Steganography and Cryptography 101

Video thumbnail (Frame 0) Video thumbnail (Frame 961) Video thumbnail (Frame 1819) Video thumbnail (Frame 2273) Video thumbnail (Frame 3772) Video thumbnail (Frame 6095) Video thumbnail (Frame 6492) Video thumbnail (Frame 7933) Video thumbnail (Frame 8442) Video thumbnail (Frame 9231) Video thumbnail (Frame 9897) Video thumbnail (Frame 10426) Video thumbnail (Frame 11529) Video thumbnail (Frame 12248) Video thumbnail (Frame 12686) Video thumbnail (Frame 13380) Video thumbnail (Frame 13978) Video thumbnail (Frame 14365) Video thumbnail (Frame 14833) Video thumbnail (Frame 15229) Video thumbnail (Frame 16252) Video thumbnail (Frame 16834) Video thumbnail (Frame 17850) Video thumbnail (Frame 18312) Video thumbnail (Frame 18749) Video thumbnail (Frame 19618) Video thumbnail (Frame 19999) Video thumbnail (Frame 20507) Video thumbnail (Frame 20898) Video thumbnail (Frame 21513) Video thumbnail (Frame 22980) Video thumbnail (Frame 25938)
Video in TIB AV-Portal: Steganography and Cryptography 101

Formal Metadata

Steganography and Cryptography 101
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
There are a lot of great ways to hide your data from prying eyes this talk will give a crash course in the technology and some tools that can be used to secure your data. Will also discuss hiding your files in plain site so an intruder will have no idea that hidden files even exist. These same techniques can also be employed by somebody wishing to transmit messages. Eskimo (Neil Weitzel) is a Technology Analyst for Indiana University. At IU he works for Research System and Decision Support where he performs various to provide a solid infrastructure and secure environment for researchers. Outside of employment Eskimo also does freelance work. He is an avid scripter and automationist.
Algorithm Standard deviation Maxima and minima Code Bit Cryptography Data transmission Mathematics Message passing Cryptography Internet forum Codec Information Nichtlineares Gleichungssystem Reverse engineering
Key (cryptography) Kolmogorov complexity Multiplication sign 1 (number) Computer Cryptography Substitute good Neuroinformatik Usability Cryptography Cuboid Nichtlineares Gleichungssystem Position operator Modem
Point (geometry) Polygon mesh Manufacturing execution system Algorithm Multiplication sign 1 (number) Depth-first search Computer programming Smith chart Supercomputer Goodness of fit Mathematics Cryptography Different (Kate Ryan album) Average Analogy Hash function Shared memory Cuboid Software testing Nichtlineares Gleichungssystem Summierbarkeit Installable File System Dean number Rule of inference Algorithm Patch (Unix) Bit Cryptography Proof theory Type theory Vector space Data Encryption Standard RWE Dea Encryption Square number
Message passing Vector space Different (Kate Ryan album) Vector graphics Steganography Hecke operator Steganography Form (programming)
Dot product Message passing Bit rate Envelope (mathematics) Multiplication sign Zoom lens Ultraviolet photoelectron spectroscopy Encryption Steganography Disk read-and-write head Field (computer science)
Multiplication sign Steganography Line (geometry) Mereology Anamorphosis Medical imaging Message passing Angle Internetworking Cylinder (geometry) Anamorphosis Encryption Moving average Encryption Quicksort Form (programming)
MP3 Ocean current Computer file INTEGRAL View (database) Computer-generated imagery Computer file Steganography Bit Steganography Metadata Type theory Message passing Order (biology) Encryption Message passing Data type
Medical imaging Type theory Execution unit Message passing Cryptography Real number Entropie <Informationstheorie> Steganography Video game Bit
Noise (electronics) Message passing Multiplication sign Encryption Planning Encryption Cryptography
Medical imaging Freeware Common Language Infrastructure Facebook Hooking Encryption Twitter
Execution unit output
Mathematics Default (computer science) Set (mathematics) Volume (thermodynamics) Information Volume World Wide Web Consortium Data type
Goodness of fit Computer file Angle File format Password Password Core dump Volume (thermodynamics) 8 (number) Tendon
Demo (music) Electronic program guide
Computer file Function (mathematics)
Link (knot theory)
Goodness of fit Inheritance (object-oriented programming) Computer file Password Online help Function (mathematics) Volume
Computer file Java applet Set (mathematics) Right angle Cryptography Volume
Execution unit Volume (thermodynamics) output Volume Thomas Kuhn
Authentication Computer file Divisor Key (cryptography) View (database) Multiplication sign Bit Total S.A. Stack (abstract data type) Cryptography Timestamp Steganography Rootkit Energy level Software testing Information security Data compression
Existence Statistics Computer file Multiplication sign Bit Cartesian coordinate system Web 2.0 Medical imaging Type theory Hash function Hypermedia Different (Kate Ryan album) Password Videoconferencing Entropie <Informationstheorie> Website Right angle
alright so this is steganography cryptography 101 so you know there's a 101 so don't expect like me to get into all of the crazy algorithms and math that's involved in cryptography and tell you like how it's used first of all
we'll start with cryptography simply cryptography you're taking something that everyone can see standard message picture data whatever you want to have and you're taking it and you're going to pass it through a bunch of equations you're going to get out garbled text and nobody knows what to do with that's pretty much the essence of cryptography and you do the reverse to decrypt something and you come back with the standard message a little bit of where
it started photography started out like long long time ago and some of the earlier crypto methods were trans position so you know you can see here that what they did is they moved a bunch of the characters around and you can do that to get transposition cryptography the other one I'm sure you've all seen on the back of cereal boxes and you know whatever you know gummy fruit that you may or may not eat you see substitution and that's just pretty much lining up letters by letters and substituting for
one another so then the computer era allowed us to take data you know represent it as ones and zeros and things like that and passes through those equations that we talked about and looted to earlier and use a shared key to encrypt that data into unusable text for anybody some of the common
algorithms that are used for this I know this is a wallet text so this is pretty much as proof that there are thousands and thousands of different crypto types out there the most common ones are up there some of the you know ones you may come across and some of the programs you may or may not use are up there and then there's even more that you know typically though you want what's considered good crypto cryptos that stood the test of time that's open where you can actually see the mathematical equations in it AES and blow fish and the ones listed up top those are all open people can see them there they prove the test of time people have tried to crack them and you know you'll see lots and lots of talks here at Def Con and people who are circumventing crypto and things like that but not one of them is about actually breaking the math on Krypto so just know that there that most the time when people are talking about breaking crypto they're not actually breaking the math because the math behind crypto was made by really really smart people much smarter than I all
right so get back to you know people crypto does rule it absolutely rocks like I said the math behind it is amazing but bought by by definition crypto you know if you have a hundred twenty eight bit key it should take two to the 227 tries on average to crack it so no supercomputers going to be doing that that takes forever so people like to argue about well how big a piece we should use hundred twenty-eight bit 256 512 you know all the way up to four not 4096 that's all great but you're getting into a battle they're like well how high should we make this fence should we make this fence two miles high four miles high eight miles high well it comes a point where the attack vector is not going to be the fence any longer if you have the crypto and the fence is built people are probably going to go to try to go around the fins or under the fence you know the same analogy if you had a box and it was made out of a cardboard you're not going to buy one of those awesome locks and expect someone to just start picking the lock there's going to tear through the cardboard so those are a lot of people wonder like well how bit how much crypto should i use and things like that so it's analogous to this these pictures here where yeah you can lock things up but you can also fail at locking things up should you encrypt everything just remember the data that you have and what you're trying to protect and who you're trying to protect it from those all come with you know the infosec mind and what people are you know what people are here learning about
yeah this is going on further with that the other attack vectors do exist you know this a perfect example is that of that here you can protect the heck out of something but other ways people will find to get your data all right so now
onto steganography steganography essentially you're hiding one message within another there's lots of different forms of steganography a good example here it
started out long time ago a lot of kings and no higher ups and not in armies and things like that would a tattoo messages in the backs of people heads or on their heads after they shaved them no let the hair grow out and then send them to know somebody else and they could shave their head and read the message which is great and all however that takes time lots and lots of time for people's hair to grow here's a different rate then moved into some things called micro dots that was a big thing in like World War two I don't know if he knew in seen the movie paycheck but in paycheck there's a good example of that there the guy has the Exorcist amp on the envelope and he gets under the microscope zooms in on the eye and there's headlines from other disasters that are to come if you haven't seen paycheck go see paycheck
simma Graham these are analogous to what you guys would look at it like it's Hilah griffix there are other ways to present them but centigrams really cool because you can have a picture and you will unbeknownst to anybody else that there's actually a message in that picture like oh the crow flying over the field means that the British are coming or something null ciphers they moved
into null ciphers those are really cool too but one of the bad parts about null ciphers that you have to have a lot of text just to get a little message so no sometimes I'm sure you've all seen on the Internet where somebody takes some form of null cipher or like the first line and rick roll somebody in a paper things like that and you'll see that never going to let you down thing on the left hand side but like again those are long long papers that make a lot of sense but you may not be known that there's actually a secret smaller message within an amor feos anamorphosis
try saying that 10 times fast that's an image that you can look at from one angle and can be one thing look at it from another angle can mean something totally different this is a good example that here where you have a beard cylinder and you can see them you know talking and around looks like some sort of beverage her food
um type spacing and offsetting again this is a lot like than the null cipher you have to have a really really long message in order to get out a really short message so you know those are the shortcomings involved there you'll end up with a really long message and you translate all the way across and to something and you get something as simple as hi so modern steganography a
lot of people use that today you guys probably use it don't even know it metadata and all of your eye and mp3s and things like that does that's technically steganography if you didn't know it was there it is definitely second ography but it's all intended messages now so you guys all know what's there a lot of the things that what they do to hide that is you know in current things like meta data they actually just add on to the data but and so it doesn't hurt the integrity of the actual file but when you're hiding it and you don't want people to know what they'll do is they'll hide it in the lowest bit noisy bits you know some things that are beyond the scope of what you would hear an mp3 or view in a movie file or a picture but where it comes in is that
that also creates entropy and these and that's how it can be detected and so you kind of have to be careful for that type of thing if you actually are you know hiding messages and things like that there are ways that people will find it so as you can see down there you can see right here and here these two they don't fit in with the standard entropy of the whole data palette or image palette there and they're stored in the lower bits so let's combine them together and
as you can see we took you know Darth Sidious encrypted the message hit it in Senator Palpatine and you have centered Palpatine I tried to think really long and hard about what's a real life example that you guys would seen of this thought long and hard and the best thing I could come up with was the movie
contact so you know she hears the noise from the aliens the vague ins and within that there is a message that's being broadcast and within that broad casted message there is these plans and then within those plans there's a cipher or a prime and they used that primer in cypher to put together the plans for the spaceship
when I encrypt i like to use to crypt that has good crypto in it up if we have time in a second I'll get to the data on that and then there's some cool ways to
do steganography good free tool out there is stag it does have the encryption piece into it so you can actually encrypt and hide things within images on the fly right away and we'll
get into those in just a second we hook up this mouse
so these are all freely available under the public license so feel free to
download them use them but pretty much truecrypt great i'm just going to run
through here at a creative quick volume default settings are usually pretty good on this
let's make it two gangs and we'll make it password use good passwords so oh really good i sorry the angle that i have is really bad i'm using password for my password so if i forget you can come up right you can use key files too so you can go ahead
and oh it will warn you that your password sucks and that takes a second it will format a volume for you and then i'll put it out here you guys can see well that's going let's go ahead and do
one instead guide that's pretty cool
hopefully they don't have anything incriminating on here
crap being wind 'red live demos suck by the way
ah all right and then you can put your output file in there my super-secret the gpg
done so then to the unbeknownst person
it just looks like Professor Zoidberg having a blast but to us if we want to
help true good bones don't agree we can
extract it browse go to the desktop oh I super secrets output file call it secret
txt and what was my password
I didn't all right yay there you go so
there's a text file full of secrets oh I
didn't set one you're right that was true crypt that i didn't set that one on
so yeah you can password protect them too I recommend that all right so as you
can see Oh what is it created
yeah creates a new volume but it wasn't Mountain automatically it's called secrets overdrive okay cool all right so
they can mount one says k now
then it's Matt it is there you can go to
your computer and there she is you can go ahead and you know take all of your stuff and put it inside of it and it's encrypted and you can unmount it from there that's a good way I know there's a
lot of talks about you know how to circumvent a lot of security and things like that but I figured a quick one on one on how to protect yourself from people who are trying to circumvent the security would probably help real for some of the people out there does anyone have any questions comments concerns they're open and they've stood the test of time is pretty much the quick dirty answer to that question there's high rewards out for people who can circumvent those that that math like if you can if you can crack that security a lot of people will will pay big money for that if you want to find it you you want to sell it to the highest bidder up it's the exact size unless you use compression you'll see in the stack height tool there and that this is this
is my personal favorite one I did not write it but the guy who did too badass you can see that you can actually do the compression level here so it's the exact size of the file unless you do that which comes into play when you want to make sure that you hide things in bigger files so if you don't have enough lower level bit then you obviously can't hide things with inside of it and you run out of bits to hide them in and it becomes really apparent to people that you are you know doing steganography in the back of the hat I'm sorry it's just what the data confiscating the data oh yeah I mean that's how it started out and moved further and further into this that's just what's considered early cryptography I mean in light of that it's changed a lot over the years and I would one would say that that's not really cryptography but you're just obscuring the data exactly but I mean that's it's considered you know the roots of where this was founded I love two-factor authentication with truecrypt loves it yeah I wouldn't mean there again like it comes into the things of what are you securing I mean if you're not needing to if you don't need two factor authentication you don't need it but I mean if you're really you know want that then use it what's that you can use a key file as well so you can have both like you back though Keith shirt key and a file that you'd have to share with others what's that no actually it's a new it's a it's a total new date timestamp I don't know
one off a HAMP is technically is creating a new file so I mean you probably have to like you'd have to hack that yeah you would have to share this with somebody else somebody else would have to know the existence of something within this file what how we doing on time here we okay we're coming close anybody else can we but yes you can do video files i just did images here visits simpler I mean obviously it takes longer to create a video file than it does anything else so yeah you can actually do that with a lot of different data there's low there's low bits and just about any type of media file and data file out there that would be cool I mean if you can hide it without the password right like I'd like I did instead hide so if somebody knows that this person hides a lot of things without a password and they were to put them on the web and use like an md5 hash and then and then you can check some of them after you download them and you know that there's stuff within each one it could just look like you have a lot of stock images on your website but actually you keep some other things in there too so that that's practical application to it right there that's what I just explained ok so then listen the next question it does destroy your least significant bits that's definitely the problem with it and it is like I said picked up by a statistical analysis and the entropy of the data okay it's all we got time for