Please enable JavaScript.
Coggle requires JavaScript to display documents.
Information leakage basics (MODERN STEGANOGRAPHY (Fundamentals (Modern…
Information leakage basics
Information security
Reminder: goals (services)
Authentication
Confidentiality
Integrity
Availability
Mechanisms
Access control
Encryption
Software
Antivirus + IDS + Firewalls
What about insiders?
Insider threats
Problems
The attacker already got credentials to access
the system
… although privilege separation exists
A user may become an attacker (unwillingly?)
May cause great losses
Threats
Attacks
Sabotage
Exfiltration of information
Unauthorized use of services
Protection mechanisms
Monitoring
Forensics
DLP
Masquerader
Definition
Attacker that works on the system on behalf of another one. It may be an external entity or a malicious insider
Why?
Economy
Politics
Revenge
APTs
Definitions
Covert channel
Secret communication using a public channel
(Encryption raises concerns)
Steganography
Hiding the mere existence of the message, not
only its contents (as opposed to encryption)
Secret only revealed if using suitable mechanisms
Data is embedded into normal-looking info
Nowadays
Raising interest
Terrorism
Intellectual Property protection
Intelligence agencies
Criminals: malicious insiders
Activists
Malware
MODERN STEGANOGRAPHY
Fundamentals
Classic stego
Security through oscurity (of the channel at stake)
Modern stego: use of digital media
Text files (webpages, code, …)
Digital audio
Kerckhoffs principle
Security must only rely upon the secrecy of the key
Model
Elements
Hidden message
Cover message
Stego-object
Warden
Malicious
is not realistic in many cases
passive
active
Features
Capacity
Size of secret
Security
Hardness to detect hidden message
Robustness
Resiliency against changes before losing hidden
information
Image-based stego
Choose a suitable picture
Avoid artificial or monotonic pictures
Problems
Previous methods are weakly robust
Information may be lost if the image is compressed,
filtered, modified…
Watermarking or fingerprinting need more robust schemes
Removing hidden info must cause a significant
degradation of the signal
Modern stego is done over discrete cosine
transform, or wavelet…
Coefficients are altered to introduce desired
secret