It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Data Encryption, stop being a digital target.

page: 1
1
<<   2 >>

log in

join
share:

posted on Oct, 9 2011 @ 03:22 PM
link   
I have an obsession with technology. Recently while hanging out with a friend we were talking about wiki leaks, data protection and the government. This lead to me trying to figure out how to keep my data safe, but not become a target.

The thing is, I doubt I'm of interest of anyone to be a target, but the thought that my rights can and WILL be violated bothers the hell out of me.

The problem is, if you're using encryption technology. Then its like saying. "HEY" look at me! Anything not transparent could throw a flag.

I came up with a Process to combine a "File" with a "Digital Image". The file is included into the visual information in the image, not embedded or hidden. So the Image will now pass any virus scan etc. The image is 100% verifiable as an image, and nothing else.

You could place hidden data anywhere you might have an image, like on a website, your phone or desktop. Even email.

You can even put other images inside of the images. Email yourself programs etc..

What do you guys think about this kind of technology, and what could be done with it.

Here are two examples I've made.

This image has the first EVER Linux Kernel embedded in it.


This image contains the entire USA constitution.


Lets discuss...

-C

edit on 9-10-2011 by chris17453 because: Title Edit.




posted on Oct, 9 2011 @ 03:34 PM
link   
Well this isn't new technology, it made news a number of years ago when the government found terrorists using this method to pass messages back and forth in plain sight.. it's detectable, one obvious attribute of this is that the images are unusually large .. so I wouldn't use the standard implementations..

One way around this might be to use a file splitter to break the file into many small pieces and then embed those pieces into multiple images that you later re-combine.. you could even encrypt those parts .. then the sequence to re-join them is only known by you, as well as the encryption key ..

A person would have to

1. Identify you did this in the first place ( unlikely )
2. Figure out how to re-join your files in the right order ( I would say, virtually impossible since they are encrypted )
3. Figure out your encryption method, and the key used.. if you use AES256 and strong proper key, this part alone could take forever..

Never tried this because it would be time consuming lol but it would be a great method in my opinion ..
edit on 9-10-2011 by miniatus because: (no reason given)



posted on Oct, 9 2011 @ 03:43 PM
link   
You're right about it not being a new technology.

I wasn't aware of the terrorist link, but I just goggled it, i wonder what the specific process was.

I am aware of another process many years ago that exploited jpg images which allowed you to "ADD" a file to the end of it. My system includes the data in the visual elements of the photo, not in meta or system information of the file.

I've implemented several security layers which spread the data out on a specified level, reducing the overall impact of the image size, and spanning images.

If your message/file were small. Then file size increase wouldn't be noticeable. Only the inclusion of large binary data would bloat it.

Additionally,if you pre encrypt the files with anything, then include this should be enough.


edit on 9-10-2011 by chris17453 because: Spelling



posted on Oct, 9 2011 @ 03:47 PM
link   

Originally posted by chris17453
I have an obsession with technology. ,
I came up with a Process to combine a "File" with a "Digital Image".

edit on 9-10-2011 by chris17453 because: Title Edit.


With all due respect, but I sincerely doubt that "You" came up with this process ? It's been used by every script kiddie far and wide ever since. In case it really was you I bow my head to you.

And this technique is impractical to protect data from being stolen, when thoroughly looking for it. There are way more effective ways to protect your data from both - theft and unauthorized access - than by putting every file into an image and extracting it again once you want to have a look at it .. I mean c'mon, that's as effective as renaming my "topSecret.pdf" into "myAuntClarissa.jpg".

You can have your whole hard disk encrypted on-the-fly with 256bit or even 512bit ( if you're the paranoid kind of person ) with an impenetrable saltened MD5, AES, Twofish or whatever algorithm you like, as long as you pick a good pass phrase that's not prone to dictionary / brute force attacks.

But even then .. when your data is important enough to someone, they'll just wait until you login, and smack you on the head and tale what they want, or start ripping your teeth out a wrench until you give them all they want.

Maybe the safest way of protecting your data, is not to have data valuable to anyone in the first place




posted on Oct, 9 2011 @ 03:54 PM
link   
reply to post by chris17453
 

No offence but your idea isn't new, it's called image steganography.



posted on Oct, 9 2011 @ 04:00 PM
link   

Originally posted by chris17453
I came up with a Process to combine a "File" with a "Digital Image". The file is included into the visual information in the image, not embedded or hidden. So the Image will now pass any virus scan etc. The image is 100% verifiable as an image, and nothing else.

That's called steganography.



posted on Oct, 9 2011 @ 04:01 PM
link   
That's a bit insulting off the handle. Give me a chance guy. I'm a 2 time CTO, with a stack of credentials. I'm not a "Script Kiddie".

This is my process, I originated it. It's resembles "steganography" only in the process of inclusion. This system includes a virtual file system which indexes and contains folders and other file related information. It is much more related to an archive.

It's not an original idea. But I did this, myself and I believe it has value. Is there anywhere else you can do this?

It's a Choice. A choice that I didn't have or couldn't find before I built it. Now it exists.

It's a very complicated process which bit shifts low level visual data from a digital image and replaces it with similar target digital information, not changing the visual aspect of the photo AT ALL.

I didn't say it was practical. Of course it isn't. But My problem was that using specific encryption technologies flags you as hiding data.

This method allows you to hide valuable data in plain sight.

It's not as simple as renaming an image. The original image still visually looks the same while including the new data.

The point isn't that you can do it other ways. You can encrypt your data lots of ways.

The point is that you can do it this way and avoid these other issues, and with use and further development the process could be 100% transparent for the user.

Rome wasn't built in a day. And yes I know its called "steganography".
edit on 9-10-2011 by chris17453 because: Updating Acknoledgment



posted on Oct, 9 2011 @ 04:09 PM
link   
Security is an illusion. I tell all my customers as much. It doesn't matter if it's a file, a computer, a network, a building or a country. All you can do is make them as secure as possible so likely culprits will move on to the next mark. Isolation is the most effective but also the most unacceptable; unplug the computer from the router, router from the modem, build a structure with no windows and one door.



posted on Oct, 9 2011 @ 04:09 PM
link   
reply to post by chris17453
 

Not trying to rain on your parade or anything but a google of "image stenography source code" reveals about 500k results. There's lots of material out there discussing many different implementations of the concept.



posted on Oct, 9 2011 @ 04:13 PM
link   
Reminds me of a program from about ten years ago called CHAMELEON
Chameleon

Of course most are familiar with Truecrypt, the hidden volume option allows for plausible deniability as it's supposedly not possible to determine if a volume has data on it or not.

Personally, I ONLY trust open source projects like Truecrypt as commercial or individuals are prone to "weaknesses", you decide what those may be, but I don't take the chance. Not that anyone cares what I've got anyway.



posted on Oct, 9 2011 @ 04:16 PM
link   
Again, It's been done before. I get it. Why the hate? I didnt claim it was unique.

I freely admit it that it's been done, others have done it.

My system,however, include an entire file system structure and spans many photos has added encryption AND raid capacity if a photo is lost the system still stands. Full archival of files with paths, attributes and permissions within a sequence of photographs.

It's not just a picture with a secret code.



posted on Oct, 9 2011 @ 04:20 PM
link   

Originally posted by chris17453
And yes I know its called "steganography".

If you had started by saying that you had made a steganography system you could (probably) have avoided all this.

As for hiding things in other files, I think a video could be a better way, as its bigger file sizes wouldn't be suspect and would allow a large capacity of hidden files, but it would probably be more difficult to make, because of the way the video is encoded.
(But my knowledge of how the video is encoded is not much, so I may be wrong.
)



posted on Oct, 9 2011 @ 04:21 PM
link   
reply to post by chris17453
 


Problem is, it isn't even secure. Have a read of a paper titled "Reliable Detection of LSB Steganography in Color and Grayscale Images".



posted on Oct, 9 2011 @ 04:30 PM
link   
It's not like I'm opening a commercial shop. I just built the system as a base. I had already started branching into video and audio. Video is pretty easy, you can add huge chunks become the actual video data.

But I wanted to keep my system completely visual. Most of these systems only use lossless true color image systems. because compression destroys the data. I've built methods to allow for compression in JPEG's and still retain the data. Of course the data is smaller.

Once polished up, I plan to upload as an open source project on sourceforge.

I have the project working as a website and as a PC application.

-C



posted on Oct, 9 2011 @ 04:35 PM
link   
I'm aware of the LSB (Least Significant Bit Detection method). And I've devised a method which only uses pixels with a similar LSB over the bit shift plane. I also do an analysis of the Hue, Saturation, Contrast And noise of related pixels to determines when not to use LSB. At times 2->8 Bits.

The method does not use a constant data embedding patter, constant bit length or location. Embeds do not hapen at a specific point in a file and may infact be spread out over many files.

Like a raid, the bits of any 1 byte may be in several volumes (photos).


edit on 9-10-2011 by chris17453 because: Spelling



posted on Oct, 9 2011 @ 04:44 PM
link   
reply to post by chris17453
 


I hate "constant data embedding patter"


Ok, no clue what that is, but from your description, it sounds interesting. I like the RAID and effort put into other features.

I'd welcome something new on the scene, never really was that happy with the current solutions.



posted on Oct, 9 2011 @ 04:48 PM
link   
reply to post by chris17453
 

Here's a bundle more papers:

New methodology for breaking steganographic techniques for JPEGs
On the Limits of Steganography
Detecting Hidden Messages Using Higher-Order Statistics and Support Vector Machines
Steganalysis of JPEG Images: Breaking the F5 Algorithm
Detecting Steganographic Content on the Internet

...and so on. And that's from downloading a couple of papers and backtracking the references. I think if you're serious about the topic then you'd fare well to do some serious homework within the field as there's been a LOT of research into making and breaking stenographic algorithms. No point in reinventing the wheel or independently coming up with an algorithm that has been cracked before by previous researchers.
edit on 9-10-2011 by john_bmth because: (no reason given)



posted on Oct, 9 2011 @ 07:02 PM
link   

Originally posted by ArMaP
As for hiding things in other files, I think a video could be a better way, as its bigger file sizes wouldn't be suspect and would allow a large capacity of hidden files,
ArMaP,

You did a nice job of honing on the real issue here, for any real practical attempt to hide something in an image.

If an image comes under the slightest scrutiny at all, it's not to hard for someone who works with images a lot to tell if the file size is unusually large for the image.

Take the ATS uploading file limit for example, it's 500k, so even ATS knows there are a lot of images smaller than 500k Most of my digital camera images are in the ballpark of 400k. I could hide 100k in the image and make it 25% bigger, and that would probably avoid further scrutiny. But, 100k isn't a lot. So unless you only have a handful of very small things you want to secure, hiding stuff in images doesn't seem very practical to me. I like the video idea, that's a lot more practical, if you have more to secure, but it still has limits. Still one of the things I like about it is that it's a little harder to pin down the exact size a particular video should be, than to pin down the size an image should be. So in addition to the video being larger to begin with, you may not be limited to a 25% file size increase, you may be able to increase the file size by significantly more than that and not arouse suspicion.

If you Google the terns security encryption faq, there's a document that talks about creating a virtual drive with VM workstation for security purposes, in conjunction with another program hat involves some kind of encryption. I haven't tried it yet, but I've been thinking about it with all the hackers and thieves out there. It sounds like it might take some effort to set up, but once you do, it's probably a lot easier to use than reprocessing a bunch of images or videos. The author claims it's not easily detected, but I'm a little skeptical of that claim.

Actually, I'm not a security expert. For all I know that security and encryption FAQ was written by the NSA as a guide they hope terrorists will use so it will be easy for them to crack!
But even if that's the case, I am only trying to keep my stuff secure from the hackers and thieves, as long as it's good enough for that, the NSA issue doesn't concern me.
edit on 9-10-2011 by Arbitrageur because: clarification



posted on Oct, 9 2011 @ 07:34 PM
link   
That's my attraction to images. If many are used they can be spread out everywhere and not connected.

The problem with most video techniques is they hide a single huge chunk before the actual data contents. its just "In" the file. not interpolated with the data.

Additionally, I wanted something that wouldn't trigger a flag. Video content may trigger a flag. Especially on a commercial network.

I wanted something that was common, explainable, that you could email, pass through a network without much detection and people were very familiar with.

I dont mind the fact that a file only holds a small amount of information. That's what the photo library is for.

Everyone has a folder with a ton of some sort of pics in them.

And idle examination of a random flash drive and CD would pass.

I wasn't trying to beat the system, merely pass simple scrutiny.

Many firewalls scan for file type, some even virus /spam check. I highly doubt many except the most secure filter on the byte level for this type of content.



posted on Oct, 9 2011 @ 07:47 PM
link   

Originally posted by chris17453
Everyone has a folder with a ton of some sort of pics in them.
That's probably true.

But I don't want to have to go through 1000, 10,000, or 100,000 images to get at my data. If that's not an issue for you, then you've got a workable system for your needs.

Perhaps the methods of blending the data into a video file are ineffective as you suggest. What that says to me is that the execution is poor, not that the concept is poor. Maybe someone can figure out a better way to execute it, or maybe they already have and we just don't know about it yet; I didn't really do much research on it since I don't plan to use it, but I'm thinking of trying a virtual disk. I need to research that more.



new topics

top topics



 
1
<<   2 >>

log in

join