John Smith is a data scientist for a large food processing company. Smith is concerned about some of the practices employed by the company after reviewing some data. Smith wants to smuggle the data outside the organisation. Smith has decided to use steganography to hide the data in some personal images he has on his smartwatch.
John Smith has decided to smuggle the data out using steganography. John Smith is unsure of what steganography approach to use.
Compare and contrast TWO steganography algorithms in the given context.
Both Least Significant Bit and Bit-Plane complexity Segmentation are steganography algorithm. In the given context, it depends on the type of personal images that Smith decided to embed the data in. If the personal images are of 8-bit gray-scale, least-significant bit steganography is good enough since only the least significant bit of the plane is needed to store the data and this change will not be significant enough to be noticed. If the personal images are complex, which contain both informative and noise-like region, then Smith should use Bit-Plane complexity Segmentation since there will be more area of Smith to hide the data in, in the noise-like region. If Smith wants to smuggle a big amount of data, he should opt to use Bit-Plane complexity Segmentation.
1b.
John Smith has determined that to smuggle considerable data out of the organisation through a few images he will need a steganography approach that utilises considerable capacity of the vessel. Figure 1 is an illustrative example of the vessel images.
Devise a high-capacity steganography algorithm in the given context. Highlight the key steps and challenges for the proposed approach.
Step 1 - Preprocess the image
Ensure the images are in a suitable format (eg. PNG) to avoid lossy compression artifacts. Resize the images to fit his smartwatch display while maintaining a high resolution for steganographic embedding.
Step 2 - Bit-Plane Decomposition
Decompose each image into its constituent bit-planes. Each bit-plane represents a binary image corresponding to a specific bit position across all pixel values.
Step 3 - Complexity Analysis
Analyze the complexity of each bit-plane and segment the bit-planes into smaller blocks then measure the complexity of each block.
Step 4 - Embedding Data
Identify and select the complex blocks to embed the data
Step 5 - Reconstruction
Reconstruct the image by combining the modified bit-planes. Ensuring the modified image closely resembles the original to avoid suspicion
Challenges and Mitigations
Image Quality -
Challenge: High-capacity embedding may degrade image quality.
Mitigation: Use perceptual models to ensure that changes are imperceptible to human eyes. Test various complexity thresholds to balance capacity and quality.
Smartwatch Limitations -
Challenge: Smartwatches have limited display sizes and processing capabilities.
Mitigation: Optimize image sizes and processing algorithms for the smartwatch's specifications. Use efficient algorithms to minimize computational load.
1c.
John Smith is concerned that after he smuggles data out of the organisation he may need to reveal how he smuggled the data. John Smith does not want to reveal how he smuggled the data out of the organisation. John Smith confides in his friend Susan that the police could force him to reveal the stenography algorithm under the Regulation of Investigatory Powers Act (RIPA) 2000. Susan states that he has nothing to worry about as RIPA is concerned with encryption, not steganography.
Argue the relevancy of the Regulation of Investigatory Powers Act (RIPA) 2000 in the given context.
In Regulation of Investigatory Powers Act 2000 (RIPA), states the acquisition of the means by which electronic data protected by encryption or passwords may be decrypted or accessed and cases in which key is required but in this given context, Smith embed the electronic data into a medium which is his personal image. Embedding of data onto a medium is not encryption since there is no key involved and the data is not encrypted at all. The original data is just hidden under a medium. If the data is retrieved from the medium, it will just be the original data hence RIPA will not be relevant in this case.
Raphael Aerospace Case
2a.
S0 - System is still running with tasks being executed
S1 - CPU and RAM receiving power but instructions are not executed
S2 - CPU powered off, RAM still receiving power
S3 - Suspend-to-RAM with RAM still receiving power and context transferred to RAM
S4 - Suspend-to-disk with RAM powered down and RAM transferred to non-volatile memory
S5 - Powered-off, system is off
In Software-based full disk encryption, CPU does the encryption and decryption where the key to do so, is stored in the RAM. At S0 and S1, encryption and decryption can still go on since both CPU and RAM is receiving power. At S2 and S3, encryption and decryption operation can no longer take place because the CPU is not running anymore but the key to do the operation is still stored in the RAM so retrieval of the key is still possible at this point. At S4 and S5, nothing can be done anymore since RAM have also powered down which mean the key is gone till it's powered up again.
2b.
Evaluate and describe THREE potential approaches to recover the keys associated with software-based full-disk encryption and argue for the optimal approach in the given context.
Cold boot - Reducing the temperature of the RAM can help reduce the fading speed and this way, it is possible to scrape the volatile memory
Direct memory access - Access to the memory directly when the RAM is still running with power supplied to it.
Evil Maid - Altering the Master Boot Record with a modified version that includes key-logging. Key-logging captures the inputs being entered onto the machine so that subsequently, a person with the information is able to access the device physically.
Since the laptop is seized in sleep mode, it means the RAM is not off so the investigation team can do Direct memory access by accessing the RAM through the usage of BITUNLOCKER. Dumping the RAM image to an external drive and attempt to find the key.
2c.
Raphael Aerospace is a British company, but the laptop was seized at the North American campus. The employee is a United Kingdom (UK) citizen and is concerned about the laws regarding software-based full-disk encryption in the United States (US). The employee believes that the UK will be a more favorable jurisdiction from the perspective of being forced to reveal any keys or passwords associated with encryption.
Contrast the UK and US legal perspectives regards compelled decryption, speculate on the optimal jurisdiction in the given context.
United Kingdom (UK):
Regulation of Investigatory Powers Act (RIPA) 2000:
Section 49: Under this section, allow authorities to compel individuals to disclose encryption keys or decrypted data.
Protection: While the law permits compelled decryption, it includes some safeguarding, such as the authorities requiring a warrant and judicial oversight
United States (US):
Fifth Amendment:
Self-Incrimination: Protects individuals from being compelled to incriminate themselves. In the context of compelled decryption, courts have ruled both ways -- sometimes protecting individuals from being forced to reveal passwords, and other times allowing it under the "foregone conclusion" doctrine.
Foregone Conclusion Doctrine: This doctrine states that if the government can show that it already knows of the existence and location of the evidence, and that the act of producing the evidence does not add to the government's information, then compelled decryption may not violate the Fifth Amendment.
