Information Hiding and Attacks : Review
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Computer Trends and Technology (IJCTT) – volume 10 number 1 – Apr 2014 Information Hiding and Attacks : Review Richa Gupta Department of Computer Science University of Delhi India ABSTRACT : Information Hiding is considered Providing intended access and avoiding unintended very important part of our lives. There exist many access is a very challenging task. Information techniques for securing the information. This paper hiding has been since long time. In past, people briefs on the techniques for information hiding and the potential threats to those methods. This paper used hidden pictures or invisible ink to convey briefs about cryptanalysis and stegananlysis, two secret information [7,8]. methods for breaching into the security methods. Keywords – information hiding, cryptanalysis, 2. TECHNIQUES FOR steganalysis INFORMATION HIDING There are three major data hiding techniques 1. INTRODUCTION popular: watermarking, cryptography and steganography Data or information is very crucial to any organization or any individual person. None of us Watermarking - A watermark is a recognizable likes our conversation being overheard as it image or pattern that is impressed onto paper, contains the potential of being misused. Same is the which provides evidence of its authenticity [9, 10]. case with the data of any organization or of any Watermark appears as various shades of person. The exchange of data among two potential lightness/darkness when viewed in transmitted parties must be in done in a secured method so as light. Watermarks are often seen as security to avoid any tampering. Two types of threats exists features to banknotes, passports, postage stamps during any information exchange. The unintended and other security papers. Digital watermarking is user who may try to overhear this conversation can an extension of this concept in the digital world . A either tamper with this information to change its watermarking system’s primary goal is to ensure original meaning or it can try to listen to the robustness, i.e, it should be impossible to remove message with intention to decode it and use it to the watermark without tampering the original data his/her advantage. Both these attacks violated the [8]. confidentiality and integrity of the message passed. Cryptography - Cryptography is an art of restriction on certain types of information. transforming data into an unreadable format called Integrity is maintaining and assuring the accuracy cipher text. The receiver at other side, deciphers or of data being delivered, i.e, information contains no decrypt the message into plain text. Cryptography modification, deletion etc. Authentication ensures provides data confidentiality, data integrity, the identity of sender and receiver of the authentication and non-repudiation. information. Non-repudiation is the ability to Confidentiality is limiting access or placing ensure that the sender or receiver cannot deny the ISSN: 2231-2803 http://www.ijcttjournal.org Page21 International Journal of Computer Trends and Technology (IJCTT) – volume 10 number 1 – Apr 2014 authenticity of their signature on the sending involves knowing how the system works and information that they originated [8]. finding a secret key. Cryptanalysis is the attempt to circumvent the security of various types of Steganography - Steganography is a practice of cryptographic algorithms and protocols. Types of hiding/concealing the message, file, image within cryptanalysis attacks: other message, file or image. The 1. Cipher text only attack – in this, the word steganography is of Greek origin and means attacker has access only to a set of "covered writing" or "concealed writing" [11]. In ciphertexts. The aim is to deduce other words, it is the art and science of plaintexts maybe by making assumptions communicating in a way which hides the existence and guesses. of the communication. The goal is to hide messages 2. Known plain-text attack - In this, the inside other harmless messages in a way that does cryptanalyst has knowledge of a portion of not allow enemy to even detect that there is a the plaintext from cipher text. The attempt second message present [3]. Steganography focuses is to deduce key to decrypt the rest of the more on high security and capacity. Even small ciphertext [2,3]. changes to stego medium can change its meaning. 3. Chosen-plaintext attack – this is also Steganography masks the sensitive data in any known as chosen-cipher text attack or cover media like images, audio, video over the differential cryptanalysis. In this, the internet [8]. cryptanalyst has the ability to choose plaintexts arbitrarily to be encrypted and 3. ATTACKS ON obtain the corresponding ciphertexts. The INFORMATION HIDING cryptanalyst aims to deduce the key by The attacks on security systems aim to find comparing the entire ciphertext with the weakness in information hiding techniques. This is original plaintext. RSA encryption also referred to as breaking. One of the most technique is prone to this type of attack common example of breaking the security code is [2,3]. brute force approach. To break the security lock of 4. Cipher-text only analysis – In this, the 3-digits, it simply needs 1000 combinations. There cryptanalyst has no knowledge of the are two terms for finding the weakness and trying plaintext and must work only from to break-through the code: cryptanalysis and ciphertext. It requires guesswork to know steganalysis. what the message can be. Any type of prior knowledge about ciphertext, the Cryptanalysis sender or the topic in general can be Cryptanalysis is the study of analyzing information helpful [2]. systems in order to study the hidden aspects of the 5. Man-in-the-middle attack – This attack systems. In other words, it is the art of deciphering involves tricking individuals into encrypted communication without knowing the surrendering their keys. When two parties proper keys. It is used to breach cryptographic are exchanging their keys for secure security systems and to gain access to the encrypted communication, an adversary positions messages. Breaching the security in this way himself in between them. He intercepts the ISSN: 2231-2803 http://www.ijcttjournal.org Page22 International Journal of Computer Trends and Technology (IJCTT) – volume 10 number 1 – Apr 2014 signal sent from one side to other, and Steganalysis performs a key exchange separately with Steganalysis is the discovery of the existence of both the parties. Thus they both will end hidden information, hidden using steganography. up using a different key, known to This is analogous to cryptanalysis and adversary. The cryptanalyst thus can cryptography. The goal of steganalysis is to decrypt the signals between the parties. He identify suspected packages, to determine whether can decrypt the communication from party they have a message encoded into them, and to try 1 with the key he shared with him, and and gain access to that message [5]. It differs from resends the message by encrypting it with cryptanalysis in the sense that the existence of key of other party to other side. Thus both message is obvious in cryptanalysis, that is one the parties will think they are knows that the signal contains encrypted data. communicating securely, but the Whereas in case of steganalysis, the steganalyst cryptanalyst is hearing everything [3]. starts with a pile of suspect data and then try to This type of attack can be defeated by determine whether it contains encrypted message using hash functions. and then retrieving the message [4]. 6. Timing or differential power analysis – this technique is used to gain information 1. Stego-only attack – in this type of attack, about key computations used in the only the stego media (i.e the medium encryption algorithm and other functions containing hidden data) is available for pertaining to security. The technique analysis [6]. measures the differences in electrical 2. Known carrier attack – in this type of consumption over a period of time when a attack, the steganalyst has access to both microchip performs a function to secure the target object which is used for hiding information. information and the stego object that 7. Attack against or using the underlying contains the hidden information. The stego hardware – this type of attack involves the media or stego object is compared with the use of mobile crypto devices that aim at cover object and the differences are the hardware implementation of the detected. For example: the original image cryptosystem. The attacks use the data and the image containing the hidden from very fine measurements of the crypto information are available and compared to device doing, say, encryption and compute deduce the message [5]. key information from these measurements. 3. Known message attack – in this, the The basic ideas are then closely related to original message prior to embedding in the those in other correlation attacks. For carrier is known. This attack is the instance, the attacker guesses some key analysis of known patterns that correspond bits and attempts to verify the correctness to hidden information. This type of of the guess by studying correlation analysis can help against attacks in the against her measurements [3]. future. Even with the message available, this type of attack may be very difficult and considered same as stego-only attack. ISSN: 2231-2803 http://www.ijcttjournal.org Page23 International Journal of Computer Trends and Technology (IJCTT) – volume 10 number 1 – Apr 2014 4. Chosen stego attack – in this attack, the algorithm used for hiding information and the stego object, that is the final hidden file is known and available for analysis [6]. 5. Chosen message attack – in this, the steganalyst generates a stego object from some steganography algorithm of a chosen message. The goal is to search for the corresponding patterns in the stego-object that may be helpful for specific steganography tools and algorithms. 6. Known stego attack – in this type of attack, the steganography algorithm, the original mesia file and the stego object is known, that is, all the components are available for analysis [5].