Recap: IIT Cyber Security and Forensics Conference

IIT Cyber Security and Forensics students and professors pictured with SAT Dean C. Robert Carlson.

IIT Cyber Security and Forensics students and professors pictured with SAT Dean C. Robert Carlson.

IIT’s School of Applied Technology recently hosted the Cyber Security and Forensics Conference and Expo. Participants included approximately 150 attendees, 30 speakers, and 10 sponsors. Speakers and participants continue to represent local, regional, national, and international organizations and universities. Many IIT faculty, staff, students and alumni attended this three track conference that included security, forensics, and management and policy. This highly technical and intensive one- and a half-day schedule included a concentration on steganography and a discussion and debate over forensics, security, data/information governance, cyber crime and security, ethical hacking, eDiscovery, cloud forensics, policy and compliance, privacy, wireless security, cloud computing, identity theft, and more.

Conference participants included industry participation from Deloitte & Touche, IBM, SANS, Ace Hardware, Alcatel-Lucent, Chicago Public Schools, Coriant-Tellabs, FermiLab, HCSC, Hub Group, IEEE, Motorola Solutions, Navistar, Trustwave, UniForum, US Navy, Walgreens, Whirlpool and university participation from Capitol College, College of DuPage, College of Lake County, DePaul University, Elgin Community College, Joliet Junior College, Lake Michigan College, Lewis University, Northern Illinois University, Quincy University, Saint Xavier University, Shimer College, Univeristy of Illinois at Chicago, University of Dubuque, and Wilbur Wright College.

Industry Professor of Information Technology and Management William Lidinsky and his teaching assistant Ben Khodja chaired the conference. IIT Information Technology and Management (ITM) students presented their final projects to an audience of security professionals.

In addition to presentations, ITM alum, Shawn Davis from Edelson PC, added a ForenSecure ’14 Challenge. Davis created a series of security and forensics problems for participants. Eric Tendian, ITM undergraduate student won first place. Tendian is a freshman and Web Solutions Consultant at Tendian.io and the Chief Technology Officer at YSFlight Headquarters.

IIT Student presentations included:

Printer Watermark Obfuscation
Most color laser printers manufactured and sold today add “invisible” information to make it easier to determine information about where and when a particular document was printed. This information is coded by patterns of yellow dots that the printers add to every page they print. These patterns are specific to the manufacturer.

Steganographix will provide establishment of obfuscation methods, and alternate forms of steganography and tracking. Included was an explanation of the firmware generated yellow dots matrix and answers to the following questions:
- How are the dots put on?
- What size are the dots?
- Where are the dots located on the printed page?
- How can the dots be rendered useless?
- How can we interpret the dots?

Students: Maya Embar, Samuel (Stephen) Martin, Louis McHugh, and William Wesselman

JPEG Steganography
Recent increases in security breaches and compromises of sensitive information have resulted in an increased need to target, identify, and prevent these breaches. Steganography is one method used by criminals to covertly pass hidden information without drawing suspicion. Steganalysis is a methodology to detect and sometimes extract the hidden information. JPEG Steganography, stegananalysis and the variation technique specifically was explored in detail in this presentation.

Students: Stephen Daniel, Indhi Powlette, Ana Orozco, and Cruz Tovar

MP3 Steganography
In the ever-evolving world of technology, the digital world is slowly becoming a platonic realism where nothing is as it seems. Because of the need to communicate secretly, many tools have been developed to transmit information through a mere invisible medium. Today, on iTunes alone, about 21 million songs are downloaded daily. Because of the popularity of music and other audio files, this gives MP3 Steganography an enigmatic advantage on transmitting covert messages. The goal of the research was to find possible ways to hide covert files into the audio data portion of an MP3 file system, without impacting the quality of the audio to an average listener when played. The various MP3 Steganography tools studied thus far are not hiding covert files into the audio data portion of a MP3 files. The focus was geared toward analyzing MP3 frames, embedding more data into the data portion of an MP3 audio file using LSB substitution method. The students found no documentation indicating this has been done before and for this reason, designed a program that would find the LSB and hide data within it; without interrupting the quality perceived by the human auditory system.

Students: Amadou Barrow, Anthony Ludlam, Girithar Anthay Suthakaran, and Abdel Sy Fane

Fractal Image Steganography
For this project, students conducted research into the method of hiding covert information in fractal images through the fractal images generation without the use of a carrier. Their research focused on the understanding of this method, the analysis of its advantages and disadvantages and the exploration of tools available.

Students: Ivette Carrera Manosalvas and Felipe Sierra

Embedded Device Security
With the increase in the communication among different devices, processing the information securely and efficiently has become a major compromise. Keeping the communications secure will suppose an increase in the amount of data transferred and handled by the receiver, as well as the operations made to manage that data. This increase can become an issue using a processor without much memory or processing capacity.

The main concern about this research project was the management of security without big amounts of memory. Therefore, Arduino Uno was used as the receiver. It is not able to handle heavy applications because of its limited RAM memory. But using the techniques of Cyclic Redundancy Check (CRC) a small device with little memory can communicate with integrity in such constrained conditions. In the look for authenticity, an Elliptic Curve Digital Signature Algorithm was used, which needs to implement more operations than Digital Signature Algorithm (DSA) or RSA (stands for Ron Rivest, Adi Shamir and Leonard Adleman who first publicly described the algorithm in 1977), but will achieve a higher level of security for the same length of signature.

Student: Fernando Martinez Sidera