2 nd acm information hiding multimedia security workshop
play

2 nd ACM Information Hiding Multimedia & Security Workshop - PowerPoint PPT Presentation

Oct 30, 2023 •143 likes •578 views

pevnak @ gmail.com Agent Technology Center, Czech Technical University in Prague adk @ cs.ox.ac.uk Department of Computer Science, Oxford University 2 nd ACM Information Hiding Multimedia & Security Workshop Salzburg, 12 June 2014 features

  1. pevnak @ gmail.com Agent Technology Center, Czech Technical University in Prague adk @ cs.ox.ac.uk Department of Computer Science, Oxford University 2 nd ACM Information Hiding Multimedia & Security Workshop Salzburg, 12 June 2014

  2. features stego object? Sophisticated, powerful, but…

  3. features stego object? Sophisticated, powerful, but… • Can never give certainty. • Can never know exactly how accurate it is.

  4. key ............. ...payload... ............. stego object? Try every key until you recognise a payload.

  5. key ............. ...payload... ............. stego object? Try every key until you recognise a payload. Not feasible if the keyspace is 64 bits, but • feasible if 32-bit keyspace, or maps into 32-bit space, or • feasible if keys derived from passwords.

  6. key ............. ...payload... ............. stego object? Try every key until you recognise a payload . Making payload unrecognisable is difficult: • use unstructured plaintext? • encrypt with second password?

  7. key ............. ...payload... ............. stego object? Assumptions • Keyspace exhaustible. • Plaintext unrecognisable. • Payload decoded via metadata. Seek statistical evidence that one key is more likely, or a short list of keys for a second attack on the plaintext.

  8. Assumptions • Keyspace exhaustible. • Plaintext unrecognisable. Provos [2001] For each key, check consistency of OutGuess ‘header block’. Fridrich et al. [2004], Böhme et al. [2012] For each key, compare statistics of used vs. unused locations. Ker [2007], Quach [2011+] Look for correlated residuals between different stego images.

  9. • Keyspace exhaustible. • Plaintext unrecognisable. • Multiple stego objects embedded with same key.

  10. • Keyspace exhaustible. • Plaintext unrecognisable. • Multiple stego objects embedded with same key. • Payload decoded via metadata: metadata key ............. ...payload... ............. stego object?

  11. Most implementations use metadata: • Payload size (to know when to stop decoding). • Hamming code parameters. • Syndrome Trellis Code parameters. • …

  12. For each stego image, for each key, decode metadata & discard impossible keys.

  13. For each stego image, for each key, decode metadata & discard impossible keys. Example • OutGuess • Uniformly random message length • Keyspace: 2 million passwords • Metadata = message length • Discard length > capacity • Experiment repeated 1000 times

  14. For each stego image, for each key, decode metadata & discard impossible keys. Example • OutGuess • Uniformly random message length • Keyspace: 2 million passwords • Metadata = message length • Discard length > capacity • Experiment repeated 1000 times

  15. For each stego image, for each key, decode metadata & discard impossible keys. Countermeasure Use proper ‘padding’ to make all metadata possible. e.g. length = metadata ( mod capacity)

  16. For each stego image, for each key, decode metadata & discard impossible keys. Countermeasure Use proper ‘padding’ to make all metadata possible. e.g. length = metadata ( mod capacity) Can this be determined by the receiver?

  17. For each stego image, for each key, decode metadata & discard impossible keys. Countermeasure Use proper ‘padding’ to make all metadata possible. e.g. length = metadata ( mod capacity) Can this be determined by the receiver? e.g. code parameter = metadata ( mod maximum)

  18. Attacking the embedding, can often estimate the length of payload in a stego image: • old-fashioned ‘structural steganalysis’, • support vector regression based on features, etc.

  19. Attacking the embedding, can often estimate the length of payload in a stego image: • old-fashioned ‘structural steganalysis’, • support vector regression based on features, etc.

  20. For each key, decode metadata & compute posterior: length decoded from metadata key observed stego object

  21. For each key, decode metadata & compute posterior: behaviour of estimator (determined experimentally) prior (uniform)

  22. For each key, decode metadata & compute posterior: behaviour of estimator (determined experimentally) prior (uniform)

  23. For each key, decode metadata & compute score

  24. For each key, decode metadata & compute score Example • OutGuess • Uniformly random message length • Keyspace: 2 million passwords • Metadata = message length • PF-548 features length estimate • Experiment repeated 1000 times

  25. For each key, decode metadata & compute score Example • OutGuess • Uniformly random message length • Keyspace: 2 million passwords • Metadata = message length • PF-548 features length estimate • Experiment repeated 1000 times

  26. For each key, decode metadata & compute score Countermeasure? Key inference has ‘exponential power’: extracted metadata is independent across images (if the key is incorrect). Try to make it dependent , as for correct keys?

  27. For each key, decode metadata & compute score Countermeasure? metadata key ............. ...payload... ............. stego object

  28. For each key, decode metadata & compute score Countermeasure? key metadata no key ............. ...payload... ............. stego object

  29. For each key, decode metadata & compute score Countermeasure? length = (metadata + key) ( capacity) and the metadata is stored at a fixed location

  30. For each key, decode metadata & compute score Countermeasure? • Simulated 16-bit payload size • Uniformly random message length • length = (metadata + key) ( mod capacity) • PF-548 features length estimate • Repeated 1000 times

  31. For each key, decode metadata & compute score Countermeasure? • Simulated 16-bit payload size • Uniformly random message length • length = (metadata + key) ( mod capacity) • PF-548 features length estimate • Repeated 1000 times

  32. For each key, decode metadata & compute score Countermeasure? length = (metadata + key) ( capacity) and the metadata is stored at a fixed location However, this introduces new statistical attacks.

  33. If the metadata does not determine payload length, it probably gives information about it: • Optimal Hamming code size determined by relative payload. • STC width closely related to inverse payload.

  34. If the metadata does not determine payload length, it probably gives information about it: • Optimal Hamming code size determined by relative payload. • STC width closely related to inverse payload. length coding parameter(s)

  35. If the metadata does not determine payload length, it probably gives information about it: • Optimal Hamming code size determined by relative payload. • STC width closely related to inverse payload. probably uniform between certain limits coding parameter(s)

  36. For each key, decode metadata & compute score Example • OutGuess • Keyspace: 2 million passwords • Hamming code • Metadata = • PF-548 features length estimate • Repeated 1000 times

  37. Presented ways to improve exhaustion attacks through statistical steganalysis evidence. We are attacking implementation weaknesses, not steganographic weaknesses.

  38. Presented ways to improve exhaustion attacks through statistical steganalysis evidence. We are attacking implementation weaknesses, not steganographic weaknesses. Implementations can avoid all these attacks if: • their keyspace is not exhaustible, or • keys are never reused, or • no metadata is stored… … but such mistakes are plausible and common.

  39. If keys must be re-used, we have to make hard choices: Embed metadata Do not embed metadata

  40. If keys must be re-used, we have to make hard choices: Security against Security against statistical attacks exhaustion attacks Embed metadata Do not embed metadata

  41. If keys must be re-used, we have to make hard choices: Security against Security against statistical attacks exhaustion attacks Embed metadata Do not embed metadata Store metadata Do not store metadata cryptographically cryptographically

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3

1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3

1 What is multimedia information retrieval? 1.1 Information retrieval 1.2 Multimedia 1.3 Semantic Gap? 1.4 Challenges of automated multimedia indexing 2 Basic multimedia search technologies 2.1 Meta-data driven retrieval 2.2 Piggy-back text

902 views • 56 slides
Multimedia Information Retrieval 1 What is multimedia information retrieval? 2 Basic Multimedia

Multimedia Information Retrieval 1 What is multimedia information retrieval? 2 Basic Multimedia

Multimedia Information Retrieval 1 What is multimedia information retrieval? 2 Basic Multimedia Search Technologies 3 Evaluation of MIR Systems 4 Added Value user interaction, visualisation and the MIR research landscape Multimedia

491 views • 26 slides
JPEG Anti-forensics Using Non-parametric DCT Quantization Noise Estimation and Natural Image

JPEG Anti-forensics Using Non-parametric DCT Quantization Noise Estimation and Natural Image

JPEG Anti-forensics Using Non-parametric DCT Quantization Noise Estimation and Natural Image Statistics The 1st ACM Workshop on Information Hiding and Multimedia Security Wei Fan *, , Kai Wang * , Fran cois Cayre * , and Zhang Xiong *

1.26k views • 24 slides
Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an

Information hiding Information hiding Notice how a user of a service being provided by an object, need only know the name of the messages that the object will accept. They need not have any idea how the actions performed in response to

474 views • 34 slides
CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom

CS 166: Information Security Secret Sharing, Random Numbers, and Information Hiding Prof. Tom Austin San Jos State University Secret Sharing: Motivation Goal: make secret available, but make it hard to peek. Divide secret among

731 views • 48 slides
Encryption and Forensics/Data Hiding Cryptography Background See:

Encryption and Forensics/Data Hiding Cryptography Background See:

1 Encryption and Forensics/Data Hiding Cryptography Background See: http://www.cacr.math.uwaterloo.ca/hac/ For more information 2 Security Objectives Confidentiality (Secrecy): Prevent/Detect/Deter improper disclosure of information

673 views • 35 slides
14 th ACM Multimedia & Security Workshop, Warwick University, 6 Sept 2012 Is this a cover

14 th ACM Multimedia & Security Workshop, Warwick University, 6 Sept 2012 Is this a cover

adk @ cs.ox.ac.uk Department of Computer Science, Oxford University pevnak @ gmail.com Agent Technology Center, Czech Technical University in Prague 14 th ACM Multimedia & Security Workshop, Warwick University, 6 Sept 2012 Is this a cover

579 views • 23 slides
POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos

POKING HOLES IN INFORMATION HIDING Angelos Oikonomopoulos Elias Athanasopoulos Herbert Bos Cristiano Giuffrida Vrije Universiteit Amsterdam Teaser Break ideal information hiding in seconds Few probes, typically no crashes

854 views • 33 slides
David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

David Lorge Parnas When the first papers on information Hiding were published (1970-72) ,

Middle Road Software, Inc. How Precise Documentation allows Information Hiding to Reduce Software Complexity and Increase its Agility" David Lorge Parnas When the first papers on information Hiding were published (1970-72) , reaction

845 views • 47 slides
Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Robert

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Robert

Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding Robert Gawlik , Benjamin Kollenda, Philipp Koppe, Behrad Garmany, Thorsten Holz Ruhr University Bochum Horst Grtz Institute for IT-Security Bochum,

660 views • 63 slides
2-Leyer Security System for Hiding Sensitive Text Data on Personal Computers Nouf Al-Otaibi and

2-Leyer Security System for Hiding Sensitive Text Data on Personal Computers Nouf Al-Otaibi and

2014 The 3rd International Conference on Advancements in Information Technology (ICAIT 2014) Dubai, UAE, 22-23 August 2014 2-Leyer Security System for Hiding Sensitive Text Data on Personal Computers Nouf Al-Otaibi and Adnan Gutub Umm Al-Qura

330 views • 20 slides
Chapter 1 Introduction to Multimedia 1.1 What is Multimedia? 1.2 Multimedia and Hypermedia 1.3

Chapter 1 Introduction to Multimedia 1.1 What is Multimedia? 1.2 Multimedia and Hypermedia 1.3

Fundamentals of Multimedia, Chapter 1 Chapter 1 Introduction to Multimedia 1.1 What is Multimedia? 1.2 Multimedia and Hypermedia 1.3 World Wide Web 1.4 Overview of Multimedia Software Tools 1.5 Further Exploration 1 Li & Drew c

388 views • 18 slides
Active Learning for Multimedia Georges Qunot Multimedia Information Retrieval Group L

Active Learning for Multimedia Georges Qunot Multimedia Information Retrieval Group L

ACM Multimedia 2007 Half Day Tutorial Active Learning for Multimedia Georges Qunot Multimedia Information Retrieval Group L aboratoire d' I nformatique de G renoble September 24, 2007 1 Tutorial Outline Introduction / example

715 views • 52 slides
Multimedia Queries and Indexing Prof Stefan Rger Multimedia and Information Systems Knowledge

Multimedia Queries and Indexing Prof Stefan Rger Multimedia and Information Systems Knowledge

Multimedia Queries and Indexing Prof Stefan Rger Multimedia and Information Systems Knowledge Media Institute The Open University http://kmi.open.ac.uk/mmis Multimedia queries and indexing 1. What are multimedia queries? 2. Fingerprinting

717 views • 67 slides
Multimedia Information Retrieval Prof Stefan Rger Multimedia and Information Systems Knowledge

Multimedia Information Retrieval Prof Stefan Rger Multimedia and Information Systems Knowledge

Multimedia Information Retrieval Prof Stefan Rger Multimedia and Information Systems Knowledge Media Institute The Open University http: / / kmi.open.ac.uk/ mmis kmi.open.ac.uk kmi.open.ac.uk kmi.open.ac.uk Since 1995: 117 projects &

1.83k views • 140 slides
Multimedia Indexing and Retrieval Georges Qunot Multimedia Information Modeling and Retrieval

Multimedia Indexing and Retrieval Georges Qunot Multimedia Information Modeling and Retrieval

Multimedia Indexing and Retrieval Georges Qunot Multimedia Information Modeling and Retrieval Group Laboratory of Informatics of Grenoble Georges Qunot EARIA 17 October 2014 1 Multimedia Retrieval

672 views • 34 slides
Florida Gulf Environmental Benefit Fund: Draft Restoration Strategy September 14, 2016

Florida Gulf Environmental Benefit Fund: Draft Restoration Strategy September 14, 2016

Florida Gulf Environmental Benefit Fund: Draft Restoration Strategy September 14, 2016 Jennifer Peers, Abt Associates Phone: 415-655-0002 | Access Code: 642-583-292 Agenda Background Draft Restoration Strategy Introduction

965 views • 40 slides
Hu et al., 2020 Sinha et al., 2019 _______________________________________________ Greta Tuckute

Hu et al., 2020 Sinha et al., 2019 _______________________________________________ Greta Tuckute

Hu et al., 2020 Sinha et al., 2019 _______________________________________________ Greta Tuckute & Kamoya K Ikhofua MIT Fall 2020, 6.884 Symbolic Generalization 1 Motivation Natural language understanding systems to generalize in a

670 views • 42 slides
CASAS Implementation Training Modules 1 & 2 Presenter: J. Michelle Johnson CASAS State

CASAS Implementation Training Modules 1 & 2 Presenter: J. Michelle Johnson CASAS State

CASAS Implementation Training Modules 1 & 2 Presenter: J. Michelle Johnson CASAS State Trainer and State Director, OSSE Adult and Family Education CASAS Implementation Basics Module 1 2 Opening Activity State your name, where

1.89k views • 143 slides
in Android Certificate Security Professor Patrick McDaniel Daniel Krych Fall 2015 Google Play

in Android Certificate Security Professor Patrick McDaniel Daniel Krych Fall 2015 Google Play

Investigating Weaknesses in Android Certificate Security Professor Patrick McDaniel Daniel Krych Fall 2015 Google Play Store Devins App Devins CERT. Devins App App Mallory CERT. CERT. Devin 2 Investigating Android

410 views • 23 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
Personal Factors Make a Difference! Research from more than 1,000 published studies on

Personal Factors Make a Difference! Research from more than 1,000 published studies on

11/2/2014 Using the CLEI to Help Students and Measure Success in College ! Presented By Dorinda J. Lambert, Ph.D. Director Counseling Services Kansas State University Personal Factors Make a Difference! Research from more than 1,000

343 views • 10 slides
Redis Presentation by Atreyee Maiti What is redis? an in-memory key-value store, with

Redis Presentation by Atreyee Maiti What is redis? an in-memory key-value store, with

Redis Presentation by Atreyee Maiti What is redis? an in-memory key-value store, with persistence open source written in C can handle up to 2 32 keys, and was tested in practice to handle at least 250 million of keys per

633 views • 14 slides
Promotion Analysis in Multi-Dimensional Space Tianyi Wu (UIUC) Dong Xin (Microsoft Research)

Promotion Analysis in Multi-Dimensional Space Tianyi Wu (UIUC) Dong Xin (Microsoft Research)

Promotion Analysis in Multi-Dimensional Space Tianyi Wu (UIUC) Dong Xin (Microsoft Research) Qiaozhu Mei (University of Michigan) Jiawei Han (UIUC) 2 Outline Introduction Query execution algorithms Spurious promotion

686 views • 35 slides

More recommend