Security : Steganography

Over the past couple of years, steganography has been the source of a lot of discussion, particularly as it was suspected that terrorists connected with the September 11 attacks might have used it for covert communications. While no such connection has been proven, the concern points out the effectiveness of steganography as a means of obscuring data. Indeed, along with encryption, steganography is one of the fundamental ways by which data can be kept confidential. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the true implications it can have on information security.

What is Steganography?

While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence[1].

According to Dictionary.com, steganography (also known as "steg" or "stego") is "the art of writing in cipher, or in characters, which are not intelligible except to persons who have the key; cryptography" [2]. In computer terms, steganography has evolved into the practice of hiding a message within a larger one in such a way that others cannot discern the presence or contents of the hidden message[3]. In contemporary terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such as an image, an audio file (like a .wav or mp3) or even a video file.

What is Steganography Used for?

Like many security tools, steganography can be used for a variety of reasons, some good, some not so good. Legitimate purposes can include things like watermarking images for reasons such as copyright protection. Digital watermarks (also known as fingerprinting, significant especially in copyrighting material) are similar to steganography in that they are overlaid in files, which appear to be part of the original file and are thus not easily detectable by the average person. Steganography can also be used as a way to make a substitute for a one-way hash value (where you take a variable length input and create a static length output string to verify that no changes have been made to the original variable length input)[4]. Further, steganography can be used to tag notes to online images (like post-it notes attached to paper files). Finally, steganography can be used to maintain the confidentiality of valuable information, to protect the data from possible sabotage, theft, or unauthorized viewing[5].

Unfortunately, steganography can also be used for illegitimate reasons. For instance, if someone was trying to steal data, they could conceal it in another file or files and send it out in an innocent looking email or file transfer. Furthermore, a person with a hobby of saving pornography, or worse, to their hard drive, may choose to hide the evidence through the use of steganography. And, as was pointed out in the concern for terroristic purposes, it can be used as a means of covert communication. Of course, this can be both a legitimate and an illegitimate application.

Steganography Tools

There are a vast number of tools that are available for steganography. An important distinction that should be made among the tools available today is the difference between tools that do steganography, and tools that do steganalysis, which is the method of detecting steganography and destroying the original message. Steganalysis focuses on this aspect, as opposed to simply discovering and decrypting the message, because this can be difficult to do unless the encryption keys are known.

A comprehensive discussion of steganography tools is beyond the scope of this article. However, there are many good places to find steganography tools on the Net. One good place to start your search for stego tools is on Neil Johnson's Steganography and Digital Watermarking Web site. The site includes an extensive list of steganography tools. Another comprehensive tools site is located at the StegoArchive.com.

For steganalysis tools, a good site to start with is Neil Johnson's Steganalysis site. Niels Provos's site, is also a great reference site, but is currently being relocated, so keep checking back on its progress.

The plethora of tools available also tends to span the spectrum of operating systems. Windows, DOS, Linux, Mac, Unix: you name it, and you can probably find it.

How Do Steganography Tools Work?

To show how easy steganography is, I started out by downloading one of the more popular freeware tools out now: F5, then moved to a tool called SecurEngine, which hides text files within larger text files, and lastly a tool that hides files in MP3s called MP3Stego. I also tested one commercial steganography product, Steganos Suite.

F5 was developed by Andreas Westfield, and runs as a DOS client. A couple of GUIs were later developed: one named "Frontend", developed by Christian Wohne and the other, named "Stegano", by Thomas Biel. I tried F5, beta version 12. I found it very easy to encode a message into a JPEG file, even if the buttons in the GUI are written in German! Users can simply do this by following the buttons, inputting the JPEG file path, then the location of the data that is being hidden (in my case, I used a simple text file created in Notepad), at which point the program prompts the user for a pass phrase. As you can see by the before and after pictures below, it is very hard to tell them apart, embedded message or not.

Steganography and Security

As mentioned previously, steganography is an effective means of hiding data, thereby protecting the data from unauthorized or unwanted viewing. But stego is simply one of many ways to protect the confidentiality of data. It is probably best used in conjunction with another data-hiding method. When used in combination, these methods can all be a part of a layered security approach. Some good complementary methods include:

• Encryption - Encryption is the process of passing data or plaintext through a series of mathematical operations that generate an alternate form of the original data known as ciphertext. The encrypted data can only be read by parties who have been given the necessary key to decrypt the ciphertext back into its original plaintext form. Encryption doesn't hide data, but it does make it hard to read!
• Hidden directories (Windows) - Windows offers this feature, which allows users to hide files. Using this feature is as easy as changing the properties of a directory to "hidden", and hoping that no one displays all types of files in their explorer.
• Hiding directories (Unix) - in existing directories that have a lot of files, such as in the /dev directory on a Unix implementation, or making a directory that starts with three dots (...) versus the normal single or double dot.
• Covert channels - Some tools can be used to transmit valuable data in seemingly normal network traffic. One such tool is Loki. Loki is a tool that hides data in ICMP traffic (like ping).

Protecting Against Malicious Steganography

Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized or unwanted activity. What can you do to prevent or detect issues with stego? There is no easy answer. If someone has decided to hide their data, they will probably be able to do so fairly easily. The only way to detect steganography is to be actively looking for in specific files, or to get very lucky. Sometimes an actively enforced security policy can provide the answer: this would require the implementation of company-wide acceptable use policies that restrict the installation of unauthorized programs on company computers.

Using the tools that you already have to detect movement and behavior of traffic on your network may also be helpful. Network intrusion detection systems can help administrators to gain an understanding of normal traffic in and around your network and can thus assist in detecting any type of anomaly, especially with any changes in the behavior of increased movement of large images around your network. If the administrator is aware of this sort of anomalous activity, it may warrant further investigation. Host-based intrusion detection systems deployed on computers may also help to identify anomalous storage of image and/or video files.

A research paper by Stefan Hetzel cites two methods of attacking steganography, which really are also methods of detecting it. They are the visual attack (actually seeing the differences in the files that are encoded) and the statistical attack: "The idea of the statistical attack is to compare the frequency distribution of the colors of a potential stego file with the theoretically expected frequency distribution for a stego file." It might not be the quickest method of protection, but if you suspect this type of activity, it might be the most effective. For JPEG files specifically, a tool called Stegdetect, which looks for signs of steganography in JPEG files, can be employed. Stegbreak, a companion tool to Stegdetect, works to decrypt possible messages encoded in a suspected steganographic file, should that be the path you wish to take once the stego has been detected.

Conclusions

Steganography is a fascinating and effective method of hiding data that has been used throughout history. Methods that can be employed to uncover such devious tactics, but the first step are awareness that such methods even exist. There are many good reasons as well to use this type of data hiding, including watermarking or a more secure central storage method for such things as passwords, or key processes. Regardless, the technology is easy to use and difficult to detect. The more that you know about its features and functionality, the more ahead you will be in the game.

Resources:

[1] Steganography, by Neil F. Johnson, George Mason University,
http://www.jjtc.com/stegdoc/sec202.html

[2] http://dictionary.reference.com/search?q=steganography

[3] The Free On-line Dictionary of Computing, © 1993-2001 Denis Howe
http://www.nightflight.com/foldoc/index.html

[4] Applied Cryptography, Bruce Schneier, John Wiley and Sons Inc., 1996

[5] Steganography: Hidden Data, by Deborah Radcliff, June 10, 2002,
http://www.computerworld.com/securitytopics/security/story/0,10801,71726,00.html

SPM:Software Project Managment

Project Schedule


The project schedule is the core of the project plan. It is used by the project manager to commit people to the project and show the organization how the work will be performed. Schedules are used to communicate final deadlines and, in some cases, to determine resource needs. They are also used as a kind of checklist to make sure that every task necessary is performed. If a task is on the schedule, the team is committed to doing it. In other words, the project schedule is the means by which the project manager brings the team and the project under control.
Project ScheduleThe project schedule is a calendar that links the tasks to be done with the resources that will do them. Before a project schedule can be created, the project manager must have a work breakdown structure (WBS), an effort estimate for each task, and a resource list with availability for each resource. If these are not yet available, it may be possible to create something that looks like a schedule, but it will essentially be a work of fiction. A project manager’s time is better spent on working with the team to create a WBS and estimates (using a consensus-driven estimation method like Wideband Delphi—see Chapter 3) than on trying to build a project schedule without them. The reason for this is that a schedule itself is an estimate: each date in the schedule is estimated, and if those dates do not have the buy-in of the people who are going to do the work, the schedule will almost certainly be inaccurate.
The Wideband Delphi process is explained in detail in Chapter 3: Estimation. Read the full text of Chapter 3 (PDF)There are many project scheduling software products which can do much of the tedious work of calculating the schedule automatically, and plenty of books and tutorials dedicated to teaching people how to use them. However, before a project manager can use these tools, he should understand the concepts behind the WBS, dependencies, resource allocation, critical paths, Gantt charts and earned value. These are the real keys to planning a successful project.The most popular tool for creating a project schedule is Microsoft Project. There are also free and open source project scheduling tools available for most platforms which feature task lists, resource allocation, predecessors and Gantt charts. Other project scheduling software packages include:
Open Workbench
dotProject
netOffice
TUTOS
Allocate Resources to the TasksThe first step in building the project schedule is to identify the resources required to perform each of the tasks required to complete the project. (Generating project tasks is explained in more detail in the Wideband Delphi Estimation Process page.) A resource is any person, item, tool, or service that is needed by the project that is either scarce or has limited availability.Many project managers use the terms “resource” and “person” interchangeably, but people are only one kind of resource. The project could include computer resources (like shared computer room, mainframe, or server time), locations (training rooms, temporary office space), services (like time from contractors, trainers, or a support team), and special equipment that will be temporarily acquired for the project. Most project schedules only plan for human resources—the other kinds of resources are listed in the resource list, which is part of the project plan.One or more resources must be allocated to each task. To do this, the project manager must first assign the task to people who will perform it. For each task, the project manager must identify one or more people on the resource list capable of doing that task and assign it to them. Once a task is assigned, the team member who is performing it is not available for other tasks until the assigned task is completed. While some tasks can be assigned to any team member, most can be performed only by certain people. If those people are not available, the task must wait.
Identify DependenciesOnce resources are allocated, the next step in creating a project schedule is to identify dependencies between tasks. A task has a dependency if it involves an activity, resource, or work product that is subsequently required by another task. Dependencies come in many forms: a test plan can’t be executed until a build of the software is delivered; code might depend on classes or modules built in earlier stages; a user interface can’t be built until the design is reviewed. If Wideband Delphi is used to generate estimates, many of these dependencies will already be represented in the assumptions. It is the project manager’s responsibility to work with everyone on the engineering team to identify these dependencies. The project manager should start by taking the WBS and adding dependency information to it: each task in the WBS is given a number, and the number of any task that it is dependent on should be listed next to it as a predecessor. The following figure shows the four ways in which one task can be dependent on another.

Create the Schedule

Once the resources and dependencies are assigned, the software will arrange the tasks to reflect the dependencies. The software also allows the project manager to enter effort and duration information for each task; with this information, it can calculate a final date and build the schedule.

Each task is represented by a bar, and the dependencies between tasks are represented by arrows. Each arrow either points to the start or the end of the task, depending on the type of predecessor. The black diamond between tasks D and E is a milestone, or a task with no duration. Milestones are used to show important events in the schedule. The black bar above tasks D and E is a summary task, which shows that these tasks are two subtasks of the same parent task. Summary tasks can contain other summary tasks as subtasks. For example, if the team used an extra Wideband Delphi session to decompose a task in the original WBS into subtasks, the original task should be shown as a summary task with the results of the second estimation session as its subtasks.

For more Information Click Here.

Security:Firewall Information

What is a firewall?

A term borrowed either from construction—aircraft or automobile design--a firewall is a barrier that segregates two areas to protect one space from the environment of the other. In buildings or airframes, it is designed to prevent fire from spreading from one section to another. In racing, it protects the driver from a possible fuel tank fire. Also in automobiles, the bulkhead separating the engine compartment from the passenger compartment is called a firewall.

In computing terms, a firewall isolates a computer or network from another computer or network. Most often, this creates a so-called "trusted zone" on the inside of the firewall (your local network), which is protected from the untrusted zone outside (the internet). Some network firewalls sit between sections of the network; this creates DMZs, or De-Militarized Zones, referring to the military term for areas that separate two opposing factions to reduce the risk of war. Certain devices, such as public web servers, that need to interface more with untrusted zones will be in the DMZ with a firewall between them and the local network, offering more protection for that network.

As with firewalls in buildings, a certain amount of penetration of the firewall is allowed, but these penetrations, or ports, are controlled and safeguarded against bad stuff trying to get in.

Ports

In networking, one will often hear the term port. Ports, according to the Internet Assigned Numbers Authority (IANA, which coordinates functions for the internet), "name the ends of logical connections which carry long term conversations. For the purpose of providing services to unknown callers, a service contact port is defined." Essentially, this is an addressing scheme that allows the computer to assign meaning to incoming and outgoing information.

Ports fall into three categories:

• Port numbers that range from 0 through 1023 are called Well Known Ports. On most systems, they can only be used by system (or root) processes or by programs executed by privileged users. The IANA has assigned specific uses for most of these ports.
• The Registered Ports are those from 1024 through 49151 and can be used by ordinary user processes or programs executed by ordinary users. Many of these ports are also assigned.
• The Dynamic and/or Private Ports are those from 49152 through 65535. The name is self-explanatory; they are not assigned.

So what firewalls do is filter the data coming into them, allowing information for certain ports to go through and rejecting others, according to preset rules. There are three different ways this is done:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters

Proxy service - Doesn't accept packets coming in from the untrusted zone unless they were specifically requested by a computer in the trusted zone.

Stateful inspection - Doesn't examine the entire incoming packet, but compares certain key parts of that packet to defining characteristics derived from packets traveling inside the firewall to the outside.

Internet: Internet Radio

Internet radio (aka e-Radio) is an audio broadcasting service transmitted via the Internet. Broadcasting on the Internet is usually referred to as webcasting since it is not transmitted broadly through wireless means but is delivered over the World Wide Web. The term "e-Radio" suggests a streaming medium that presents listeners with a continuous stream of audio to which they have no control much like traditional broadcast media. It is not synonymous with podcasting which involves downloading and therefore copyright issues. Nor does e-Radio suggest "on-demand" file serving. Many Internet "radio stations" are associated with a corresponding traditional "terrestrial" radio station or radio network. Internet-only radio stations are usually independent of such associations.

Internet radio "stations" are usually accessible from anywhere in the world—for example, to listen to an Australian station from Europe or America. This makes it a popular service for expatriates and for listeners with interests not adequately served by local radio stations (such as progressive rock, anime themed music, classical music, 24-hour stand up comedy, and others). Some Internet radio services offer news, sports, talkback, and various genres of music—everything that is on the radio station being simulcast over the internet with a netcast stream.

Freedom of the Airwaves
Radio broadcasting began in the early 20s, but it wasn't until the introduction of the transistor radio in 1954 that radio became available in mobile situations. Internet radio is in much the same place. Until the 21st century, the only way to obtain radio broadcasts over the Internet was through your PC. That will soon change, as wireless connectivity will feed Internet broadcasts to car radios, PDAs and cell phones. The next generation of wireless devices will greatly expand the reach and convenience of Internet radio.

Uses and Advantages
Traditional radio station broadcasts are limited by two factors:
• The power of the station's transmitter (typically 100 miles)
• The available broadcast spectrum (you might get a couple of dozen radio stations locally)
Internet radio has no geographic limitations, so a broadcaster in Kuala Lumpor can be heard in Kansas on the Internet. The potential for Internet radio is as vast as cyberspace itself.

In comparison to traditional radio, Internet radio is not limited to audio. An Internet radio broadcast can be accompanied by photos or graphics, text and links, as well as interactivity, such as message boards and chat rooms. This advancement allows a listener to do more than listen. In the example at the beginning of this article, a listener who hears an ad for a computer printer ordered that printer through a link on the Internet radio broadcast Web site. The relationship between advertisers and consumers becomes more interactive and intimate on Internet radio broadcasts. This expanded media capability could also be used in other ways. For example, with Internet radio, you could conduct training or education and provide links to documents and payment options. You could also have interactivity with the trainer or educator and other information on the Internet radio broadcast site.

Internet radio programming offers a wide spectrum of broadcast genres, particularly in music. Broadcast radio is increasingly controlled by smaller numbers of media conglomerates. In some ways, this has led to more mainstreaming of the programming on broadcast radio, as stations often try to reach the largest possible audience in order to charge the highest possible rates to advertisers. Internet radio, on the other hand, offers the opportunity to expand the types of available programming. The cost of "getting on the air" is less for an Internet broadcaster and Internet radio can appeal to "micro-communities" of listeners focused on special music or interests.

Unix: The Unix Philosophy

Essentially, UNIX is made up of files. In fact, every aspect of UNIX is looked at as a file. When we write some data to be displayed on screen for example, the data is actually written to a screen file and then a certain device driver in the kernel is activated. This controls a particular device, in our case the screen. And the contents of the screen file are displayed on the screen. Files that relate to hardware are known as "special files".

We have one universal file - unix itself. But this file is broken up into many other smaller file systems. By default, i.e. when we install UNIX, there is one root and two user file systems created. Normally file systems correspond to physical sections of the disk, basically the root file system and many user file systems.

These file systems are again broken up into directories (which are again viewed as files) and files. These directories can further have sub-directories and files giving rise to a hierarchical tree-like structure.

In DOS, we sometimes divide the disk into logical sections like C and D. Each of these logical drives has its own set of directories and files. To move from one drive to another we just need to specify the drive as the DOS prompt and hit enter.

But while we are at one drive we can access a file from another drive. Now both these drives are always available by default. In UNIX there is a slight difference. While the root file system and the two user file systems that are created by default are loaded, access to any other file system is only possible if they are explicitely mounted. Mounting means nothing but loading them into memory. And considering that file systems are viewed by UNIX as files, if a time comes for them to be accessed, they have to be in memory (as like any other file).

For example, the floppy drive. This too is considered by UNIX as a file. And read or write to a floppy drive is first done in a "special file", from which then the contents are transferred to actual floppy. But to be able to access the floppy drive through the file connected to it, the file has to be mounted i.e. in memory.