Other Research Areas
|
Digital Forensics
Digital forensics involves the scientific study of digital media to identify, assess, recover, analyze and/or establish facts and opinions about the information. The field of information forensics falls within electrical and computer engineering and computer and information science research domains. The field, in part, emerged from the traditional steganography and covert communications research communities.
Steganography
Steganography is the process of hiding a secret message inside another message that masks the secret message. Steganography is often described in the context of the “Prisoner’s Problem.” Here, Alice and Bob are in prison. They can communicate to one another through the prison warden. They would like to communicate an escape plan. However, if the warden finds out they will be placed in solitary confinement. Therefore they intend to mask their secret escape plan in innocent-looking messages. They could do this by writing letters to one another whereby the real message is embedded in select locations. For example, the first, second or even last letter of each word contains the secret message. Given the proliferation of multimedia, more recently steganography has been applied to digital images and video. Video information provides an unprecedented bandwidth in which to hide content. Moreover, the hidden information in the digital media will undergo the same transformations as the media itself providing a platform in which to derive forensics evidence of data processing for tamper-assessment and authentication.
Steganography has been used historically. Consider the following real-life World War I Press Cables (from Washington DC to Germany). Can you find any hidden information in either one?
PRESIDENT’S EMBARGO RULING SHOULD HAVE IMMEDIATE NOTICE. GRAVE SITUATION AFFECTING INTERNATIONAL LAW. STATEMENT FORESHADOWS RUIN OF MANY NEUTRALS. YELLOW JOURNALS UNIFYING NATIONAL EXCITEMENT IMMENSELY. | APPARENTLY NEUTRAL’S PROTEST IS THOROUGHLY DISCOUNTED AND IGNORED. ISMAN HARD HIT. BLOCKADE ISSUE AFFECTS PRETEXT FOR EMBARGO ON BYPRODUCTS, EJECTING SUETS AND VEGETABLE OILS. |
Take the first letter of each word: “Pershing Sales from NY June 1.” |
Take the second letter of each word: “Pershing Sales from NY June 1.” |
Steganalysis
The purpose of steganalysis is to detect the presence of steganography within innocuous-looking media such as digital images or video. Steganalysis is an art of covert signal detection in which the signal in question has been embedded within another, often more prominent, signal using steganography. In the classical Prisoner’s Problem, the warden would take the role of a steganalyst. A steganalyst may be passive (in which only the presence or characteristics of a hidden message is to be detected) or active (in which, the warden can not only look to detect steganography, but make modifications to the innocent-looking message — e.g., replace words with synonyms — to reduce the likelihood of successful steganography).
Passive stegananalysis within digital images and video often makes use of statistical information and pattern recognition approaches to identify hidden information. Active steganalysis makes use of signal processing approaches that modify the content imperceptibly and may make use of mathematical models of human psychology.
Covert Communications
Covert communications is communications through an unintended and/or unauthorized communications path. Typically, use of the covert communication channel violates one or more security policies. There are several classes of covert communications: computer-oriented, such that vulnerabilities in software and operating systems are leveraged, network-enabled, which exploits format the structure of protocols and algorithms for networked communications, and media-based in which information is hidden by taking advantage of the limited range of human perception.
Typical characteristics of covert communications include that the associated communication links are not designed for data exchange, the process employs entities not intended to be data-carrying objects for information transfer, and they are facilitated via system resources shared by source and destination parties. There are typically two classical types of covert channels: timing channels and storage channels. In covert timing channels, the start-time or duration of a process is used to communicate information to recipient parties who can observe such resources. In covert storage channels, modulation of storage resources such as disk space and media files to embed information later retrieved by recipient parties.
Research
Our research in digital forensics spans may areas including digital video steganalysis, tamper-assessment and authentication, covert communications and image steganography/data hiding.