Embed Size (px)
Citation preview
Digital Steganography and
Virtual Environments
James Eglinton
Overview
• SteganographySome quick definitions What is steganography?Methods of MaskingSteganographic constraints
• Real World ApplicationThe “illegals” and more
• Application in Virtual EnvironmentsGaming and Virtual RealityLimitations
• Conclusion
… But First, Some Definitions
• Cover file: Original message/file in which hidden information will be stored.
• Stego Medium: The medium/type of media of the Cover file..
• LSB: Least Significant Bit, the right-most bit in a byte.
• Capacity: Amount of data that can be hidden without distorting the Cover file.
• Constraint: 3 types: Perceptual, Statistical and Attack.
• Cognitive cost: The impact of a task (measured in time) on mental ability.
• Lossy Compression: Inexact approximations (discarded points/loss of accuracy) to
represent content.
What is Steganography?
• Greek: “steganos” (covered/hidden), “graphie” (writing).
• The art of concealment: Hiding in plain sight.
• “Security through Obscurity”
• Historically a tool of stealth/espionage.
• Threat to Confidentiality (in CIA pyramid).
Steganographic Types and Mediums
Data
Audio
Stream
Image
Still Video
Stream
Textual
IP Header
Linguistic
Semagrams
Visual
Textual
The Digital Do Not’s (3 Constraints)
• Perceptual: Don’t mask so much data that it distorts the cover.
• Statistical: Don’t be too predictable.
• Attack: Don’t make it overly complicated to decipher.
The “illegals”
• FBI “Operation Ghost Stories” culminates in June 2010 with arrest of 10 Russian spies operating out of NY/NJ.
• The spies used sophisticated technologies to exchange data, including disappearing ink and masked digital photos– two applications of steganography
• One of the spies, Richard Murphy, regularly embedded data in the photograph of flowers, right,and uploaded to SVR (Russian Intelligence).
Other Real World Examples...
• 2014: Malware ZeusVM uses sunset (at right)to mask a configuration file containing instructionsto steal user credentials for financial institutions
• 2014: Lurk embeds encrypted list of downloader URLs into an image file using LSB bit substitution. Acts as a backdoor, downloading and executing secondary malware payloads.
• 2015: Vawtrak hides in favicons, aka desktop shortcuts. Steals financial information, FTP credentials, private encryption keys, etc, executes banking transactions directly from the victim’s pc.
…And Some Fictions
• 2001: USA Today story on 9/11 reports Osama and cells employ sophisticated photo steganography to communicate.FALSE – has never been even slightest evidence proving this.
• 2003: CIA monitors al-Jazeera broadcasts, uncovers covert dates, flight numbers, coordinates for high-profile sites.FALSE – overzealous interpretation of SIGInt signal-to-noise.
• 2015: Forbes reports Paris Bataclan attackers used PlaystationPS4s for covert communications.FALSE – To date, no supporting evidence has been found.
Other Digital Examples
• Audio “stream within a stream”, aka voice over voice over IP (VoVoIP) using G.711 codec
• SUNY Stony Brook’s CASTLE in-game covert channels and prerecorded group movement actions in StarCraft
• Traditional textual masking in a digital format:
More on Gaming
• Rook and Castle: Create covert channels in MMORPG games
• Not theoretical: Real world tested in Starcraft, Warcraft, Shogun 2, and Company of Heroes, relies on pre-recorded unit movements.
• Current undetected real-time decryption slow, only 1.5 kpbs, solution: playback from recorded logs offline. (Threatens both Confidentiality and Availability).
• Currently tested in local/desktop only modes.
Virtual Reality Masking
• Special equipment (eg Oculus Rift, Samsung VR) would be needed to even observe Cover.
• Theoretically huge (and unlimited) capacity to successfullymask data, owing to pixel depth and streaming of media.
• One time, uncaptured stream = maximum message security, but low potential Integrity and Availability (in CIA pyramid).
• 4k stream in immersive 360 degree view is too much, too fast for unaided decryption.
The Human Problem: Multitasking
• Speed/amount of masked data in visual VR environment too much for human brain to process.
• Maximum pixel definition for human eye is 2650x1600, but 30 degree field of visibility and lossy compression.
• Cognitive cost of multi stream single source inputs too high == vague and inaccurate decoding.
• Multi stream, multi source inputs decrease retention, impacting Integrity (in CIA pyramid).
Sensory Input, IllustratedGoing to the movies: 3 Scenarios and Steganographic Counterparts
Silent movie. Visual only. Single input stream, single
sense input. Lowest Cognitive cost, highest retention.
(Textual Steganography)
Regular movie. Audio and Visual inputs. 2 competing
inputs, but 2 different senses. Mid range Cognitive
cost, slight loss to details in retention. (Traditional
Steganography)
Foreign movie. Audio + Visual + Subtitles = 3
competing input streams, 2 from the same sense
(visual). Highest Cognitive Cost, least retention. (VR
Steganography)
Conclusions
• Human cognitive and perceptual ability are the biggest hurdles to future technologies.
• High risk of data loss in decryption (loss of Integrity) = VR not a credible threat at present. (Yet!)
• “Old school” methods (think “illegals”) still the best… for now.
• Masking data in gaming = most promising current technology.
