Please enable JavaScript.
Coggle requires JavaScript to display documents.
Countering Information Leakage (STEGANALYSIS (Some processes (In practice,…
Countering Information Leakage
Approaches
Pre-event
Predict
Modelling user behavior
Psychology
Detect
Host agents
Network agents
Avoid
Prevention systems
Pro-active
Decoy documents spread throughout the
organization
Monitoring their usage
Detects insiders which work outsider their
expected environment
Post-event
Forensics
The same as other computer-based offences
Leakage detection and
prevention systems
Components
Network agents
Host agents
Policy server
Admin server
Network agents
Traffic interception
Inspection of packets looking for sensitive data
Deep Packet Inspection
What if encrypted connections
ICAP
Host agents
Looking for sensitive information
Monitoring leakage vectors
Connection changes
ICAP server
Policy server
Definition of sensitive information
Definition of leakage vector
Definition of policy
Admin server
Receiving alerts
Check network status
Update and management of network and host
agents
STEGANALYSIS
Goals
Detect hidden communication
Locate content
Retrieve content
Equivalent to cryptanalysis in crypto
Basic idea
Stego modifies original files
It changes the statistical properties of the cover
Recalling, the general process for stego is
Find redundant bits
Choose a subset of them to replace them by the secret
This process usually changes statistical properties
Many steganalysis processess focus on these
changes
Some processes
Statistical tests
Detect deviations against normality
Important limitations:
False positives
– What is normality?
Additional remarks
If the secret is encrypted first (i.e. it is a pseudo-random
sequence
These phenomena may be measured
Each algorithm follows a particular mode of
operation
Analyzing several instances, patterns may
be found
In practice, it may be detected
Existence of secret
Size of secret
Applied tool
Stego on the internet
Why NOTHING?
There is no significant usage of stego on the
Internet
Our research was carried out in sources in
which no hidden data is (normally) placed
Stego users
Do not use systems detected by stegdetect
Use excellent keys
They are partially true
Use of steganalysis: Watermarking
Adding copyright/ownership info
Intellectual Property Protection
Client fingerprinting, tracing illegal copies
Tracing image owner in case of dispute
In audio, video, docs and images
Not the same to steganography
++robustness, –capacity, – security (confidentiality)
Watermarking systems
Visibles (© symbols, etc…)
nvisibles (DCT, LSB, etc.)
Conclusions
Stego and steganalysis are very promising ICT
scenarios
New covert channels are discovered periodically
Although it is older than cryptology, it is less
explored
In areas with financial support (intellectual property
protection) nices advances are being achieved.
In 5-10 years mature technology may be ready