 All right. Good afternoon. I'm Vic. That's my email address. This presentation has changed a bit since I submitted the slides to DEF CON. I'll submit an updated copy to DEF CON, but you can also email me. How many feds in here? Yeah. Okay. Here's my usual disclaimer. Please read it, sign it. And this talk is actually four talks thrown into one and unfortunately when I was going over today, I realized there was no way I was going to cover 70 slides in 50 minutes. So we are going to skip one portion of this talk. If we have time at the end, we'll come back around. But you know the slides are there and I'm always available to answer questions. Next. Okay. If you're here and are interested in trying to crack on some of the Stego images, this URL, I don't see anybody with a laptop like trying to do anything, but we're going to get to this later in the talk and we will reveal some Stego stuff and show you how it works. But if anybody need this URL, all right. It's case sensitive because it runs on SunOS so that capital S and capital P has to be put in. What is the secret? We all know what a secret is. Why would we protect secrets? Well, because they're secret. Why would we share them? Actually, we will go over why sharing secrets sometimes adds secrecy or security, also for fault tolerance. So the next section, Chaffin and Winnowing, is the section I'm going to skip. It's pretty interesting stuff. It's a technique developed by Ron Rivest of RSA. He's a crypto god. If we have time, we'll come back around and it's a pretty interesting topic, but I had to cut something. So we're going to roll through these slides to the next section. Okay, secret splitting and sharing. What is it? It's just what it sounds like. You take a secret, you split it up and share it to make it more secure. We'll be explaining in detail. Why not use crypto? Well, you will encrypt data, but then what do you do with your encryption key? If you encrypt the encryption key, you're not solving the problem. You're just perpetuating it. So that's not a solution. You can store the key in a secure location, such as on a disk or in your mind, but if you die or the person who knows it dies, you can't recover it, or if the disk gets wiped, you can't recover it. You can store copies of the key in multiple locations, but then the potential for complete key compromise is increased. So to make the secret key or otherwise reliable and robust, you break the secret into pieces, distribute those pieces to different persons or machines, and then have parts of that, not all the pieces, needing to come back together to get to the protected information. So subsets of this group can then put their shares together and recover the information. Secret splitting. A secret sharing scheme has two parts, a set of holders and an access structure. The access structure is the subset of holders who can recover the secret by pooling their information together. Shares or pieces of a split secret that every holder holds. Two components. Here's an example where we have a set of holders, H1, H2 and H3, and an access structure set. So in this example, the subset of holders is who can discover the secret or uncover the information by pooling their information. So if holder one, holder two get together, they can recover the information. Holder two and three, they can recover it. All three of them together, they can recover it. H1 and H3 in this scenario, if they get together with their information, they cannot recover the data. A perfect secret sharing scheme is where any qualified subset can reconstruct the secret and any unqualified subset such as H1 and H3 in this example has no viable information on the secret. For any set of holders, there can be many different kinds of access structures. So for example, for a set of three users, you can use a lot of different access structures. So in this case, A or B or C means that all of these entities hold a big enough piece of the secret or the whole key to where any one of them can retrieve the information. Or you can have it where A holds a big piece and B and C, if they get their information together, they can recover the protected data. Or A, B and C all together at the last example can recover it. So just with a simple set of three holders, you can have a lot of different access structures and more than these examples even for just three. So why would we even care about different access structures? Because different secret sharing schemes may require different levels of fault tolerance and secrecy which you can realize by using different access structures. So if you have A or B or C can recover the information, that increases the fault tolerance. So I distributed a key to three people. I can get any one of those three people to bring their information together and recover the data, but it decreases the secrecy because it can be fully compromised by any one of those three people. If I require all three people to get together to recover the information, that increases the secrecy, but the key becomes more unreliable. Because if any one of those information or machines goes down, I've lost an integral piece of that shared secret and I can no longer recover my information. This is not limited to protecting like passphrases, although that's a common example. So you can look at this model in a lot of different possibilities. If you take say an organization that's going to make financial payouts and you have some top level business manager that has to sign a piece of paper to authorize that payout and you maybe need two mid-level accounting managers to sign that same authorization. So you need three signatures, one top level, two lower level to authorize that payout. That's an example of a split secret in a different model. So you can apply this to a lot of different scenarios and you can apply it a lot of different ways depending on your needs. Share sizes. So the larger the size of the share is, the less secure it becomes. So if I have a 20-word passphrase that I give to someone to protect, what are they going to do with it? Are they going to remember it? No. I mean, so what are they going to do? They're going to write it down. So now they know it and they've written it down. The potential for compromises there, the system is less secure because they've written it down somewhere because it's too much information for them to remember. So that's kind of important. And from here we could go into bounds and threshold schemes and logout algorithms and entropy and conditional entropy and theoretic notions, mathematical proofs, unions. This topic gets pretty geeky, but the concept is the same and we don't really have time to go into that much math. And I'm not that good at math anyway. Next slide. So here's just an example. If you're John Nash in that movie, A Brilliant Mind, I don't know if you've seen it. You can sit in the library all day and draw all these formulas and try and come up with some mathematical proof and apply it to business in some new way using this technique of split secrets and maybe become famous and get a movie done about you and Russell Crowe will play you. Secret splitting risks. The risks of authentication error or inconvenience, distress, damage to your organization or reputation, financial loss. I can give an example where I work. We have these inline storage encryptors. So we have back end storage area networks and NAS and SAN. And these inline encryptors, as data is written from Unix systems to those storage devices, it's encrypted as it goes through them when it's read off the storage devices. It's decrypted. And if you need to decrypt everything on the storage device, we have these crypto cards and crypto readers. And these are split secrets and they have to be provided. And our scheme was originally we had two card holders that had to provide these split secrets to recover or decrypt the entire storage. And we had a case where we're adding some storage and we had to decrypt everything. And a guy who works on my team was supposed to be in to support it on the security team. And a guy in operations had the other key. Well, the guy in operations comes in. It's a schedule change. They take down systems. They start swapping stuff around. And the guy on my team doesn't show up. And my boss calls me and, you know, he's like, you know, where's Rob? And, you know, I'm coming out from backpacking on, you know, coming out of the woods when he calls me. He said he's supposed to be here for this change. He's got the crypto card. And, you know, I asked if he called this house and his cell phone and he had and he wanted to know if I had his home address. And I didn't. So he was going to go knock on Rob's door and, you know, find out where this crypto card was. Couldn't reach Rob all day. I finally reached him late in the afternoon. He had been out the night before. Late. He was hungover. And, you know, we had systems down and we lost money that day. So on Monday morning, the secret splitting scheme kind of changed. And yeah, our staff might have changed also. Personal safety just kind of is a wild example. If you have a safe room in your house and you and your wife or girlfriend or boyfriend or whatever, both have to put in some code to get into it. And only one of you is home when someone breaks in. Then you have a risk-based consequence of an authentication error. So the point here is to only use secret splitting where needed and justified and make sure you plan and manage the setup properly. Secret splitting uses. Nuclear launch codes. I mean, we've all seen the movies where two guys have the keys to, you know, launch the nukes. They both have to put in some pass codes. Bomb components. They don't own it. So, you know, I don't endorse terrorism or anything, but just take an example. Some guys want to, you know, put a plan of bomb somewhere and blow it up, but this place has a lot of security checking people as they come in for, like, bombs or bomb-making ingredients. So if they split up those ingredients to where you have, like, instead of one guy carrying a bomb or all the ingredients, you have 10 guys carrying pieces of it, they get past these checks and once they get to that destination, they put it all together and launch a successful attack. Level three and four, PKI. I worked at a federal agency. I actually set up the first production PKI in the federal government. And as our PKI matured, we had a secure room where we had to have two people badge in at the same time. We had to have, you know, different signatures to sign certificates, multiple people. So we had split secrets in that scenario. Intellectual property protection. So, you know, just as an example, if you work for Cisco and you're responsible for iOS, you don't want that leaked out to your competitors. Maybe you have all your developers working on pieces of iOS and only managers have the authorization through change controls and operations group to put all those pieces together to make a viable product. So you've split your intellectual property across all your developers to make it more secure. Where's filing? Illegal substance smuggling of possession. So say you know that the magic number with ecstasy is if you have 20 hits of it, that's where possession becomes trafficking. Instead of a five-year penalty, you're going to do 20 years or something like that. Well, don't carry 20 hits of ecstasy. Carry 10 and get your buddy to carry 10 or carry 19 and get your buddy to carry one. Not that I'm endorsing illegal drug use. So that's just, these are examples of secret splitting. I hope I explained it somewhat clearly. All right. Moving on. Stegonography. What is it? It's covered writing. It dates back. It's been used for a long time, wax tablets. There was a Roman general who used to shave the head of slaves and put messages on their head and then send them to some destination to deliver the message after their hair had grown back. This is a really slow message delivery system. But if they got intercepted, the message was not revealed. But when they got to the destination, they shaved the head and get the message. You can hide text in the same color as the background. Lots of different things. Digital stegonography hides information in digital files. And we'll go to the next slide. So why is it effective? These first two points are just something stupid put on the slides. Because nobody expects the Spanish Inquisition. And to quote Kaiser Soze, the greatest trick the devil ever pulled was proving to the world he didn't exist. But my quote, and it's not original, is that the best place to hide something is in plain sight. And the point is that stego is effective because people take what their eyes see on face value as a rule. So if you get pulled over and you have a six pack of soda along with some groceries and you have a receipt from the grocery store where you just went and whatever, border patrol or cops are searching your car. They see that six pack of soda and think nothing of it. Well, maybe that six pack of soda is really some kind of container of illicit material. But at a glance, your eyes take what you see on face value. And that includes digital files. When you're looking at programs that actually execute or you're looking at digital images, what you see you tend to believe is what it is. And steganography works because of that. Steganography history, we're going to skip this slide. It's just boring history. You can read it anytime if you're interested in the topic. Simple DOS example, not denial of service, which I've had a couple of those tried against my laptop at DEF CON. Getting smurf attacks, plenty of port scans, good fun on the DEF CON network. DOS example, so you would open up a text file in binary mode instead of text mode. Append another file to the end of the first file and write and end a file flag at the end of the first file. So that anything in the second part of that file, if someone does a type command, type the file, it's not going to be displayed to the screen because it's going to hit the end of file flag because the type command reads in text mode by default. So the only way to get to that extra data that's hidden in that file is to switch to binary mode and open the file. And for improved security, maybe you encrypt that second part of the file. So if anybody actually opens it in binary mode, they think it's garbage data at the end of the file. So that's just a simple DOS example. Another example is where you would append a zip file to a gif file. So you end up with a file that's readable both by zip programs and gif programs, image viewers. But because it's got a .gif extension, if you try to open that file by default, you're going to use an image viewer and you're going to see an image. Meanwhile, you could have a zip file embedded in it. And the zip program will still open it, but you have to know that there's zip data in it. And the reason it works is because the gif information is stored in the file header and the viewers read that. And zip information is stored in the file footer and zip programs read that footer. Excuse me. All right. Modern implementations. Modern steganography attempts to be detectable only if secret information is known, the secret key. So this is similar to Kirchoff's principle that a cryptographic system security doesn't rely on the algorithm. It relies on the protection of the key material. This is a modern stego implementation. For steganography to remain undetected, which is not the same as unbroken, the unmodified cover medium must be kept secret or you must use a cover medium that is not common. So if you're hiding information in programs or images, you don't want to use pictures of Paris Hilton that everybody has because they'll see the original file size and attributes and see your same picture and see that the file size and attributes don't match or some popular song on mp3 compressed at 192. Well, if they have a copy of it that they can compare to your mp3 file that is different in its attributes, they'll know that file has been altered. So that way you might not be able to crack what's in there but you know something's going on but because then they'd have to figure out the algorithm that was used and know the passphrase for certain products anyway. So let's move on to the next slide. The color of secrets. So image file colors are important because of the amount of bits that are used and because images or slight changes in images are not detectable to the human eye. 24-bit color is true color. So you have one pixel in an image, it requires three bytes to create that one pixel. Each of those bytes represents a level of red, green, or blue, RGB color. So we have a purple line there and the color of the line is red. There's a value of 191, green is 29, and blue is 152. So you have to have those three bytes to make up one pixel of purple. So, you know, we'll go into a little more detail that kind of explains this next page. So what happens in steganography of digital images is it uses least significant bit overwriting and what you do is conceal or embed a secret message within the least significant bits of those color bytes. This works because the human visual system isn't acute enough to pick out changes in color. Next slide. So the least significant bit, and I kind of wish my laser pointer would work here, I thought the slides would be further back, the projection screens would be further back, but it overwrites the least significant bit, which is basically you have an 8-bit byte as you go up the string, the values are greater, one, two, four, eight, sixteen. So the least significant bit is that number one bit. So you're going to change that end bit, that right end bit. So in this example you're going to hide G in three, ten minutes. Okay, damn. We started way late. Okay, so, you know, you're going to hide B in like, G in the last eight, in the three pixels. So you're going to change the last byte of eight of those in three pixels. Each line represents a level of red, green, and blue. And so, like, this is a level of blue that's 200. You've changed it down here to two, I mean, that's 201, that's 200. So you're going to only have a slight change in blue in an image. So if you have an image file that has a bunch of flowers, yellow flowers, white flowers, red flowers, and you're changing just pixels in that from one shade of red to a slightly different shade of red, the human eye is not going to pick it out. All you see is flowers. Meanwhile, you've hidden data within that using a program that can change these bits and then read through them again to recover the hidden information. Next slide. Overview of some Stegotools. We're just going to roll through these slides. Here's some information on a bunch of tools and what they do. Keep going, keep going, keep going. Detecting Stegonography Use. There are some tools out there that basically check a bunch of NSRL, DB hashes of all, you know, common programs. So you can run those programs on an operating system that you're doing forensics on, say. And if it detects, you know, whatever this program, explore.exe has different attributes than it's supposed to have, then maybe that means that executable has been modified. These programs will also detect the existence of Stego software. So if you're using Stego to protect some kind of secrets, you really want to use it kind of offline and not keep your secrets and your Stego software on the same machine because if your machine gets seized and Stego software is found, then every file becomes suspect. Now maybe you're using good Stego software and you're using good secret keys to unlock it and maybe even if they discover it, they can't get at the hidden data, but you know, the smart thing is to not have those eggs in the same basket. Here's an example on some ABC broadcast. There's the original image at the top and this is using Steg Detect and Steg Break. These are free pieces of software. You can see kind of the results of running them. It revealed there was a Steg image and the passphrase was ABC. It's easy to crack that kind of passphrase. You're going to use good passphrases if you're going to use Stego, obviously. So next slide. We have some online examples. And because we only have ten minutes, I would, you know, let me roll back around and try to reveal a couple of these, but we're going to roll on and then come back to that because I only have ten minutes. Stegonography uses hiding information, you know, the drill. And it's actually cool. It's easy to use and, you know, if I show you these examples, you'll get a better gist of it. Hiding and sharing secrets physically. So these are spy tactics and practices. Don't steal secrets, make copies. So use a camera, use a video camera. One technique that's kind of cool is stick a camera inside a copy or machine and just as people make copies or printouts, you just capture copies of that and retrieve it later. Establish creative two-way communication. So you're going to use some signals to communicate with someone without actually talking to them, just some physical signals. Use dead drops where parties never meet. So when spies exchange information, if I wanted to exchange information with somebody here and use a dead drop, maybe I take something, I stash it in the stairwell on top of some light or under the bottom stair, and then I go out and make a mark on some DEF CON poster and that's my signal. The person I'm communicating sees that mark that we've pre-agreed on. They know I've stashed something. They go get it out of that stairwell at some other time. That person and I never meet. We're never seen together. That's what dead drops are. Employ creative envelopes or containers for secrets to be exchanged and use common or public areas. So you can go down a trail in the woods and drop something, go on an elevator, stash it in a little emergency thing or up in the ceiling in a library, stick something in a book that somebody's going to pick up later, sports stadium, whatever. Next slide. More spy tactics. You must keep the secrets hidden until time of transfer through a variety of methods. You may use caching where you bury your secrets, weapon, money, tools or whatever. If you're using caching or storing them somewhere, you have to weigh the accessibility against the secrecy. So do you need to obtain that often or rarely? How far away is it? How hard is it to get if you need to get it back? Use a booby trap container that will destroy the contents if they're not opened properly. So that's a pretty good technique. That way maybe you've lost the material, but the material is not compromised in a way that's going to end up in the wrong hands. Destroy obsolete records, receipts, tools. If you're doing this kind of secret exchanges, you don't want to keep any information you don't need because it might incriminate you later. Next slide. Two-way communication. You may need two-way communication, so I mentioned make a mark on a poster. Well, maybe somebody has to do some other communication to give me information that the secret has been picked up. So you'll have signals to note that the drop is made, may need a different signal. You can use a, you know, throw a drink can somewhere, break a tree branch going into a park, make chalk marks. So hobos use this to like designate. They do war chalking, not for wireless access points, but like where you can get a shower or a free meal or something like that. Maybe a rock somewhere. And before the Civil War, people who were helping slaves escape would hang quilts that showed direction to some escape routes. So that was kind of a two, you know, secret communication channel. Secret envelopes only limited by the imagination. You know, go inside an airplane, stick it in a smoke detector and have somebody come back and pick it up inside books, inside a diaper genie or junk mail envelopes or whatever. Only limited by your imagination. Lots of interesting ideas here. So you could do a lot of different things to hide information in containers. Next slide. Dead drop uses, you know, drug deals, classified information exchange, stolen goods exchange. Use your imagination. Next slide. A few live containers. I have a bunch of containers to like just show stuff. And I have a bunch of things, but I've been here since last Friday. I had a bunch of luggage already and didn't feel like dragging a bunch more luggage. So instead I just put together some slides with some images for some examples. Leftovers. You could use real leftovers. You know, put something in a pill bottle and stick it in there to where it's not getting ruined. Or you could buy these fake leftovers. A thing of hairspray. That PBR can. There's a hemp shop down the street across from the stratosphere tower that has a bunch of soda cans that you can hide stuff in it. Don't ask me how I know that, but... But you can buy one there. Next slide. Inside a candle, inside an electric outlet. Who's going to look there in a house if they're looking for something? The sprinkler head. A sprinkler system in your yard. Who's going to walk around and pop in every sprinkler? People see a sprinkler head. They think it's a sprinkler system. Next one. You know, this fix-a-flat. This fire alarm thing is kind of my own. You know, some of these things you can buy online. This fire alarm thing, I actually happened to get a fire alarm and gutted it, and you can use two-way tape and stick it anywhere and people think it's a fire alarm and ask something for someone. Plastic models. Ask me about this Goodyear Blimp off-camera. Specifically, I used to have one of those. So... Holocoins. I have that silver dollar. No one can tell the difference. Same weight. You can store obviously small things like microfilm or something in there. That fate nickel has a cipher in it. A mantle. No attack on that young lady, but that's one ugly mantle. What the hell is that duck? But, you know, people see a mantle and they think it's a mantle. Okay, one minute. The sandbox. I have another story about that. So, you know, ask me later. Next slide. Holosticks and branches and stuff. So, you go hiking in the woods. You have a hollow stick in your pocket with something in it. You go on a trail and you drop it and you see some specific tree and then you let somebody know it's there, they go hiking in the woods. It's out of the way. Nobody sees you drop it. You're off the trailhead. You're down the trail somewhere and nobody sees that person pick it up. So, next slide. Dead rats and dog poop. Cold War spies have actually used dead rats to hide secrets and when they started doing this, both US and Russians were getting carried away by animals that were eating them. So, they found out that if they put some Tabasco sauce on them, the animals would leave them alone. So, dog poop, you might not want to fool with it, but then, you know, whoever's looking for your, you know, following you around is not going to want to fool with it either. So, next slide. Jean-Avie from Brush Hour 3. It's kind of that whole tattoo on the head thing. Next slide. References, some additional reading and, um, yeah, I think I'm out of time and I'm really apologize. I would love to show you the Stego images. But, thank you for being at this talk.