13.029 78.594 Panama Cipher (little endian) 1073741824 8.512 120.301 Panama Cipher (big endian) 536870912 7.091 72.204 Sapphire 134217728 12.868 9.947 MD5-MAC 1073741824 12.078 84.782 XMACC/MD5 1073741824 11.096 92.286 HMAC/MD5 1073741824 10.254 99.863 CBC-MAC/RC6 268435456 8.713 29.381 DMAC/RC6 268435456 8.642 29.623 BlumBlumShub 512 524288 10.766 0.046 BlumBlumShub 1024 262144 12.668 0.020 BlumBlumShub 2048 65536 8.903 0.007
[Oct 20, 2002] Cryptographic Algorithms -- discussion of several popular algorithms
[Aug 3, 2002] Useful links
O'Reilly Java Center -- News -- An Interview with Jonathan Knudsen
Java Cryptography -- Sample chapter Authentication
The first challenge of building a secure application is authentication. Let's look at some examples of authentication from everyday life:
- At an automated bank machine, you identify yourself using your bank card. You authenticate yourself using a personal identification number (PIN). The PIN is a shared secret, something that both you and the bank know. Presumably, you and the bank are the only ones who know this number.
- When you use a credit card, you identify yourself with the card. You authenticate yourself with your signature. Most store clerks never check the signature; in this situation, possession of the card is authentication enough. This is true when you order something over the telephone, as well; simply knowing the credit card number is proof of your identity.
- When you rent a movie at a video store, you prove your identity with a card or by saying your telephone number.
Authentication is tremendously important in computer applications. The program or person you communicate with may be in the next room or on another continent; you have none of the usual visual or aural clues that are helpful in everyday transactions. Public key cryptography offers some powerful tools for proving identity.
In this chapter, I'll describe three cryptographic concepts that are useful for authentication:
- Message digests produce a small "fingerprint" of a larger set of data.
- Digital signatures can be used to prove the integrity of data.
- Certificates are used as cryptographically safe containers for public keys.
A common feature of applications, especially custom-developed "enterprise" applications, is a login window. Users have to authenticate themselves to the application before they use it. In this chapter, we'll examine several ways to implement this with cryptography.[1] In the next section, for instance, I'll show two ways to use a message digest to avoid transmitting a password in cleartext from a client to a server. Later on, we'll use digital signatures instead of passwords.
|
aesutil 1.0.1 (Stable) by Tim Tassonis - Friday, July 19th 2002 13:20 EDT |
About: aesutil is a small library and command line program to encrypt or decrypt data using the Rijndael algorithm in CBC mode.
Changes: A Windows port of the commandline utility, and better option handling.
Ten most useful resources:
Directories and Portals
Best metalink collections:
Associations and public organizations
Government:
The Rijndael Page -- new standard cypher.
People:
Companies:
Prime numbers and random number generators:
Etc:
***** Cryptology an excellent introduction into cryptology
***** SSH - Tech Corner - Cryptographic Algorithms a very good intro text. The best I found on the WEB.
[packet storm]. - http--packetstormsecurity.org
Counterpane Labs Self-Study Course in Block Cipher Cryptanalysis
Cryptography tutorial from Australia (Peter Gutman)
The Cryptography API, or How to Keep a Secret
Learning about Cryptography by Terry Ritter
Basic
VB Helper Tutorial Cryptography -- basic
Cryptography Tutorial, Math 4 ME 2000 Programming Workshop -- very basic
Encryption and Security Tutorial
Welcome to the Elliptic Curve Cryptosystem Classroom. This site provides an intuitive introduction to Elliptic Curves and how they are used to create a secure and powerful cryptosystem. The first three sections introduce and explain the properties of elliptic curves. A background understanding of abstract algebra is required, much of which can be found in the Background Algebra section. The next section describes the factor that makes elliptic curve groups suitable for a cryptosystem though the introduction of the Elliptic Curve Discrete Logarithm Problem (ECDLP). The last section brings the theory together and explains how elliptic curves and the ECDLP are applied in an encryption scheme. This classroom requires a JAVA enabled browser for the interactive elliptic curve experiments and animated examples.
Elliptic curves as algebraic/geometric entities have been studied extensively for the past 150 years, and from these studies has emerged a rich and deep theory. Elliptic curve systems as applied to cryptography were first proposed in 1985 independently by Neal Koblitz from the University of Washington, and Victor Miller, who was then at IBM, Yorktown Heights.
Many cryptosystems often require the use of algebraic groups. Elliptic curves may be used to form elliptic curve groups. A group is a set of elements with custom-defined arithmetic operations on those elements. For elliptic curve groups, these specific operations are defined geometrically. By introducing more stringent properties to the elements of a group, such as limiting the number of points on such a curve, creates an underlying field for an elliptic curve group. In this classroom, elliptic curves are first examined over real numbers in order to illustrate the geometrical properties of elliptic curve groups. Thereafter, elliptic curves groups are examined with the underlying fields of Fp (where p is a prime) and F2m (a binary representation with 2m elements).
Cryptography for encryption, signatures and authentication
Cryptography -- mainly PGP related...
Sample ChaptersCRC Press has generously given us permission to make all chapters available for free download.
Please read this copyright notice before downloading any of the chapters.
- Chapter 1 - Overview of Cryptography (48 pages)
Postscript file, 554k; Pdf file, 343k. - Chapter 2 - Mathematics Background (38 pages)
Postscript file, 472k; Pdf file, 301k. - Chapter 3 - Number-Theoretic Reference Problems (46 pages)
Postscript file, 543k; Pdf file, 397k. - Chapter 4 - Public-Key Parameters (36 pages)
Postscript file, 497k; Pdf file, 331k. - Chapter 5 - Pseudorandom Bits and Sequences (22 pages)
Postscript file, 330k; Pdf file, 206k. - Chapter 6 - Stream Ciphers (32 pages)
Postscript file, 484k; Pdf file, 274k. - Chapter 7 - Block Ciphers (60 pages)
Postscript file, 783k; Pdf file, 491k. - Chapter 8 - Public-Key Encryption (36 pages)
Postscript file, 434k; Pdf file, 303k. - Chapter 9 - Hash Functions and Data Integrity (61 pages)
Postscript file, 690k; Pdf file, 482k. - Chapter 10 - Identification and Entity Authentication (40 pages)
Postscript file, 444k; Pdf file, 316k. - Chapter 11 - Digital Signatures (64 pages)
Postscript file, 748k; Pdf file, 526k. - Chapter 12 - Key Establishment Protocols (53 pages)
Postscript file, 532k; Pdf file, 400k. - Chapter 13 - Key Management Techniques (48 pages)
Postscript file, 536k; Pdf file, 340k. - Chapter 14 - Efficient Implementation (44 pages)
Postscript file, 547k; Pdf file, 371k. - Chapter 15 - Patents and Standards (27 pages)
Postscript file, 296k; Pdf file, 212k. - Appendix - Bibliography of Papers from Selected Cryptographic Forums (40 pages)
Postscript file, 363k; Pdf file, 331k. - References (52 pages)
Postscript file, 521k; Pdf file, 459k. - Index (26 pages)
Postscript file, 236k; Pdf file, 160k.
Dynamical systems are often described as ``unpredictable" or ``complex" as aspects of their behavior may bear a cryptic relationship with the simple evolution laws which define them. Some theorists work to quantify this complexity in various ways. Others try to turn the cryptic nature of dynamical systems to a practical end: encryption of messages to preserve their secrecy. Here some previous efforts to engineer cryptosystems based on dynamical systems are reviewed, leading up to a detailed proposal for a cellular automaton cryptosystem.
Cryptosystems constructed from cellular automaton primitives can be implemented in simply constructed massively parallel hardware. They can be counted on to deliver high encryption/decryption rates at low cost. In addition to these practical features, cellular automaton cryptosystems may help illuminate some foundational issues in both dynamical systems theory and cryptology, since each of these disciplines rests heavily on the meanings given to the intuitive notion of complexity.
Prime Numbers - University of Tennessee
Mercy - block encryption algorithm Mercy is a fast block cipher operating on 4096-bit blocks, designed specifically around the needs of disk sector encryption. It takes a 128-bit parameter representing the block number being encrypted, so that saving the same plaintext to different blocks results in different ciphertexts. Mercy was presented at Fast Software Encryption 2000.
SSH - Tech Corner - Cryptographic Algorithms
Cryptography, SSH, prime numbers, factorisation, vigenere, crypto ...
[FW1] Crypto Algorithms, need to know the crypto algorithm for ...
The Mandala Centre - Compression and Security - One on one compression FAQ
Steganography
CHACS Publications for 2002 Moskowitz, Ira S., Neil F. Johnson, and Michael Jacobs, "A Detection Study of an NRL Steganographic Method", NRL/MR/554002-8635, August 16, 2002. PDF
For a bound, easier to read, copy of this please contact:
Ms. L. Norton, Library---Code 5225, NRL, Washington, DC 20375
In this report we analyze in detail a method of image steganography developed by NRL. Our conclusion is that this method of steganography is undetectable by current pragmatic statistical stego detection techniques, primarily because it alters a very small number of pixels. The small size of the embedded message is the key to the lack of detection, provided that a non-anomalous cover image is used.
Newman, Richard E., Ira S. Moskowitz, LiWu Chang, and Murali M. Brahmadesam, "A Steganographic Embedding Undetectable by JPEG Compatibility Steganalysis", Proc. Information Hiding 2002, 7-9 October 2002, (final proceedings will be published by Springer, LNCS series, ed. F.A.P. Petitcolas). PDF
Steganography and steganalysis of digital images is a cat-and-mouse game. In recent work, Fridrich, Goljan and Du introduced a method that is surprisingly accurate at determining if bitmap images that originated as JPEG files have been altered (and even specifying where and how they were altered), even if only a single bit has been changed. However, steganographic embeddings that encode embedded data in the JPEG coefficients are not detectable by their JPEG compatibility steganalysis. This paper describes a steganographic method that encodes the embedded data in the spatial domain, yet cannot be detected by their steganalysis mechanism. Furthermore, we claim that our method can also be used as a steganographic method on files stored in JPEG format. The method described herein uses a novel, topological approach to embedding. The paper also outlines some extensions to the proposed embedding method.
Moskowitz, Ira S., Garth E. Longdon and LiWu Chang, "A New Paradigm Hidden in Steganography". Proceedings, New Security Paradigms Workshop, Sept. 2000, Ballycotton, Co. Cork, Ireland. Also appears in "The Privacy Papers," ed. R. Herold, Auerbach Press, 2001. PostScript, PDF
We discuss how steganography, in contrast to similar disciplines, requires a new paradigm based upon discontinuities and the absence of noise as a detection deterrent.
Lectures for Computer Security
These lectures contain the base introductory material used for this course. After these lectures, the student will be familiar with the underlying concepts of advanced operating systems.
Crypto Lectures
The Enigma was one of the best of the new electromechanical cipher machines produced for the commercial market in the 1920s. Hugo Koch, a Dutchman, conceived of the machine in 1919. Arthur Scherbius first produced it commercially in 1923. Impressed by its security, which was based on statistical analysis, the German government acquired all rights to the machine and adapted it to the needs of its new, modern military forces. It became the standard cipher machine of the military services, of German agents, and of the secret police. It was also used at all echelons from high command to front-line tactical units including individual airplanes, tanks, and ships. An ordinary three-wheel Enigma with reflector and six plug connections generated the following number of coding positions:
3,283,883,513,796,974,198,700,882,069,882,752,878,379,955,261,095,623,685,444,055,315,226,006,
433,616,627,409,666,933,182,371,154,802,769,920,000, 000,000Given this statistical capability, proper communications procedures and practices, and the fact that solving the Enigma on a timely basis would require rapid analytic machinery which did not exist, the Germans regarded the Enigma as impenetrable even if captured. The Germans, however, did not always practice proper communications security, and, more importantly, the Allies, even in 1938-39, were on the verge of creating the necessary cryptanalytic machinery which would unlock the Enigma's secrets. The evolution of this technology and its application were major contributing factors to the ultimate Allied victory in World War II.
See also Humor
The viral marketing campaign revolves around a Flash game infested with techie throwaway words in which the user must guide a "worm" through a "computer system" to collect "nodes" and "crack" a password within 60 seconds.
Jokes Magazine Employee Review January 25, 2000 (The classic crypto joke)
My boss asked me for a letter describing my partner Bob Smith, and this is what I wrote:
Bob Smith, my assistant programmer, can always be found
hard at work in his cubicle. Bob works independently, without
wasting company time talking to colleagues. Bob never
thinks twice about assisting fellow employees, and he always
finishes given assignments on time. Often Bob takes extended
measures to complete his work, sometimes skipping
coffee breaks. Bob is a dedicated individual who has absolutely no
vanity in spite of his high accomplishments and profound
knowledge in his field. I firmly believe that Bob can
be classed as a high-caliber employee, the type which cannot
be dispensed with. Consequently, I duly recommend that Bob
be promoted to executive management, and a proposal will
be executed as soon as possible.
S.D. - Project Leader
Shortly afterward I sent the following follow-up note: That bastard Bob was reading over my shoulder while I wrote the report sent to you earlier today. Kindly read only the odd numbered lines (1, 3, 5, etc.) for my true assessment. Regards,
S.D.
Steganography
CHACS Publications for 2002 Moskowitz, Ira S., Neil F. Johnson, and Michael Jacobs, "A Detection Study of an NRL Steganographic Method", NRL/MR/554002-8635, August 16, 2002. PDF
For a bound, easier to read, copy of this please contact:
Ms. L. Norton, Library---Code 5225, NRL, Washington, DC 20375
In this report we analyze in detail a method of image steganography developed by NRL. Our conclusion is that this method of steganography is undetectable by current pragmatic statistical stego detection techniques, primarily because it alters a very small number of pixels. The small size of the embedded message is the key to the lack of detection, provided that a non-anomalous cover image is used.
Newman, Richard E., Ira S. Moskowitz, LiWu Chang, and Murali M. Brahmadesam, "A Steganographic Embedding Undetectable by JPEG Compatibility Steganalysis", Proc. Information Hiding 2002, 7-9 October 2002, (final proceedings will be published by Springer, LNCS series, ed. F.A.P. Petitcolas). PDF
Steganography and steganalysis of digital images is a cat-and-mouse game. In recent work, Fridrich, Goljan and Du introduced a method that is surprisingly accurate at determining if bitmap images that originated as JPEG files have been altered (and even specifying where and how they were altered), even if only a single bit has been changed. However, steganographic embeddings that encode embedded data in the JPEG coefficients are not detectable by their JPEG compatibility steganalysis. This paper describes a steganographic method that encodes the embedded data in the spatial domain, yet cannot be detected by their steganalysis mechanism. Furthermore, we claim that our method can also be used as a steganographic method on files stored in JPEG format. The method described herein uses a novel, topological approach to embedding. The paper also outlines some extensions to the proposed embedding method.
Moskowitz, Ira S., Garth E. Longdon and LiWu Chang, "A New Paradigm Hidden in Steganography". Proceedings, New Security Paradigms Workshop, Sept. 2000, Ballycotton, Co. Cork, Ireland. Also appears in "The Privacy Papers," ed. R. Herold, Auerbach Press, 2001. PostScript, PDF
We discuss how steganography, in contrast to similar disciplines, requires a new paradigm based upon discontinuities and the absence of noise as a detection deterrent.
NSA declassifies crypto algorithms
The Metaphor Is the Key: Cryptography, the Clipper Chip, and the
Constitution - HTMLized version of 180 page University of
Pennsylvania Law Review Article by U. Miami School of Law Prof. A. Michael
Froomkin.
http://www.law.miami.edu/~froomkin/articles/clipper.htm
Cypherpunks, Cryptography & Hackers
Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
Last modified: August 15, 2009
