Basics of Steganography December 16th 2015 Valdo Praust mois mois ee Lecture Course in Estonian IT College Autumn 2015 Main Legal Acts Regulating Data Security in Estonia ID: 322998
Download Presentation The PPT/PDF document "Data Security and Cryptology, XVI" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Data Security and Cryptology, XVI Basics of Steganography
December
16th
,
2015
Valdo Praust
mois
@
mois
.ee
Lecture Course in Estonian IT College
Autumn
2015
Slide2
Main Legal Acts Regulating Data Security in Estonia
Personal Data Protection Act
– regulates processing of personal data
Public Information Act
– regulates databases of public sector, including security standard ISKE and secure data exchange layer X-road (
X-tee
) Digital Signature Act – regulates components of PKI necessary for successful operating of digital signatureSlide3
Public Information Act
Earlier there was a special Data Collection Act (
andmekogude seadus
) in Estonia. Now the topics of mentioned act are incuded into Public Information Act
The aim of
Public Informartion Act
(
avaliku teabe seadus
) is to
ensure that the public and every person has the opportunity to access information intended for public use, based on the principles of a democratic and social rule of law and an open society, and to create opportunities for the public to monitor the performance of public duties.
It also regulates the topics con
cerning public sector databases (
avaliku sektori andmekogud
), including principles of establishment (
asutamine
) and management of these databases and their supervision (
järelevalve
)Slide4
(Legal) Database
(Legal) database
(
andmekogu
) is a
(technical) database
(andmebaas) with the necessary added administrtative and legal componets
(Legal) database
(
andmekogu
)
is
a structured body of data processed within an information system of the state, local government or other person in public law or person in private law performing public duties which is established and used for the performance of functions provided in an Act, legislation issued on the basis thereof or an international agreement Slide5
Chief and Authorized Processor
An
authori
z
ed
processor is required to comply with the instructions of the chief processor in the processing of data and housing of the database, and shall
ensure the security of the database The chief processor of a database shall organiz
e the establishment and administration of the central technological environment of a database established for the performance of the tasks imposed on or delegated to a local government by the state.
Chief and authorized processor may coincide or may not coincide. There might be several different authorized processors of one database, but only one chief processorSlide6
X-Road Project: Essence
Technically it consists of
X-road central system
and a TLS-protocol-based
secure data exchange protocol
Actually is can be considered as a special case of VPN structure which is controlled and managed by the state
Exchange layer of State Information System (X-road,
X-tee
) is a a platform-independent secure standard interface between databases and information systems to connect databases and information systems of the public sectorSlide7
Implementation of Personal Data Protection ActThe following are excluded from the scope of Act:
processing of personal data by natural persons for
personal purposes
transmission
of personal data through the Estonian territory
without any other processing of such data in Estonia
The Act applies to criminal proceedings and court procedure with the specifications provided by procedural lawSlide8
Essence of Personal Data
Personal data
are all data about the person when it is able to
identify the person
uniquely
Personal data
(isikuandmed
)
are any data concerning an identified or identifiable natural person, regardless of the form or format in which such data existSlide9
Processing of Personal Data
Processing of personal data
(i
sikuandmete
töötlemine) is any act performed with personal data, including the collection, recording, organisation, storage, alteration, disclosure, granting access to personal data, consultation and retrieval, use of personal data, communication, cross-usage, combination, closure, erasure or destruction of personal data or several of the aforementioned operations, regardless of the manner in which the operations are carried out or the means used
NB!
Take into account that processing is not only the changing of data!Slide10
Classification of Personal Data
Estonian Personal Data Protection Act divides all personal data into
two main categories
with different protecting conditions:
sensititive personal data (delikaatsed isikuandmed)
other
(ordinary)
personal data
In the 2nd version of Act there were also defined private personal data (eraelulised isikuandmed) as an additional class (now it is not)Slide11
Principles of Processing Personal Data, I
P
rinciple
of legality
- personal data shall be collected only in an honest and legal manner
Principle of purposefulness - personal data shall be collected only for the achievement of determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processingPrinciple of minimalism - personal data shall be collected only to the extent necessary for the achievement of determined purposesSlide12
Principles of Processing Personal Data, II
P
rinciple
of restricted use
- personal data shall be used for other purposes only with the consent of the data subject or with the permission of a competent authorityPrinciple of data quality - personal data shall be up-to-date, complete and necessary for the achievement of the purpose of data processingSlide13
Principles of Processing Personal Data, III
P
rinciple
of security
- security measures shall be applied in order to protect personal data from involuntary or unauthorised processing, disclosure or destructionPrinciple of individual participation - the data subject shall be notified of data collected concerning him or her, the data subject shall be granted access to the data concerning him or her and the data subject has the right to demand the correction of inaccurate or misleading dataSlide14
Processor(s) of Personal Data
A processor of personal data shall determine
the purposes of processing of personal data
, the categories of personal data to be processed the procedure for and manner of processing personal data and permission for communication of personal data to third persons
A processor of personal data (hereinafter chief processor) may authorise, by an administrative act or contract, another person or agency (hereinafter authorized processor, volitatud töötleja) to process personal data, unless otherwise prescribed by an Act or regulation
A
processor
(chief processor,
vastutav töötleja
)
of personal data is a natural or legal person, a branch of a foreign company or a state or local government agency who processes personal data or on whose assignment personal data are processedSlide15
Permission for Processing Personal Data
An administrative authority
shall process personal data only in the course of performance of public duties in order to perform
obligations prescribed by law
, an international agreement or directly applicable legislation of the Council of the European Union or the European Commission
General rule: personal data can be processed only with the consent of a data subjectSlide16
Security Demands to Processing Environment
A processor of personal data is required to take organisational, physical and information technology security measures
(safeguards)
to protect personal data:
against accidental or intentional unauthorised alteration of the data, in the part of the
integrity of dataagainst accidental or intentional destruction and prevention of access to the data by entitled persons, in the part of the availability of data
against unauthorised processing, in the part of
confidentiality
of the dataSlide17
Personal Data versus ISKE: Confidentiality
If to compare this statement to security class and sublass definitions of ISKE then
it corresponds to the confidentiality subclass S2
Personal dsata Protection Act determines the set of persons who can access (process) personal dataSlide18
Personal Data versus ISKE: Integrity
This definition corresponds to ISKE
integrity subclass T2
definition
Personal Data Protection Act states that “
personal data shall be up-to-date, complete and necessary for the achievement of the purpose of data processing
” and to “
prevent unauthorised recording, alteration and deleting of personal data and to ensure that it be subsequently possible to determine when, by whom and which personal data were recorded, altered or deleted or when, by whom and which data were accessed in the data processing system
”Slide19
Necessity to Hide Semantics
Demand from practice:
somtimes it’s necessary to hide some information, where it’s impossible to hide the presence of (some) data itself
A typical example:
possessing/transmitting of some type of information is prohibited and there’s possible to wiretap (eavesdrop) all the (stored or transferred) data
Sometimes it’s permitted to possess/transfer only a special type (special format) of information, not other formats and/or typesSlide20
The Limits of Cryptography
Encryption doesn’t always solve the hiding problem completly:
the result is typically a random sequence (white noice) which clearly points, that there’s something hidden (and encrypted)
Cryptography successfully hides the information but doesn’t hide the fact that there’s something hidden
Solution:
together with cryptography we should also use other techniques which hide the hiding fact itselfSlide21
Steganography (steganograafia
)
is a technique of hiding (more accurately - a technique of hiding the hiding fact itself)
Principles of Steganography
In Ancient Greek it means “a hidden word”
Differently from cryptography the steganography doesn’t consider data not only as a bitstream but a
bitstream having some (semantic) meaning
Steganography usually complements cryptography
: for many cases these techniques are used togetherSlide22
Two Main Methods of Steganography
Hiding of some data set) into the other data set (file).
It’s a classical usage of steganography, when we hide the presence of hidden information
Adding the irremovable digital watermark to a file.
It’s very important technique for a copyright purposes– it’s impossible to remove the (often invisible) watermark, pointing to the copyright owner,
without the
loss of utilitarian value of dataSlide23
A hiddable data set (file) is called a message (sõnum)
This data set (file), where the message is hidden, is called a
container
or
container file
(konteiner)
The aim is not to hide the content of the message, but the existence of a hidden message at allHiding the Semantics: Main Principles
Main Principle:
one data set (file) is hidden into thge another data set (file) with some systematic and reversible methodSlide24
A container is usually a (huge) file with certain (allowed) semantic contentAdditionally, the container can also be:
a printed material
a broadcast
an analog (voice or video) recording etc
Baseline: a special kind of minor changes inside a file (container) usually let the semantic content intact and don’t hinder the use of file (container) for its’ main purposes
Demands to a Container Slide25
The message is often encrypted before we put it into the container – as the encrypted data is undistinguishable from a white noice, it’s possbile to hide the hiding fact for a subjects which don’t have the decrypting key
The length ratio of m
essage
/container depends mainly on the container file format.
Typically it’s some hundreds or thousands of times
A message is typically considered as a given bitstream, a format and a semantical meaning don’t play here any role
Demands to a MessageSlide26
Possible solutions for a steganography container use:changing of R, G ja B
lower bits
for unpacked RGB pictures (TIFF, RAW)
A palette based RGB-picture
(GIF, BMP):
a previous technique + palette manipulation
Lossy compressed picture (JPEG): using of such a patterns and white balances which remain intact during compressing processesA combination of different methods + using of spectrums, Fourier’ transforms and stochastic pattern blocks (contemporarly most-of-spread techniques)
Baseline: a human
doe
sn’
t
usually
perceive
an
ultra-fine geometric details, dimensions or white balance and other differences
Picture ContainerSlide27
Possible solutions for a steganography container use:Changing of lower bits of uncompressed voice (CD, WAV, AU
etc)
A
dditional
problem:
we can use only a weak signals which neighbored by the strong signals. Solution: more complex algorithms
of lower bits changingLossy compressed voice (MPEG Layer 3 e MP3, WMA etc): more complex methods which pass all filters in unchanged mode (based on frequency analyse etc methods)Baseline:
a human
an
doesn
’
t perceive
small changes in
sounds height, timbre
and/or
the duration
Voice ContainerSlide28
Possible solutions for a steganography container use:Uncompressed video: all techniques for pictures and voice +
details of combining of sequential frames
Lossy compressed video
(MPEG, AVI, RM):
all techniques for lossy compressed pictures and voice +
details of combining of sequential frames)
Baseline : a human an doesn’
t perceive
a technical details of frames’ changing
Video ContainerSlide29
Possible solutions for a steganography container use:Manipulation of blanks, line spacing
s
, etc. unnoticeable parameters
semantic methods (for example use of different synonyms alternately, in Estonian “ja” and “ning”)
Baseline:
in most of cases there was used a formatted and layouted text, a use of pure text is very difficult
Text ContainerSlide30
Main method: modicication of code which remains its’ functional behaviour intactSimple practical solutions:
adding of NOP’s (empty commands) to the arbitrary places
replacing of one cycle type with another
adding of unreacahble (random) code
Baseline: the command sets of most-of-spread processors usually allow to realize the same functionality in the different ways
Code ContainerSlide31
Comparison of Container Types, I
Picture container’s
shortcomings are complex methods (typical is lossy compressing), advcances are wide usage in practice
Uncompressed voice
(example
CD)
is an ideal steganographic containerCompressed voice’s shortcoming is complexity of methods, advcances are very wide usage and huge amountSlide32
Comparison of Container Types, II
Video Container
has the same shortcomings as picture containers, a great advance is a huge amount which enables to hide long messages
Text Container
is generally quite bad container, the ratio of message/container must be extremly big
Code Container
has a great advance because contemporary programs are big, shortcoming is a big rate of noticablility (we can easily compare with genuine software)Slide33
Main condition: when we hide an encrypted messagem it must remain unnoticable without the decryption key
Reality:
a lot of simple methods doesn’t satisfy tis condition
Although, a most of complex end sophisticated method successfully satisfy this condition
Hiding ConditionsSlide34
Naissaar Mine Factory photo (NATO intelligency satellite, 1984, right) :
Naissaar harbour photo (same source, left). Both are 30 KB long
An Example of HidingSlide35
Here are both pictures inserted into the Tallinn St. Nicholas Church photo (307 KB JPEG, original left). After messages insertion, the Fourier’ transforms are reduced the chuch photo quality (right, JPEG)
An Example of Hiding (cont.)Slide36
Digital Watermark (
digivesimärk
) is a security-oriented pattern inserted to the data set, which enables to identify the owner/user of the data or the similar information (usually the data whish is related with the copyright permissions)
Digital watermarks can be
visible
(
nähtav), i.e. known for a data set user/ownerinvisible (nähtamatu), i.e. unknown and usually undetectable for a data set user/owner
Digital watermark
Often, a visible watermark can point to an invisible watermarkSlide37
Invisible watermarks can be added to: pictures
voice
videos
broadcasts and analog records codes (programs)
A little bit more difficult but still possible is adding the watermarks to layouted text (PS, PDF, RTF)The main aim of a digital watermark is a copyright protection
Watermarkable DocumentsSlide38
A watermark must be unremovable without essential harming the original contentA watermark must remain intact during typical transforming operations (picture zooming/croping, voice mixing etc)
Invisible watermark must remain undetectable without having a corresponding decryption key
An authorized persons/subjects must easily detect both the presence and content of a watermark (usually by having the appropriate decryption key)
A watermark technique’s price must be acceptable
Typical Demands to the Suitable Watermark AlgorithmSlide39
There are a lot of solutions which are practically usable, i.e. Which satisfy the abouve-mentioned conditions
A lot of algorithms/solutions are broken
, and they are breaked all the time
Watermarking - Practical Solutions
Before the actual use of a certain watermarking technique, it’s obligatory to make sure that this method is not broken and don’t have essential weaknessesSlide40
Example: we can personify all software products and only authorized subjects (who have a corresponding key) can check the watermark containing the licence information
Forecast: a Rapid Development of Watermark Techniques
Reason:
there’s a real necessity to protect a digital product against uncontrolled and unauthorized spread and copy