Archive for April, 2008

Thank You Allah !

Alhamdulillah…. Thank you Allah… Thank you Allah !

Today after doing house chores,  with basmalah i went to the faculty and attend the seminar. Hmm.. a talk by Dr. Ian Philips about internet performance and also a brief about univesity of Loughbrough. I love to attend seminar .. learn how to present and how to attract with audience.. different presenter have their different style. the strengthen from each presenter may help ourselves.

Another appointment …

****************************************

Date : 6 May 2008 (Tuesday)
Time : 9.00 am – 12.00 pm
Venue : Main Lecture Hall (Dewan Kuliah Utama), FSKTM
Speaker : Profesor Ir. Dr. Mohd. Sapuan Salit
(Fakulti of Engineering)

Notes: Attendance is compulsory to final year students.

Thank you.

************************************

Insyaallah i want to involve.

Thanks Allah ! I had meet the postgraduate’s administrator at my faculty to reallocate my teaching schedule for next semester.  Alhamdulillah… Allah give me a chance to do the best for my proposal where my proposal presentation was postponed till 16 May…. hoho.. i have 16 extra day to do the best … caiyoks!

Thanks Allah!

I had a chat with my “klik” just now at the seminar… we share our research problems.. hmm….alhamdulillah they are helping me much.. through their experience and their milestone of research, i do get a big picture on what i need to do and improve.. alhamdulillah..

OK … let have a new check list… yesterday  i finished my work till 12.30 am after tired forcing my brain to think ..hoho.. ok dear…let continue reschedule our works .. NEXXXXTTT !!!!

end of 2/4 day ! yippeee!

Alhamdulillah….my opinion about the presentation purpose is mainly to guide the journey of the research. This will examine our previous work in the previous semester weather it is full fill the “validity” of the research requirement or not.

hoho.. the brain is the main tools of the research..therefore, we need others people to give advice, comment and lead the way if it is wrong.. so, no worries about the presentation for this first phase. Just present your work as you present weekly to the supervisor.. concern with  the main point emphasised by the supervisor. If you did not found a way to resolve it, make sure you have a fact that can confidently show you have try your best and will achieve your target.

Hmm.. mostly, the comittee floor will throw up question relate on what you want to archieve by the end of your research? ( product? algorithm? ) Moreover, the possibility of your architecture…is it possible to contribute to a new knowledge? …then, is yes..is it original?… next is the measurement… how do you compare it with any related work?  how you measure that your model is be improve by the previous one? prove it. Next, is about the data… introduce your data set .. what you will collect? what you will use for the experiment… moreover is the requirement for your system ( prototype) what language you will used for the programming…and so on …so on..either software or hardware.

Phew! hmmm.. based on what i had wrote above..it is what i need to focus and i need do it now. All the resource is in my hand..now, it is how you handle the resources.

hmm..nani doesn’t present yet.. her committee members fly to Vietnam for a conference, therefore her presentation will be postponed. wow! praise to Allah. hehe.. ( can i have a chance?  = postpone my presentation..haha the Charmain will be at German on my presentation day..) hmm.. i don’t know.. but till now there is no presentation updates..seems the schedule is fixed and my supervisor said there will be someone replace his sit, so what i should do is always be PREPARED!

Hmm.. what ever… i am tired… owh ya! about the conference! i will issue this event to my supervisor in our next meeting session. wow ! the work burdens was pulling my leg now. haha the time is 8.15 pm ! to much mumbling 😛 wokeh.. RUSH our beb ! Start with Basmalah !

 

Tomorrow appointment … yeah!

Assalamualaikum & Good Day,

All are invited to attend the seminar as follows:

Date:  30 April 2008 (Wednesday)
Time: 9.50am
Venue: DKU(Main Lecture Hall), FSKTM
Topic: Internet Performance
Speaker: Dr. Ian Philips from Loughborough University, U.K

Attendance is compulsory.

Thank you.

huhuu…wokeh ! notted!

International Conference On Post Graduate Education 2008

“Postgraduate Education: Multidisciplinary Perspectives” will be held from December 16-18, 2008 in Penang, Malaysia.

The 3rd International Conference on “Postgraduate Education: Multidisciplinary Perspectives” will be held from December 16-18, 2008 in Penang, Malaysia. It will be hosted by Universiti Sains Malaysia, in cooperation with the Deans Council of Graduate Schools and the Ministry of Higher Education, Malaysia. The 1st conference on higher education was organized by University Malaya in 2004 while the 2nd conference on higher education was organized by University Malaysia Sarawak in 2006.

This Conference will be a meeting of minds to primarily discuss on significant issues which focus on multidisciplinary perspectives in higher education. The conference will provide a vibrant scholarly space to critically and creatively engage with new ideas and research about teaching and lifelong learning in higher education. In addition to researcher and student presentations, experts of the region will also be invited to give keynote speeches, sharing their insights on challenges and issues facing contemporary scholarship on higher education.

As the chairperson of this esteemed Postgraduate International Conference this year, I would like to personally extend my invitation to experts in the higher education, heads/administrators of higher education institutions, scholars, researchers, graduate, postgraduate students and representatives of interested organizations and foundations to participate in this esteemed conference to exchange opinions, experiences, views, and discuss new trends in higher education and its management. It is in this light that the theme of the 3rd international conference, seeks to promote our diverse and varied membership to meet and share our experiences on research, ideas of improvements in the quality, relevance, efficiency, and flexibility of higher education systems in order to stimulate a country’s engagement with the global knowledge economy.

Take this opportunity to write and publish paper

The fees is RM 200 for post grad student ! JOMMM!!!

end of day 1/4

Alhamdulillah… DONE ! the previous work was done…add more anchor paper ..alhamdulillah.. haha this will help me to do a comparison in order to understand the measurement scale. eemm..I have a scientific collaboration with others steganographer which doing the same research huh… waiting for their reply. I had post an ‘ambiguity’ question… hmm.. hopefully i do get a reply soon.

tomorrow will be the 2nd day of my countdown…

*********

day 1 LR part which consist of the previous work (DONE) and the steganalysis part. Recheck the slide also (TONIGHT). Alhamdulillah… done by 12.30 midnight…. ^_^

*********

day 2 : Today Task !

  • The anchor paper : Start: 10.07 am End:12.18 pm alhamdulillah

hoho .. my research’s mate have a presentation today at 2 pm …. i want to attend..yeah, can learn something rite? as schedule there will be 3 presenter for this evening.. wokeh i will spent my time [2.00pm-4.00pm] hmmm…

  • The measurement part : Start : 12.18 Break :1.00 continue:8.00 pm End:1.00am

Alhamdulillah… after witness the others presenter.. i got many guideline to ensure my proposal well done!

  • experimental design
  • Finalize the slide
  • Send for check by the co supervisor.

******************************************

day 3 do the correction + Slide

day 4 MOCK presentation ! stay calm my dear…

PRESENTATION DAY ! Go ! Khalifah of Allah !

ISACA® InfoBytes

 

Hiding Messages in Images and Text:
Risk Associated with the Technology of Steganography

By Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM

This article is a result of performing a systematic study and research into the working mechanism of technology used in steganography, an area of interest under computer forensics study. The article is an attempt to express how this technology works, how it can be misused and how the hidden risks associated with this technology can impact IS auditors and security professionals. In the future, automated IS security audit tools likely will be created that will help a CISA, CISM or CISSP detect these risks. The content in this document will be useful to all CISAs, CISMs and CISSPs and others in the field who would like to investigate computer crimes using modern technology.

Incidents in the US on 11 September 2001, as well as other recent terror attacks, have shaken many nations. Steganography has become an important issue because it is one technology through which a terrorist outfit can be in touch with its members around the globe.

Steganography is a graphical way of hiding information or a message within objects. While others are unaware of the content, the message is available to all concerned. As indicated numerous times in the media, many information transfers have been taking place over the Internet. These transfers allow the sender to distribute a message from anywhere in the world to anywhere else. Thus, when the message is sent, only the recipient knows that he/she has a message while others ignore it. This technology can be applied at various places causing major concern to IS auditors and security professionals.

Securing Information

Before understanding the science and art of steganography, it is appropriate to revisit various modus operandi used for any secure communication and information hiding. Security often refers to the assurance of confidentiality, integrity and availability. In this article, there is a greater focus on confidentiality, with less focus on integrity and no focus on availability-assuming availability is a risk and that it can be detected if suspected.

There are four ways of hiding information within a written communication:

  1. Secret writing—The text is written and broken into smaller pieces and sent to the destination via newspaper or human body, for example. The text is reassembled at the receiving end, comparable to solving a jigsaw puzzle.
  2. Cryptography—The message is broken into smaller units using a known or pre-determined algorithm or key. It may be a substitution, additive, transposition, transcription, etc. The science of cryptography is used for message encryption technology, digital signatures and private and public key cryptosystems used in digital certificates.
  3. Steganography—Techniques that conceal the existence of a hidden communication. The secret message to be transmitted is camouflaged in a carrier so that its detection becomes difficult. Information related to the sender and the receiver of the message also can be hidden this way.
  4. Digital watermarking—A message is embedded in digital media to prove ownership and either is perceptible or imperceptible. Today, people undertake great effort to dedicate time and intellectual capabilities toward creating artwork, pictures, images, videos, diagrams, designs, etc. They may have used a good portion of their time looking into references and research, and perhaps even more time bringing their work into some purposeful, meaningful shape. These fall under the individual’s intellectual property rights (IPRs). The increasing amount of original work presented on the Internet can be digitally copied by anybody who can then claim ownership.

Using Steganography

The techniques of using secret writing and cryptography can be detected easily as these techniques can be seen but not interpreted. Although confidentiality of the content of the message is achieved, confidentiality of the communication is not achieved and hence the message can be tracked and the sender identified. The science of steganography takes care of confidentiality in the content of the message as well as communication of the message. When one is suspicious, he/she can attempt to decode, destroy or change content. Thus, steganography is when the sender embeds a secret message into a public message, which is subsequently sent to the receiver, who knows how to interpret it. The probability of somebody else knowing that the embedding has taken place and being able to interpret the secret message is low.

The Process

Image

There are four components needed to understand this process. There is a carrier, technically called “cover,” denoted by the letter c. The secret message that needs to be hidden is denoted by the letter m. The next is the output called stego-media, denoted by the letter s, into which the message m needs to be carried. Lastly, the stego-key is denoted by k. The output s is obtained by using c + m + k into the steganography algorithm or technique.

The most probable reason for sending a message by this method is that any third party who receives this message will not be in a position to know about the presence of a secret message. The stego-media should not invoke any suspicion, otherwise the purpose of information hiding is lost. The message can be hidden into text, disk space, network packets, images, audio and video. The message also can be text, image or audio. Thus, one can have text into text, text into image, voice into image, etc. Again, the technique of embedding a secret message can be substitution, transform domain, spread-spectrum, statistical and distortion-based.

Finding hidden messages can be difficult. Images can be manipulated by blurring, sharpening, rotating, resizing and stretching. Embedding messages in high-frequency band covers is less suspicious because they can be decoded easily if detected. Embedding messages in low-frequency bands is more suspicious because they cannot be decoded easily if detected. This may be due to significant degradation in the stego-media, although they are within the perceptible range of human beings.

The steganography technique of data hiding can be done using one of the following two broad technologies:

  1. Substitution technique
  2. Transform domain technique

The substitution technique uses LSB (least significant bits) or MSB (most significant bits). Inserting too much data into this cover or embedding them at improper locations may invoke suspicion.

In the transform domain technique, data embedding uses three types of hiding capabilities or features. They are:

  1. Discrete fourier transforms (DFT)
  2. Discrete cosine transforms (DCT)
  3. Discrete wavelet transforms (DWT)

DFT uses middle frequencies. One may use row encoding or ring encoding of messages and place them into carrier images. Row encoding can best be placed in an open scene, such as a skyline. Ring encoding can spread into a picture in the form of a ring spread across the four quadrants of the picture. Besides circles, one could trace out any other geometric form of data marks for hidden messages.

DCT seems to be a popular way for hiding data in images and video. Data are embedded into JPEG/MPEG compressions. The file size in DFT could raise suspicion of the presence of hidden information. With DCT, this suspicion is less. Selection of blocks for hiding messages can be done using random sequences.

DWT seems to be gaining ground into signal processing and multimedia applications.

Conclusion

Images, pictures, audio, video and text all have become targets of suspicion for Trojans. In a picture, the LSB can be used for carrying hidden messages. Only too much data in the LSB area will raise suspicion for inspection or investigation. When the message is hidden using DFT, and the picture contains a lot of low light scenery, i.e., decreased contrast, tracing the hidden message becomes difficult. However, increasing brightness or contrast can reveal the ring mark, indicating the presence of a hidden message. The most effective way to hide an audio recording is to use spread-spectrum data into a cover image with a sky scene, water scene, landscape, etc. Within such scenes, the data hide in an echo imperceptible to humans.

For example, in a picture an image can be hidden within an image. Within a picture, text can be used and hidden into a bit number that satisfies y = mx + c to hide along a straight line and a circle along x2 + y2 = c. The same can be separated out and contents seen or read. Instead of lines, these could be architectural plans or road maps, for example. In the case of text, one could identify the sequence of bit numbers that satisfies specific mathematical equations. Images have their own color bits. The last bit of a color bit will carry the content bit of the text. Upon decoding, the entire text can be removed. This text is of the type LSB. When the text content bit is put into the first bit of a color bit, it is of the type MSB. Thus, text or picture hiding is best done in low-contrast scenes because humans detect it less frequently.

For IS auditors and security professionals, steganography techniques are used for sending messages (including voice, video, text, drawings and images) within an image. This is a major threat to users of information systems, as confidential and sensitive information can be placed into pictures and then distributed. Detection of such messages is difficult and only the recipients can take advantage of and use the contents. The sending of such pictures can be posted through chat sessions, bulletin boards, bulk mails, etc. The risk of detection is very high in this case. Even after detection, decoding the message may be difficult. Thus, the impact of such threats caused by the resulting vulnerability is very high. Research in this area began in the 1990s, and has yet to mature fully. The work on detection tools soon will aid in tracing, tracking and fixing, the way professionals have antiviruses for viruses, firewalls for network security and embedded message readers for hidden messages that could be a risk to the organization, business or economy of a nation.

Venugopal Iyengar, CISA, CISSP, DIRM, DTT, DCS, DCM
is the director of the Institute of the Millennium and the chief executive at Secure Matrix (India) Private Limited.

INFOSYSSEC

The Security Portal for Information System Security Professionals

 INFOSYSSEC

Slashdot /.News for Nerds.Stuff That matters

THE Rise of Steganography

Posted by JonKatz on Tue May 08, 2001 11:30 AM
from the -Here-Come-The-Information-Hiding-Wars dept.
The next major battle between hackers and the Corporate Republic will almost surely involve the relatively unknown fields of steganography and digital watermarking, otherwise known as Information Hiding, a scientific discipline to take very seriously. This is where the big three digital policy issues — privacy, security and copyright — all collide head-on with corporatism. If they hated Napster, they’ll really go nuts over rapidly evolving research into how to hide data inside data. (Read more.)

The engineers and nerds who still run the Tech Nation generally keep their noses to the grindstone. They’re disinclined to ponder the long view when it comes to developing new technology, preparing for the many public-policy issues surrounding the things they create.

And policy and technology collide all the time, from the building of the Interstate Highway to the space program to the Net. Three particular hot points emerge, when it comes to civics and technology: security, privacy and intellectual property. Naturally, there’s very little rational public or media discussion of any of them, beyond hysteria about violence, cracking, theft and porn.

Steganography is the means by which two or more parties may communicate using invisible communications — even the act of communicating is disguised. This sort of Information hiding — as opposed to traditional cryptography — could upend conventional wisdom about copyright, intellectual property and control of data online. The very idea of digital information hiding is almost bitterly ironic: The Net is the most open information culture ever, yet encroachments by corporatism and government are spawning an entire movement and discipline devoted to new techniques for hiding rather than opening data.

Some parties already understand the import of this struggle. Several weeks ago, academic SDMI (Secure Digital Music Initiative) researchers canceled a presentation they’d planned at the Fourth Information Hiding Workshop in Pittsburgh. The reason: pressure from the Recording Industry of America (RIAA), concerned that the release of data about advances in watermarking would undermine its long, expensive and still largely unsuccessful efforts to shut down free music on the Net.

Last week, Declan McCullagh of Wired News reported from the conference that Microsoft has developed a prototype system that limits unauthorized music playback by embedding a watermark that remains permanently attached to audio files. (Note: A conventional watermark is a normally invisible pressure mark in expensive paper which can be seen only when the paper is held up to a strong light. Digital watermarks are embedded in computer files as a pattern of bits which appear to be part of the file and are not noticeable to the user. These patterns can be used to detect unauthorized copies.)

During a security panel, reported McCullagh, a Microsoft research scientist demonstrated how the hidden copyright infringement fingerprint is so securely affixed to the audio that it remains intact even if a song is played aloud on speakers in a noisy room, then re-recorded. If the recording industry begins to include watermarks in its song files, Windows would refuse to play copyrighted music that was obtained illegally (as defined by the Digital Millenium Copyright Act, written by corporate lobbyists, enthusiastically passed by a Congress besotted with corporate money, and signed by a pliant President Clinton two years ago).

Every few years, the war over control of information online seems to escalate. Cryptography suddenly became critical when businesses started to buy and build networked computer systems and people began exchanging money online. Viruses and other epidemics gained widespread national attention once substantial numbers of computer users began trading programs. When the Net exploded, manufacturing firewalls became an industry.

Now the digerati are making a lot of noise about collaborative filtering and blocking and discussions systems, from weblogs to blogs to other peer-to-peer systems, but steganography is a vastly more significant development. Information Hiding, driven by the most significant policy issues of the Digital Age — privacy, copyright protection and state surveillance — is the battleground. It comes as the stakes rise in the conflict between proprietary and open information systems.

This week, according to the New York Times, Microsoft will unveil a broad campaign to counter the open source and free software movements, arguing that it undermines the intellectual property of nations and businesses. The campaign, says John Markoff in the Times, is part of Microsoft’s new effort to raise questions about the limits of innovation in open-source approach, to advance the idea that companies who embrace open source are putting their intellectual property at risk. In this context, as the battle lines around content and property become clear, the role of Information Hiding grows more critical.

During much of its growth, the Net escaped the attention of government and politics. That’s hardly the case now. Federal law enforcement agencies want the right to track information online. Businesses are terrified about the rise in free and shared data. In the Corporate Republic, business and government both grasp the essence of copyright, security and privacy issues. The war over free music has, almost from the first, been the aspect of this Information Age conflict most visible to the public, a testing ground for new technologies and applications that bring new threats and spark the reinvention of new protection philosophies and mechanisms.

Corporate lobbyists have successfully advanced the idea — via an expensive, sophisticated media and political campaign — that new laws and initiatives (from the SDMI to the Sonny Bono Copyright Act to the Digital Millenium Copyright Act) — are necessary to protect intellectual property from pirates online. It’s not so simple. These laws, some horrific in their impact on free speech and the fluid movements of creative works, primarily protect corporate revenues, not intellectual freedom or the rights of creators and artists.

Hiding information in modern media, sometimes in plain sight, has cropped up in music and DVD battles, especially regarding DeCSS, the program developed to allow the descrambling of DVD movies. (The writers of the program reverse-engineered the CSS scrambling methods that the Motion Picture Association of America uses to prevent DVD’s from playing on unlicensed player.)

There’s little published material about steganography, and what has been written costs a fortune. Information Hiding: Techniques for Steganography and Digital Watermarking edited by Stefan Katzenbeisse and Fabien A.P. Petitcolas, published by Artech House, costs nearly $100. But for anyone whose future work in the future involves information, privacy, security or copyright, you couldn’t spend the money more wisely. Steganography manuals may be essential tools of the hacker nation in the coming years, as they fend off corporate and government regulations and intrusions.

The book provides an authorative overview of steganography and digital watermarking. Steganography, the book explains, studies ways to make communication invisible by hiding secrets in innocuous messages, whereas watermarking originates from the perceived need for copyright protection of digital media.

Until recently, traditional cryptography received much more attention in the tech world, but that’s changing quickly. The first academic conference on stenography took place in l996, driven by concern over copyright and the growing corporate panic over the ease of making perfect digital copies of audio, video and other works. Katzenbeisse and Petitcolas have assembled reports that describe the new field of information hiding and its many possible applications, and describes watermarking systems and digital fingerprinting. The book also talks about the increasingly complex legal implications of copyright.

Anyone interested in the future of open media, or in issues related to privacy, copyright or security, will be particularly mesmerized by the chapter “Fingerprinting,” written by John-Hyeon Lee. In this context, “fingerprints” are characteristics of an object that tend to distinguish it from similiar objects. The primary application of digital fingerprints is copyright protection. The techniques Lee describes don’t prevent users from copying data or works, but they enable owners to track down users distributing them illegally.

Since corporate lobbyists have re-defined what is and isn’t legal when it comes to copyright in the 21st Century, this kind of fingerprinting has stunning civil liberties implications. This technology goes well beyond the software programs tracking Web use and pages; it gives governments, lawyers and corporations a way to follow and identify, thus control, almost every kind of digitally transmitted information. Fingerprints can also be used for high speed searching.

“Fingerprinting,” writes Lee, “is not designed to reveal the exact relationship between the copyrighted product and the product owner unless he or she violates its legal use. Compared with cryptography, this property may look incomplete and imprecise, but it may appeal to users and markets.” It sure will.

Fingerprinting may not be designed to reveal relationships between copyrighted products and owners, but there’s no reason it wouldn’t be used for that purpose. That seems inevitable given the high priority billion dollar media and entertainment conglomerates have put on enforcing copyright online.

Information hiding arises against a backdrop of growing confusion and confrontation about security and copyright, which has no global standard. In China, intellectual property is owned by the state. In the United States, copyright is being redefined by corporatists to grant businesses total contol over ideas in perpetuity, a perversion of the original American idea, which was to give creators and the public both acess to intellectual property, never intended to fall exclusively and in perpetuity into private hands. How can these legal and technical applicatiions be handled rationally, let alone democratically, when every country that hosts the Net sets different standards for privacy and security?

Different cultures not only have radically different notions about copyright, but view culture itself very differently. What the United States considers pornographic might be perfectly acceptable in saner countries like Holland or Finland. Conversely, what is protected as free speech here isn’t protected at all in much of the world.

So Information Hiding becomes politically important, as well as technologically central. Steganographers may ultimately decide whether movements like open source and free software can prosper and grow in the face of well-funded and organized attacks by corporations like Microsoft and industries like the record companies. They may give music lovers a way to defy powerful corporations and retain the right of access to the culture they’ve experienced freely for years. They may preserve the idea of security against state surveillance, intrusive educational systems, or even the private businesses forever collecting personal data.

It’s not a huge stretch to say that steganographers may determine whether the Net — and much of the data that moves through it — stays free or not. All the more important to understand what they do.

lalala song in my stomach :P

Alhamdulillah … there is only 6 more sub topics need to be cover. yeah ! caiyoks.. and at the same time my stomach play a great song ” lalalala” haha.. i not have my lunch either breakfast yet start from this morning, only a cup of “teh tarik ais” just now for a refreshment…haha they start to grumbling …” lalalala”

INGNORE? heh … i need to control my nafs ,, “but at the same time dont burden your health dear..” hehe.. yeah.. ok2 i will stop  for a while and get some bread. Let do like this .. if i can finish till 3 more sub topics ..i will stop and give a treat to my stomach …hehe.. wokeh.. get FOCUS!!

 

more you read ..more you will dig it… hohoho

Alhamdulillah… phew! take a break… there is a list of text steganography i need to search and understand… almost 11 sub topic. hmm.. lets go window shopping for a steganography books hehe..

hmm… amazon.com will help much.. most of the books  we have in UPM library..alhamdulillah..only “the most i want” heh..

Information Hiding Techniques for Steganography and Digital Watermarking

by: Stefan Katzenbeisser (Editor), Fabien, A.P. Petitcolas (Editor)

let search if there is a stock in the bookstore; hmm.. kinokunya, mph, times… just type those keyword and search..they have online service.

owh! they did not have the books! I need to order it .. let see…

kinokuniya : Tel: 03-2164 8133

MPH :

Book Availability or
Special Orders
customerservice@mph.com.my
(603) 2938 3818
(603) 7726 9003

hmm.. i will try to ORDER from both of them.. RM 200 for my books.. hopefully worth !OK i need to get a refreshment .. wassalam ..

« Previous entries