Publicly available sources do not currently address how files with steganographic contents can and should be detected, other than that specific software tools are available to check for steganographic content. Consid- ering the large volume of files sent over the Internet, it would be impossible or impractical to check all traffic. Rather, a manageable number of files to be examined must be selected in order to make detection feasible. It is entirely possible that government systems, such as Carnivore and Echelon, have already implemented techniques to achieve this goal.
The Internet has indeed increased the potential for both legitimate and illegitimate parties to communi- cate efficiently, effectively, and secretly. The Internet offers several communication protocols, including e-mail, FTP, IRC, instant messaging (IM), P2P (e.g., Napster and Kazaa), HTTP (Web sites), and WSDL (Web services). By some accounts, there will soon be trillions of files transmitted each year over the Internet (Cole, 2003). Herein lies the difficulty—how will law
Steganography
enforcement agencies and security officials identify, isolate, intercept, and address files that contain crimi- nal or terrorist intent? There are no easy answers to this question. A comprehensive solution will require cooperation between Internet access providers (such as, Internet service providers [ISPs]) and agencies such as law enforcement agencies, the Department of De- fense, and the new Department of Homeland Security. Access providers can be a first line of defense against criminal activity on the Internet, because they carry nearly all traffic at the starting points and destinations of any network traffic. But monitoring transmissions between sender and recipient is much more resource intensive, if not impossible, due to the very nature of the Internet as a medium where packets are routed over any available path.
summary
Though computerized steganography has legitimate uses, such as watermarking, copyrighting, and digital fingerprinting, it also has the potential to be a very effective tool for terrorists and other criminals to conduct covert communications. Specifically, there is evidence that terrorist groups, such as Al Qaeda, are using steganography to facilitate communications. Therefore, continued research of methods to identify carrier files and (temporarily) block Internet-based data traffic with illegal messages is strongly indicated, Steganographic data can be hidden in graphics, video, sound, text, e-mail, executable files, and empty sec- tors of disks. Improved methods for identifying these altered files must be developed and disseminated. An international consortium of nations allied against ter- rorism could be established to share knowledge related to steganography and steganalysis methods.
reFerences
Act 328 of 1931, Michigan Penal Code. §750.540c (2004).
American Civil Liberties Union. (2003). Privacy and technology. Retrieved October 29, 2003, from http:// www.aclu.org/Privacy/PrivacyMain.cfm
Anderson, R. J., & Petitcolas, F. A. P. (1998). On the limits of steganography. IEEE Journal on Selected Areas in Communications, 16(4), 474-481.
Charny, B. (2001). Disposable cell phones spur debates.
Retrieved October 29, 2003, from http://news.com. com/2102-1033_3-273084.html?tag=st_util_print Clark, E. (2001). A reason to love spam. Network Magazine, 16, 20.
Claypoole Jr., R. L., Gunsch, G. H., & Jackson, J. T. (2003). Blind steganography detection using a compu- tational immune system: A work in progress. Interna- tional Journal of Digital Evidence, 4(1), 1-19. Cohen, A. (2001, November 12). When terror hides oOnline. Time, 158, 65-69.
Cole, E. (2003). Hiding in plain sight: Steganography and the art of covert communication. Indianapolis, IN: Wiley Publishing, Inc.
Hachez, G. (2003). A comparative study of software protection tools suited for e-commerce with contribu- tions to software watermarking and smart cards. Un- published doctoral dissertation, Louvain-la-Neuve. Jajodia, S., & Johnson, N. F. (1998). Exploring steg- anography: Seeing the unseen. IEEE Computer, 31(2), 26-34.
Jupitermedia Corporation. (2003). Steganography.
Retrieved August 31, 2003, from http://www.webo- pedia.com/TERM/S/steganography.html
Moulin, P., & O’Sullivan, J. A. (2003). Information- theoretic analysis of information hiding. IEEE Transac- tions on Information Theory, 49(3), 563-593. Nikolaidis, N., & Pitas, I. (1996). Copyright protec- tion of images using robust digital signatures. IEEE International Conference on Acoustics, Speech and Signal Processing, 4, 2168-2171.
Reporter. (2004, November 14). Mol in AIVD gaf tekens op website. De Telegraaf.
Ringelestijn, T. V. (2004, March 23). Technologie buiten schot in zaak toetjesterrorist. Retrieved June 30, 2006, from http://www.netkwesties.nl/editie86/ artikel3.php
Wired News. (2003). Internet phone calls stymie FBI.
Retrieved October 27, 2003, from http://www.wired. com/news/print/0,1294,58350,00.html
terms and deFInItIons
Carnivore: This is an FBI system that is used to analyze the e-mail packets of suspected criminals.
Digital Watermarks: Much like a watermark on a letterhead, a digital watermark is used to assist in identifying ownership of a document or other file. It includes embedded unique strings of data that do not alter the sensory perception of the image file, music file, or other data file.
Echelon: This is a putative system of analysis of international communications. The details of the system are difficult to obtain because many govern- ment officials often deny or ignore reports regarding the existence of Echelon.
Encryption: This is a reversible method of encod- ing data, requiring a key to decrypt. Encryption can be used in conjunction with steganography to provide another level of secrecy.
SpamMimic: A Web site located at http://www. spammimic.com can be used to send a message that appears to be spam when in reality the message is just a cover for sending secret content. The use of spam as a cover will likely increase the workload of FBI systems, such as Carnivore and Echelon.
Steganalysis: This is the process of detecting hidden data in other files. Steganalysis is typically done by searching for small deviations in the expected pattern of a file.
Steganography: In general, it is the process of hiding information or “covered writing.” More spe- cifically, in the digital environment, steganography involves hiding data or images within other files, so they appear unaltered to persons unaware of the secret content.
Virtual Fingerprint: This is a unique digital watermark that can be used to uniquely identify a particular file.
Chapter VIII
Cryptography
Kevin Curran University of Ulster, UK Niall Smyth University of Ulster, UK Bryan Mc Grory University of Ulster, UKCopyright © 2008, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
IntroductIon
The art of cryptography reaches back as far as 1900 BC, when an Egyptian scribe used a derivation of hieroglyphics to communicate. Throughout history, there have been many people responsible for the growth of cryptography. Many of these people were
quite famous and one of these was Julius Caesar. He used a substitution of characters and just moved them about. Another historical figure who used and changed cryptography was Thomas Jefferson. He developed a wheel cipher that was made in 1790. This cipher was then to be used to create the Strip cipher, which was used by the U.S. Navy during the second World
abstract
One of the main methods of security is cryptography encrypting data so that only a person with the right key can decrypt it and make sense of the data. There are many forms of encryption, some more effective than others. Cryptography works by taking the original information and converting it with ciphertext, which encrypts the information to an unreadable form. To decrypt the information we simply do the op- posite and decipher the unreadable information back into plain text. This enciphering and deciphering of information is done using an algorithm called a cipher. A cipher is basically like a secret code, but the main difference between using a secret code and a cipher is that a secret code will only work at a level of meaning. This chapter discusses a little of the history of cryptography, some popular encryption methods, and also some of the issues regarding encryption, such as government restrictions.
War. During World War II, several mechanical devices were invented for performing encryption, this included rotor machines, most notably the Enigma cipher. The ciphers implemented by these machines brought about a significant increase in the complexity of cryptanalysis. Encryption methods have historically been divided into two categories: substitution ciphers and transposition ciphers. Substitution ciphers preserve the order of the plain-text symbols but disguise them. Transposition ciphers, in contrast, reorder the letters but do not disguise them. Plain text is the common term for the original text of a message before it has been encrypted (Cobb, 2004). In this chapter, we discuss a little of the history of cryptography, some popular encryp- tion methods, and also some of the issues regarding encryption, such as government restrictions.
background
Possibly the earliest encryption method was developed by a Greek historian of the 2nd century BC named Poly- bius, and it is a type of substitution cipher (Burgess, Pattison, & Goksel, 2000). This method worked with the idea of a translation table containing the letters of the Greek alphabet. This was used for sending mes- sages with torch telegraphy. The sender of the message would have 10 torches, five for each hand. He would send the message letter by letter, holding the number of torches representing the row of the letter in his left hand, and the number of torches representing the column of the letter in his right hand. For example, in the case of the letter “s,” the sender would hold three torches in his left hand and four in his right hand. Polybius wrote that “this method was invented by Cleoxenus and Democritus but it was enhanced by me” (Dénes, 2002, p. 7). This method, while simple, was an effective way of encrypting telegraphic messages. The table could easily be changed without changing the method, so as long as both the sender and receiver were using the same table and no one else had the table they could send messages that anyone could see being sent, but which would only be understood by
the intended recipient. This is a form of private key encryption—where both the sender and the recipient share the key to the encrypted messages. In this case, the key is the letter table.
Another type of substitution cipher is the Caesar cipher, attributed to Julius Caesar (Tannenbaum, 1996). In this method, the alphabet is shifted by a certain number of letters; this number being represented by
k. For example, where k is 3, the letter A would be replaced with D, B would be replaced with E, Z would be replaced with C, and so forth. This is also a form of private key encryption, where the value of k must be known to decrypt the message. Obviously this simple form of encryption is not difficult to crack, with only 26 possible values of k; it is only a matter of shifting
the encrypted message with values of k until you get a comprehensible decrypted message. There are also more complex methods of cracking this encryption, such as using letter frequency statistics to work out some likely letters from the message. For example, E is the most common letter in the English language, so the most common letter in the encrypted message is likely to be E. Replacing the most common letters in the encrypted message with the most common letters of the language may help to make sense of some words. Once a word is partially decrypted, it may be easy to guess what the word is, which will then allow more letters to be substituted with their decrypted versions. For example, if E and T had been used to replace the most common letters and one of the partially decrypted words is “tXe,” then the X is likely to be H forming the word “the,” so replacing all occurrences of X in the message with H may provide some more words that can be guessed easily (Garrett & Lieman, 2005).
A common transposition cipher, the columnar transposition, works with a private key. The private key is a word or phrase not containing any repeated letters, for example, “HISTORY.” This key is used to number columns, with column 1 being under the letter closest to the start of the alphabet and so forth. The plain text is written in rows under the key, and the encrypted text is read in columns, starting with column 1. An example is shown in Figure 1.
Cryptography
Cryptanalysis is the study of methods for obtaining the plain text of encrypted information without access to the key that is usually required for decryption. In lay-man’s terms, it is the practice of code breaking or cracking. The dictionary defines cryptanalysis as the analysis and deciphering of cryptographic writ- ings/systems, or the branch of cryptography concerned with decoding encrypted messages. A cryptanalyst is the natural adversary of a cryptographer, in that a cryptographer works to protect or secure informa- tion and a cryptanalyst works to read date that has been encrypted. They also complement each other, because without cryptanalysts or the understanding of the cryptanalysis process, it would be very difficult to create secure cryptography. So when designing a new cryptogram, it is common to use cryptanalysis in order to find and correct any weaknesses in the algorithm. Most cryptanalysis techniques exploit pat- terns found in the plain text code in order to crack the cipher; however compression of the data can reduce these patterns and, hence, enhance the resistance to cryptanalysis (Stallings, 2005).