Hiding in Plain Sight: Steganography and the Art of Covert Communication Eric Cole Ronald D. Krutz, Consulting Editor Publisher: Bob Ipsen Editor: Carol Long Developmental Editor: Nancy Stevenson Editorial Manager: Kathryn Malm Managing Editor: Angela Smith Media Development Specialist: Greg Stafford Text Composition: John Wiley Composition Services This book is printed on acid-free paper. ∞ Copyright © 2003 by Eric Cole. All rights reserved. Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rose- wood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8700. Requests to the Pub- lisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: [email protected]. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, inci- dental, consequential, or other damages. For general information on our other products and services please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks of Wiley Publishing, Inc., in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or ven- dor mentioned in this book. Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books. Library of Congress Cataloging-in-Publication Data: ISBN: 0-471-44449-9 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 This book is dedicated to Kenneth Marino, the members of Rescue 1, and all New York City Fire Fighters who lost their lives on and after September 11, 2001. They made the ultimate sacrifice by giving up their lives so others could live. I still remember getting the phone call that Kenny was missing, and it upset me more than words could describe. Kenny was probably one of the nicest people I had the privilege of knowing, and he would do anything to help someone else out. That is probably why being a fire fighter was one of his dreams. Contents Acknowledgments xiii Introduction xvii Part One Exploring the World of Covert Communication 1 Chapter 1 Covert Communication: It’s All Around You 3 What Is Steganography? 5 Where Hidden Data Hides 5 Where Did It Come From? 6 Where Is It Going? 7 When Steganography Inspires Terror 8 Who Is Using Stego? 9 Protecting Your Rights 10 Keeping Your Business Secure 10 Looking Ahead 12 Chapter 2 Cryptography Explained 13 Cryptography Defined 15 Crypto 101 15 Crypto Lingo 16 Early Cryptography 17 How We Got to Modern Cryptography 18 Cryptography and Network Security 19 Confidentiality 19 Integrity 20 Availability 21 Authentication and Non-Repudiation 22 Authentication 22 Non-repudiation 23 Principles of Cryptography 24 v vi Contents You Cannot Prove Crypto Is Secure 24 Algorithm versus Implementation 25 Never Trust Proprietary 26 The Strength of an Algorithm Is in the Key 28 Cryptography Stays in Place 28 Cryptography Must Be Designed In 29 All Cryptography Is Crackable, in Time 29 Security Becomes Obsolete 31 Types of Cryptography 32 Symmetric 32 Diffie-Hellman Key Exchange 32 Common Implementations of Symmetric Encryption 34 Asymmetric 38 Hash 38 Putting the Pieces Together 39 Using Cryptography Tools 40 Working with PGP 41 Generating a Privacy Key with PGP 41 How PGP Works with Email 44 Using SSH 45 Looking Ahead 50 Chapter 3 Hiding the Goods with Steganography 51 Overview of Steganography 52 The Growth of Steganography 53 Steganography in Use 54 Flaws of Steganography 55 Variations on Stego 56 Trojan Horses 56 Covert Channels 57 Easter Eggs 58 Hardware Keys 58 Security and Steganography 59 Confidentiality 59 Survivability 59 No Detection 60 Visibility 60 Principles of Steganography 61 Types of Steganography 61 File Type 61 Method of Hiding 62 Hands-on Steganography 62 Putting All the Pieces Together 63 Looking Ahead 66 Contents vii Chapter 4 Digital Watermarking 67 What Is Digital Watermarking? 68 Exploring Uses for Digital Watermarking 69 Properties of Digital Watermarking 71 Types of Digital Watermarking 73 Invisible Watermarking 74 Visible Watermarking 77 Goals of Digital Watermarking 78 Digital Watermarking and Stego 79 Uses of Digital Watermarking 80 Removing Digital Watermarks 81 Looking Ahead 87 Part Two The Hidden Realm of Steganography 89 Chapter 5 Steganography at Large 91 The Internet: A Climate for Deceit 93 The End of the Paper Trail 93 Your Jurisdiction or Mine? 94 Searching for Identity 95 Corporate Espionage 97 Who’s Playing? 97 Information Attacks 98 System Attacks 99 Playing Spy 99 Big Brother—With an Attitude 99 Information Crime and the Law 101 Who’s Watching Whom? 101 Protecting Ideas 101 Enforcement: A Tough Nut 102 The Challenge 103 Enforcing the Unenforceable 103 The Growing Science of Computer Forensics 104 Looking Ahead 105 Chapter 6 Nuts and Bolts of Steganography 107 Types of Steganography 108 Original Classification Scheme 109 Insertion-Based 109 Algorithmic-Based 109 Grammar-Based 110 New Classification Scheme 111 Insertion-Based 111 Substitution-Based 112 Generation-Based 112 viii Contents Color Tables 113 Products That Implement Steganography 114 S-Tools 115 Using S-Tools with Image Files 115 Using S-Tools with Sound Files 116 S-Tools Step-by-Step 117 Hide and Seek 118 J-Steg 119 EZ Stego 121 Image Hide 122 Digital Picture Envelope 123 Camouflage 126 Gif Shuffle 127 Spam Mimic 127 Rolling Your Own Stego 129 Comprehensive Stego Program 130 Technique Structure 132 WAV Creation 132 Overview 132 Idea 133 Details 133 Logic Flow 134 Areas for Improvement 135 wav-Sine Creation 135 Overview 135 Idea 135 Details 135 Logic Flow 135 Areas for Improvement 136 WAV Twiddle 137 Overview 137 Idea 137 Details 137 Logic Flow 137 Areas for Improvement 139 Doc Stuffer 139 Overview 139 Idea 139 Details 139 Logic Flow 140 Areas for Improvement 141 EXE Stuffer 141 Overview 142 Idea 143 Details 143 Contents ix Logic Flow 143 Areas for Improvement 143 HTML White Space 144 Overview 145 Idea 145 Details 145 Logic Flow 147 Areas for Improvement 147 HTML White Space Variable 147 Overview 147 Idea 148 Details 149 Logic Flow 149 Areas for Improvement 149 RTF Insertion 149 Overview 149 Idea 150 Details 151 Logic Flow 151 Areas for Improvement 151 War 151 Overview 151 Idea 151 Details 152 Logic Flow 153 Areas for Improvement 153 Looking Ahead 153 Chapter 7 Sending Stego Files Across a Network 155 Uses and Techniques of Network Stego 155 Hiding in Network Traffic 156 Stego Combined with Viruses 156 Tracking Internet Usage 156 Network Stego Techniques 157 Hiding in an Attachment 157 Hiding Data in an Email Attachment 157 Transmitting Hidden Data with FTP 157 Posting Stego to a Web Site 158 Hiding in a Transmission 158 Using Invisible Secrets to Hide and Transmit Data 158 Embedding Hidden Data with Invisible Secrets 159 Decrypting and Extracting Data with Invisible Secrets 164 CameraShy 167 Hiding Data in Network Headers 169 Networking and TCP/IP: The Basics 169 Using IP and TCP Headers for Stego 169 x Contents UDP and ICMP Headers 171 Covert tcp 171 How Covert tcp Works 172 Running Covert tcp 173 Hiding in an Overt Protocol 179 Looking Ahead 181 Part Three Making Your Own Communications Secure 183 Chapter 8 Cracking Stego and Crypto 185 Who’s Cracking What? 186 Cracking Analysis 187 Cryptanalysts 187 Steganalysts 188 The Role of Detection 188 Detecting Encryption 188 Randomness and Compression 190 Detection and Image Files 190 Building a Program for Detection 191 Cracking Cryptography 194 General Attacks 195 Ciphertext-Only Attack (COA) 195 Known Plaintext Attack (KPA) 196 Chosen Plaintext Attack (CTA) 197 Chosen Ciphertext Attack (CCA) 197 Specific Attacks 197 Brute-Force Attack 197 Replay Attack 198 Man-in-the-Middle Attack 199 Meet-in-the-Middle Attack 199 Birthday Attack 200 Cracking Steganography 201 Specific Techniques 201 S-Tools Version 4.0 202 Hide and Seek 205 J-Steg 205 EZ Stego 207 StegDetect 208 General Techniques for Detecting Stego 211 Looking Ahead 216 Chapter 9 Developing Your Secure Communications Strategy 217 Secure versus Secret 218 Setting Communication Goals 219 The Roles of
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages362 Page
-
File Size-