Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
  • H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
  • H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/16—Obfuscation or hiding, e.g. involving white box
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
  • H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
  • H04L2209/34—Encoding or coding, e.g. Huffman coding or error correction

Definitions

• the invention relates to digital data security technologies and communications and more particularly to a method and apparatus for securing data and permitting secure electronic communications relying on encryption and steganographic techniques.
• OTP steganography
• hardware steganography
• Password protection is commonly used for access control but has inherent security level shortcomings when applied to data security.
• Patent 4,405,829) and Diffie-Hellman U.S. Patent 4,200,770.
• a repository capable of storing millions of public keys needs to be in place to facilitate Internet level global communications security.
• OTP One Time Pad
• Hardware encryption cards and boxes have been used for secure communications. Hardware encryption provides high level security and key management but is very costly. In addition, hardware encryption systems have not been compatible with other hardware systems, i.e. they lack interoperability. Hardware encryption is ideal for point to point communications or closed systems where cost is not a factor; they range from $ 1 ,000 - $25 ,000 in cost. Hardware encryption systems are typically not suitable for open or mass communication applications.
• Steganography is a relatively new method for data security.
• Steganography the art and science of hiding the existence of information, has in the past been primarily associated with invisible inks, messages sent via telephone line noise known as TranSec, and red cellophane such as that used in games to reveal information hidden in a red-blue block.
• TranSec telephone line noise
• red cellophane such as that used in games to reveal information hidden in a red-blue block.
• Steganography has migrated to the computer in the form of hiding information in graphical images, sound files, or other media including text files such as Mimic functions.
• Mimic functions convert plaintext letters into common everyday English words that are then put together to form pseudo-sentences. The resulting message resembles aMadlibTM.
• This system features a data security method that combines the strength of encryption with the strength of steganography.
• a software or hardware package may provide both a secure method of communications via electronic communications systems and a secure work environment for data.
• the features and processes utilized in the invention deliver a cohesive standard by which data can be secured.
• the invention features an easy to use interface that is cohesive with standard protocols and procedures within both the corporate and individual environments.
• the interface combined with the high level of security and functionality lends mass market and global level appeal to the invention.
• the system also includes provisions for recovering the encrypted and encoded information.
• the data may be transmitted to another system, kept in the present system, stored on a media, or any combination of those choices. Because of the exposed nature of most communications methods, the greatest need for such security is usually for transmitted data.
• Figure 1 shows a flow diagram of the encryption process.
• Figure 2 shows a flow diagram of public key distribution.
• Figure 3 shows a flow diagram of the process of combining encryption with steganography.
• Figure 4 shows a flow diagram of the steganographic selection algorithm process for generation of the selection algorithm.
• Figure 5 shows a flow diagram of the process of steganographically encoding data into a stream of data bits.
• Figure 6 shows an illustration of the floating toolbar user interface.
• Figure 7 shows a flow diagram of combining encryption and steganography for the purpose of secure backup to removable media, as may be used for storage of personal or administrator keys.
• a system according to the invention may encrypt files and documents with a choice of multiple algorithms and methods.
• One preferred embodiment may be designed with a modular open-ended architecture in an object-oriented scheme that allows the easy insertion of any encryption algorithm, including both single key and public key algorithms.
• the invention may utilize the modular design with flags that alert the program to the encryption method used for simple decryption and easy upgrade to multiple encryption algorithms and methods.
• Each algorithm is treated as a modular process that fits into the predefined call of the program.
• the program calls provide for a key(s) and input/output of data, thereby allowing for any encryption algorithm to be plugged in once configured to meet the specifications of the program calls.
• the preferred embodiment uses a two-step process: an encryption algorithm(s) creates the ciphertext, which is then steganographically secured. Both conventional single key encryption and hybrid public/single key encryption systems can be used here. Since multiple types of encoding are contained in the system, each type using potentially different types of keys, key management is also a major feature.
• the flow charts of Figures 1 - 5 and 7 show the various processes involved in the system.
• Figure 1 shows the basic encryption process.
• step 2 the data is input into the system through any suitable method (file selection or from within an application via a floating toolbar button as illustrated in Figure 6), where key management is performed in step 3.
• Key management can be the insertion of a key by the user, a selected key from a key list, or other key selection methodology including randomly generated keys.
• the key(s) is then used by the encryption process of step 4 to encrypt the retrieved data.
• the encryption method used is determined by a configuration performed by the user or by a preset default.
• An encrypted message, or ciphertext is produced at step 5 as a result of this process. If only basic encryption is desired, the process can end here with the ciphertext being returned to either a file or back into the application the original data came from. However, for greater security and/or innocuous messaging the ciphertext can be subjected to further encoding techniques, as described later.
• FIG 2 shows the basic key transfer process utilized by the invention when distributing keys for use in a public key encryption system.
• public keys are selected from a list or database for transfer. Keys are digitally signed by the sender's signing key in step 8 and transferred in step 9 via electronic mail, a network system, or saved to a file for manual transfer.
• the recipient system Upon receiving the transferred keys, the recipient system authenticates them using existing public keys, and the recipient's local database of keys is updated in step 10 with the transferred keys.
• This process enables users to utilize public key encryption as described in Figure 1 for encryption of data and also for key authentication using a horizontal trust model.
• FIG. 3 shows a two-step encoding process, with encryption followed by steganographic encoding.
• Steps 12 through 14 correspond to steps 2 through 4 in Figure 1, which produce a ciphertext through standard encryption techniques as described earlier.
• a steganographic selection algorithm (SSA) uses the ciphertext in abit-to-byte correspondence for selection of replaceable characters/bytes. The replacement produces the steganographically encoded result at step 17.
• SSA steganographic selection algorithm
• step 3 which uses an encryption key as both a key and as data to be encrypted.
• a key is chosen in step 19, either randomly generated or chosen by the user, and repeatedly copied in step 20 until the result is the same size as the data stream or media which will be steganographically modified.
• This result is then encrypted in step 21 with the same key to produce a selection ciphertext.
• each bit of the selection ciphertext is then associated with a byte (or pixel, or other suitable unit) in the data stream.
• the selected data stream bytes are those whose associated bit in the ciphertext is a logic '1' (or alternately, a logic '0').
• every data stream byte has an associated bit in the selection ciphertext, but for greater security only every nth byte can have an associated bit. While this selection algorithm is described in the context of steganographic data encoding, it can also be used for any other selection applications in which the selected units are to remain secret.
• FIG. 5 shows the details of the steganographic encoding process (step 16 of Figure 3).
• the data to be encoded is brought in at step 25, and in step 26 each bit of this data is associated with a selected byte in the data stream or media to be modified.
• the data stream or media can be a random number stream, multimedia file such as a graphic image or sound file, a text document, or some other form of data.
• step 27 the media is brought in for association with the bits in step 26.
• the selection algorithm developed in Figure 4 the least significant bit of each selected byte is replaced in step 28 by the corresponding data bit from step 26.
• This newly modified data stream or media represents the encoded steg-stream of step 29 which produces the secured message shown in step 17 of Figure 3.
• This process can also be described in mathematical terms.
• the steganographic selection algorithm is a reproducible random selection process utilizing ciphertext as the selection operand, where:
• the invention utilizes an encryption algorithm and resulting ciphertext to enable a selection of data.
• the selection , f 0 (), is performed on the data, d, based on the bits from the resulting ciphertext, f x (k), where k is the encryption key and / x () is the process by which the key is used as both the encryption key and the plaintext, created by / r ().
• / r () takes the encryption key, k, and copies it back to back such that the resulting plaintext is equivalent in size, n, to the target data, n d , to be selected from.
• / c () uses the encryption key, k, to encrypt the plaintext resulting from / r (), or k n d .
• the resulting ciphertext, (k n d ) k is then used in a bit-to-data comparison to facilitate selection of units where d is the target data to be selected from and x is the selecting bit from the ciphertext. Either a 1 or 0 can be used as the selecting bit.
• d x is the resulting selected units from the data.
• the steganographic encoding process can be described mathematically by the following:
• PRNG pseudo random number generator
• the invention performs a least significant bit conversion on the medium where the bits from the original data are then inserted into selected bytes of the medium at the least significant bit position.
• the selection of bytes from the medium is performed by some selection process, such as an algorithm, character key, or other method.
• a random stream generated by a PRNG can be used as the medium.
• Data is encoded or hidden in the stream by converting the least significant bits from selected bytes of the medium into the bits from the original data, whether in plaintext or ciphertext form.
• An example of an encoding is as follows: Object: Hide the word "it.”
• bit sequence for the word "it” is: 01101001 01110100.
• bit sequence for the word "it,” 01101001 01110100 is hidden in the selected byte sequences by least significant bit conversion:
• the file to be 'stegged' i.e., the data stream in which the message will be hidden, is selectable by the user.
• This file can be in many formats, but for effective security it should be the type of file that can be modified without such modification being obvious.
• other preferred formats are: graphics (BMP, GIF, JPG, etc.), sound (WAV, RA, AIF, MIDI, etc.), and video (MPG, MOV, etc.).
• these files might be usable for graphics, sound, or video in their modified form without noticeable performance degradation, thus further obscuring the fact that they contain encoded data.
• the system also has a number of other features which give the user a range of selectable security functions :
• Toolbar User Interface The system utilizes a floating toolbar that gives the user simple accessibility to security functions throughout the operating system environment.
• Figure 6 shows an example of selections available from the toolbar.
• Item 31 is the toolbar's handle which enables both the drag and docking of the toolbar in the environment and, by right mouse clicking on the handle, allows for the configuration of the toolbar and other setup options.
• Items 32a and 32a are the toolbar's handle which enables both the drag and docking of the toolbar in the environment and, by right mouse clicking on the handle, allows for the configuration of the toolbar and other setup options.
• Item 33 is the active window protection button.
• Item 34 is the place holder for other features configurable for use on the toolbar with the default being the exit function.
• Selective Text Encryption The system allows the user to highlight and select portions of the text, including paragraphs, sentences, even words, to be encrypted within a plaintext document. Delimiters are used so that a user decrypting the selected text does not have to identify its exact boundaries.
• Digital Signatures The system provides Digital Signature capability to its users. Digital Signatures verify the origin and document integrity using one way hash functions and the Signing key belonging to the user. The system generates a hash sequence based on the contents of a document and then encrypts it with the Signing key. This sequence can be checked by the recipient to validate the sender and the contents of the document by decrypting the hash sequence using the verification key, packaged with the user's public key, and then comparing the hash of the document to the one contained in the Digital Signature. Digital Signatures can be used on both plaintext as well as ciphertext messages.
• Partial Screen Blanking This provides a secure work environment by covering most of the active window with a graphic image.
• the active window is protected up to approximately the last 3/4 inch of the window.
• the graphic image acts like a window shade and can be manipulated using the mouse to cover more or less of the active window. This allows the user to continue entering data and have the rest of the document secured from view. This feature is especially useful when the screen is in an unsecured area, where "roving eyes" can be a problem.
• Partial screen blanking toggles on and off via a button on the TUI and can also be set to require a key to be toggled off.
• the invention utilizes a special key management system incorporating public and single key technologies with Digital signatures and certificate formats, combined with ease of use to allow easy integration of a public key communication system without the need for a fully implemented public key infrastructure.
• the invention utilizes hybrid encryption. Data is encrypted using a Pseudo Random Number Generator (PRNG) generated session key to create the message ciphertext. The session key is then encrypted using either a recipient's public key (for transmission security), or a predetermined user local key (for storage security). A header is added to the message ciphertext containing the encrypted session key and other information necessary for decryption purposes.
• PRNG Pseudo Random Number Generator
• the other information contained in the header includes algorithm identifiers, file name, time and date information, sender name, and a digital signature if that option is selected.
• the header is divided into protected areas and clear text areas where protected areas are also encrypted and clear text areas are the minimum information needed to decrypt the header and message ciphertext upon receipt without undermining the security of the system.
• Public keys are transferred between corespondents via a key transfer utility included in the invention that facilitates a transparent Internet and/or network-based transfer of public key information.
• the public keys are X.509 certificate formatted in compliance with the standards for compatibility with Certificate Authorities (CA's) and can also be digitally signed by the sender to provide a horizontal Web of Trust infrastructure.
• CA's Certificate Authority
• Transmitted public keys contain the public half of the public key pair, the verification key, sender username and e-mail address, and any authentication information available to the sender including previous senders' signatures and digital identifications provided by CA's. Public keys are maintained in a database where authentication information is also associated with each public key.
• the user's secret information includes the user's private half of the public key pair, the user's signing key and the user's local encryption key. These are secured locally by the user.
• the system allows the user to utilize encryption and steganographic capabilities to both secure data and allow for innocuous messaging.
• a message or file is encrypted and steganography is used to encode the encrypted file into a graphic image, sound or movie file.
• File compression - A file compression utility is provided for the encrypted file to reduce file sizes.
• Secure Backup on Removable Media - This provides a method by which users can back up and store off-line on removable media important data such as personal decryption keys, Administrator keys, key pairs, or other highly confidential information and data. As shown in Figure 7, data is input into the system, encrypted, and then encoded onto the removable media.
• Figure 7 illustrates this process using two floppy diskettes.
• this process can be performed to multiple floppies and onto almost any removable media such as recordable CD-ROMs, Zip Disks, Back Up Tapes, etc. It can also be used with multiple locations of remote or local non-removable storage, although this might provide a lesser degree of security.
• step 36 the data, which could consist of personal keys or Administrator public key pairs, is input into the system.
• step 37 key management is performed to determine the encryption key(s) for the data, such as a public key for a system administrator and a randomly generated session key.
• the data is then encrypted in step 38 using an encryption algorithm as in Figure 1 utilizing the keys from step 37.
• the encrypted data is split into files corresponding to the number of removable media to be used.
• This splitting function involves taking bytes from the encrypted data and placing them into separate files such that each byte is placed in a different file than its adjacent bytes. For example, if three files were to be created using the splitting process in step 39, and 'abcdefghijklmno' was the starting file to be stored, the resulting split files would be: 'adgjm', 'behkn', and 'cfilo'. This process eliminates unwanted exposure of partial ciphertexts in the event that the security of one or more of the split files is compromised.
• each split file is written to selected sectors of its removable media.
• the key produced in step 37 is used to choose the exact sector(s) on the removable media where the files are written.
• the keys themselves can also be written to one or more of the removable media, such as the first one. Both file(s) and keys can be written without headers.
• the removable media is written to by a pseudo-random number generator (step 43) to "fill" the remaining sectors of the media with random noise. This filling process writes the random data to all sectors of the removable media except those previously written to.
• the removable media now contains the split files of the encrypted data masked into random noise. This process represents another form of steganography, since it entails the 'hiding' of sensitive data among other, non-sensitive data.
• Retrieval of the hidden data can occur by effectively reversing the aforementioned process: Key management is first performed to retrieve the relevant key(s) from the media. Then each split file is retrieved using the proper key(s), the multiple split files are merged, and decryption is performed on the merged file. This is basically a reversal of steps 38-40.
• Additional security can be provided through additional means, such as storing each of the backup media in a different location, physically securing the backup media, or keeping the key(s) separate from all the backup media.
• additional means such as storing each of the backup media in a different location, physically securing the backup media, or keeping the key(s) separate from all the backup media.
• Administrative Features The system provides the network administrator or security administrator with several features tuned to the corporate environment. The Administrator can block access of employees to certain features of the system, including secure deletion, steganography, etc. The Administrator is also given the capability to gain emergency access to files and E-mails generated by users on the network.
• Every encryption method also includes a decryption capability.
• the decryption is generally the equivalent of an encryption operation in reverse.
• the system of this invention can decrypt any message encrypted by the aforementioned methods, using the decryption method appropriate for each type of encryption.
• Multi-encrypted data is decrypted in the reverse order in which it was encrypted, using any decryption information available from the message itself.
• the preferred embodiment uses software as a means to perform the described functions.
• firmware or a combination of software and firmware, is also envisioned.
• the preferred embodiment operates in the Windows environment due to the extremely broad market acceptance of the Windows operating system. But the invention will operate equally well in other environments, including single- or multi-user operating systems and single- or multi-processor systems.

Landscapes

• Engineering & Computer Science (AREA)
• Computer Security & Cryptography (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Storage Device Security (AREA)
• Signal Processing For Digital Recording And Reproducing (AREA)

Applications Claiming Priority (9)

Publications (1)

Family

ID=27506002

Family Applications (1)

Country Status (3)

Families Citing this family (11)

Family Cites Families (11)

• 1998
  • 1998-08-28 AU AU10604/99A patent/AU1060499A/en not_active Abandoned
  • 1998-08-28 WO PCT/US1998/017839 patent/WO1999010859A2/en not_active Application Discontinuation
  • 1998-08-28 EP EP98953158A patent/EP1033008A2/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events