MAJOR PROJECT REPORT ON ANALYSIS OF VARIOUS STEGANOGRAPHYALGORITHMS AND THEIR IMPLEMENTATION In partial fulfilment of requirements for the award

of degree in Bachelor of Technology in Information Technology(2011-12) s Submitted By: Firoz Ahmed Choudhury (BT/IT/0714)Hriday Das (BT/IT/0719)Pranjal Bharali (BT/IT/0740)Trinayan Chakraborty (BT/IT/0755) Under the Supervision of: Mr. A.K. MajiAssistant ProfessorDepartment of Information Technology Department of Information TechnologyNORTH EASTERN HILL UNIVERSITY UMSHING, SHILLONG, MEGHALAYA 793022

ACKNOWLEDGEMENT The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation madeit possible, whose constant guidance and encouragement crown all efforts with success.We are grateful to our project guide Mr. A.K. Maji, Assistant Professor,Dept of I.T. NEHU, for his guidance, inspiration and constructive suggestions that helped usi n t h e p r e p a r a t i o n o f t h i s p r o j e c t . H e w a s a l w a ys t h e r e g u i d i n g a n d correcting us witha t t e n t i o n a n d c a r e . H e t o o k i m m e n s e p a i n g o i n g t h r o u g h t h e p r o j e c t a n d a l s o t h e documentation and made necessary corrections as and when required.We would also take this opportunity to thank our Institution, our Head of theDepartment and other faculty members without whom this project would have been a distantreality. Firoz Ahmed Choudhury (BT/IT/0714)Hriday Das (BT/IT/0719)Pranjal Bharali (BT/IT/0740)Trinayan Chakraborty (BT/IT/0755)Date :

ABSTRACT: The rapid development of data transfer through internet has made it easier tosend the data accurate and faster to the destination. There are many transmission media totransfer the data to destination like e-mails, social sites etc. At the same time it is may beeasier to modify and misuse the valuable information through hacking. So, in order totransfer the data securely to the destination without any modifications, there are ma nyapproaches like cryptography and steganography.T h i s p r o j e c t r e p o r t d e a l s w i t h i m a g e s t e g a n o g r a p h y a s w e l l a s w i t h t h e different security issues, general overview of cryptography, steganography and digitalwatermarking approaches.Also it provides indepth discussions of different steganographic algorithmslike Least Significant Bit (LSB) algorithm, JSteg Hide & Seek and F5 algorithms. It alsoc o m p a r e s t h o s e a l g o r i t h m s i n t e r m s o f s p e e d , a c c u r a c y a n d s e c u r i t y. I t a l s o o f f e r s a chance to put the theory into practice by way of a piece of software designed to maximisel e a r n i n g i n t h e f i e l d s . T h i s p a p e r c a n t h e r e f o r e b e s p l i t i n t o t w o p a r t s : R e s e a r c h a n d Software Development.The project is done using Microsoft Visual Basic 2008 on a computer runningWindows Vista. .NET framework of 3 or higher is required for the software to execute.

TABLE OF CONTENTS: ABSTRACT i 1 INTRODUCTION 1.1 An overview of Internet Security.................1 1.2 Where Steganography & Cryptography fitsin......................................................1 1.3 LiteratureSurvey...................................................................................................2 1.3.1 Information Security.............................................................................2 1.3.2 Security Attacks....................................................................................2 1.3.3 Analysis of various Steganographic Algorithms..................................6 1.3.3.1 Steganography Methods..........................................................7 1.3.3.2 Steganography Algorithms......................................................8 1.3.4 Cryptographic Algorithms...................................................................14 1.4 Applications of our project................................................................................19 1.5 Proposed Solution Strategy...............................................................................19 2. SOFTWARE REQUIREMENT SPECIFICATION DOCUMENT (SRS)........................20 2.1Introduction.........................................................................................................20 2.1.1 Purpose....................................................................................................20 2.1.2 Definitions...............................................................................................20 2.2OverallDescription..............................................................................................20 2.2.1Product Function......................................................................................20 2.2.2 User Characteristics.................................................................................20 2.2.3 Dependencies...........................................................................................20 2.3FunctionalRequirements......................................................................................21 2.3.1 Use Case Diagram....................................................................................21 2.3.2 Use Case Specification.............................................................................21 2.3.3 Performance Requirements.......................................................................21

2.4 Non FunctionalRequirements.............................................................................21 2.4.1 Performance..............................................................................................21 2.4.2 Reliability..................................................................................................21 2.4.3 Portability..................................................................................................21 2.5 Data FlowDiagrams............................................................................................21 2.5.1 Level 0 Data Flow Diagram......................................................................23 2.5.2 Level 1 Data Flow Diagram......................................................................24 2.5.3 Level 2 Data Flow Diagram......................................................................24 2.6 ActivityDiagram.................................................................................................25 3. DESIGN STRATEGY.........................................................................................................27 3.1Overview.............................................................................................................27 3.2 Intentions &Considerations................................................................................27 3.3 DevelopmentTools.................................. ..........................................................27 3.4 VisualBasic.........................................................................................................28 3.5 Features of the proposed method........................................................................29 3.6 InterfaceScreenshots...........................................................................................30 3.6.1 The main interface.....................................................................................30 3.6.2 When file is clicked....................................................................................31 3.6.3 When Action is clicked...............................................................................32 3.6.4 When Help is clicked...34 3.6.5 The encryption process................................................................................3 3.6.6 The decryption process...........................................................................,...39 4.TESTPLAN......................................................................................................................,...43 4.1Introduction...........................................................................................................43 4.2 Aim of Testing.......................................................................................................43 4.3 TestCases...............................................................................................................44

4.3.1Start up Screen Display...............................................................................44 4.3.2 For Encryption.............................................................................................45 4.3.3 For Decryption.............................................................................................46 5. USER DOCUMENTATION............................................................................................47 5.1 Welcome to steganography................................................................................47 5.1.1 What is Steganography: ......................................................................47 5.2 Getting Started....................................................................................................47 5.2.1 Install / Uninstall Steganography.........................................................47 5.3 How to use thesoftware..........................................................................48 5.4 Menus for operating the software Hide Your Secret .........................49 6. RESULTS AND CONCLUSION........................................................................................51 6.1 Result.....................................................................................................................51 6.2Conclusion..............................................................................................................52 6.3FutureWork...........................................................................................................52 REFERENCE....ii A P P E N D I X A . . .iii

1. INTRODUCTION 1.1 An overview of Internet Security Since the rise of the Internet one of the most important factors of informationtechnology and communication has been the security of information. Everyday tonsof data are transferred through the Internet through e-mail, file sharing sites, socialnetworking sites etc to name a few. As the number of Internet users rises, the conceptof Internet security has also gain importance. The fiercely competitive nature of thecomputer industry forces web services to the market at a breakneck pace, leavinglittle or no time for audit of system security, while the tight labour market causes Internet project development to be staffed with less experienced personnel, who mayh a v e n o t r a i n i n g i n s e c u r i t y . T h i s c o m b i n a t i o n o f m a r k e t p r e s s u r e , l o w u n e m p l o ym e n t , a n d r a p i d g r o w t h c r e a t e s a n e n v i r o n m e n t r i c h i n m a c h i n e s t o b e exploited, and malicious users to exploit those machines. 1.2 Where Steganography & Cryptography fits in Cryptograph y was created as a technique for securing the sec r e c y o f communication and many different methods have been developed to encrypt anddecrypt data in order to keep the message secret. Unfortunately it is sometimes notenough to keep the contents of a message secret, it may also be necessary to keep thee x i s t e n c e o f t h e m e s s a g e s e c r e t . T h e t e c h n i q u e u s e d t o i m p l e m e n t t h i s , i s c a l l e d steganography. The word "Steganography" is of Greek origin and means"covered or hiddenwriting". The main aim in steganography is to hide the very existence of the messagein the cover medium. Steganography and cryptography are counter parts in digital security the obvious advantage of steganography over cryptography is that messagesdo not attract attention to themselves, to messengers, or to recipients. Also, the lastd e c a d e h a s s e e n a n e x p o n e n t i a l g r o w t h i n t h e u s e o f m u l t i m e d i a d a t a o v e r t h e Internet. These include Digital Images, Audio and Video files. This rise of digitalc o n t e n t o n t h e i n t e r n e t h a s f u r t h e r a c c e l e r a t e d t h e r e s e a r c h e f f o r t d e v o t e d t o steganography. The initial aim of this study was to investigate steganography and how it is implemented. Based on this work a number of common m e t h o d s o f steganography could then be implemented and evaluated. The s t r e n g t h s a n d weaknesses of the chosen methods can then be analysed. To provide a common frameof reference all of the steganography methods implemented and analysed used BMP images.

To make a steganographic communication even more secure the message can be encrypted before being hidden in the carrier. Cryptography and steganography can be used together. The random looking message which would result from encryptionw o u l d a l s o b e e a s i e r t o h i d e t h a n a m e s s a g e w i t h a h i g h d e g r e e o f r e g u l a r i t y . Therefore encryption is recommended in conjunction with steganography. 1.3 Literature Survey 1.3.1 Information Security In general, security denotes the quality or state of being secure to befree from danger. Security is classified into different layers depending on the type of content intended to be secured: Physical security: Defines the required issues that are needed to protectthe physical data or objects from unauthorized intrusion. Personal security: It is defined as the security of the individuals who are officially authorized to access information about the company and its operations Operational security: I t m a i n l y r e l i e s o n t h e p r o t e c t i o n o f t h e information of a particular operation of the chain of activities. Communications security: T h e c o m m u n i c a t i o n s s e c u r i t y encompasses the security issues regarding the organisations communication media,technology and content. Network security: The network security is responsible for safeguardingthe information regarding the networking components, connections and contents. Information security: I n f o r m a t i o n s e c u r i t y i s t h e p r o t e c t i o n o f information and the systems and hardware that use, s t o r e , a n d t r a n s m i t t h a t information. Information security can be defined as measures adopted to prevent theunauthorized use or modification of use of data or capabilities. 1.3.2 Security Attacks The data is transmitted from source to destination which is known as itsnormal flow as shown in figure 1. But the hackers might hack the network in order toa c c e s s o r m o d i f y t h e o r i g i n a l d a t a . T h e s e t yp e s o f a t t a c k s a r e f o r m a l l y k n o w n a s security attacks.

Figure 1. Normal Data Flow A hacker can disrupt this normal flow by implementing the different types of techniques over the data and network in following ways. They are: Interruption Interception Modification Fabrication Interruption: Interruption is an attack by which the hackers can interrupt the databefore reaching the destination. This type of attack shows the effecton availability and usually destroys the system asset and makes thedata unavailable or useless. Figure 2. Interruption Interception: Interception is one of the well known attacks. When the network is shared that isthrough a local area network is connected to Wireless LAN or Ethernet it can receivea copy of packets intended for other device. On the internet, the determine d hacker can gain access to email traffic and other data transfers. This type of attack shows theeffect on confidentiality of data. Figure 3. Interception Modification: This refers to altering or replacing of valid data that is needed to send to destination.This type of attacks is done usually by unauthorized access through tampering the data. It shows effect on the integrity of the data. Figure 4. Modification Fabrication: In this type, the unauthorized user places data without the interface of s ource code.The hacker or unauthorized person inserts the unauthorized objects by adding recordst o t h e f i l e , i n s e r t i o n o f s p a m m e s s a g e s e t c . T h i s t y p e o f a t t a c k a f f e c t s o n t h e Authenticity of message. Figure 5. Fabrication There are many types of security attacks that will try to modify the originald a t a . T h e m a i n g o a l o f a n y o r g a n i s a t i o n / i n d i v i d u a l t r a n s m i t t i n g t h e d a t a i s t o implement security measures which include 1. Prevention2. Detection3. Response4. Recovery Prevention

: The security attacks can be prevented by using an encryption algorithmt o r e s t r i c t a n y u n a u t h o r i z e d a c c e s s t o t h e e n c r yp t i o n k e ys . T h e n t h e a t t a c k s o n confidentialit y of the transmitted data will be prevented. Detection : U s i n g t h e i n t r u s i o n d e t e c t i o n s ys t e m s f o r d e t e c t i o n o f u n a u t h o r i z e d indivi duals logged onto a system and making the resources available to legitimate users. Response : W h e n e v e r t h e u n a u t h o r i s e d a t t a c k s h a p p e n i n t h e s ys t e m , t h e s e c u r i t ym e c h a n i s m s c a n d e t e c t t h e p r o c e s s a n d t h e s ys t e m c a n r e s p o n d t o m a k e t h e d a t a unavailable. Recovery : Recovery is the final approach if an attacker modifies the data or makes the data unavailable. The data can then be recovered by using backup systems, so thatthe integrity of the data shall not be compromised. 1.3.3 Analysis of various Steganographic Algorithms Now that we are aware of the various types of security vulnerabilities, themain task of our project is to address these problems by some suitable method. We have selected Steganography in our project as it is comparatively new and we felt thatit can have huge impact in the field of security

Figure 6. Block Diagram for Steganography Steganography supports different types of digital formats that are used for hiding the data. These files are known as carriers. Depending upon the redundancy of the object, suitable formats are used. Redundancy is the process of providing better accuracy for the object that is used for display by the bits of object. The main file formats that are used for steganography are Text, images, audio and video. We haveimplemented the text hiding in an image (BMP) in our project.For the purpose of developing a steganographic application we went througha l l t h e s t e g a n o g r a p h i c m e t h o d s a v a i l a b l e a n d d e c i d e d t o select S e c r e t k e y Steganography for our project. All the methods are described in details below.Also we made an analysis of all the Steganographic algorithms available andcompared them in terms of speed, quality of hiding and security. A detailed analysisof all the algorithms that we have studied is presented below. 1.3.3.1 Steganography Methods The different types of steganographic techniques available are: PAGE 9 1. Pure Steganography2. Public key Steganography3. Secret key Steganography Pure Steganography : P u r e S t e g a n o g r a p h y i s t h e p r o c e s s o f embedding the data i n t o t h e o b j e c t w i t h o u t u s i n g a n y p r i v a t e k e ys . T h i s t yp e o f Steganography entirely depends upon the secrecy. This type of Steganography uses acover image in which data is to be embedded, personal information to be transmitted,and encryption decryption algorithms to embed the message into image. These typesof steganography cant provide the better security because it is easy for extracting them e s s a g e i f t h e u n a u t h o r i s e d p e r s o n k n o w s t h e e m b e d d i n g m e t h o d . I t h a s o n e advantage that it reduces the difficulty in key sharing.

Figure 7. Pure Steganography processSecret key Steganography: S e c r e t k e y S t e g a n o g r a p h y i s a n o t h e r process of Steganography which uses the same procedure other than using securek e y s . I t u s e s t h e i n d i v i d u a l k e y f o r e m b e d d i n g t h e d a t a i n t o t h e o b j e c t w h i c h i s s i m i l a r t o s ym m e t r i c k e y. F o r d e c r yp t i o n i t u s e s t h e s a m e k e y w h i c h i s u s e d f o r encryption. This type of Steganography provides better security compared to pureSteganography. The main problem of using this type of steganographic system issharing the secret key. If the attacker knows the key it will be easier to decrypt and access original information.

Figure 8. Secret key Steganography Process

Public key Steganography: P u b l i c k e y S t e g a n o g r a p h y u s e s t w o t y p e s o f keys: one for encryption and another for decryption. The key used for encryption is a private key and for decryption, it is a public key and is stored in a public database Figure 9. Public key Steganography Process W e h a v e i m p l e m e n t e d t h e Secret Key Steganography t e c h n i q u e i n o u r pr oject. The password shall be provided by the person who does the encryption and ithas to be provided to decrypt the message from the image. 1.3.3.2 Steganography Algorithms I n o u r p r o j e c t w e h a v e d o n e a n i n - d e p t h a n a l ys i s o f t h r e e S t e g a n o g r a p h i c algorithms in terms of speed of action, quality of hiding and security. We havealso implemented all the algorithms in our application. The user has the option to useany algorithm he seems fit for his task. The details of these algorithms are given below followed by a comparison chart between the three.

LSB algorithm: LSB (Least Significant Bit) substitution is the process of adjusting theleast significant bit pixels of the carrier image. It is a simple approach for embeddingm e s s a g e i n t o t h e i m a g e . T h e L e a s t S i g n i f i c a n t B i t i n s e r t i o n v a r i e s a c c o r d i n g t o number of bits in an image. For an 8 bit image, the least significant bit i.e., the 8th bitof each byte of the image is changed to the bit of secret message. For 24 bit image,the colours of each component like RGB (red, green and blue) are changed. LSB iseffective in using BMP images since the compression in BMP is lossless. But for h i d i n g t h e s e c r e t m e s s a g e i n s i d e a n i m a g e o f B M P f i l e u s i n g L S B a l g o r i t h m i t requires a large image which is used as a cover. LSB substitution is also possible for GIF formats, but the problem with the GIF image is whenever the least significant bitis changed the whole colour palette will be changed. The problem can be avoided byonly using the gray scale GIF images since the gray scale image contains 256 shadesa n d t h e c h a n g e s w i l l b e d o n e g r a d u a l l y s o t h a t i t w i l l b e v e r y h a r d t o d e t e c t . F o r JPEG, the direct substitution of steganographic techniques is not possible since it willu s e l o s s y c o m p r e s s i o n . S o i t u s e s L S B s u b s t i t u t i o n f o r e m b e d d i n g t h e d a t a i n t o images. There are many approaches available for hiding the data within an image: o n e o f t h e s i m p l e l e a s t s i g n i f i c a n t b i t s u b m i s s i o n a p p r o a c h e s i s O p t i m u m P i x e l Adjustment Procedure. The simple steps for OPA explain the procedure of hidingthe sample text in an image. Step1: A few least significant bits (LSB) are substituted with in data to behidden. Step2: The pixels are arranged in a manner of placing the hidden bits beforethe pixel of each cover image to minimize the errors.

Step3: Let n LSBs be substituted in each pixel. Step4: Let d= decimal value of the pixel after the substitution.d1 = decimal value of last n bits of the pixel.d2 = decimal value of n bits hidden in that pixel. Step5: If (d1~d2)<=(2^n)/2then no adjustment is made in that pixel.Else Step6: If(d1<d2)d = d 2^n.If(d1>d2)d = d + 2^n. This d is converted to binary and written back to pixel. This method o f substitution is simple and easy to retrieve the data and the image quality better so thatit provides good security. The encoder algorithm is as given below: 1: for i = 1, ..., len(msg) do 2: p = LSB(pixel of the image) 3: if p != message bit then 4: pixel of the image = message bit 5 e n d i 6: end for

The encoding process shows that the entire algorithm can be implemented by writing just a few lines of code. The algorithm works by taking the first pixel of the imagea n d o b t a i n i n g i t s L S B v a l u e ( a s p e r l i n e 2 o f t h e A l g o r i t h m ) . T h i s i s t yp i c a l l y achieved by calculating the modulus 2 of the pixel value. This will return a 0 if then u m b e r i s e v e n , a n d a 1 i f t h e n u m b e r i s o d d , w h i c h e f f e c t i v e l y t e l l s u s t h e L S B value. We then compare this value with the message bit that we are trying to embed.If they are already the same, then we do nothing, but if they are different then wereplace the pixel value with the message bit. This process continues whilst there arestill values in the message that need to be encoded The decoder algorithm is: 1: for i = 1, ..., len(image string) do 2:message string = LSB (pixel string of the image) 3: end for The decoding phase is even simpler. As the encoder replaced the LSBs of the pixelvalues in c in sequence, we already know the order that should be used to retrieve thedata. Therefore all we need to do is calculate the modulus 2 of all the pixel values int h e stegogramme, and we are able to reconstruct m as m0 .The above A l g o r i t h m shows the pseudo code of the decoding process. Note that this time we run the loopfor length of message instead of length of string. This is because the decoding processis completely separate from the encoding process and

therefore has no means of knowing the length of the message. If a key were used, it would probably reveal thisinformation, but instead we simply retrieve the LSB value of every pixel. When weconvert this to ASCII, the message will be readable up to the point that the messagewas encoded, and will then appear as gibberish when we are reading the LSBs of theimage data. Hide & Seek: The randomised approach to the Hide & Seek algorithm makes it possible toscatter the locations of the pixels that are to be replaced with the message data. Thec o r e o f t h e e n c o d i n g p r o c e s s i s i d e n t i c a l t o t h a t o f t h e L S B a l g o r i t h m describeda b o v e . I n f a c t , t h e t w o m e t h o d s o n l y d i f f e r i n t e r m s o f h o w t h e i m a g e d a t a i s presented before the embedding process starts. For the randomised approach theimage data c is usually shuffled using a Pseudo Random Number Generator (PRNG).This generator will take the image data and produce a shuffled version C according to a seed k that is specified by the encoder. There will also be an inverse shuffle whichtakes C and returns the original order c when the same k is used. The pixel values of the image c are often shuffled before embedding such that the exact same encodingmechanism from above algorithm can be used. The values are then shuffled back totheir original positions after embedding such that the image can be displayed properlyfor sending it across some communications channel to the recipient. A PRNG alsohas the advantage that it produces the same shuffle when the same data and the sameseed are given back to it. This means that all we need is c and k at the decoding stage,a n d t h e s a m e s h u f f l e w i l l b e r e c r e a t e d s o w e c a n r e t r i e v e t h e m e s s a g e d a t a successfully.T h e e n c o d i n g a l g o r i t h m b e l o w s h o w s t h e p s e u d o code for the encoding p r o c e s s o f t h e r a n d o m i s e d H i d e & S e e k a p p r o a c h . N o w w e h a v e l i n e 1 t h a t randomises the locations of each pixel be f o r e e m b e d d i n g t h e m e s s a g e d a t a . I n addition to this, we also have line 8 which returns the pixel locations back to normalwhen the embedding process has ended. The seed k acts as a key to the algorithmsuch that the same shuffle sequence can be generated when retrieving the hiddenmessage. The output stegogramme s from this embedding approach will contain bitsof the hidden message in seemingly random locations of the image. The encoding algorithm: 1: generate randomised sequence C using data c and seed k 2: for i = 1, ..., l(m) do 3: p == LSB(Ci) 4 : i f p ! = m e s s a g e b i t t h e n 5: ci == mi 6 : e n d i f 7: end for 8: generate original sequence c using data C and seed k

Perhaps the most important aspect of note is that as we require k to i d e n t i f y t h e correct regions, the algorithm is much more secure than the sequential approach, asthe sequence cannot be derived without it. The decoding algorithm: 1: generate randomised sequence S using data s and seed k 2: for i = 1, ..., l(s) do 3: mi == LSB(Si) 4: end for Sometimes, as a seed is already required to retrieve the message, the r a n d o m i s e s approaches may go one step further and create a full key that also declares l(m). If this is the case, line 2 can be changed such that the loop runs for l(m) rather than l(s) JSTEG algorithm: JSteg algorithm is one of the steganographic techniques for embeddingd a t a i n t o J P E G i m a g e s . T h e h i d i n g p r o c e s s w i l l b e d o n e b y r e p l a c i n g L e a s t Significant Bits (LSB). JSteg algorithm replaces LSBs of quantized Discrete Courier Transform (DCT) coefficients. In fact, the JSteg algorithm only differs from the Hide& Seek algorithm because it embeds the message data within the LSBs of the DCTcoefficients of c, rather than its pixel values. Before the embedding process begins,the image is converted to the DCT domain in 8x8 blocks such that the values of ciswitch from pixel values to DCT coefficients. In order for the values to be presentedas whole numbers, each 8x8 block is quantised according to a Quantisation Table Q.The result is where the embedding algorithm operates. An example of an 8x8 DCT b l o c k i s s h o w n i n F i g u r e 1 0 . I n t h i s p r o c e s s t h e h i d i n g m e c h a n i s m s k i p s a l l coefficients with the values of 0 or 1. This algorithm is resistant to visual attacks andoffers an admirable capacity for steganographic messages. It has high capacity andhad a compression ratio of 12%. JSteg algorithm is restricted for visual attacks and itis less immune for statistical attacks. Normally, JSteg embeds only in BMP images.I n t h e s e B M P i m a g e s , t h e c o n t e n t o f t h e i m a g e i s t r a n s f o r m e d i n t o f r e q u e n c y coefficients so as to achieve storage in a very compressed format. There is no visualattack in the sense presented here, due to the influence of one steganographic bit up to256 pixels.

Figure 10. An example of an 8x8 sub-block of DCT coefficients. W e s h o u l d a l s o n o t e t h e t w o t yp e s o f c o e f f i c i e n t t h a t w e s e e i n e v e r y 8 x 8 block: DC, and AC. The value at the top left of each 8x8 block is known as the DCc o e f f i c i e n t . I t c o n t a i n s t h e m e a n v a l u e o f a l l t h e o t h e r c o e f f i c i e n t s i n t h e b l o c k , referred to as the AC coefficients. The DC coefficients are highly important to each block as they give a good estimate as to the level of detail in the block. Changing thev a l u e o f t h e D C c o e f f i c i e n t w i l l a l s o c h a n g e m a n y o f t h e v a l u e s o f t h e A C coefficients, and this will create a visual discrepancy when the image is converted back to the spatial domain and viewed normally. For this reason, the JSteg algorithmdoes not embed message data over any of the DC coefficients for every block. Inaddition to this, the algorithm also does not permit embedding on any AC coefficientequal to 0 or 1. The encoding algorithm 1: convert image c to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(m) do 3: p == DCT(di) 4 : w h i l e p = D C o r p = 5: p = next DCT coefficient from d 6: end while 7: pi == ci mod 2 + mi 8 : c i = = p i

o r

d o

9: end for 10: convert each 8x8 block back to spatial domain

The above algorithm provides the pseudo code for the encoding process of theJ S t e g a l g o r i t h m . L i n e 4 s h o w s t h a t t h e a l g o r i t h m a v o i d s e m b e d d i n g o n t h e D C coefficients, and also any AC coefficient equal to 0 or 1. Line 8 shows an alternativemethod for calculating the LSB value of the coefficient by using mod 2. The result isreplaced with the value in mi. Again, no key is used for this algorithm. So long as thedecoder knows that the embedding took place in the DCT domain, it will be capableof extracting the message successfully. The security of the JSteg algorithm thereforelies in the algorithm itself. As we noted before, the main difficulty of not using a keyis when we try to determine l(s) when extracting the message. Without a key, it isimpossible to know the length of the message to extract, so the loop is typically runfor the entire duration of the image to ensure that the entire message is extracted. Thisis certainly the case for the JSteg algorithm as we will see in the decoding process.

The decoder algorithm 1: convert image s to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(s) do 3 : p = = D C T ( d i )

4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6 7 : : e m i n d = = w d h i i l m e o d 2

8: end for

The decoding process functions by converting the stegogramme s to the D C T domain. It then avoids the same coefficient values that the encoding algorithm avoids,a n d r e t r i e v e s t h e h i d d e n m e s s a g e f r o m t h e L S B s o f a l l t h e o t h e r c o e f f i c i e n t s sequentially (line 7). T h e p e r f o r m a n c e o f t h e a l g o r i t h m s d i f f e r s w i t h t h e t y p e o f c o v e r image or source on which the data is embedded. The comparison of these algorithmsis tabulated below: Page 17 TABLE

1.3.4 Cryptographic Algorithms The word cryptography is derived from two Greek words which mean s e c r e t w r i t i n g . C r yp t o g r a p h y i s t h e p r o c e s s o f s c r a m b l i n g t h e o r i g i n a l t e x t b yrearranging and substituting the original text, arranging it in a seemingly unreadableformat for others. Cryptography is an effective way to protect the information that istransmitting through the network communication paths.C r y p t o l o g y i s t h e s c i e n c e t h a t d e a l s a b o u t c r y p t o g r a p h y a n d cryptanalysis. Cryptography is the approach of sending the messages secretly

andsecurely to the destination. Cryptanalysis is the method of obtainin g the embeddedmessages into original texts. In general, cryptography is transferring data from source to destination by altering it through a secret code. The cryptosystems uses a plaintext as an input and generate a cipher text using encryption algorithm taking secret key as input.The important elements in cryptosystems are: Plain text : The plain text is an original piece of information that is needed tosend information to the destination. Encryption algorithm : T h i s i s t h e m a i n k e y t o a n y c r yp t o g r a p h i c s ys t e m . T h i s e n c r yp t i o n a l g o r i t h m s u b j e c t s t h e p l a i n t e x t t o v a r i o u s s u b s t i t u t i o n s a n d transformations. Secret key : The secret key is given by the user which will act as an input tot h e e n c r y p t i o n a l g o r i t h m . B a s e d o n t h i s k e y , v a r i o u s s u b s t i t u t i o n s a n d transformations on the plain text will differ. Cipher text : This is the output generated by the encryption algorithm. The cipher text is the jumbled text. The cipher text differs with each and every secret keythat has given to the encryption algorithm. Decryption algorithm : This is opposite to the encryption algorithm. It willacquire cipher text and secret key as an input and produce plain text as an output.We know that cryptography can be used in conjunction with steganography.As such we have used two cryptographic algorithms to use in our project. Both aresymmetric key algorithms and the keys are fixed by us to reduce the simplicity of the project.

Figure 11. General model of cryptographic algorithm In our application when the user enters the text to be hidden, it is passedt h r o u g h t h e s e e n c r y p t i o n a l g o r i t h m s f i r s t a n d t h e n i t i s p a s s e d t h r o u g h t h e Steganographic algorithm which the user selected. The encrypt ion algorithms areused in the hope that even if someone uses Steganalysis and discovers the algorithmwe are using to perform steganography, he will still not be able to gain anything sincethe message will be encrypted.We have developed two algorithms to be used with our project which are bothsimple and efficient. Also we have used the XOR method to combine the encryptedtext with the encrypted password which is then embedded into the message. Thesealgorithms together with the XOR method are described in details below. ALGORITHM1- 2 pages

Algorithm 2 Apart from the algorithm mentioned above, we have also used anot her encryption algorithm which is the Rail Fence Encryption ciphe r . T h i s s i m p l e transposition cipher s c r a m b l e s t h e l e t t e r s o f t h e p l a i n t e x t ( i n o u r c a s e t h e t e x t encrypted through the above algorithm) without causing any change to the originalcharacters. Example: If the string to be encrypted is suppose Hello World then performing adepth-2 Rail Fence cipher will change it to HloWrdel ol Algorithm 3 After the message and the password have passed through the c i p h e r s described above they are XORed together to form a single string. To perform XOR o p e r a t i o n w e f i n d t h e A S C I I v a l u e f o r b o t h t h e t e x t a n d t h e p a s s w o r d a n d t h e n perform binary XOR operation on them. After that we change it back again to String. Example: The XOR operation between the text Hello World and password 12345gives us the following string: yW_XZe\FYU.Only after the message has passed through these encryption parts are they embeddedin the image using one of the steganography algorithm described above. 1.4 Applications of our project 1. Confidential communication and secret data storing 2. Protection of data alteration 3. Access control system for digital content distribution 4. Media databse systems 1.5 Proposed Solution Strategy We have created a simple UI wherein user has the ability to enter the text he wants to hide via a textbox. After that he has been given the opportunity to choose a picture which he wants to use as carrier image. The system has an inbuilt checker which will check if the image format (BMP in our case) is correct and if the image size is big enough to hide the text. Very small imager (<64*64) are not allowed to be imported. The user can then enter his password which he wants to use to encrypt the image. An additional confirms password box is created so that there is no typing mistake. User can also choose a basic view for the application. For decrypting an image, a user simply has the image which he wants to decode and provide the correct password. The decrypted text will then be shown to him. He will have the option to save the text in an external text file. An extensive user manual is written for the help of the user.

2. SOFTWARE REQUIREMENT SPECIFICATION DOCUMENT(SRS): 2.1 Introduction 2.1.1 Purpose We have chosen to use Steganography as our project as it is somewhat new in the field of security and we felt that it could have a huge impact in the future( i f n o t a l r e a d y ) . T h e m a i n p u r p o s e o f o u r p r o j e c t i s t o c r e a t e a u s e r - f r i e n d l y application which can solve the security concerns in message passing at least to some extent. 2.1.2 Definitions All the definitions are explained in Appendix A. 2.2 Overall Description 2.2.1 Product Function There is only one kind of user for our product. The generaluser will be able to perform all the operations on the product after installing the product on his machine. Microsoft .NET Framework 3.0 or higher is r e q u i r e d t o install the product. 2.2.2 User Characteristics A n y u s e r w i t h a l i t t l e k n o w l e d g e o f c o m p u t e r s a n d s e c u r i t y will be able to operate our application. 2.2.3 Dependencies T h e s ys t e m o n l y d e p e n d s o n t h e f a c t t h a t M i c r o s o f t . N E T F r a m e w o r k 3 . 0 o r h i g h e r i s i n s t a l l e d . A l s o B M P i m a g e s o f r e a s o n a b l e s i z e a r e required to carry out Steganography. 2.3 Functional Requirements 2.3.1 Use Case Diagram DIAG