Northeastern Voice > Current

Current Stories

Alumnus fights cyber crime with algorithms

Keith Bertolino

By Jason Kornwitz

Northeastern College of Engineering graduate Keith Bertolino spends a lot of time thwarting sinister attempts to send secret messages disguised in images attached to email messages.

Bertolino, co-founder of Cipher Tech Solutions, Inc., a technical solutions company that has contracts with the Department of Defense’s Cyber Crime Center and with other military support agencies, developed a method for disrupting the exchange of sensitive or malicious information disguised in seemingly benign documents.

Called steganograpy, this method of smuggling data uses digital files like JPEGs or MP3 audio encoding formats to carry hidden messages.

As opposed to encryption, steganography hides the fact that a message is transmitted, allowing information like social security numbers, secret formulas, mission plans and terrorist plots to be exchanged easily via email.

Often steganographers hide messages within ordinary image files, such as that of a cat or a dog, without modifying it substantially enough to be recognized by the human eye. Using algorithms, data is embedded into the least important pixels of an image, varying color an undetectable one-millionth of a degree.

“Basically, steganography makes it impossible to notice any differences in the image unless you are statistically analyzing it,” Bertolino said, adding that a file’s identifying characteristics, such as its size, can remain unchanged after a steganographer manipulates it. Detecting the presence of hidden data, however, is only part of the process.

“An image could be encrypted and then stegged, so once you use an algorithm to extract the message, you still have to break the encryption,” Bertolino said.

Under the leadership of Northeastern computer science professor Ravi Sundaram, however, Bertolino devised a way to combat steganography.

While he said new steganography algorithms come out everyday to replace those cracked by cyber security experts, his method of jamming steganography, called double-stegging, essentially uses additional algorithms to damage parts of files and destroy hidden messages.

The algorithms can be applied to all emails within a given organization’s network, regardless of whether there is, in fact, a hidden message present. The method, Bertolino said, was roughly 93 percent effective in preliminary tests.

“If a disgruntled Coke employee wants to distribute its secret formula through a stegging algorithm, there’s not always a good chance of detecting the use of the program or extracting the data, but we can jam it with a high degree of certainty.

“The idea is to prevent people from extracting information on corporate networks. In addition to a company’s use of a firewall and network monitoring software, Cipher Tech now has the ability to add jamming software to the email servers of government installations or companies that have sensitive information that can’t afford to be taken off their premises.”

Though Bertolino conducted research on the effectiveness of double-stegging on image files, he said the same methodology could be applied to jamming audio or video files. Despite its success rate, however, double-stegging cannot detect the perpetrator.

“We don’t have to know where the communication is coming from to jam it,” Bertolino said. “Even if we can’t figure out who’s sending it, we’re still able to destroy mostly everything before it causes damage.”

Bertolino, who will present the results of his research at the DoD’s Cyber Crime Conference in January, was also accepted into Northeastern’s Gordon Engineering Leadership Program, an intensive, one-year graduate program aimed at building engineering leadership professionals. He will begin this fall.

“I am excited to return to campus and look forward to being part of this selective leadership program,” Bertolino said. “I know Cipher Tech will also benefit from the university connection as it continues to hire Northeastern’s top graduating engineers and computer scientists.”


Current Issue About the Voice Staff Publication Dates Back Issues Voice Online Archives Contact the Voice	Current Stories Alumnus fights cyber crime with algorithms By Jason Kornwitz Northeastern College of Engineering graduate Keith Bertolino spends a lot of time thwarting sinister attempts to send secret messages disguised in images attached to email messages. Bertolino, co-founder of Cipher Tech Solutions, Inc., a technical solutions company that has contracts with the Department of Defense’s Cyber Crime Center and with other military support agencies, developed a method for disrupting the exchange of sensitive or malicious information disguised in seemingly benign documents. Called steganograpy, this method of smuggling data uses digital files like JPEGs or MP3 audio encoding formats to carry hidden messages. As opposed to encryption, steganography hides the fact that a message is transmitted, allowing information like social security numbers, secret formulas, mission plans and terrorist plots to be exchanged easily via email. Often steganographers hide messages within ordinary image files, such as that of a cat or a dog, without modifying it substantially enough to be recognized by the human eye. Using algorithms, data is embedded into the least important pixels of an image, varying color an undetectable one-millionth of a degree. “Basically, steganography makes it impossible to notice any differences in the image unless you are statistically analyzing it,” Bertolino said, adding that a file’s identifying characteristics, such as its size, can remain unchanged after a steganographer manipulates it. Detecting the presence of hidden data, however, is only part of the process. “An image could be encrypted and then stegged, so once you use an algorithm to extract the message, you still have to break the encryption,” Bertolino said. Under the leadership of Northeastern computer science professor Ravi Sundaram, however, Bertolino devised a way to combat steganography. While he said new steganography algorithms come out everyday to replace those cracked by cyber security experts, his method of jamming steganography, called double-stegging, essentially uses additional algorithms to damage parts of files and destroy hidden messages. The algorithms can be applied to all emails within a given organization’s network, regardless of whether there is, in fact, a hidden message present. The method, Bertolino said, was roughly 93 percent effective in preliminary tests. “If a disgruntled Coke employee wants to distribute its secret formula through a stegging algorithm, there’s not always a good chance of detecting the use of the program or extracting the data, but we can jam it with a high degree of certainty. “The idea is to prevent people from extracting information on corporate networks. In addition to a company’s use of a firewall and network monitoring software, Cipher Tech now has the ability to add jamming software to the email servers of government installations or companies that have sensitive information that can’t afford to be taken off their premises.” Though Bertolino conducted research on the effectiveness of double-stegging on image files, he said the same methodology could be applied to jamming audio or video files. Despite its success rate, however, double-stegging cannot detect the perpetrator. “We don’t have to know where the communication is coming from to jam it,” Bertolino said. “Even if we can’t figure out who’s sending it, we’re still able to destroy mostly everything before it causes damage.” Bertolino, who will present the results of his research at the DoD’s Cyber Crime Conference in January, was also accepted into Northeastern’s Gordon Engineering Leadership Program, an intensive, one-year graduate program aimed at building engineering leadership professionals. He will begin this fall. “I am excited to return to campus and look forward to being part of this selective leadership program,” Bertolino said. “I know Cipher Tech will also benefit from the university connection as it continues to hire Northeastern’s top graduating engineers and computer scientists.”
Northeastern Home Find Faculty & Staff Find A-Z Search © 2007 Northeastern University • 716 Columbus Ave., Suite 598, Boston, Massachusetts 02115 • 617.373.7225 • TTY 617.373.3768