Week 16: 第二次小考

今天的第一堂課, 我們進行本學期的第二次小考。

Week 15: 偽裝學之數位鑑識應用

今天上課的主題是教科書的 第 11 章: 偽裝學之數位鑑識應用

§ 11.1.1 密碼學與偽裝學

　這個主題我們討論已經夠多了, 考試也考了, 所以 ...

§ 11.1.2 偽裝學的技術

　課本 P. 361 有一段談到駭客使用大眾論壇的目的是避免被不相干的人所干擾, 也會透過偽裝學的技術來發佈相關資料...

　網路為什麼不安全?

News: 美偵察機回傳影像 伊叛軍攔截

〔自由時報 2009/12/18 編譯羅彥傑 綜合報導〕

美國軍情官員指出，伊拉克好戰份子透過網路價僅二十五．九五美元（台幣八百三十九元）的現成軟體，就能攔截美國「掠奪者」無人偵察機回傳的即時影像，很可能藉此獲得美軍任務情報。美軍擔心，巴基斯坦、葉門與索馬利亞的敵對勢力，也可能利用該技術攔截影像。

華爾街日報十七日引述美國高階國防與情報官員的話表示，靠伊朗撐腰的伊拉克什葉派叛軍，利用諸如俄羅斯軟體公司推出的下載工具SkyGrabber等軟體程式，加上無人偵察機若干通訊網路未受嚴密保護，得以定期抓取此一遙控飛機回傳的影像。

駐伊美軍去年底抓到一名什葉派戰士，發現他的筆記型電腦包含無人偵察機的回傳影像，才發現有此問題。今年七月，美軍在其他好戰份子的筆電上也發現遭盜取的回傳影像，促使官員認定伊朗訓練的好戰團體正定期攔截回傳資料。

美國官員表示，沒有證據顯示伊拉克好戰份子能夠掌控無人偵察機或者干擾它們的飛行。儘管如此，這些截聽行動可能使得特定任務無法發揮奇襲效果，而且讓叛軍更容易研判美軍正監視哪些道路與建築物。這也顯示，美國的敵人透過簡單的電腦網路戰，就可以抵銷美國的高科技軍事優勢。

無人偵察機讓美軍能安全地監控目標，已成為美國在阿富汗與巴基斯坦兩國的武器首選。目前美軍已展開補救措施，希望把已有十年歷史的掠奪者通訊網路升級為具有加密功能，但由於許多設備都得一併更換，工程相當浩大。

Week 14: 小考檢討 & JPEG steganography

1. 小考檢討

大部分的同學上週的小考都不是考得很理想, 所以今天在課堂上花了很多時間和大家溝通一些學習的觀念。

2. JPEG compression

3. JPEG steganography

Week 13: Visual Attack

本週的第一節課, 我們舉行本學期的第一次小考,...



第三節課我們介紹了 Andres Westfeld 在 IHW99 論文 "Attacks on Steganographic System" 所提出的視覺攻擊法(visual attack)。

所謂的視覺攻擊法乃是將機密訊息可能隱藏的位置的二元值抽取出來, 依其相關位置組成一個位元平面, 然後是用人類視覺來判斷是否有機密訊息隱藏其中。

Week 12: LSB Embedding vs. Chi-square Attack

1. LSB embedding

2. Random message assumption

3. Chi-square attack

Week 11: Fridrich's Method for Palette-based image Steganography

1. Fridrich's method for palette-based image Steganography

2. 課程公告:
　小考: Week 13 & 16
　想參與出考題的同學, 可以在 12/7 以前把你出的題目回應在本篇文章之後。

　

Week 09: ezStego 的嵌入技術

如何在不改變調色盤內容的情況下, 將機密訊息嵌入到調色盤類型的影像之中呢?

Machado 提出的方法

Week 08: S-Tools 的調色盤分析

請同學針對 S-Tools 所產生的偽裝影像(stego-images)中的調色盤與原始掩護影像(cover-images)中的調色盤比較。

Week 7: 調色盤影像(Palette-based Images) 的嵌入技術

1. S-Tools

S-Tools is a steganography tool that hides files in BMP, GIF, and WAV files. You open up a copy of S-Tools and drag pictures and sounds across to it. To hide files you just drag them over open sound/picture windows. You can hide multiple files in one sound/picture and your data is compressed before being encrypted then hidden. Multi-threaded operation means that you can have many hide/reveal operations going simultaneously without fear of them interferring with you or holding up your work. You can even close the original picture/sound with no ill effects to ongoing threads. Encryption services come courtesy of "cryptlib" by Peter Gutmann (and others).

2. 請同學研究 S-Tools 這個隱藏軟體, 然後將研究心得貼到 作業部落格 中。
　( S-Tools 下載 )
　

Week 06: Reading

今天由於四甲同學拍畢業照, 因此請其他同學在教室閱讀我們所指定的書籍。

閱讀能力與習慣是慢慢累積與培養出來的,
沒有下苦功, 就無法享受閱讀的喜悅喔!
　

News: 電腦新病毒藏身資源回收桶

【台灣醒報 2009/10/20 記者林永富報導 原始新聞連結】

又有新病毒模式，而且藏身在電腦系統中的資源回收桶，巧妙躲過檢查。掃毒軟體公司諾頓近日發現，一種「W32.Pilleuz」蠕蟲病毒，以此方式避開掃毒，並進而存取電腦檔案或攻擊電腦，呼籲電腦使用者經常更新病毒定義檔，備份檔案及掃毒，以免電腦受損。

該公司指出，電腦使用者一般很少注意到電腦系統的資源回收桶內的檔案內容。這次發現的蠕蟲病毒就利用此一特性，隱身於資源回收桶，一旦開啟時，病毒會複製到資源回收桶中，並且命名為「sysdate.exe」檔案，接著新增登錄表，在每次開機時都會自動執行檔案。

此一病毒攻擊方式，以後門程式從遠端存取使用者電腦檔案，還可讓病毒自動更新，竊取使用者資料，包括保存在電腦中的密碼，瀏覽器資料等，更會利用使用者電腦發起（Dos）攻擊，以及修改使用者檔案等惡行。

W32.Pilleuz 病毒的傳播方式非常多樣，主要的像是透過即時訊息，發送惡意連結給使用者的好友；透過行動儲存裝置；及自身複製到共享軟體的共同目錄，借用共享軟體傳播出去。

防毒軟體公司建議，隨時更新病毒定義檔，使用具有「網頁安全功能」的防毒軟體，以避免使用者從惡意網站下載來歷不明的檔案。此外，雖然行動儲存裝置使用便利，但在使用前或下載前，都需先以防毒軟體掃描，確認安全無虞後再打開檔案。

News: 英國政府向同志密碼破解者杜林道歉

《中英對照讀新聞》
UK gov't apologizes to gay codebreaker Alan Turing
英國政府向同志密碼破解者杜林道歉

自由時報 原始新聞連結

◎ 俞智敏

British Prime Minister Gordon Brown offered a posthumous apology recently for the "inhumane" treatment of Alan Turing, the World War II codebreaker who committed suicide in 1954 after being prosecuted for homosexuality and forcibly treated with female hormones.

英國首相布朗最近為已故的二次世界大戰密碼破解者杜林所遭到的「不人道」待遇道歉，杜林被依同性戀罪名起訴，並被迫接受女性荷爾蒙治療，於1954年自殺身亡。

The mathematician helped crack Nazi Germany’s Enigma encryption machine — a turning point in the war - and is considered a father of modern computing.

這位數學家協助解開了納粹德國代號「謎」的密碼機，這是戰爭的轉捩點，他也被視為是現代電腦之父。

In 1952, however, Turing was convicted of gross indecency for having sex with a man and offered a choice between prison and "chemical castration" — the injection of female hormones to suppress his libido. His security clearance was revoked and he was no longer allowed to work for the government.

但1952年杜林卻因與男子發生性行為，被依行為不檢罪名起訴，他必須選擇入獄服刑或接受「化學閹割」，也就是注射女性荷爾蒙來壓制性慾。他的安全許可也被撤銷，無法再替政府工作。

Two years later, he killed himself at age 41 by eating an apple laced with cyanide.

兩年後，他吃下攙了氰化物的蘋果自殺，得年41歲。

"It is no exaggeration to say that, without his outstanding contribution, the history of World War II could well have been very different," Brown said. "He truly was one of those individuals we can point to whose unique contribution helped to turn the tide of war."

布朗表示，「假如沒有他（杜林）的傑出貢獻，二戰歷史恐怕會完全不同，此話一點也不誇張。」「他的確是我們可以指出，憑其獨特貢獻協助扭轉了戰爭局勢的少數人之一。」

新聞辭典

crack：動詞，指破解（密碼）、解開（難題等），如 They cracked the code and read the secret message.（他們破解了密碼，讀取秘密訊息。）

clearance：名詞，指取得官方同意從事某種行為，或符合官方對某事設定的條件，如 The plane will be taking off as soon as it gets clearance.（飛機在得到許可後就會立刻起飛。）security clearance尤指安全調查、忠貞調查或參與機密的資格。

turn the tide：片語，指造成局勢逆轉，如 The government had planned cuts in the armed forces, but when war broke out, the military saw a chance to turn the tide.（政府原打算裁軍，但隨後戰爭爆發，軍方發現了逆轉情勢的機會。）
　

News: 陸客觀光 直搗我神祕網軍禁區

(中國時報 2009/10/17 呂昭隆 台北報導) 原始新聞連結

國安官員透露，五月底，大陸觀光客馬中飛隨團來台參訪，進入台北市基隆路「國軍人才招募中心」後方的管制區拍照，該營區內除有國防部「資電作戰指揮部」外，還有一個更敏感單位，即行政院研考會「技術服務中心」。此單位扮演政府資訊安全把關角色，馬中飛能找到這個鮮少曝光的單位，應非巧合。

據了解，研考會技服中心全稱是「國家資通安全技術服務中心」，任務是提升政府對資安事件應變能力，降低可能造成的損害，如協助事前安全防護、事中預警應變、事後復原鑑識等「技術服務」。

摸清辦公地點 藉觀光情蒐

據這位國安官員透露，「技服中心」抓大陸電腦駭客、網路間諜相當有一套。某次，國安局偵測到有政府高層官員的個人電腦傳出不明檔案，前任局長許惠祐親自出面處理，國安單位即請「技服中心」出馬，發現這位政府高層官員的筆電有四個木馬程式，並告知「有兩個是安徽的，一個是福建的，還有一個是台灣內部的」，相當厲害。據了解，入侵政府網路資訊的駭客或間諜，以大陸所占比例最高，技服中心是政府資安應變的把關者，雙方過招多年，所以能辨識哪些木馬程式是安徽的，哪些是福建的。

這位官員表示，除了軍方，所有政府文官的資安應變，都是「技服中心」負責，事實上，國安與情治單位的資安，也多半找技服中心協助。

研考會技服中心 意外曝光

這位官員表示，馬中飛在前往基隆路的技服中心前，曾去過新店，這不是一般「大陸觀光客」的行程，因為新店有國安局與國防部的電偵單位，特別是能找到不曾在媒體曝光的技服中心，而且還能知道辦公地點就在基隆路國軍人才招募中心後方的管制區內，應該是來台之前就計畫好了。

這位官員研判，馬中飛是來台進行「觀察情蒐」，以前我軍情局初次派遺約聘人員赴大陸情蒐時，也是這樣做。即先分派一些簡單的任務，或是指定到軍事、敏感單位附近拍照，藉由「觀察情蒐」表現，評估是否正式聘用。

馬中飛是五月廿五日下午四時左右侵入營區拍照，被軍方逮捕，經查看數位相機記憶卡，有數張營區標語等照片，隨後移送檢方，高檢署訊後直接將他釋回，馬中飛隨即搭機回大陸。

Week 05: Cover-Media

1. If necessity is the mother of invention, then perhaps adversity is the mother of cryptanalysis.
~by Simon Singh, Code Book, p.144

2. Cover-Media vs. Stego-Media

3. Palette Images

Week 04: Kerckhoffs Principle

1. 傳統加密演算法可以分成兩類:
　　a. 移位法(transposition)
　　b. 替代法(substitution)

2. 移位法與替代法的安全度

3. 阿拉伯的密碼分析家
　為什麼當時的阿拉伯人這麼聰明??

4. Kerckhoffs' Principle
　The Security of cryptosystem must not depend on keeping secret of crypto-algorithm.
　The security depends only on keeping secret the key.
　密碼系統的安全性不在於防止敵人洞悉密碼演算法,
　鑰匙的保密才是決定密碼安全性的唯一關鍵。

5. Key Exchanging

6. Secret-Key Vs. Public-Key
　
本週指定完成之作業:

　本學期你準備要閱讀的一篇論文, 請將該論文的相關資料貼到 Homework Show @ IHC 作業部落格中。

Week 03: The Prisoners' Problem

1. On Public-Key Steganography in the Presence of an Active Warden
　Scott Craver
　[ IBM Research Report ]

　

2. The prisoners' problem and the subliminal channel

3. 天馬茶房: 林強 - 幸福進行曲

Week 02: Information Hiding

1. 課本圖 1.1 秘密通訊的流程的原始來源是 Information Hiding - A survey [ PDF ] 的 Fig. 1. A classification of information hiding techniques.



2. Enigma



3. Bletchley Park

　
　
　

Week 01: 本課程評分規則

1. 98學年度上學期本課程評分標準

　a. 小考二次 (20% + 20%)
　b. 故事書三選一閱讀分享 (20%)
　c. 論文閱讀一篇 (20%)
　d. 學習態度: 出缺席, 課堂睡覺, 互動討論參與 (20%)
　e. 程式撰寫 (20%)

2. 教科書: 資訊媒體安全 - 偽裝學與數位浮水印

　　

　定價: 560 元, 團購價: 420 元。
　可於 9/24 課堂上繳費領書。

3. 故事書:

　　　　

4. 作業繳交部落格 Homework Show @ IHC

　請修課同學在本篇文章中, 留下學號與 email , 我會發共同作者的邀請信給你, 讓你有權限可以在作業部落格繳交作業。

News: Gordon Brown: I'm proud to say sorry to a real war hero

Gordon Brown: I'm proud to say sorry to a real war hero
The treatment of code-breaker Alan Turing was utterly unfair, says Gordon Brown

By Gordon Brown
Published: 9:30PM BST 10 Sep 2009
Original Link

This has been a year of deep reflection – a chance for Britain, as a nation, to commemorate the profound debts we owe to those who came before. A unique combination of anniversaries and events have stirred in us that sense of pride and gratitude that characterise the British experience. Earlier this year, I stood with Presidents Sarkozy and Obama to honour the service and the sacrifice of the heroes who stormed the beaches of Normandy 65 years ago. And just last week, we marked the 70 years which have passed since the British government declared its willingness to take up arms against fascism and declared the outbreak of the Second World War.

So I am both pleased and proud that, thanks to a coalition of computer scientists, historians and LGBT (lesbian, gay, bisexual and transgender) activists, we have this year a chance to mark and celebrate another contribution to Britain's fight against the darkness of dictatorship: that of code-breaker Alan Turing.


Computer pioneer Alan Turing, who helped crack German Enigma codes during WWII

Turing was a quite brilliant mathematician, most famous for his work on breaking the German Enigma codes. It is no exaggeration to say that, without his outstanding contribution, the history of the Second World War could have been very different. He truly was one of those individuals we can point to whose unique contribution helped to turn the tide of war. The debt of gratitude he is owed makes it all the more horrifying, therefore, that he was treated so inhumanely.

In 1952, he was convicted of "gross indecency" – in effect, tried for being gay. His sentence – and he was faced with the miserable choice of this or prison – was chemical castration by a series of injections of female hormones. He took his own life just two years later.

Thousands of people have come together to demand justice for Alan Turing and recognition of the appalling way he was treated. While Turing was dealt with under the law of the time, and we can't put the clock back, his treatment was of course utterly unfair, and I am pleased to have the chance to say how deeply sorry I and we all are for what happened to him. Alan and the many thousands of other gay men who were convicted, as he was convicted, under homophobic laws, were treated terribly. Over the years, millions more lived in fear in conviction. I am proud that those days are gone and that in the past 12 years this Government has done so much to make life fairer and more equal for our LGBT community. This recognition of Alan's status as one of Britain's most famous victims of homophobia is another step towards equality, and long overdue.

But even more than that, Alan deserves recognition for his contribution to humankind. For those of us born after 1945, into a Europe which is united, democratic and at peace, it is hard to imagine that our continent was once the theatre of mankind's darkest hour. It is difficult to believe that in living memory, people could become so consumed by hate – by anti-Semitism, by homophobia, by xenophobia and other murderous prejudices – that the gas chambers and crematoria became a piece of the European landscape as surely as the galleries and universities and concert halls which had marked out the European civilisation for hundreds of years.

It is thanks to men and women who were totally committed to fighting fascism, people like Alan Turing, that the horrors of the Holocaust and of total war are part of Europe's history and not Europe's present. So on behalf of the British government, and all those who live freely thanks to Alan's work, I am very proud to say: we're sorry. You deserved so much better.