Slides 2
advertisement
SCSC 455 Computer Security Chapter 2 Symmetric Encryption and Message Confidentiality Dr. Frank Li Index Symmetric encryption principles Symmetric block encryption Random and pseudorandom numbers Stream ciphers and RC4 Cipher block modes of operation Symmetric encryption principles Five ingredients: Plaintext Encryption algorithm Secret key Cipher text Decryption algorithm Kerckhoff’s Principle Kerckhoff’s Principle (1883) the only secrecy involved with a cryptography system should be the key; the algorithm should be publicly known; Good security assumes an eavesdropper knows the cipher, but the key must be kept secret Cryptography Cryptographic systems are classified along three independent dimensions: The type of operations used for transforming The number of keys used Substitution vs. transposition Product systems Symmetric vs. asymmetric The way in which the plaintext is processed Block cipher vs. stream cipher Cryptanalysis The process of attempting to discover the plaintext or key Types of cryptanalytic attacks (table 2.1) Cipher text only Known plaintext Chosen plaintext Chosen ciphertext Chosen text Computationally Secure A encryption scheme is computationally secure, if the ciphertext generated by the scheme meets one or both of criteria: The cost … The time … Brute force attack X different keys on average ? Tries Feistel Cipher Structure Many symmetric block encryption algorithms have a structure … (figure 2.2) Feistel Structure is a particular example of the more general structure used by all symmetric block ciphers Parameters and design features Block size Key size Number of rounds Subkey generation algorithm Round function Fast software encryption/decryption Ease of analysis Symmetric block encryption algorithms important symmetric block ciphers DES 3DES AES DES Data encryption standard Issued in1977 FIPS 46 by NIST The algorithm is Data encryption algorithm (DEA) What is DES? The strength of DES Concerns about the algorithm … Concerns about key length … History of DES (1) In the early 1970s, the National Institute of Standards and Technology (NIST) invited vendors to submit data encryption algorithms to be used as a cryptographic standard. In 1974, IBM’s 128-bit algorithm Lucifer was submitted and accepted. The NSA modified Lucifer to use a key size of 64 bits instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). DEA became the algorithm that fulfills the Data Encryption Standard (DES) in 1977. History of DES (2) DES has been implemented in a majority of commercial products and in the applications of almost all government agencies In January 1988, NSA stopped endorsing DES DES had been so popular for so long, it would surely be targeted for penetration and become useless as an official standard. NSA wanted to move on to a newer, more secure, and less popular algorithm as the new standard. History of DES (3) In 1998, the Electronic Frontier Foundation built a computer system “DES cracker” for $250,000 DES cracker broke DES in three days uses a brute force attack against the keyspace Concerns on DES Concerns on DES Design decisions not public -- mysteries S-box NSA's involvement in the design, S-boxes may have backdoors key is too short Eventually, DES was replaced by the Advanced Encryption Standard (AES) by NIST Breaking Encryption Algorithm Breaking an encryption algorithm can take place through brute force attacks or by identifying weaknesses in the algorithm Brute force attacks have increased in potency because of the increased processing capacity of computers. An encryption algorithm is broken if someone is able to uncover a key used in an encryption process. Q: Is a broken algorithm worthless? Breaking Encryption Algorithm Ans: If breaking an encryption algorithm by identifying weakness of the algorithm, the answer is YES; If breaking an encryption algorithm by brute force attack, the answer depends … In proper implementations, we should be encrypting data with session keys A session key is good only for that one session So even if one session key was uncovered, it may be useless to the attacker DES steps DES is a symmetric block encryption algorithm. 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. A 64-bit key: 56 bits are the true key, and 8 bits are for parity. DES steps: 1. 2. Divides the message into 64-bit blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. 3. The order and type of transposition and substitution functions depend on the value of the key that is used with the algorithm. The result is 64-bit blocks of ciphertext. DES Modes of operation (section 2.5) DES has several distinct modes of operation Each mode specifies how a block cipher will operate Each mode are used in different situations for different results Modes Electronic Code Book (ECB) Cipher Block Chaining (CBC) – the most common Cipher Feedback (CFB) Output Feedback (OFB) Counter Mode (CM) Cipher Block Chaining Mode (CBC) In CBC, each block of plaintext, the key, and the ciphertext from the previous block are processed in the Algorithm Chaining IV Cipher Block Chaining Mode (CBC) Dependence (Chaining) among the blocks Ciphertext is extracted and used from the previous block of text; For the first block, we use a 64-bit initialization vector (IV) to add randomness This chaining effect means that a particular ciphertext block is dependent upon all blocks before it, not just the previous block. CBC produces different ciphertext when encrypting the same plaintext in different block More random ciphertext less pattern can be revealed from ciphertext Initialization vectors (IVs) Initialization vectors (IVs) are random values that are used with algorithms to ensure that patterns are not created during the encryption process. IVs are used with keys IVs do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. In CBC, if we choose a different IV each time we encrypt a message, even if it is the same message, the ciphertext will always be unique. 2DES and 3DES Double-DES has a key length of 112 bits A specific attack against Double-DES that reduces its work factor to about the same as DES Triple-DES is a quick fix to provide more protection for sensitive data. uses 48 rounds in its computation, which makes it highly resistant to differential cryptanalysis take up to three times longer than DES to perform encryption and decryption 2DES There has been interest to provide another algorithm during the transition to AES -- preserve the existing investment in software and hardware, increasing the security Double DES C=E_K2(E_K1(M)) M=D_K1(D_K2(C)) Q: Is double DES more secure than DES? Meet-in-the-Middle attack on 2DES 1. 2. 3. 4. 5. Proposed by Diffie, Hellman (1977) Main observation: if C=E_K2(E_K1(M)), then X=E_K1(M)=D_K2(C) Assume we have two pairs of plaintext-ciphertext, Encrypt P for all 2^56 possible keys K1 Store the results in a table and sort the table by the values of X Decrypt C using all possible 2^56 possible keys K2 For each decryption check the result in the table In case of match, test the two keys with the second pair of plaintext-ciphertext. If they match, the correct keys were found 2DES Q : Is double DES more secure than DES? Ans: through analysis, 2DES is broken in 2^56 steps with probability larger than 1-2^-16. The effort is not much bigger than the 2^55 required to break DES 3DES 3DES is incorporated in 1999 with FIPS 46-3 Formula FIPS 46-3 guidelines AES is intended to replace 3DES 3DES Counter to the meet-in-the-middle attack: use three stages of encryption 3DES can work in different modes: DES-EEE3 E_K3( E_K2 ( E_k1(M) ) ) DES-EDE3 E_K3( D_K2( E_K1(M) ) ) DES-EEE2 E_K1( E_K2 ( E_k1(M) ) ) DES-EDE2 E_K1( D_K2( E_K1(M) ) ) Advanced Encryption Standard (AES) NIST sponsored a competition in 1997 to create a replacement for DES. The following five algorithms were the finalists: MARS RC6 Serpent Twofish Rijndael The winner is the Rijndael algorithm by two Belgians Use three different key lengths: 128 bits, 192 bits, 256 bits was approved for use by U.S. government agencies in May 2002 AES Features Not a Feistel structure Process the entire data block in parallel using substitutions and permutation The key is expanded into an array of 44 32-bit words w[i]. Four distinct words (128 bits) serve as a round key. Four different stages One permutation and three of substitution Substitute bytes Shift rows Mix columns Add round key History of cryptography The first encryption methods date back to 4000 years ago. Some Egyptian hieroglyphics were encrypted Atbash Cipher a Hebrew cryptographic method the alphabet to be flipped so that each letter in the original alphabet was mapped to a different letter in the flipped, alphabet. ABCDEFGHIJKLMNOPQRSTUVWXYZ ZYXWVUTSRQPONMLKJIHGFEDCBA e.g.: Encypt “atbash” ? Decrpt “hvxfirgb” ? Scytale Cipher (review) Scytale cipher 400 B.C. the Spartans Write a message on a sheet of papyrus that was wrapped around a staff; The papyrus was delivered and wrapped around a different staff by the recipient; The message was only readable if it was wrapped around the correct size staff, which would make the letters properly match up 32 Caesar Cipher (review) Julius Caesar (100–44 B.C.) developed a simple encryption method -- shifted the alphabet by three positions Standard Alphabet: ABCDEFGHIJKLMNOPQRSTUVWXYZ Cryptographic Alphabet: DEFGHIJKLMNOPQRSTUVWXYZABC Example: Encypt “caesar” ? Decrpt “vhfxulwb” ? Substitution Cipher (review) Both Atbash cipher and Caesar Cipher are substitution cipher, because each character is replaced with another character. Monoalphabetic substitution cipher: uses only one alphabet, Polyalphabetic substitution cipher: uses multiple alphabets Q1. Can you formulate them use mathematically? Hint: integers 0 – 25 represent 26 characters; m: message / plaintext, c: cipher text; encryption: c = E(m) = ? decryption: m = D(c) = ? Q2. Is Scytale cipher a substitution cipher? Transposition Cipher (review) Transposition Cipher: rearrange letters in plaintext to produce cipher text Scytale cipher is a transposition cipher Rail-Fence cipher is another transposition cipher Plaintext is HELLO WORLD Encryption: c = E(m) HLOOL ELWRD HLOOLELWRD Describe decryption process: m = D(c) = ? Vigenère Cipher The Vigenère cipher is a method of encryption that uses a series of different Caesar ciphers based on the letters of a keyword. Appears to be unbreakable. The Vigenère cipher has been reinvented many times. The method was originally described by Giovan Batista Belaso in his 1553 book La cifra del. Sig. Giovan Batista Belaso However, the scheme was later misattributed to Blaise de Vigenère in the 19th century, and is now widely known as the "Vigenère cipher". 36 Terms in Vigènere Cipher Vigènere table: a table used to encipher and decipher Vigènere cipher has key letters on top, plaintext letters on the left. There are 27 shift alphabets Vigènere cipher is a polyalphabetic substitution cipher. In contrary, Caesar cipher is a monoalphabetic substitution cipher Key is used with Vigènere table in encryption / decryption The Vigènere Table A B E H L O S T Y G G H L N R U Y Z E I I J M P T W A B H V V W Z C G J N O T A mini example Encryption: A key letter V, and a plaintext letter T follow V column down to T row “O” Decryptioin: A key letter V, and a ciphertext letter O “T” Vigènere Cipher Example If the message is longer than the key, the key repeats itself E.g. 1: Key: LEMON Encrypt plaintext: ATTACKATDAWN Key L E M O N L E M O N L E m A T T C K A T D A W N A c E.g.2, Decrypt ciphertext: P R U U Z L Q: How to represent Vigènere Cipher in formula? (Hint: encryption / decryption is done character by character) Exercise 1) Encrypt a plaintext with the key “lucky” computinggivesinsight 2) Decrypt a ciphertext with the key “vector” olklwjvrgqodkpghtkcixbuviitxqzklgk Cryptanalysis Cryptanalysis is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse-engineering protocols. All previously introduced ciphers have been broken. Basic methods: Statistical analysis Exhaustive search key space Statistical analysis Each character has a certain frequency. A.k.a. 1-gram model of English a 0.080 h 0.060 n 0.070 t 0.090 b 0.015 i 0.065 o 0.080 u 0.030 c 0.030 j 0.005 p 0.020 v 0.010 d 0.040 k 0.005 q 0.002 w 0.015 e 0.130 l 0.035 r 0.065 x 0.005 f 0.020 m 0.030 s 0.060 y 0.020 g 0.015 z 0.002 Statistical Analysis (1) f(c) frequency of character c in ciphertext p(x) is frequency of character x in English (i) correlation of frequency of letters in ciphertext with corresponding letters in English, assuming key is i (i) = 0 ≤ c ≤ 25 f(c)p(c – i) Statistical Attack (2) E.g., a Caesar cipher : KHOOR ZRUOG step 1: Compute frequency of each letter in ciphertext: G 0.1 H 0.1 K 0.1 O 0.3 R 0.2 U 0.1 Z 0.1 Step 2: Compute correlation for key i (i) = 0.1p(6 – i) + 0.1p(7 – i) + 0.1p(10 – i) + 0.3p(14 – i) + 0.2p(17 – i) + 0.1p(20 – i) + 0.1p(25 – i) Correlation: (i) for 0 ≤ i ≤ 25 i (i) i (i) i (i) i (i) 0 0.0482 7 0.0442 13 0.0520 19 0.0315 1 0.0364 8 0.0202 14 0.0535 20 0.0302 2 0.0410 9 0.0267 15 0.0226 21 0.0517 3 0.0575 10 0.0635 16 0.0322 22 0.0380 4 0.0252 11 0.0262 17 0.0392 23 0.0370 5 0.0190 12 0.0325 18 0.0299 24 0.0316 6 0.0660 25 0.0430 The Result Step 3: find the most probable keys, based on : i = 6, (i) = 0.0660 i = 10, (i) = 0.0635 plaintext HELLO WORLD i = 14, (i) = 0.0535 plaintext AXEEH PHKEW i = 3, (i) = 0.0575 plaintext EBIIL TLOLA plaintext WTAAD LDGAS The only valid English phrase is for i = 3. That’s the key (3 or ‘D’) Exhaustive search Exhaustive search If the key space is small enough, try all possible keys until you find the right one Q 1: How large is the key space in Caesar cipher ? Q2: If we use exhaustive search, what is the expected number of trials when breaking Caesar cipher? Q3: How about the key space of Vigènere Cipher? Q4: How to break Vigènere Cipher? Attacking Vigènere Cipher – Vigenere ciphers were regarded by many as practically unbreakable for 300 years. – In 1863, a Prussian major named Kasiski proposed a method for breaking it. – This method was not in fact invented by Kasiski but instead by Charles Babbage; – Babbage's discovery was used to aid English military campaigns, and was not published until several years later; as a result credit for the development was instead given to Friedrich Kasiski Statistical analysis of Vigènere Cipher 1. Establish period n (the length of key) 2. Break cipher into n parts, each part being enciphered using the same key letter 3. Solve each part leverage one part from another We want to break this cipher: ADQYS EQOOG MOCIO HSNEW HCEUT HIUIX MIUSB IFBAG EQOOG VECNE QOIOF OXKKT KAUMF BMBFV DLAAV MEGJS MIBHK VVTAA ZGGWP RWKXS WTPCH IZOOO CIDTW CIEKQ VNSVP AJMOC Step 1. Establish Period n Important observation: Repetitions in the ciphertext occur when characters of the key appear over the same characters in the plaintext e.g. Key VIGVIGVIGVIGVIGV plain THEBOYHASTHEBALL cipher OPKWWECIYOPKWIRG Repetitions in this example cipher Letters Start End Distance Factors MI 5 15 10 2, 5 OO 22 27 5 5 OEQOOG 24 54 30 2, 3, 5 FV 39 63 24 2, 2, 2, 3 AA 43 87 44 2, 2, 11 MOC 50 122 72 2, 2, 2, 3, 3 QO 56 105 49 7, 7 PC 69 117 48 2, 2, 2, 2, 3 NE 77 83 6 2, 3 SV 94 97 3 3 CH 118 124 6 2, 3 Estimate of Period n A long repetition “OEQOOG” and “MOC” are probably not coincidence Their distances are 30 and 72. The greatest common divisor of 30 and 72 is 6. many other shorter repetitions have 2 and 3 in their factors Thus the estimate period n = 6 Verify Period n by Friedman test (we skip this part) Step 2: Break cipher into n parts Key-1: AIKHOIATTOBGEEERNEOSAI Key-2: DUKKEFUAWEMGKWDWSUFWJU Key-3: QSTIQBMAMQBWQVLKVTMTMI Key-4: YBMZOAFCOOFPHEAXPQEPOX Key-5: SOIOOGVICOVCSVASHOGCC Key-6: MXBOGKVDIGZINNVVCIJHH Statistical Analysis each part Counting characters in each part ABCDEFGHIJKLMNOPQRSTUVWXYZ 1. 2. 3. 4. 5. 6. 31004011301001300112000000 10022210013010000010404000 12000000201140004013021000 21102201000010431000000211 10500021200000500030020000 01110022311012100000030101 Compare with unshifted alphabet frequencies in English: HMMMHMMHHMMMMHHMLHHHMLLLLL Solve each part (2) First part: matches characteristics of unshifted alphabet A A Third part : I A Sixth part : V A Substitute into ciphertext: ADIYS RIUKB OCKKL MIGHKAZOTO EIOOL IFTAG PAUEF VATAS CIITW EOCNO EIOOL BMTFV EGGOP CNEKIHSSEW NECSE DDAAA RWCXS ANSNP HHEUL QONOF EEGOS WLPCM AJEOC MIUAX Solve each part (3) further analysis AJE in last line suggests “ARE”, meaning second alphabet maps A into S: ALIYS MIOOL EOCNO HSSEE HHECL MICAX RICKB INTAG MIOOL NECSE QONON OCKSL PACEF BUTFV LDAAA EEGOS MIGHS VATIS EGOOP RECXS ELPCM AZOTO CIITE CNESI ANANP AREOC Solve each part (4) further analysis MICAX in last line suggests “mical” (a common ending for an adjective), meaning fourth alphabet maps O into A: QI means that U maps into I, as Q is always followed by U: ALIMS PACET CNESI EONON RICKP VATIS VSSEE ESGOS OCKSL QIITE NSCSE ELDCM AIGHS ECCNO LDOAA ARECC ANOTO MICOL INTOG MICOL BUTTV EGOOD RECLS ANAND HHECL MICAL Got It! ALIME PACET ONESI EANON RICKP HATIS VESEE ESSOS ACKSL QUITE NSOSE ELDOM AUGHS ECONO LDOMA ARECO ANATO MICAL INTOS MICAL BUTTH EGOOD RECLE ANAND THECL MICAL Note that: Vigenere cipher is easy to break by hand. However, the principle of cryptanalysis hold for more complex ciphers that can be implemented only by computer. The War Machines: The Purple Machine The Purple Machine is developed and used by the Japanese during World War II Employed techniques discovered by Herbert O. Yardley The code was broken by William Frederick Friedman Known as the “Father of U.S. Cryptanalysis” 59 The War Machines: Enigma Enigma is developed by Arthur Scherbius Used by the Germans during World War II Enigma substituted each letter typed by an operator Substitutions were computed using a key and a set of switches or rotors The code was broken first by a group of Polish cryptographers The machine for breaking the code was called the “Bombe” 60 Design of Enigma Machine An electrical voltage applied to the Q terminal on the top row will appear at the L terminal on the bottom row. 61 How to use the Enigma machine? 1. The originator configures the Enigma machine to its initial settings; 1. Type in the first letter of the message, and the machine would substitute the letter with a different letter; 2. The encryption was done by moving the rotors a predefined number of times Advance the rotors and enter the next letter. Each time a new letter was to be encrypted, the operator would advance the rotors to a new setting. 62 Mechanism of the Enigma Machine The chosen substitution for each letter was dependent upon the rotor setting Assumption: the operators at each end needed to know the key - the initial setting, which is the crucial and secret part of this process And how to advanced the rotors when encrypting and decrypting a message Random and Pseudorandom Numbers A number of network security algorithms based on cryptography Examples: generation of keys for RSA, generation of stream key for symmetric stream cipher, generation of session key, used in Kerberos for handshaking to prevent replay attacks Two requirements Randomness unpredictability Randomness and Unpredictability Randomness Criterion to validate randomness Uniform distribution Independence Tests to demonstrate if a sequence is NOT independent Apply a number of such tests until the confidence that independence exists is sufficiently strong Unpredictability “true” random sequence, numbers are unpredictable However, in pseudorandom sequence, care must be taken for unpredictability Pseudorandom Numbers Algorithms are deterministic Numbers generated by algorithm are NOT statistically random! A good algorithm generates Pseudorandom Numbers pass many reasonable tests of randomness TRNG, PRNG, and PRF (page 39 – 40) Entropy source Seed PRNG algorithms Purpose-built algorithms: E.g. RC4 Algorithms based on existing cryptographic algorithms Symmetric block cipher Asymmetric cipher Hash functions, and message authentication codes Stream Cipher What is stream cipher? Keystream Stream cipher is faster and use less code than block cipher However this advantage has diminished with the introduction of AES E.g. IBM AES instruction set Stream cipher is better encrypt/decrypt of a stream of data over a communication channel Block cipher can reuse keys, stream cipher cannot. Stream Cipher Design considerations for a stream cipher Encryption sequence should have a large period Keystream should approximate the properties of a true random number stream. The key needs to be sufficiently long >= 128 bits RC4 Designed in 1987 by Ron Rivest For RSA Security RC4 was kept as trade secret by RSA Security, until algorithm was anonymously posted on the Interne in 1994 RC4 algorithm is very simple Used in SSL/TLS standards, WEP and WPA RC4 A variable length key of from 1 to 256 byes is used to initialize a 256-byte state vector S S[0], S[1] .. S[255] contains a permutation of all 8-bit numbers from 0 to 255. A byte k is generated from S by selecting one of the 255 entries in a systematic fashion. As each value of k is generated, the entries in S are once again permuted. Initialization of S Stream generation Encrypt and decrypt RC4 Strength Not any practical approach against RC4 with a reasonable key length, such as 128 bits WEP vulnerability is not with RC4 itself, but the way in which keys are generated for use as input to RC4 One-Time Pad A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly Is made up of random bits. Is as simple as letter substitution This encryption process uses a binary mathematic function XOR. Message stream 1001010111 Keystream 0011101010 Ciphertext stream 1010111101 OTP in action One-time pads have been used throughout history to protect different types of sensitive data. Today, they are still in place for many types of militaries as a backup encryption option if current encryption processes are unavailable for reasons of war or attacks. A Russian One-time pad, captured by MI5 The history of cryptography (reading assignment -- article 1) Another way to hide data: Steganography Steganography is a method of hiding data in another media type so that the very existence of the data is concealed. E.g.1 the least significant bit of each byte of the image can be replaced with bits of the secret message. does not use algorithms or keys to encrypt information. A message can be hidden in a WAV file, in a graphic, or in unused spaces on a hard drive or sectors that are marked as unusable. This practice does not affect the graphic enough to be detected. E.g. 2 can also be used to insert a digital watermark on digital images so that illegal copies of the images can be detected. Steganography στεγανός covered γραφία writing the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message Steganography in Ancient Greece -- Tattoo message on head An ancient Greek historian Herodotus reports that messages were tattooed onto the shaved heads of slaves. Once the hair grew back, the slaves were sent to the recipient, with the message hidden “in plain sight”. Steganography in World War I -- Null Cipher The message below was sent by the German embassy in World War I. PRESIDENT'S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY. Taking the first letter in each word of message reveals the hidden text: PERSHING SAILS FROM NY JUNE 1. Steganography in Espionage -- Invisible ink Spies use milk, fruit juice or urine as invisible inks, which darken when heated. An FBI agent is shown using ultraviolet light to read secret writing on a paper from a suspected spy case Steganography in Modern Days Digital media lend themselves to steganography because of the large amount of information in certain file types Steganography Carrier Files: bmp jpeg gif wav mp3 Amongst others… Steganography Terminology Carrier File Carrier File with Hidden Message Some Steganography Tools Steganos S-Tools (GIF, JPEG) StegHide (WAV, BMP) Invisible Secrets (JPEG) JPHide Camouflage Hiderman And many others… (We will try it today …) RGB Color Model in Image Files red, green, and blue light are added together in various ways to reproduce a broad array of colors. (0, 0, 0) is black (255, 255, 255) is white (255, 0, 0) is red (0, 255, 0) is green (0, 0, 255) is blue (255, 255, 0) is yellow (0, 255, 255) is cyan (255, 0, 255) is magenta A Common Technique of Steganography -- LSB The simplest and most common type of steganography is LSB (least significant bit). The one’s bit of a byte is used to encode the hidden information. Suppose we want to encode the letter A (ASCII 65 or binary 01000001) in the following 8 bytes of a carrier file. 01011101 11010000 00011100 10101100 11100111 10000111 01101011 11100011 becomes 01011100 11010001 00011100 10101100 11100110 10000110 01101010 11100011 Left image is original JPEG file Right image is with hidden message Steganography Application -- UV Watermarking Steganography Tools A list of over 100 steganography tools: http://www.jjtc.com/Steganography/toolmatrix.htm Some of them run in Linux platform JPHS (JPHide JPSeek, JP hide and seek) http://linux01.gwdg.de/~alatham/stego.html Steghide Outguess Blindside Gifshuffle GzSteg Etc. Steganalysis Steganalysis is the counter-measure against steganography. Attempts to analyze a data stream to determine whether or not it contains hidden messages. Steganography is It’s fun to play with Easy to implement but fairly effective. Obviously has a lot of good and bad applications, as with an technology.
