CYB 5678 Week 8 Lecture 2 Welcome to our class on Cryptography and Information hiding !

his time "e are going to talk a#out hiding in plain sight Well "e ha$e seen so far in other lectures a lot of information to hide into media in such a "ay that no#ody o#ser$es it and some mechanisms can #e pretty comple% #ut the idea here is you can do it in a much easier "ay &iles conform to $arious formats &ormats are typically "ell designed #ut "hile this is a strength it's actually also a "eakness Instead of hiding the information inside the data that is stored in this files you can hid it in the gaps of the data structures the place "here soft"are doesn't look and if the soft"are doesn't look there and no#ody else is suspicious and look there purposely( then the data is "ell hidden )if file headers for e%ample specify "hat is the si*e of the data therefore if you append anything to a )I& file a )I& &ile $ie"er "ill not see it +o#ody look at your )I& file using a normal $ie"er "ill notice any data you append to it ,I- files "hich are $ery common files specify the location of the data at the tail of the file What does it mean. Well( on the one side its easy to append ne" files to a ,ip file #ecause you only ha$e to modify the tail of a file You don't ha$e to modify the #eginning of the file /n the other side( it doesn't matter "hat's at the #eginning of the file you could append a *ip file to the end of any hidden data and no user of the *ip file "ill e$er notice that there is data inside if you only open the file "ith a *ip tool 0o your 0teganography can #e as simple as this command here1 C2! "hich means concatenate some ,ip file at the end of some file in )I& format +o" a )I& reader "ill see only the )I& file( a *ip reader "ill see only the ,I- file( and if they don't e%pect to also see the other one they "on't notice anything Based on the e%tension pro#a#ly people "ill open the file as a )I& and "ill not notice any data that is added there at the end 3ata can #e hidden in other formats as "ell 4ery common formats that are a$aila#le on the "e# are 56Ls( sgml( htmls they all can #e e%tended they "ere designed to #e e%tended !hey "ere designed to #e easily e%tended you can add e%tra information in $arious field in those $arious files and no normal #ro"ser "ill e$er o#ser$e it !here are "ays to stop that using document type definition 3!3s those can make a softer #reak "hen something changes 0uch 3!3s define "hat kind of data can #e placed "here they can close the gaps in the file formats &or e%ample an 56L file is sho"n here you ha$e recipe for chocolate #ro"nies By default you only ha$e inside the ingredients that "ould #e used for this recipe #ut you can add an additional filed like creator that has properties like an email address and a name you can add an additional property to the ingredients tag !he type is a li7uid and parser that is not e%pecting this information could skip o$er them and not "orry in any "ay a user of the presence of such fields 0o( someone that "ants to hide information could simply place this kind of information there and it "ould go undetected if a this pro$ision doesn't include there 2nother approach to hiding data is #ased on micro formats +o"adays one can e%tend "e# pages for e%ample using this specially formatted te%t that are not interpreted #y normal #ro"sers #ut are interpreted #y $arious e%tensions 4cards tags for e%ample can con$ey addresses In such formats you ha$e micro formats for calendars( opinions( for social net"orks( for geography information 2n e%ample of a micro format is gi$en here in an a#out page of a "e# site( you could ha$e for e%ample information of the 89L( and email( and t"itter name of its user in this case /li "hich is ran domed #y a normal #ro"ser in a normal not $ery "ell formatted piece if information #ut a special reader that kno"s to parse data could use such data placed in a special type of format specifies sho"n on the right &or e%ample( a paragraph "ith a class 4 card containing formatted data in a span:s "ith special classes like &+( 89L( and nickname for

the names 89L and nicknames Well such specially formatted snippets of ;!6L code "ould led to the same rendering as the one on the left If the #ro"ser does not ha$e special capa#ilities #ut "ould led to $ery different display to "hoe$er kno"s to "hate$er #ro"ser kno"s to parse this information in the appropriate "ay !his kind of special tool can #e integrated into a #ro"ser as plug:in and they can offer for e%ample opportunities to sa$e the contact and address #ook or perform "hate$er actions are supposed to #e re7uired to e%tract the data that is hidden in the html te%t ;ere are some e%amples of such $cards that con$ey a lot of information a#out the address( telephone num#ers and that can #e used to sa$e this kind of information #y special plug:in into appropriate locations Can some#ody defend from such kind of 0teganography. Well on the one side "e ha$e as a result of )ordon 9ice's theorem "e kno" that it is un: decida#le to detect "eather or not a program is conforming "ith some standard file format In other "ords "e are saying that there is no program no algorithm( no uni7ue algorithm that can sol$e any pro#lem out there that can detect une%pected data in any file format out there +e$ertheless( on the other side 56L itself is not the !uring complete language therefore one can #uild tools that can $erify conformance and can detect "eather some data that is passed o$er the "ire is not regular In summary( there e%ist handy and po"erful solutions to hide data in e%isting communication in "e# pages in images in sound &e" people "ill notice that there is micro format in a "e# page( and that *ip files are appended to )I& files e%cept if they are really looking and checking for it !hank You