Wednesday, 29 August 2012

Hiding In Plain Sight

I recently wrote a short piece for the BBC Technology website in which I tried to explain why steganography (as opposed to cryptography) posed a very particualr threat.  Or least it might do.  The trouble is we don't really know, and the default position has been to assume that because we haven't discovered it being used en masse the threat is negligible.

For those who have been asking to learn more about steganography I would recommend beginning with the following sites:

  1. Wikipedia which in recent times has been updated with some really good introductory material on the subject including a bit about its history and the many forms it can take.
  2.  Dr Neil Johnson's introduction produced by a man who has been stduying teh subject for nearly 20 years and gives both introductory notes and some good further pointers to more advanced material.
  3. Dr Niels Provos site which is produced by someone I tned to thikn of as synonymous with the production of leading steganographic tools such as Outguess.
  4. SARC which is a centre of excellence for teh subject and holds a large database of tools and techniques in use.
  5. SANS reading room has a number of relatively recent papers discussing steganographic techniques and tools across a variety of digital media.
After that you really need to be looking at the text books. My personal favourites are:
  1. Digital Waternarking & Steganography by Shih from CRC Press
  2. Disappearing Cryptography by Wayner from MK
  3. Hiding in Plain Sight by Cole from Wiley

Wednesday, 22 August 2012

eVoting Gets Real

File:Victoria (Australia) coa.gifA workshop was recently held in Victoria, Australia with a view to introducing verifiable eletronic voting.  Having written about the characteristics of reliable e-voting systems in Scientific American recently it is interesting to see that officials are now working hard to implement it.

As well as researchers from University of Surrey, attending were senior Electoral Commission representatives from the federal, most of the state Electoral Commissions of Australia (and also New Zealand), plus the top IT people who implement the systems they currently use. There were also several Australian computer scientists and political scientists.

This mix of backgrounds helped those developing the technology (under the leadership of Prof Steve Schneider) to develop a good understanding of where the various stakeholders are coming from, and the practical and legal constraints that they are operating under. The workshop was focused on the principles and practical aspects of e-voting in Australia, and the issues around security and integrity when electronic systems are introduced into elections.

Prêt à Voter bannerUniversity of Surrey are working with the Victorian Electoral Commission (VEC) to develop vVote: a verifiable e-voting system for use in State elections. The core design is built on top of the Prêt à Voter system previously worked on at Surrey, and as is normally the case Verifiability was one of the key themes of the workshop.

However, Australian elections pose a unique set of challenges which motivate the introduction of electronic systems for capturing and processing votes, and which vVote addresses.

  1. Voters can vote from anywhere, not just their registered district. This has previously been managed using paper ballots, but this introduces delays in returning the ballots promptly, particularly from overseas.
  2. The complexity of ballot forms and casting a vote means that a percentage of voters inadvertently spoil their ballots (this is estimated to be around 2%), which would be mitigated by electronic assistance for completing the ballot form.
  3. Disabled voters (blind, visually impaired, and mobility impaired) must be given equal opportunities to vote secretly and independently.
  4. Voters who do not speak English must also be catered for.

Electronic voting introduces new risks to the security and integrity of elections (see Sci Am article for more detail), and the VEC were concerned that existing e-voting systems did not properly address these. The novelty of the Prêt à Voter approach is that it has universal Verifiability built into it, which enables all parts of the processing of the votes to be verified, either by the voter or by independent auditors, while maintaining ballot secrecy by use of cryptography.

VEC identified that Prêt à Voter was flexible enough to handle preferential voting on a large scale while maintaining usability for the voters. The team were able to actually cast a vote on the prototype vVote system which is finally bringing reliable e-voting to life.

The current target is to use the technology for the November 2014 election, so the reserachers will be kept busy for some time yet!

Monday, 20 August 2012

Surrey University Library for Forensic Analysis (SULFA)

This new video library has been designed and built for the purpose of video forensics specifically related to camera identification and integrity verification. As far as I know, no such library or similar currently exists in the community.

The Library consists of two parts.
  1. Original videos used to test algorithms for camera identification, device linking.
  2. Forged videos used to test forgery detection algorithms

SULFA contains original as well as forged video files, which will be freely available through the dedicated website at

There are approximately 150 videos collected from three camera sources, which are:

  1. Canon SX220 (codec H.264)
  2. Nikon S3000 (codec MJPEG)
  3. Fujifilm S2800HD (codec MJPEG) 

Each video is approximately 10 seconds long with resolution of 320x240 and 30 frames per second. All videos have been shot after carefully considering both temporal and spatial video characteristics. In order to present life-like scenarios, various complex and simple scenes have been shot with and without using camera support (tripod). Nine original videos from each source in SULFA have been tested with Photo Response Non Uniformity (PRNU) based camera identification methods. SULFA also includes videos with cloning or copy paste forgery. Each forged video includes full information of the doctored region.