8/12/2019 CYB 5678 Week 8 Lecture 2

1/2

CYB 5678 Week 8 Lecture 2

Welcome to our class on Cryptography and Information hiding !his time "e are going to talka#out hiding in plain sight Well "e ha$e seen so far in other lectures a lot of information to hideinto media in such a "ay that no#ody o#ser$es it and some mechanisms can #e pretty comple%#ut the idea here is you can do it in a much easier "ay &iles conform to $arious formats&ormats are typically "ell designed #ut "hile this is a strength it's actually also a "eaknessInstead of hiding the information inside the data that is stored in this files you can hid it in thegaps of the data structures the place "here soft"are doesn't look and if the soft"are doesn'tlook there and no#ody else is suspicious and look there purposely( then the data is "ell hidden)if file headers for e%ample specify "hat is the si*e of the data therefore if you append anythingto a )I& file a )I& &ile $ie"er "ill not see it +o#ody look at your )I& file using a normal $ie"er

"ill notice any data you append to it ,I- files "hich are $ery common files specify the locationof the data at the tail of the file What does it mean. Well( on the one side its easy to appendne" files to a ,ip file #ecause you only ha$e to modify the tail of a file You don't ha$e to modifythe #eginning of the file /n the other side( it doesn't matter "hat's at the #eginning of the file

you could append a *ip file to the end of any hidden data and no user of the *ip file "ill e$ernotice that there is data inside if you only open the file "ith a *ip tool 0o your 0teganographycan #e as simple as this command here1 C ! "hich means concatenate some ,ip file at theend of some file in )I& format +o" a )I& reader "ill see only the )I& file( a *ip reader "ill seeonly the ,I- file( and if they don't e%pect to also see the other one they "on't notice anythingBased on the e%tension pro#a#ly people "ill open the file as a )I& and "ill not notice any datathat is added there at the end 3ata can #e hidden in other formats as "ell 4ery commonformats that are a$aila#le on the "e# are Ls( sgml( htmls they all can #e e%tended they "eredesigned to #e e%tended !hey "ere designed to #e easily e%tended you can add e%trainformation in $arious field in those $arious files and no normal #ro"ser "ill e$er o#ser$e it!here are "ays to stop that using document type definition 3!3s those can make a softer #reak

"hen something changes 0uch 3!3s define "hat kind of data can #e placed "here they canclose the gaps in the file formats &or e%ample an L file is sho"n here you ha$e recipe forchocolate #ro"nies By default you only ha$e inside the ingredients that "ould #e used for thisrecipe #ut you can add an additional filed like creator that has properties like an email addressand a name you can add an additional property to the ingredients tag !he type is a li uid andparser that is not e%pecting this information could skip o$er them and not "orry in any "ay auser of the presence of such fields 0o( someone that "ants to hide information could simplyplace this kind of information there and it "ould go undetected if a this pro$ision doesn't includethere nother approach to hiding data is #ased on micro formats +o"adays one can e%tend

"e# pages for e%ample using this specially formatted te%t that are not interpreted #y normal

#ro"sers #ut are interpreted #y $arious e%tensions 4cards tags for e%ample can con$eyaddresses In such formats you ha$e micro formats for calendars( opinions( for social net"orks(for geography information n e%ample of a micro format is gi$en here in an a#out page of a

"e# site( you could ha$e for e%ample information of the 9L( and email( and t"itter name of itsuser in this case /li "hich is ran domed #y a normal #ro"ser in a normal not $ery "ell formattedpiece if information #ut a special reader that kno"s to parse data could use such data placed ina special type of format specifies sho"n on the right &or e%ample( a paragraph "ith a class 4card containing formatted data in a span:s "ith special classes like &+( 9L( and nickname for

8/12/2019 CYB 5678 Week 8 Lecture 2

2/2

the names 9L and nicknames Well such specially formatted snippets of ;! L code "ould ledto the same rendering as the one on the left If the #ro"ser does not ha$e special capa#ilities#ut "ould led to $ery different display to "hoe$er kno"s to "hate$er #ro"ser kno"s to parsethis information in the appropriate "ay !his kind of special tool can #e integrated into a #ro"seras plug:in and they can offer for e%ample opportunities to sa$e the contact and address #ook or

perform "hate$er actions are supposed to #e re uired to e%tract the data that is hidden in thehtml te%t ;ere are some e%amples of such $cards that con$ey a lot of information a#out theaddress( telephone num#ers and that can #e used to sa$e this kind of information #y specialplug:in into appropriate locations Can some#ody defend from such kind of 0teganography.Well on the one side "e ha$e as a result of )ordon 9ice's theorem "e kno" that it is un:decida#le to detect "eather or not a program is conforming "ith some standard file format Inother "ords "e are saying that there is no program no algorithm( no uni ue algorithm that cansol$e any pro#lem out there that can detect une%pected data in any file format out there+e$ertheless( on the other side L itself is not the !uring complete language therefore onecan #uild tools that can $erify conformance and can detect "eather some data that is passedo$er the "ire is not regular In summary( there e%ist handy and po"erful solutions to hide data ine%isting communication in "e# pages in images in sound &e" people "ill notice that there ismicro format in a "e# page( and that *ip files are appended to )I& files e%cept if they are reallylooking and checking for it !hank You