Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The rapid development of data transfer through internet has made it easier to send the data accurate and faster to the destination. There are many transmission media to transfer the data to destination like e-mails, social sites etc. At the same time it is may be easier to modify and misuse the valuable information through hacking. So, in order to transfer the data securely to the destination without any modifications, there are many approaches like cryptography and steganography. This project report deals with image steganography as well as with the different security issues, general overview of cryptography, steganography and digital watermarking approaches. Also it provides in-depth discussions of different steganographic algorithms like Least Significant Bit (LSB) algorithm, JSteg Hide & Seek and F5 algorithms. It also compares those algorithms in terms of speed, accuracy and security. It also offers a chance to put the theory into practice by way of a piece of software designed to maximise learning in the fields. This paper can therefore be split into two parts: Research and Software Development. The project is done using Microsoft Visual Basic 2008 on a computer running Windows Vista. .NET framework of 3 or higher is required for the software to execute.
TABLE OF CONTENTS:
i
ABSTRACT 1 INTRODUCTION 1.1 An overview of Internet Security.................1 1.2 Where Steganography & Cryptography fits in......................................................1 1.3 Literature Survey...................................................................................................2 1.3.1 Information Security.............................................................................2 1.3.2 Security Attacks....................................................................................2 1.3.3 Analysis of various Steganographic Algorithms..................................6 1.3.3.1 Steganography Methods..........................................................7 1.3.3.2 Steganography Algorithms......................................................8 1.3.4 Cryptographic Algorithms...................................................................14 1.4 Applications of our project................................................................................19 1.5 Proposed Solution Strategy...............................................................................19 i
2.1Introduction.........................................................................................................20
2.1.1 Purpose....................................................................................................20 2.1.2 Definitions...............................................................................................20 2.2Overall Description..............................................................................................20 2.2.1Product Function......................................................................................20 2.2.2 User Characteristics.................................................................................20 2.2.3 Dependencies...........................................................................................20 2.3Functional Requirements......................................................................................21 2.3.1 Use Case Diagram....................................................................................21 2.3.2 Use Case Specification.............................................................................21 2.3.3 Performance Requirements.......................................................................21 2.4 Non Functional Requirements.............................................................................21 2.4.1 Performance..............................................................................................21 2.4.2 Reliability..................................................................................................21 2.4.3 Portability..................................................................................................21 2.5 Data Flow Diagrams............................................................................................21 2.5.1 Level 0 Data Flow Diagram......................................................................23 2.5.2 Level 1 Data Flow Diagram......................................................................24 2.5.3 Level 2 Data Flow Diagram......................................................................24 2.6 Activity Diagram.................................................................................................25
3. DESIGN STRATEGY.........................................................................................................27 3.1 Overview.............................................................................................................27 3.2 Intentions & Considerations................................................................................27 3.3 Development Tools.................................. ..........................................................27 3.4 Visual Basic.........................................................................................................28 3.5 Features of the proposed method........................................................................29
3.6 Interface Screenshots...........................................................................................30 3.6.1 The main interface.....................................................................................30 3.6.2 When file is clicked....................................................................................31 3.6.3 When Action is clicked...............................................................................32 3.6.4 When help is clicked...34 3.6.5 The encryption process................................................................................36 3.6.6 The decryption process...........................................................................,...39
4. TEST PLAN......................................................................................................................,...43 4.1 Introduction...........................................................................................................43 4.2 Aim of Testing.......................................................................................................43 4.3 Test Cases...............................................................................................................44 4.3.1 Start up Screen Display...............................................................................44 4.3.2 For Encryption.............................................................................................45 4.3.3 For Decryption.............................................................................................46
5. USER DOCUMENTATION................................................................................................47 5.1 Welcome to steganography....................................................................................47 5.1.1 What is Steganography: ...............................................................................47 5.2 Getting Started.......................................................................................................:47 5.2.1 Install / Uninstall Steganography..................................................................47 5.3 How to use the software.........................................................................................48 5.4 Menus for operating the software Hide Your Secret .........................................49
6. RESULTS AND CONCLUSION........................................................................................51 6.1 Result.....................................................................................................................51 6.2 Conclusion..............................................................................................................52 6.3 Future Work...........................................................................................................52 REFERENCE....ii APPENDIX A ...iii
1. INTRODUCTION
1.1 An overview of Internet Security
Since the rise of the Internet one of the most important factors of information technology and communication has been the security of information. Everyday tons of data are transferred through the Internet through e-mail, file sharing sites, social networking sites etc to name a few. As the number of Internet users rises, the concept of Internet security has also gain importance. The fiercely competitive nature of the computer industry forces web services to the market at a breakneck pace, leaving little or no time for audit of system security, while the tight labour market causes Internet project development to be staffed with less experienced personnel, who may have no training in security. This combination of market pressure, low unemployment, and rapid growth creates an environment rich in machines to be exploited, and malicious users to exploit those machines.
the Internet. These include Digital Images, Audio and Video files. This rise of digital content on the internet has further accelerated the research effort devoted to steganography. The initial aim of this study was to investigate steganography and how it is implemented. Based on this work a number of common methods of steganography could then be implemented and evaluated. The strengths and weaknesses of the chosen methods can then be analysed. To provide a common frame of reference all of the steganography methods implemented and analysed used BMP images.
Page | 2
To make a steganographic communication even more secure the message can be encrypted before being hidden in the carrier. Cryptography and steganography can be used together. The random looking message which would result from encryption would also be easier to hide than a message with a high degree of regularity. Therefore encryption is recommended in conjunction with steganography.
Page | 3
Figure 1. Normal Data Flow A hacker can disrupt this normal flow by implementing the different types of techniques over the data and network in following ways. They are:
Interruption: Interruption is an attack by which the hackers can interrupt the data before reaching the destination. This type of attack shows the effect on availability and usually destroys the system asset and makes the data unavailable or useless.
Page | 4
Figure 2. Interruption
Interception: Interception is one of the well known attacks. When the network is shared that is through a local area network is connected to Wireless LAN or Ethernet it can receive a copy of packets intended for other device. On the internet, the determined hacker can gain access to email traffic and other data transfers. This type of attack shows the effect on confidentiality of data. Figure 3. Interception
Modification:
Page | 5
This refers to altering or replacing of valid data that is needed to send to destination. This type of attacks is done usually by unauthorized access through tampering the data. It shows effect on the integrity of the data.
Figure 4. Modification
Fabrication: In this type, the unauthorized user places data without the interface of source code. The hacker or unauthorized person inserts the unauthorized objects by adding records to the file, insertion of spam messages etc. This type of attack affects on the Authenticity of message.
Figure 5. Fabrication
Page | 6
There are many types of security attacks that will try to modify the original data. The main goal of any organisation / individual transmitting the data is to implement security measures which include 1. Prevention 2. Detection 3. Response 4. Recovery Prevention: The security attacks can be prevented by using an encryption algorithm to restrict any unauthorized access to the encryption keys. Then the attacks on confidentiality of the transmitted data will be prevented. Detection: Using the intrusion detection systems for detection of unauthorized individuals logged onto a system and making the resources available to legitimate users. Response: Whenever the unauthorised attacks happen in the system, the security mechanisms can detect the process and the system can respond to make the data unavailable. Recovery: Recovery is the final approach if an attacker modifies the data or makes the data unavailable. The data can then be recovered by using backup systems, so that the integrity of the data shall not be compromised.
Page | 7
Steganography supports different types of digital formats that are used for hiding the data. These files are known as carriers. Depending upon the redundancy of the object, suitable formats are used. Redundancy is the process of providing better accuracy for the object that is used for display by the bits of object. The main file formats that are used for steganography are Text, images, audio and video. We have implemented the text hiding in an image (BMP) in our project. For the purpose of developing a steganographic application we went through all the steganographic methods available and decided to select Secret key Steganography for our project. All the methods are described in details below. Also we made an analysis of all the Steganographic algorithms available and compared them in terms of speed, quality of hiding and security. A detailed analysis of all the algorithms that we have studied is presented below.
Department of Information Technology (NEHU) Page | 8
Secret key Steganography: Secret key Steganography is another process of Steganography which uses the same procedure other than using secure keys. It uses the individual key for embedding the data into the object which is similar to symmetric key. For decryption it uses the same key which is used for encryption. This type of Steganography provides better security compared to pure Steganography. The main problem of using this type of steganographic system is sharing the secret key. If the attacker knows the key it will be easier to decrypt and access original information.
Page | 9
Public key Steganography: Public key Steganography uses two types of keys: one for encryption and another for decryption. The key used for encryption is a private key and for decryption, it is a public key and is stored in a public database
We have implemented the Secret Key Steganography technique in our project. The password shall be provided by the person who does the encryption and it has to be provided to decrypt the message from the image.
LSB algorithm:
Department of Information Technology (NEHU) Page |10
LSB (Least Significant Bit) substitution is the process of adjusting the least significant bit pixels of the carrier image. It is a simple approach for embedding message into the image. The Least Significant Bit insertion varies according to number of bits in an image. For an 8 bit image, the least significant bit i.e., the 8th bit of each byte of the image is changed to the bit of secret message. For 24 bit image, the colours of each component like RGB (red, green and blue) are changed. LSB is effective in using BMP images since the compression in BMP is lossless. But for hiding the secret message inside an image of BMP file using LSB algorithm it requires a large image which is used as a cover. LSB substitution is also possible for GIF formats, but the problem with the GIF image is whenever the least significant bit is changed the whole colour palette will be changed. The problem can be avoided by only using the gray scale GIF images since the gray scale image contains 256 shades and the changes will be done gradually so that it will be very hard to detect. For JPEG, the direct substitution of steganographic techniques is not possible since it will use lossy compression. So it uses LSB substitution for embedding the data into images. There are many approaches available for hiding the data within an image: one of the simple least significant bit submission approaches is Optimum Pixel Adjustment Procedure. The simple steps for OPA explain the procedure of hiding the sample text in an image.
Step1: A few least significant bits (LSB) are substituted with in data to be hidden. Step2: The pixels are arranged in a manner of placing the hidden bits before the pixel of each cover image to minimize the errors. Step3: Let n LSBs be substituted in each pixel. Step4: Let d= decimal value of the pixel after the substitution. d1 = decimal value of last n bits of the pixel. d2 = decimal value of n bits hidden in that pixel. Step5: If (d1~d2)<=(2^n)/2 then no adjustment is made in that pixel.
Department of Information Technology (NEHU) Page |11
This d is converted to binary and written back to pixel. This method of substitution is simple and easy to retrieve the data and the image quality better so that it provides good security. The encoder algorithm is as given below: 1: for i = 1, ..., len(msg) do 2: 3: 4: 5: end if p = LSB(pixel of the image) if p != message bit then pixel of the image = message bit
6: end for The encoding process shows that the entire algorithm can be implemented by writing just a few lines of code. The algorithm works by taking the first pixel of the image and obtaining its LSB value (as per line 2 of the Algorithm). This is typically achieved by calculating the modulus 2 of the pixel value. This will return a 0 if the number is even, and a 1 if the number is odd, which effectively tells us the LSB value. We then compare this value with the message bit that we are trying to embed. If they are already the same, then we do nothing, but if they are different then we replace the pixel value with the message bit. This process continues whilst there are still values in the message that need to be encoded The decoder algorithm is: 1: for i = 1, ..., len(image string) do
Department of Information Technology (NEHU) Page |12
2:
3: end for The decoding phase is even simpler. As the encoder replaced the LSBs of the pixel values in c in sequence, we already know the order that should be used to retrieve the data. Therefore all we need to do is calculate the modulus 2 of all the pixel values in the stegogramme, and we are able to reconstruct m as m0 .The above Algorithm shows the pseudo code of the decoding process. Note that this time we run the loop for length of message instead of length of string. This is because the decoding process is completely separate from the encoding process and therefore has no means of knowing the length of the message. If a key were used, it would probably reveal this information, but instead we simply retrieve the LSB value of every pixel. When we convert this to ASCII, the message will be readable up to the point that the message was encoded, and will then appear as gibberish when we are reading the LSBs of the image data.
Hide & Seek: The randomised approach to the Hide & Seek algorithm makes it possible to scatter the locations of the pixels that are to be replaced with the message data. The core of the encoding process is identical to that of the LSB algorithm described above. In fact, the two methods only differ in terms of how the image data is presented before the embedding process starts. For the randomised approach the image data c is usually shuffled using a Pseudo Random Number Generator (PRNG). This generator will take the image data and produce a shuffled version C according to a seed k that is specified by the encoder. There will also be an inverse shuffle which takes C and returns the original order c when the same k is used. The pixel values of the image c are often shuffled before embedding such that the exact same encoding mechanism from above algorithm can be used. The values are then shuffled back to their original positions after embedding such that the image can be displayed properly for sending it across some communications channel to the recipient. A PRNG also has the advantage that it produces the same shuffle when the same data and the same seed are given back to it. This means that all we need is c and k
Department of Information Technology (NEHU) Page |13
at the decoding stage, and the same shuffle will be recreated so we can retrieve the message data successfully. The encoding algorithm below shows the pseudo code for the encoding process of the randomised Hide & Seek approach. Now we have line 1 that randomises the locations of each pixel before embedding the message data. In addition to this, we also have line 8 which returns the pixel locations back to normal when the embedding process has ended. The seed k acts as a key to the algorithm such that the same shuffle sequence can be generated when retrieving the hidden message. The output stegogramme s from this embedding approach will contain bits of the hidden message in seemingly random locations of the image. The encoding algorithm: 1: generate randomised sequence C using data c and seed k 2: for i = 1, ..., l(m) do 3: p == LSB(Ci) 4: if p != message bit then 5: ci == mi 6: end if 7: end for 8: generate original sequence c using data C and seed k Perhaps the most important aspect of note is that as we require k to identify the correct regions, the algorithm is much more secure than the sequential approach, as the sequence cannot be derived without it. The decoding algorithm: 1: generate randomised sequence S using data s and seed k 2: for i = 1, ..., l(s) do 3: mi == LSB(Si) 4: end for Sometimes, as a seed is already required to retrieve the message, the randomises approaches may go one step further and create a full key that also declares l(m). If this is the case, line 2 can be changed such that the loop runs for l(m) rather than l(s).
Page |14
JSTEG algorithm: JSteg algorithm is one of the steganographic techniques for embedding data into JPEG images. The hiding process will be done by replacing Least Significant Bits (LSB). JSteg algorithm replaces LSBs of quantized Discrete Courier Transform (DCT) coefficients. In fact, the JSteg algorithm only differs from the Hide & Seek algorithm because it embeds the message data within the LSBs of the DCT coefficients of c, rather than its pixel values. Before the embedding process begins, the image is converted to the DCT domain in 8x8 blocks such that the values of ci switch from pixel values to DCT coefficients. In order for the values to be presented as whole numbers, each 8x8 block is quantised according to a Quantisation Table Q. The result is where the embedding algorithm operates. An example of an 8x8 DCT block is shown in Figure 10. In this process the hiding mechanism skips all coefficients with the values of 0 or 1. This algorithm is resistant to visual attacks and offers an admirable capacity for steganographic messages. It has high capacity and had a compression ratio of 12%. JSteg algorithm is restricted for visual attacks and it is less immune for statistical attacks. Normally, JSteg embeds only in BMP images. In these BMP images, the content of the image is transformed into frequency coefficients so as to achieve storage in a very compressed format. There is no visual attack in the sense presented here, due to the influence of one steganographic bit up to 256 pixels.
Page |15
We should also note the two types of coefficient that we see in every 8x8 block: DC, and AC. The value at the top left of each 8x8 block is known as the DC coefficient. It contains the mean value of all the other coefficients in the block, referred to as the AC coefficients. The DC coefficients are highly important to each block as they give a good estimate as to the level of detail in the block. Changing the value of the DC coefficient will also change many of the values of the AC coefficients, and this will create a visual discrepancy when the image is converted back to the spatial domain and viewed normally. For this reason, the JSteg algorithm does not embed message data over any of the DC coefficients for every block. In addition to this, the algorithm also does not permit embedding on any AC coefficient equal to 0 or 1. The encoding algorithm 1: convert image c to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(m) do 3: p == DCT(di)
Department of Information Technology (NEHU) Page |16
4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6: end while 7: pi == ci mod 2 + mi 8: ci == pi 9: end for 10: convert each 8x8 block back to spatial domain The above algorithm provides the pseudo code for the encoding process of the JSteg algorithm. Line 4 shows that the algorithm avoids embedding on the DC coefficients, and also any AC coefficient equal to 0 or 1. Line 8 shows an alternative method for calculating the LSB value of the coefficient by using mod 2. The result is replaced with the value in mi. Again, no key is used for this algorithm. So long as the decoder knows that the embedding took place in the DCT domain, it will be capable of extracting the message successfully. The security of the JSteg algorithm therefore lies in the algorithm itself. As we noted before, the main difficulty of not using a key is when we try to determine l(s) when extracting the message. Without a key, it is impossible to know the length of the message to extract, so the loop is typically run for the entire duration of the image to ensure that the entire message is extracted. This is certainly the case for the JSteg algorithm as we will see in the decoding process. The decoder algorithm 1: convert image s to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(s) do 3: p == DCT(di) 4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6: end while 7: mi == di mod 2 8: end for The decoding process functions by converting the stegogramme s to the DCT domain. It then avoids the same coefficient values that the encoding algorithm avoids, and retrieves the hidden message from the LSBs of all the other coefficients sequentially (line 7).
Department of Information Technology (NEHU) Page |17
The performance of the algorithms differs with the type of cover image or source on which the data is embedded. The comparison of these algorithms is tabulated below:
Speed
Quality of hiding
Security
Plain text: The plain text is an original piece of information that is needed to send information to the destination. Encryption algorithm: This is the main key to any cryptographic system. This encryption algorithm subjects the plain text to various substitutions and transformations. Secret key: The secret key is given by the user which will act as an input to the encryption algorithm. Based on this key, various substitutions and transformations on the plain text will differ. Cipher text: This is the output generated by the encryption algorithm. The cipher text is the jumbled text. The cipher text differs with each and every secret key that has given to the encryption algorithm. Decryption algorithm: This is opposite to the encryption algorithm. It will acquire cipher text and secret key as an input and produce plain text as an output. We know that cryptography can be used in conjunction with steganography. As such we have used two cryptographic algorithms to use in our project. Both are symmetric key algorithms and the keys are fixed by us to reduce the simplicity of the project.
Page |19
In our application when the user enters the text to be hidden, it is passed through these encryption algorithms first and then it is passed through the Steganographic algorithm which the user selected. The encryption algorithms are used in the hope that even if someone uses Steganalysis and discovers the algorithm we are using to perform steganography, he will still not be able to gain anything since the message will be encrypted. We have developed two algorithms to be used with our project which are both simple and efficient. Also we have used the XOR method to combine the encrypted text with the encrypted password which is then embedded into the message. These algorithms together with the XOR method are described in details below.
Algorithm 1 This algorithm was written and coded by us specifically for this project. The main advantage of this algorithm is that it provides the encrypted text the same size as the clear text. The pseudo code of the algorithm is given below:
Page |20
The encryption algorithm: Step 1: Generate the ASCII value of the letter Step 2: Generate the corresponding binary value of it. [Binary value should be 8 digits e.g. for decimal 32 binary number should be 00100000] Step 3: Reverse the 8 digits binary number Step 4: Take a 4 digits divisor (>=1000) as the Key Step 5: Divide the reversed number with the divisor Step 6: Store the remainder in first 3 digits & quotient in next 5 digits (remainder and quotient wouldnt be more than 3 digits and 5 digits long respectively. If any of these are less than 3 and 5 digits respectively we need to add required number of 0s (zeros) in the left hand side. So, this would be the cipertext i.e. encrypted text. Now store the remainder in first 3 digits & quotient in next 5 digits.
The decryption algorithm: Step 1: Multiply last 5 digits of the ciphertext by the Key Step 2: Add first 3 digits of the ciphertext with the result produced in the previous step
Page |21
Step 3: If the result produced in the previous step i.e. step 2 is not an 8-bit number we need to make it an 8- bit number Step 4: Reverse the number to get the original text i.e. the plain text
Example showing the above algorithm in action Let, the character is T. Now according to the steps we will get the following: Step 1: ASCII of T is 84 in decimal. Step 2: The Binary value of 84 is 1010100. Since it is not an 8 bit binary number we need to make it 8 bit number as per the encryption algorithm. So it would be 01010100 Step 3: Reverse of this binary number would be 00101010 Step 4: Let 1000 as divisor i.e. Key Step 5: Divide 00101010 (dividend) by 1000(divisor) Step 6: The remainder would be 10 and the quotient would be 101. So as per the algorithm the ciphertext would be 01000101 which is ASCII 69 in decimal i.e. E 01000101
To decode:
Page |22
Step 1: After multiplying 00101 (last 5 digits of the ciphertext) by 1000 (Key) the result would be 101000 Step 2: After adding 010 (first 3 digits of the ciphertext) with 101000 the result would be 101010 Step 3: Since 101010 is not an 8-bit number we need to make it 00101010 Step 4: After reversing the number it would be 01010100 i.e. ASCII 84 in decimal i.e. T as character which was the original text 01010100
Algorithm 2 Apart from the algorithm mentioned above, we have also used another encryption algorithm which is the Rail Fence Encryption cipher. This simple transposition cipher scrambles the letters of the plaintext (in our case the text encrypted through the above algorithm) without causing any change to the original characters. Example: If the string to be encrypted is suppose Hello World then performing a depth-2 Rail Fence cipher will change it to HloWrdel ol Algorithm 3 After the message and the password have passed through the ciphers described above they are XORed together to form a single string. To perform XOR operation we find the ASCII value for both the text and
Department of Information Technology (NEHU) Page |23
the password and then perform binary XOR operation on them. After that we change it back again to String. Example: The XOR operation between the text Hello World and password 12345 gives us the following string: yW_XZe\FYU. Only after the message has passed through these encryption parts are they embedded in the image using one of the steganography algorithm described above.
proceedings of the software (the encryption part) or he can choose a basic view for the application. For decrypting an image, a user simply has to choose the image which he wants to decode and provide the correct password. The decrypted text will then be shown to him. He will have the option to then save the text in an external text file. An extensive user manual is written for the help of the user.
2.1.2 Definitions
All the definitions are explained in Appendix A.
2.2.3 Dependencies
The system only depends on the fact that Microsoft .NET Framework 3.0 or higher is installed. Also BMP images of reasonable size are required to carry out Steganography.
Page |26
Page |27
4. The user can see a detailed help file in .chm format. 5. Save decrypted file in a textbox. 6. Clear the boxes for new encryption.
2.4.2 Reliability
The product should not crash under any circumstance such as user entering invalid values, user trying to load unsupported files etc. It should show appropriate message for every user generated message.
2.4.3 Portability
Our product will be portable to carry and will run in any machine provided it runs a Windows Operating System. We have created an installer which compiles all files into a single executable (.msi). Only this file is required to successfully install the application on any computer.
flow when any transformation happens. It makes whole procedure like a good document and makes simpler and easy to understand for both programmers and non-programmers by dividing into the sub process. The data flow diagrams are the simple blocks that reveal the relationship between various components of the system and provide high level overview, boundaries of particular system as well as provide detailed overview of system elements.
The data flow diagrams start from source and ends at the destination level i.e., it decomposes from high level to lower levels. The important things to remember about data flow diagrams are: it indicates the data flow for one way but not for loop structures and it doesnt indicate the time factors. This section reveals about the data flow analysis which states about data that have been used, classification of data flow diagrams based on their functions and the other different levels used in the project.
Process:
Process defines the source from where the output is generated for the specified input. It states the actions performed on data such that they are transformed, stored or distributed.
Data store:
Source: It is the starting point or destination point of the data, stating point from where the external entity acts as a cause to flow the data towards destination
Department of Information Technology (NEHU) Page |29
2.5.1 Level 0 Data Flow Diagram DFD level 0 is the highest level view of the system, contains only one process which represents whole function of the system. It doesnt contain any data stores and the data is stored with in the process. For constructing DFD level 0 diagram for the proposed approach we need two sources one is for source and another is for destination and a process.
DFD level 0 is the basic data flow process, the main objective is to transfer the data from sender to receiver after encryption.
Page |30
Figure 12. Level 1 Data Flow Diagram In this data flow diagram, the secret data is sent to the encryption phase for embedding the data into the image for generating the carrier image. In the next phase the carrier image is sent to the decryption phase through the transmission phase. The final phase is the decryption phase where the data is extracted from the image and displays the original message.
Page |31
Page |32
The sender sends the message to the receiver using three phases. Since we are using the steganographic approach for transferring the message to the destination, the sender sends text as well as image file to the primary phase i.e., to encryption phase. The encryption phase uses the encryption algorithm by which the carrier image is generated. The encryption phase generates the carrier image as output. The carrier image is given as input to the next phase i.e., to decryption phase. The decryption phase uses the decryption algorithm for decrypting the original text from the image so that the decryption phases generate plain text. The plain text is then sent to the receiver using the transmission media.
Page |33
3. DESIGN STRATEGY
3.1 Overview
The software development portion of this project focuses on an implementation of most of the steganographic techniques as described in Part I. This means that the end-product will provide a means for its users to embed a message within animage using one of several different steganographic algorithms This chapter provides details of the aims and objectives of the development portion of the project, and also discusses the methodologies and design principles that were considered whilst building the system.
Page |34
Also, by developing the functions in this manner, it means that new functions can easily be added that can operate alongside the existing functions. Thus, over time, the system has the potential to be highly desirable in the field of steganalysis.
Forms. Jscript.
languages for example JAVA because in .NET the coding is very easier.
ODBC. n build web applications as required, the applications are highly secure because it uses access control lists and security identifiers.
Page |35
runs only on platforms that support CLR. Now, in this project we have chosen Microsoft .NET platform for building this Windows based steganographic application. The main components of .NET which used in this project are Visual Basic 2008.
tool box so that required tool like radio button, text boxes etc., can be placed.
designer tool.
.vb extension. When we click on debug option the .NET architecture creates the class file.
converts the class file into the machine language that is compatible with the hardware since CLR supports cross-language integration.
Page |36
Page |37
destination is sent securely. For the decryption phase, we have used the same .NET programming language for the purpose of designing. We have used security keys like personal password for protecting the image from unauthorized modification, which improved the security level. We have chosen image steganography because it is simple to use and its user friendly application. There are many applications for image hiding but the proposed approach is created using Microsoft .NET frame work which is easier for coding and the performance is better compared to other languages.
6.2 Conclusion
In the present world, the data transfers using internet is rapidly growing because it is so easier as well as faster to transfer the data to destination. So, many individuals and business people use to transfer business documents, important information using internet. Security is an important issue while transferring the data using internet because any unauthorized individual can hack the data and make it useless or obtain information un- intended to him. The proposed approach in this project uses a new steganographic approach called image steganography. The application creates a stego image in which the personal data is embedded and is protected with a password which is highly secured. The main intention of the project is to analyze the various steganography algorithms and develop a steganographic application using those algorithms such that it provides good security. The proposed approach provides higher security and can protect the message from stego attacks. The image resolution doesnt change much and is negligible when we embed the message into the image and the image is protected with the personal password. So, it is not possible to damage the data by unauthorized personnel.
Page |39
This project gave us good experience in dealing with the data security issues in theoretical as well as in technical domain and in .NET programming as we used Microsoft visual studio for designing steganographic application. We did the project in satisfactory level with the help and good guidance from our supervisor Mr. A.K. Maji. The major limitation of the application is designed for bit map images (.bmp). It accepts only bit map images as a carrier file, and the compression depends on the document size as well as the carrier image size.
.
Page |40
REFERENCE
1] Alfred J, M et al., 1996. Hand book of applied Cryptography. First edition. 2] Bloom,J. A. et al., 2008. Digital watermarking and Steganography. 2nd edition. 3] A. Westfeld. "F5 - A Steganographic Algorithm: High Capacity Despite Better Steganalysis", Lecture Notes in Computer Science, vol. 2137, pp. 289302, 2001. 4] X. Yu, Y. Wang, and T. Tan, "On Estimation of Secret Message Length in JSteglike Steganography", Proceedings of the 17th International Conference on Pattern Recognition, vol. 4, pp. 673-676, 2004. 5] Q. Weiwei, G. Yanqing, and K. Xiangwei. "JPEG QuantizationDistribution Steganalytic Method Attacking JSteg", International Journal of Computer Science and Network Security, vol. 6, pp. 192195. 6] Bandyopadhyay, S.K., 2010. An Alternative Approach of Steganography Using Reference Image. International Journal of Advancements in Technology, 1(1), pp.05-11. 7] www.ijcaonline.org/journal/number15/pxc387502.pdf 8] S. William, Cryptography and Network Security: Principles and Practice, 2nd edition, Prentice-Hall, Inc., 1999 pp 23-50 9] http://www.jjtc.com/pub/r2026.pdf 10] Hide & Seek: An Introduction to Steganography: Niles Provos and Peter Honey man, IEEE Security & Privacy Magazine, May/June 2003.
11] Image Compression and Discrete Cosine Transform - Ken Cabin and Peter Gent, Math 45 College of the Redwoods,1998 12] Steganography Primer - Ruid, Computer Academic underground, 2004
13] Artz, D., Digital Steganography: Hiding Data within Data, IEEE Internet Computing Journal, June 2001 14] Owens, M., A discussion of covert channels and steganography, SANS Institute, 2002 15] Petitcolas, F.A.P., Anderson, R.J. & Kuhn, M.G., Information Hiding A survey, Proceedings of the IEEE, 87:07, July 1999 ii 16] Bender, W., Gruhl, D., Morimoto, N. & Lu, A., Techniques for data hiding, IBM Systems Journal, Vol. 35, 1996 17] Jamil, T., Steganography: The art of hiding information is plain sight, IEEE Potentials, 18:01, 1999. 18] Currie, D.L. & Irvine, C.E., Surmounting the effects of lossy compression on Steganography, 19th National Information Systems Security Conference, 1996 19] Artz, D., Digital Steganography: Hiding Data within Data, IEEE Internet Computing Journal, June 2001 20] Anderson, R.J. & Petitcolas, F.A.P., On the limits of steganography, IEEE Journal of selected Areas in Communications, May 1998 21] http://www.devx.com/projectcool/Article/19997 22] Glenford et al., 2004. The art of software testing. 2nd edn, pg no. 183, john wiley.
Department of Information Technology (NEHU)
Hellman, M.E., 2002. An overview of public key cryptography. IEEE comm. 23] M. Naor and A. Shamir, Visual cryptography, in Advances in Cryptology: EUROCRYPT 94 (A. De Santis, ed.), vol. 950 of Lecture Notes in Computer Science, pp. 112, Springer, 1995. 24] O. Goldreich, Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. 25] www.zurich.ibm.com/~cca/papers/encyc.pdf 26] www.infosecwriters.com/text_resources/pdf/steganographyDTEC682 3.pdf 27] www. paper.ijcsns.org/07_book/201008/20100825.pdf 28] www.scribd.com/doc/... /Internet & Technology 29] www.computing.surrey.ac.uk/personal/st/H.Schaathun/.../phil-msc.pdf 30] www.jiit.ac.in/jiit/ic3/IC3_2008/IC3-2008/APP2_21.pdf 31] www.scribd.com/doc/.../Steganography-View 32] Amirthanjan,R. Akila,R & Deepikachowdavarapu, P., 2010. A Comparative Analysis of Image Steganography, International Journal of Computer Application, 2(3), pp.2-10. 33] Chan, C.K. Cheng, L.M., 2004. Hiding data in images by simple lsb substitution: pattern recognition.vol 37. Pergamon. 34] Kahate, A., 2008. Cryptography and network security. 2nd ed. McGraw-hill.
35] Kevin, H., 2006. Microsoft Visual Basic 2005 unleashed. 4th edn, SAMS. 36] D. Fu, Y. Shi, D. Zou, and G. Xuan. "JPEG Steganalysis Using Empirical Transition Matrix in Block DCT Domain", IEEE: 8th Workshop on Multimedia Signal Processing 2006, pp. 310-313, 2006. 37] M. Halvorson,. Visual basic 2008, Step by Step. 38] Evangelos Petroutsos and Mark Ridgeway,: Mastering Microsoft Visual Basic 2008 39] Rod Stephens,: Visual Basic 2008-Programmers Reference. 40] Microsoft MSDN help.
APPENDIX A
Steganography: It is the process of hiding digital data (text, image, audio or video) within another digital data (text, image, audio or video). Steganography Algorithms: These are the techniques by which we can hide a media within another media. Steganalysis: Steganalysis is the art and science of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography. Cryptography: It is the process of encrypting a media so that it is not possible to understand without decrypting. Internet Security: Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption. Security Attacks: The data is transmitted from source to destination which is known as its normal flow. But the hackers might hack the network in order to access or modify the original data. These types of attacks are formally known as security attacks. .NET Framework: The .NET Framework (pronounced dot net) is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allow language interoperability (each language can use code written in other languages). The .NET library is available to all the programming languages that .NET supports. Programs written for the .NET Framework execute in a software environment (as contrasted to hardware environment), known as the Common Language Runtime (CLR), an application virtual machine that provides important services
Department of Information Technology (NEHU)
such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework. Visual Basic: Visual Basic (VB) is the third-generation event-driven programming language and integrated development environment (IDE) from Microsoft for its COM programming model. Visual Basic is relatively easy to learn and use. Visual Basic was derived from BASIC and enables the rapid application development (RAD) of graphical user interface (GUI) applications, access to databases using Data Access Objects, Remote Data Objects, or ActiveX Data Objects, and creation of iii ActiveX controls and objects. Scripting languages such as VBA and VBScript are syntactically similar to Visual Basic, but perform differently. Graphical User Interface: It is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUIs can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and office equipment. A GUI represents the information and actions available to a user through graphical icons and visual indicators such as secondary notation, as opposed to text-based interfaces, typed command labels or text navigation. The actions are usually performed through direct manipulation of the graphical elements. Common Language Runtime (CLR): The Common Language Runtime (CLR) is a special run time environment that provides the underlying infrastructure for Microsoft's .NET framework. This runtime is where the source code of an application is compiled into an intermediate language called CIL, originally known as MSIL (Microsoft Intermediate Language). When the program is then run, the CIL code is translated into the native code of the operating system using a just-in-time (JIT) compiler. Discrete Cosine Transformation: A discrete cosine transform (DCT) expresses a sequence of finitely many data points in terms of a sum of cosine functions oscillating at different frequencies. DCTs are important to numerous applications in science and engineering, from lossy compression of audio (e.g. MP3) and images (e.g. JPEG) (where small
Department of Information Technology (NEHU)
high-frequency components can be discarded), to spectral methods for the numerical solution of partial differential equations. The use of cosine rather than sine functions is critical in these applications: for compression, it turns out that cosine functions are much more efficient (as explained below, fewer are needed to approximate a typical signal), whereas for differential equations the cosines express a particular choice of boundary conditions. XOR Operation: In cryptography, the simple XOR cipher is a simple encryption algorithm that operates according to the principles: A A (A (B 0 = A, A = 0, B) A) C=A A=B (B C),
0 = B,
Where denotes the exclusive disjunction (XOR) operation. With this logic, a string of text can be encrypted by applying the bitwise XOR operator to every character using a given key. To decrypt the output, merely reapplying the key will remove the cipher. For example, the string "Wiki" (01010111 01101001 01101011 01101001 in 8-bit ASCII) can be encrypted with the key 11110011 as follows: 01010111 01101001 01101011 01101001 11110011 11110011 11110011 11110011 = 10100100 10011010 10011000 10011010 And conversely, for decryption: 10100100 10011010 10011000 10011010 11110011 11110011 11110011 11110011
.CHM File Format: Microsoft Compiled HTML Help is a Microsoft proprietary online help format. It was introduced as the successor to Microsoft WinHelp with the release of Windows 98, and is still supported in Windows 7.