image steganography

A MAJOR PROJECT REPORT ON

“ANALYSIS OF VARIOUS STEGANOGRAPHY STEGANOGRAPHY ALGORITHMS AND THEIR IMPLEMENTATION”

In partial fulfilment of requirements for the award of degree in Bachelor of Technology in Information Technology (2011-12) s

Submitted By:

Firoz Ahmed Choudhury (BT/IT/0714) Hriday Das (BT/IT/0719) Pranjal Bharali (BT/IT/0740) Trinayan Chakraborty (BT/IT/0755)

Under the Supervision of: Mr. A.K. Maji Assistant Professor Department of Information Information Technology

Department of Information Technology NORTH EASTERN HILL UNIVERSITY UMSHING, SHILLONG, MEGHALAYA – 793022

Department of Information Technology NORTH-EASTERN HILL UNIVERSITY UMSHING, SHILLONG – 793 022.

Date:

To whom it may concern

This is to certify that


work worked ed on the the proj projec ectt Analys Analysis is of variou variouss Ste Stega ganog nograp raphy hy algor algorith ithms ms and the their ir Implementation

from February Februar y-2011 to July-2011 and has successfully succes sfully completed complet ed the

major project, in order to partial fulfilment of the requirements for the award of the degree of Bachelor of Technology in Information Technology under my supervision and guidance.

A.K.Maji

Assistant Professor Department of Information Technology North Eastern Hill University, Shillong-22

Department of Information Technology NORTH-EASTERN HILL UNIVERSITY UMSHING, SHILLONG – 793 022.

Date:






major project, in order to partial fulfilment of the requirements for the award of the degree of Bachelor of Technology in Information Technology under my supervision and guidance.

A.K.Maji

Assistant Professor Department of Information Technology North Eastern Hill University, Shillong-22

Department of Information Technology NORTH-EASTERN HILL UNIVERSITY

UMSHING, SHILLONG – 793 022.

Date:






major project, in order to partial fulfilment of the requirements for the award of the degree of Bachelor of Technology in Information Technology.

External B. Bhuyan Examiner

Head of Department Department of Information Technology

North Eastern Hill University, Shillong-22

ACKNOWLEDGEMENT

The satisfaction that accompanies that the successful completion of any task would be incomplete without the mention of people whose ceaseless cooperation made it possible, whose constant guidance and encouragement crown all efforts with success. We are grateful to our project guide Mr. A.K. Maji, Assistant Professor, Dept of I.T. NEHU, for his guidance, inspiration and constructive suggestions that helped us in the preparation of this project. He was always there guiding and correcting us with attention and care. He took immense pain going through the project and also the documentation and made necessary corrections as and when required. We would also take this opportunity to thank our Institution, our Head of the Department and other faculty members without whom this project would have been a distant reality.

Date :


ABSTRACT:

The rapid development of data transfer through internet has made it easier to send the data accurate and faster to the destination. There are many transmission media to transfer the data to destination like e-mails, social sites etc. At the same time it is may be easier to modify and misuse the valuable information through hacking. So, in order to transfer the data securely to the destination without any modifications, there are many approaches like cryptography and steganography. This project report deals with image steganography as well as with the different security issues, general overview of cryptography, steganography and digital watermarking approaches. Also it provides in-depth discussions of different steganographic algorithms like Least Significant Bit (LSB) algorithm, JSteg Hide & Seek and F5 algorithms. It also compares those algorithms in terms of speed, accuracy and security. It also offers a chance to put the theory into practice by way of a piece of software designed to maximise learning in the fields. This paper can therefore be split into two parts: Research and Software Development. The project is done using Microsoft Visual Basic 2008 on a computer running Windows Vista. .NET framework of 3 or higher is required for the software to execute.

TABLE OF CONTENTS:

i

ABSTRACT ………………………………………………………………………………

i

1 INTRODUCTION 1.1 An overview of Internet Security……..…………….............…………………..1 1.2 Where Steganography & Cryptography fits in......................................................1 1.3 Literature Survey...................................................................................................2 1.3.1 Information Security.............................................................................2 1.3.2 Security Attacks....................................................................................2 1.3.3 Analysis of various Steganographic Algorithms..................................6 1.3.3.1 Steganography Methods..........................................................7 1.3.3.2 Steganography Algorithms......................................................8 1.3.4 Cryptographic Algorithms...................................................................14 1.4 Applications of our project................................................................................19 1.5 Proposed Solution Strategy...............................................................................19

2. SOFTWARE REQUIREMENT SPECIFICATION DOCUMENT (SRS)........................20

2.1Introduction.........................................................................................................20 2.1.1 Purpose....................................................................................................20 2.1.2 Definitions...............................................................................................20 2.2Overall Description..............................................................................................20 2.2.1Product Function......................................................................................20 2.2.2 User Characteristics.................................................................................20 2.2.3 Dependencies...........................................................................................20 2.3Functional Requirements......................................................................................21

2.3.1 Use Case Diagram....................................................................................21 2.3.2 Use Case Specification.............................................................................21 2.3.3 Performance Requirements.......................................................................21 2.4 Non Functional Requirements.............................................................................21 2.4.1 Performance..............................................................................................21 2.4.2 Reliability..................................................................................................21 2.4.3 Portability..................................................................................................21 2.5 Data Flow Diagrams............................................................................................21 2.5.1 Level 0 Data Flow Diagram......................................................................23 2.5.2 Level 1 Data Flow Diagram......................................................................24 2.5.3 Level 2 Data Flow Diagram......................................................................24 2.6 Activity Diagram.................................................................................................25

3. DESIGN STRATEGY.........................................................................................................27 3.1 Overview.............................................................................................................27 3.2 Intentions & Considerations................................................................................27 3.3 Development Tools.................................. ..........................................................27 3.4 Visual Basic.........................................................................................................28 3.5 Features of the proposed method........................................................................29 3.6 Interface Screenshots...........................................................................................30 3.6.1 The main interface.....................................................................................30

3.6.2 When file is clicked....................................................................................31 3.6.3 When Action is clicked...............................................................................32 3.6.4 When help is clicked……….……..………………………………………34 3.6.5 The encryption process................................................................................36 3.6.6 The decryption process...........................................................................,...39

4. TEST PLAN......................................................................................................................,...43 4.1 Introduction...........................................................................................................43 4.2 Aim of Testing.......................................................................................................43 4.3 Test Cases...............................................................................................................44 4.3.1 Start up Screen Display...............................................................................44 4.3.2 For Encryption.............................................................................................45 4.3.3 For Decryption.............................................................................................46

5. USER DOCUMENTATION................................................................................................47 5.1 Welcome to steganography....................................................................................47 5.1.1 What is Steganography: ...............................................................................47 5.2 Getting Started.......................................................................................................:47 5.2.1 Install / Uninstall Steganography..................................................................47 5.3 How to use the software.........................................................................................48 5.4 Menus for operating the software “Hide Your Secret” .........................................49 6. RESULTS AND CONCLUSION........................................................................................51

6.1 Result.....................................................................................................................51 6.2 Conclusion..............................................................................................................52 6.3 Future Work...........................................................................................................52 REFERENCE………………………………………………………….…………….………..ii APPENDIX A… ……….iii

……………………………………………………… ……………..

Department of Information Technology (NEHU)

Page | 1

1. INTRODUCTION

1.1 An overview of Internet Security

Since the rise of the Internet one of the most important factors of information technology and communication has been the security of information. Everyday tons of data are transferred through the Internet through e-mail, file sharing sites, social networking sites etc to name a few. As the number of Internet users rises, the concept of Internet security has also gain importance. The fiercely competitive nature of the computer industry forces web services to the market at a breakneck pace, leaving little or no time for audit of system security, while the tight labour market causes Internet project development to be staffed with less experienced personnel, who may have no training in security. This combination of market pressure, low unemployment, and rapid growth creates an environment rich in machines to be exploited, and malicious users to exploit those machines.

1.2 Where Steganography & Cryptography fits in

Cryptography was created as a technique for securing the secrecy of communication and many different methods have been developed to encrypt and decrypt data in order to keep the message secret. Unfortunately it is sometimes not enough to keep the contents of a message secret, it may also be necessary to keep the existence of the message secret. The technique used to implement this, is called steganography. The word "Steganography" is of Greek origin and means "covered or hidden writing". The main aim in steganography is to hide the very existence of the message in the cover medium. Steganography and cryptography are counter parts in digital security the obvious advantage of steganography over cryptography is that messages do not attract attention to themselves, to messengers, or to recipients. Also, the last decade has seen an exponential growth in the use of multimedia data over the Internet. These include Digital Images, Audio and Video files. This rise of digital content on the internet has further accelerated the research effort devoted to steganography. The initial aim of this study was to investigate steganography and how it is implemented. Based on this work a number of common methods of steganography could then be implemented and evaluated. The strengths and weaknesses of the chosen methods can then be analysed. To provide a common frame of reference all of the steganography methods implemented and analysed used BMP images.


Page | 1


Page | 3

To make a steganographic communication even more secure the message can be encrypted before being hidden in the carrier. Cryptography and steganography can be used together. The random looking message which would result from encryption would also be easier to hide than a message with a high degree of regularity. Therefore encryption is recommended in conjunction with steganography.

1.3 Literature Survey 1.3.1 Information Security

In general, security denotes “the quality or state of being secure to be free from danger”. Security is classified into different layers depending on the type of content intended to be secured: Physical security: Defines the required issues that are needed to protect the physical data or objects from unauthorized intrusion. Personal security : It is defined as the security of the individuals who are officially authorized to access information about the company and its operations Operational security: It mainly relies on the protection of the information of a particular operation of the chain of activities. Communication’s security: The communication’s security encompasses the security issues regarding the organisation’s communication media, technology and content. Network security : The network security is responsible for safeguarding the information regarding the networking components, connections and contents. Information security: Information security is the protection of information and the systems and hardware that use, store, and transmit that information. Information security can be defined as measures adopted to prevent the unauthorized use or modification of use of data or capabilities .

1.3.2 Security Attacks

The data is transmitted from source to destination which is known as its normal flow as shown in figure 1. But the hackers might hack the network in order to access or modify the original data. These types of attacks are formally known as security attacks.


Page | 4

Figure 1. Normal Data Flow

A hacker can disrupt this normal flow by implementing the different types of techniques over the data and network in following ways. They are: Interruption Interception Modification Fabrication 







Interruption:

Interruption is an attack by which the hackers can interrupt the data before reaching the destination. This type of attack shows the effect on availability and usually destroys the system asset and makes the data unavailable or useless.


Page | 5

Figure 2. Interruption

Interception: Interception is one of the well known attacks. When the network is shared that is through a local area network is connected to Wireless LAN or Ethernet it can receive a copy of packets intended for other device. On the internet, the determined hacker can gain access to email traffic and other data transfers. This type of attack shows the effect on confidentiality of data.

Figure 3. Interception Modification: This refers to altering or replacing of valid data that is needed to send to destination. This type of attacks is done usually by unauthorized access through tampering the data. It shows effect on the integrity of the data.


Page | 6

Figure 4. Modification

Fabrication: In this type, the unauthorized user places data without the interface of source code. The hacker or unauthorized person inserts the unauthorized objects by adding records to the file, insertion of spam messages etc. This type of attack affects on the Authenticity of message.

Figure 5. Fabrication


Page | 7

There are many types of security attacks that will try to modify the original data. The main goal of any organisation / individual transmitting the data is to implement security measures which include – 1. Prevention 2. Detection 3. Response 4. Recovery Prevention : The security attacks can be prevented by using an encryption algorithm to restrict any unauthorized access to the encryption keys. Then the attacks on confidentiality of the transmitted data will be prevented. Detection: Using the intrusion detection systems for detection of unauthorized individuals logged onto a system and making the resources available to legitimate users. Response: Whenever the unauthorised attacks happen in the system, the security mechanisms can detect the process and the system can respond to make the data unavailable. Recovery : Recovery is the final approach if an attacker modifies the data or makes the data unavailable. The data can then be recovered by using backup systems, so that the integrity of the data shall not be compromised.

1.3.3 Analysis of various Steganographic Algorithms

Now that we are aware of the various types of security vulnerabilities, the main task of our project is to address these problems by some suitable method. We have selected Steganography in our project as it is comparatively new and we felt that it can have huge impact in the field of security.


Page | 8

Figure 6. Block Diagram for Steganography

Steganography supports different types of digital formats that are used for hiding the data. These files are known as carriers. Depending upon the redundancy of the object, suitable formats are used. Redundancy is the process of providing better accuracy for the object that is used for display by the bits of object. The main file formats that are used for steganography are Text, images, audio and video. We have implemented the text hiding in an image (BMP) in our project. For the purpose of developing a steganographic application we went through all the steganographic methods available and decided to select ‘Secret key Steganography’ for our project. All the methods are described in details below. Also we made an analysis of all the Steganographic algorithms available and compared them in terms of speed, quality of hiding and security. A detailed analysis of all the algorithms that we have studied is presented below. 1.3.3.1 Steganography Methods

The different types of steganographic techniques available are:


Page | 9

1. Pure Steganography 2. Public key Steganography 3. Secret key Steganography Pure Steganography : Pure Steganography is the process of embedding the data into the object without using any private keys. This type of Steganography entirely depends upon the secrecy. This type of Steganography uses a cover image in which data is to be embedded, personal information to be transmitted, and encryption decryption algorithms to embed the message into image. These types of steganography can’t provide the better security because it is easy for extracting the message if the unauthorised person knows the embedding method. It has one advantage that it reduces the difficulty in key sharing.

Figure 7. Pure Steganography process

Secret key Steganography: Secret key Steganography is another process of Steganography which uses the same procedure other than using secure keys. It uses the individual key for embedding the data into the object which is similar to symmetric key. For decryption it uses the same key which is used for encryption. This type of Steganography provides better security compared to pure Steganography. The main problem of using this type of steganographic system is sharing the secret key. If the attacker knows the key it will be easier to decrypt and access original information.

Figure 8. Secret key Steganography Process

Department of Information Technology (NEHU) 10

Page |

Public key Steganography: Public key Steganography uses two types of keys: one for encryption and another for decryption. The key used for encryption is a private key and for decryption, it is a ‘public key’ and is stored in a public database

Figure 9. Public key Steganography Process

We have implemented the ‘Secret Key Steganography’ technique in our project. The password shall be provided by the person who does the encryption and it has to be provided to decrypt the message from the image.

1.3.3.2 Steganography Algorithms

In our project we have done an in-depth analysis of three Steganographic algorithms in terms of ‘speed of action’, ‘quality of hiding’ and ‘security’. We have also implemented all the algorithms in our application. The user has the option to use any algorithm he seems fit for his task. The details of these algorithms are given below followed by a comparison chart between the three.

LSB algorithm:

LSB (Least Significant Bit) substitution is the process of adjusting the least significant bit pixels of the carrier image. It is a simple approach for embedding message into the image. The Least Significant Bit insertion varies according to number of bits in an image. For an 8 bit image, the least significant bit i.e., the 8th bit of each byte of the image is changed to the bit of secret message. For 24 bit image, the colours of each component like RGB (red, green and blue) are changed. LSB is effective in using BMP images since the compression in BMP is lossless. But for hiding the secret message inside an image of BMP file using LSB algorithm it requires a large image which is used as a cover. LSB substitution is also possible for GIF formats, but the problem with the GIF image is whenever the least significant bit is changed the whole colour palette will be changed. The problem can be avoided by only using the gray scale GIF images since the gray scale image contains 256 shades and the changes will be done gradually so that it will be very hard to detect. For Department of Information Technology (NEHU) 11

Page |

JPEG, the direct substitution of steganographic techniques is not possible since it will use lossy compression. So it uses LSB substitution for embedding the data into images. There are many approaches available for hiding the data within an image: one of the simple least significant bit submission approaches is ‘Optimum Pixel Adjustment Procedure’. The simple steps for OPA explain the procedure of hiding the sample text in an image.

Step1: A few least significant bits (LSB) are substituted with in data to be hidden. Step2: The pixels are arranged in a manner of placing the hidden bits before the pixel of each cover image to minimize the errors. Step3: Let n LSBs be substituted in each pixel. Step4: Let d= decimal value of the pixel after the substitution.

d1 = decimal value of last n bits of the pixel. d2 = decimal value of n bits hidden in that pixel. Step5: If (d1~d2)<=(2^n)/2

then no adjustment is made in that pixel. Else Step6: If(d1
d = d – 2^n. If(d1>d2) d = d + 2^n.

This ‘d’ is converted to binary and written back to pixel. This method of substitution is simple and easy to retrieve the data and the image quality better so that it provides good security. The encoder algorithm is as given below: 1: for i = 1, ..., len(msg) do 2:

p = LSB(pixel of the image)

3:

if p != message bit then

4:

pixel of the image = message bit


Page |

5:

end if

6: end for The encoding process shows that the entire algorithm can be implemented by writing just a few lines of code. The algorithm works by taking the first pixel of the image and obtaining its LSB value (as per line 2 of the Algorithm). This is typically achieved by calculating the modulus 2 of the pixel value. This will return a 0 if the number is even, and a 1 if the number is odd, which effectively tells us the LSB value. We then compare this value with the message bit that we are trying to embed. If they are already the same, then we do nothing, but if they are different then we replace the pixel value with the message bit. This process continues whilst there are still values in the message that need to be encoded The decoder algorithm is: 1: for i = 1, ..., len(image string) do 2:

message string = LSB (pixel string of the image)

3: end for The decoding phase is even simpler. As the encoder replaced the LSBs of the pixel values in c in sequence, we already know the order that should be used to retrieve the data. Therefore all we need to do is calculate the modulus 2 of all the pixel values in the stegogramme, and we are able to reconstruct m as m0 .The above Algorithm shows the pseudo code of the decoding process. Note that this time we run the loop for length of message instead of length of string. This is because the decoding process is completely separate from the encoding process and therefore has no means of knowing the length of the message. If a key were used, it would probably reveal this information, but instead we simply retrieve the LSB value of every pixel. When we convert this to ASCII, the message will be readable up to the point that the message was encoded, and will then appear as gibberish when we are reading the LSBs of the image data.

Hide & Seek:

The randomised approach to the Hide & Seek algorithm makes it possible to scatter the locations of the pixels that are to be replaced with the message data. The core of the encoding process is identical to that of the LSB algorithm described above. In fact, the two methods only differ in terms of how the image data is presented before the embedding process starts. For the randomised approach the image data c is usually shuffled using a Pseudo Random Number Generator (PRNG). This generator will take the image data and produce a shuffled version C according to Department of Information Technology (NEHU) 13

Page |

a seed k that is specified by the encoder. There will also be an inverse shuffle which takes C and returns the original order c when the same k is used. The pixel values of the image c are often shuffled before embedding such that the exact same encoding mechanism from above algorithm can be used. The values are then shuffled back to their original positions after embedding such that the image can be displayed properly for sending it across some communications channel to the recipient. A PRNG also has the advantage that it produces the same shuffle when the same data and the same seed are given back to it. This means that all we need is c and k at the decoding stage, and the same shuffle will be recreated so we can retrieve the message data successfully. The encoding algorithm below shows the pseudo code for the encoding process of the randomised Hide & Seek approach. Now we have line 1 that randomises the locations of each pixel before embedding the message data. In addition to this, we also have line 8 which returns the pixel locations back to normal when the embedding process has ended. The seed k acts as a key to the algorithm such that the same shuffle sequence can be generated when retrieving the hidden message. The output stegogramme s from this embedding approach will contain bits of the hidden message in seemingly random locations of the image. The encoding algorithm: 1: generate randomised sequence C using data c and seed k 2: for i = 1, ..., l(m) do 3: p == LSB(Ci) 4: if p != message bit then 5: ci == mi 6: end if 7: end for 8: generate original sequence c using data C and seed k Perhaps the most important aspect of note is that as we require k to identify the correct regions, the algorithm is much more secure than the sequential approach, as the sequence cannot be derived without it. The decoding algorithm: 1: generate randomised sequence S using data s and seed k 2: for i = 1, ..., l(s) do 3: mi == LSB(Si) 4: end for Sometimes, as a seed is already required to retrieve the message, the randomises approaches may go one step further and create a full key that also declares l(m). If this is the case, line 2 can be changed such that the loop runs for l(m) rather than l(s). Department of Information Technology (NEHU) 14

Page |

JSTEG algorithm:

JSteg algorithm is one of the steganographic techniques for embedding data into JPEG images. The hiding process will be done by replacing Least Significant Bits (LSB). JSteg algorithm replaces LSBs of quantized Discrete Courier Transform (DCT) coefficients. In fact, the JSteg algorithm only differs from the Hide & Seek algorithm because it embeds the message data within the LSBs of the DCT coefficients of c, rather than its pixel values. Before the embedding process begins, the image is converted to the DCT domain in 8x8 blocks such that the values of ci switch from pixel values to DCT coefficients. In order for the values to be presented as whole numbers, each 8x8 block is quantised according to a Quantisation Table Q. The result is where the embedding algorithm operates. An example of an 8x8 DCT block is shown in Figure 10. In this process the hiding mechanism skips all coefficients with the values of 0 or 1. This algorithm is resistant to visual attacks and offers an admirable capacity for steganographic messages. It has high capacity and had a compression ratio of 12%. JSteg algorithm is restricted for visual attacks and it is less immune for statistical attacks. Normally, JSteg embeds only in BMP images. In these BMP images, the content of the image is transformed into ‘frequency coefficients’ so as to achieve storage in a very compressed format. There is no visual attack in the sense presented here, due to the influence of one steganographic bit up to 256 pixels.


Page |

Figure 10. An example of an 8x8 sub-block of DCT coefficients.

We should also note the two types of coefficient that we see in every 8x8 block: DC, and AC. The value at the top left of each 8x8 block is known as the DC coefficient. It contains the mean value of all the other coefficients in the block, referred to as the AC coefficients. The DC coefficients are highly important to each block as they give a good estimate as to the level of detail in the block. Changing the value of the DC coefficient will also change many of the values of the AC coefficients, and this will create a visual discrepancy when the image is converted back to the spatial domain and viewed normally. For this reason, the JSteg algorithm does not embed message data over any of the DC coefficients for every block. In addition to this, the algorithm also does not permit embedding on any AC coefficient equal to 0 or 1. The encoding algorithm 1: convert image c to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(m) do 3: p == DCT(di) 4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d Department of Information Technology (NEHU) 16

Page |

6: end while 7: pi == ci mod 2 + mi 8: ci == pi 9: end for 10: convert each 8x8 block back to spatial domain The above algorithm provides the pseudo code for the encoding process of the JSteg algorithm. Line 4 shows that the algorithm avoids embedding on the DC coefficients, and also any AC coefficient equal to 0 or 1. Line 8 shows an alternative method for calculating the LSB value of the coefficient by using mod 2. The result is replaced with the value in mi. Again, no key is used for this algorithm. So long as the decoder knows that the embedding took place in the DCT domain, it will be capable of extracting the message successfully. The security of the JSteg algorithm therefore lies in the algorithm itself. As we noted before, the main difficulty of not using a key is when we try to determine l(s) when extracting the message. Without a key, it is impossible to know the length of the message to extract, so the loop is typically run for the entire duration of the image to ensure that the entire message is extracted. This is certainly the case for the JSteg algorithm as we will see in the decoding process. The decoder algorithm 1: convert image s to DCT domain d in 8x8 blocks 2: for i = 1, ..., l(s) do 3: p == DCT(di) 4: while p = DC or p = 0 or p = 1 do 5: p = next DCT coefficient from d 6: end while 7: mi == di mod 2 8: end for The decoding process functions by converting the stegogramme s to the DCT domain. It then avoids the same coefficient values that the encoding algorithm avoids, and retrieves the hidden message from the LSBs of all the other coefficients sequentially (line 7). The performance of the algorithms differs with the type of cover image or source on which the data is embedded. The comparison of these algorithms is tabulated below:

Steganographic algorithm

Speed

Quality of hiding


Security

Page |

LSB

High

Good

Medium

F5

Low

High up to 13.4%

Strong

JSteg

Moderate

Embedding capacity up to 12%

Less

1.3.4 Cryptographic Algorithms

The word cryptography is derived from two Greek words which mean ‘secret writing’. Cryptography is the process of scrambling the original text by rearranging and substituting the original text, arranging it in a seemingly unreadable format for others. Cryptography is an effective way to protect the information that is transmitting through the network communication paths. Cryptology is the science that deals about cryptography and cryptanalysis. Cryptography is the approach of sending the messages secretly and securely to the destination. Cryptanalysis is the method of obtaining the embedded messages into original texts. In general, cryptography is transferring data from source to destination by altering it through a secret code. The cryptosystems uses a plaintext as an input and generate a cipher text using encryption algorithm taking secret key as input.

The important elements in cryptosystems are:

Plain text: The plain text is an original piece of information that is needed to send information to the destination. Encryption algorithm: This is the main key to any cryptographic system. This encryption algorithm subjects the plain text to various substitutions and transformations. Secret key: The secret key is given by the user which will act as an input to the encryption algorithm. Based on this key, various substitutions and transformations on the plain text will differ.


Page |

Cipher text: This is the output generated by the encryption algorithm. The cipher text is the jumbled text. The cipher text differs with each and every secret key that has given to the encryption algorithm. Decryption algorithm : This is opposite to the ‘encryption algorithm’. It will acquire cipher text and secret key as an input and produce plain text as an output.

We know that cryptography can be used in conjunction with steganography. As such we have used two cryptographic algorithms to use in our project. Both are symmetric key algorithms and the keys are fixed by us to reduce the simplicity of the project.

Figure 10. General model of cryptographic algorithm

In our application when the user enters the text to be hidden, it is passed through these encryption algorithms first and then it is passed through the Steganographic algorithm which the user selected. The encryption algorithms are used in the hope that even if someone uses Steganalysis and discovers the algorithm we are using to perform steganography, he will still not be able to gain anything since the message will be encrypted. We have developed two algorithms to be used with our project which are both simple and efficient. Also we have used the XOR method to combine the encrypted text with the encrypted password which is then embedded into the message. These algorithms together with the XOR method are described in details below. Department of Information Technology (NEHU) 19

Page |

Algorithm 1

This algorithm was written and coded by us specifically for this project. The main advantage of this algorithm is that it provides the encrypted text the same size as the clear text. The pseudo code of the algorithm is given below:

The encryption algorithm: Step 1: Generate the ASCII value of the letter Step 2: Generate the corresponding binary value of it. [Binary value should be 8 digits e.g. for decimal 32 binary number should be 00100000] Step 3: Reverse the 8 digit’s binary number Step 4: Take a 4 digits divisor (>=1000) as the Key Step 5: Divide the reversed number with the divisor Step 6: Store the remainder in first 3 digits & quotient in next 5 digits (remainder and quotient wouldn’t be more than 3 digits and 5 digits long respectively. If any of these are less than 3 and 5 digits respectively we need to add required number of 0s (zeros) in the left hand side. So, this would be the cipertext i.e. encrypted text. Now store the remainder in first 3 digits & quotient in next 5 digits.

The decryption algorithm: Step 1: Multiply last 5 digits of the ciphertext by the Key Step 2: Add first 3 digits of the ciphertext with the result produced in the previous step Step 3: If the result produced in the previous step i.e. step 2 is not an 8-bit number we need to make it an 8- bit number Step 4: Reverse the number to get the original text i.e. the plain text


Page |

Example showing the above algorithm in action

Let, the character is ‘T’. Now according to the steps we will get the following: Step 1: ASCII of ‘T’ is 84 in decimal. Step 2: The Binary value of ‘84’ is 1010100. Since it is not an 8 bit binary number we need to make it 8 bit number as per the encryption algorithm. So it would be

01010100 Step 3: Reverse of this binary number would be

00101010 Step 4: Let 1000 as divisor i.e. Key Step 5: Divide 00101010 (dividend) by 1000(divisor) Step 6: The remainder would be 10 and the quotient would be 101. So as per the algorithm the ciphertext would be 01000101 which is ASCII ‘69’ in decimal i.e. ‘E’

01000101

To decode: Step 1: After multiplying 00101 (last 5 digits of the ciphertext) by 1000 (Key) the result would be

101000 Step 2: After adding 010 (first 3 digits of the ciphertext) with 101000 the result would be

101010 Step 3: Since 101010 is not an 8-bit number we need to make it

00101010 Department of Information Technology (NEHU) 21

Page |

Step 4: After reversing the number it would be 01010100 i.e. ASCII 84 in decimal i.e. ‘T’ as character which was the original text

01010100

Algorithm 2

Apart from the algorithm mentioned above, we have also used another encryption algorithm which is the Rail Fence Encryption cipher. This simple transposition cipher scrambles the letters of the plaintext (in our case the text encrypted through the above algorithm) without causing any change to the original characters. Example: If the string to be encrypted is suppose ‘Hello World’ then performing a depth-2 Rail Fence cipher will change it to ‘HloWrdel ol’ Algorithm 3

After the message and the password have passed through the ciphers described above they are XOR’ed together to form a single string. To perform XOR operation we find the ASCII value for both the text and the password and then perform binary XOR operation on them. After that we change it back again to String. Example: The XOR operation between the text ‘Hello World’ and password ‘12345’ gives us the following string: ‘yW_XZe\FYU’.

Only after the message has passed through these encryption parts are they embedded in the image using one of the steganography algorithm described above.

1.4 Applications of our project

1. Confidential communication and secret data storing 2. Protection of data alteration 3. Access control system for digital content distribution Department of Information Technology (NEHU) 22

Page |

4. Media Database systems

1.5 Proposed Solution Strategy

We have created a simple UI wherein the user has the ability to enter the text he wants to hide via a Textbox. After that he is given the opportunity to choose a picture which he wants to use as carrier image. The system has an inbuilt checker which will check if the image format (BMP in our case) is correct and if the image size is big enough to hide the text. Very small images (< 64*64) are not allowed to be imported. The user can then enter his password which he wants to use to encrypt the image. An additional confirm password box is created so that there is no typing mistakes. User can also choose to see the internal proceedings of the software (the encryption part) or he can choose a basic view for the application. For decrypting an image, a user simply has to choose the image which he wants to decode and provide the correct password. The decrypted text will then be shown to him. He will have the option to then save the text in an external text file. An extensive user manual is written for the help of the user.

2. SOFTWARE REQUIREMENT SPECIFICATION DOCUMENT (SRS):

2.1 Introduction 2.1.1 Purpose


Page |

We have chosen to use Steganography as our project as it is somewhat new in the field of security and we felt that it could have a huge impact in the future (if not already). The main purpose of our project is to create a user-friendly application which can solve the security concerns in message passing at least to some extent. 2.1.2 Definitions

All the definitions are explained in Appendix A.

2.2 Overall Description 2.2.1 Product Function

There is only one kind of user for our product. The general user will be able to perform all the operations on the product after installing the product on his machine. Microsoft .NET Framework 3.0 or higher is required to install the product. 2.2.2 User Characteristics

Any user with a little knowledge of computers and security will be able to operate our application. 2.2.3

Dependencies

The system only depends on the fact that Microsoft .NET Framework 3.0 or higher is installed. Also BMP images of reasonable size are required to carry out Steganography.

2.3 Functional Requirements 2.3.1 Use Case Diagram


Page |

2.3.2 Use Case Case Specification Specification •

•

•

Primary actor: The general targeted audience are the only primary users for our system. Pre condition: Microsoft .NET framework 3.0 is installed. The user has to import an image and has to provide the text. Main Scenarios: There are a number of main scenarios in our project. 1. Import Import an image image for encryp encryptio tion. n. 2. Import Import an image image for decryp decryptio tion. n. 3. Choose Choose betw between een the the basic basic and the the advance advanced d view. view. 4.

The user user can can see a detai detailed led help help file file in .chm .chm form format. at.


Page |

5. Save Save decry decrypte pted d file file in in a textbo textbox. x. 6. Clear Clear the the boxes boxes for new encryp encryptio tion. n. 2.3.3 Performance Performance Requirements

A comp comput uter er runn runnin ing g Wind Window owss XP/V XP/Vis ista ta/7 /7 is requ requir ired ed for for the the application to run. Microsoft .NET Framework 3.0 or higher is required. A keyboard or a mouse is required to operate the application.

2.4 Non Functional Requirements 2.4.1 Performance

The The embe embedd dded ed imag imagee gene genera rated ted shou should ld not not cont contai ain n any any distor distortio tion. n. Also the applic applicati ation on should should be secure secure to statist statistical ical and compar compariso ison n steganalysis. 2.4.2 Reliability

The product should not crash under any circumstance such as user entering invalid values, user trying to load unsupported files etc. It should show appropriate message for every user generated message. 2.4.3 Portability

Our product will be portable to carry and will run in any machine provided it runs a Windows Operating System. We have created an installer which compiles all files into a single executable (.msi). Only this file is required to successfully install the application on any computer.

2.5 Data Flow Diagrams

Data flow diagrams are the basic building blocks that define the flow of data in a system to the particular destination and difference in the flow when any transformation happens. It makes whole procedure like a good document and makes simple simplerr and easy to underst understand and for both both progra programme mmers rs and non-pr non-progr ogramm ammers ers by dividing into the sub process. The The data data flow flow diag diagra rams ms are are the the simp simple le bloc blocks ks that that reve reveal al the the relatio relationsh nship ip betwee between n variou variouss compon component entss of the system system and provid providee high high level level overview, boundaries of particular system as well as provide detailed overview of system elements. Department of Information Technology (NEHU) 26

Page |

The data flow diagrams start from source and ends at the destination level i.e., it decomposes from high level to lower levels. The important things to remember about data flow diagrams are: it indicates the data flow for one way but not for loop structures and it doesn’t indicate the time factors. This section reveals about the data flow analysis which states about data that have been used, classification of data flow diagrams based on their functions and the other different levels used in the project. Data flow processes:

It will define the direction i.e., the data flow from one entity to another entity. Process:

Process defines the source from where the output is generated for the specified input. It states the actions performed on data such that they are transformed, stored or distributed. Data store:

It is the place or physical location where the data is stored after extraction from the data source. Source:

It is the starting point or destination point of the data, stating point from where the external entity acts as a cause to flow the data towards destination 2.5.1 Level 0 Data Flow Diagram

‘DFD level 0’ is the highest level view of the system, contains only one process which represents whole function of the system. It doesn’t contain any data stores and the data is stored with in the process. For constructing DFD level 0 diagram for the proposed approach we need two sources one is for ‘source’ and another is for ‘destination’ and a ‘process’.


Page |

Figure 11. Level 0 Data Flow Diagram

DFD level 0 is the basic data flow process, the main objective is to transfer the data from sender to receiver after encryption. 2.5.2 Level 1 Data Flow Diagram


In this data flow diagram, the secret data is sent to the encryption phase for embedding the data into the image for generating the carrier image. In the next phase the carrier image is sent to the decryption phase through the transmission phase. The final phase is the decryption phase where the data is extracted from the image and displays the original message.

2.5.3 Level 2 Data Flow Diagram


Page |

The image and the text document are given to the encryption phase. The encryption algorithm is used for embedding the data into the image. The resultant image acting as a carrier image is transmitted to the decryption phase using the transmission medium. For extracting the message from the carrier image, it is sent to the decryption section. The plain text is extracted from the carrier image using the decryption algorithm.


2.6 Activity Diagram


Page |

Figure 14. Activity Diagram

The sender sends the message to the receiver using three phases. Since we are using the steganographic approach for transferring the message to the destination, the sender sends text as well as image file to the primary phase i.e., to encryption phase. The encryption phase uses the encryption algorithm by which the carrier image is generated. The encryption phase generates the carrier image as output. The carrier image is given as input to the next phase i.e., to decryption phase. The decryption phase uses the decryption algorithm for decrypting the original text from the image so that the decryption phases generate plain text. The plain text is then sent to the receiver using the transmission media.


Page |

3. DESIGN STRATEGY 3.1 Overview

The software development portion of this project focuses on an implementation of most of the steganographic techniques as described in Part I. This means that the end-product will provide a means for its users to embed a message within animage using one of several different steganographic algorithms This chapter provides details of the aims and objectives of the development portion of the project, and also discusses the methodologies and design principles that were considered whilst building the system. 3.2 Intentions & Considerations

The end-product is intended to aid an education in the fields of steganography. As the range of end-user can range from a complete novice to a more advanced user


Page |

(in terms of their prior knowledge in the research area), the end-product will provide a Graphical User Interface (GUI) in order to accommodate all user types. By developing the functions such that they are self-contained, it is possible that they can be used in association with an external bulk processing function in order to obtain results from a wide selection of source images very quickly. If this can be achieved successfully, the system will not only appeal to students who wish to learn more about steganography, it will also mean that the tools are useful for steganalysis in a more active capacity. Subsequently, whilst the main focus was on producing a good user interface for each of the functions, attention was also paid to ensuring the longevity of the system as a whole. Also, by developing the functions in this manner, it means that new functions can easily be added that can operate alongside the existing functions. Thus, over time, the system has the potential to be highly desirable in the field of steganalysis. 3.3 Development Tools

We have chosen to use Microsoft .NET to build this application. Microsoft .NET is a framework developed by Microsoft in the year 2002. The main aim of the .NET framework is to build web and user interactive GUI (Graphical User Interface) applications. The Windows forms web application classes that are used for creating new windows form based applications. Microsoft .NET is a user friendly language which helps us build the required web application easily. So, we preferred using the .NET framework over the other enterprise frameworks. Some features of .NET are : .NET framework acts as a common platform for building, organising, and running web applications and web services. 



.NET has common libraries like ASP.NET, ADO.NET and Windows Forms.



.NET supports multiple languages like C, C#, Visual Basic, Jscript.

.NET is a user friendly language and is easy to learn compared to other languages for example JAVA because in .NET the coding is very easier. 



.NET supports additional data sources of ADO.NET like Oracle and ODBC.

Using .NET platform we can build web applications as required, the applications are highly secure because it uses access control lists and security identifiers. 


Page |

One of the main important sections of Microsoft .NET environment is CLR. The Common Language Runtime (CLR) is heart to .NET framework. 

CLR is same as JVM (JAVA Virtual Machine) in .NET, .NET program runs only on platforms that support CLR. 

Now, in this project we have chosen Microsoft .NET platform for building this Windows based steganographic application. The main components of .NET which used in this project are Visual Basic 2008. 3.4 Visual Basic

Visual Basic is the one of the component in Microsoft Visual studio which works similar to Visual C#. Creating applications using Visual Basic is easier compared to the JAVA. In order to create the application, we need to use the designer tool and tool box so that required tool like radio button, text boxes etc., can be placed. 

After designing the next phase is to relate them with specified functions. This can be done using Visual Basic coding. 



The coding can be done by double clicking in the elements on the designer tool.

The program or code which is written using VB language is saved with “.vb” extension. 

The code can be compiled using “Debug” option. When we click on debug option the .NET architecture creates the class file. 

After creation of class file, Common Language Runtime (CLR) converts the class file into the machine language that is compatible with the hardware since CLR supports cross-language integration. 



The code as such can be compiled on any other operating system.

Microsoft visual studio provides a bunch of tools for creating Windows as well as web applications. 

3.5 Features of the proposed method

In this project, the proposed method should provide better security when transmitting or transferring the data or messages from one end to another. The main Department of Information Technology (NEHU) Page | 33

objective of the project is to hide the message or a secret data into an image which further act as a carrier of secret data and to transmit to the destination securely without any modification. If there are any perceivable changes when we are inserting or embedding the information into the image or if any distortions occur in the image or on its resolution there may be a chance for an unauthorised person to modify the data. So, the data encryption into an image and decryption and steganography plays a major role in the project. The three important sections in the project are: Encryption: Encryption is done to provide an extra security level to our application. Even if the secret is compromised and someone came to know that there is some secret data in the image, he still cannot view it because of the encryption. 

Steganography: The steganography part is done using the algorithms described above. The main feature of steganography is that the picture should not be distorted and the size of the original image to the modified image should remain the same. 

Decryption: The decryption part is completely opposite to the encryption part described above. It requires the user to provide a correct password and the data in the image will decrypted. 

3.6 Interface Screenshots

The GUI for our software has been kept simple so that every user ranging from the novice to the most advanced can use it with no difficulty. There is very little scope for error for the user since all actions are monitored and all errors are reported. The software is also very fast and does the steganography typically within 2 seconds. Since we use only BMP files for our project, if a user tries to import any other file type he is prompted of his error. All the aspects of our interface are described using snapshots in the next few pages. 3.6.1 The main interface


Page |

Figure 15. The main Interface of our software

As we can see the interface is very simple and self explanatory. There are three menu buttons, a combo box to select the steganography algorithm, a textbox to write the text that the user wants to hide, a button to import the image, textboxes to provide the password and finally a button to perform steganography. All these functions are shown subsequently in the next screenshots.

3.6.2 When file is clicked


Page |

Figure 16. After file is clicked

As we can see, clicking the file menu strip gives us two options. The new strip and the exit strip. The new strip basically returns the software interface to its initial stage and releases any text copied to the clipboard. It also clears up any operation which is half done. It is basically used when a user has performed a steganography operation before and wants a clear board to perform an operation again. Clicking the exit menu strip exits the software and releases any memory that the software has been consuming. If any operation is not completed it asks for a confirmation before exiting.

3.6.3 When Action is clicked


Page |

Figure 17. After Action is clicked

Clicking action on the menu strip gives us four new options. It allows us to Decrypt a File which is explained later in details. The Advanced View strip allows us to choose between two different views for the software. The basic view does not show the encryption operations to the user.

Figure 18. Basic View for our software


Page |

The basic view may help some novice users from going into the details of the software and use it as provided. After decryption has been carried out, the user can choose to keep the decrypted plain text file in a text file for later use. The file will be saved in .txt format which can be opened by any file editor such as ‘notepad’. The user has to type in the file name and choose a location to save the text file. The snapshot is given below.

Figure 19. The ‘Save As’ window

The View Image strip helps us to view the selected image in a bigger window (after steganography has been performed) so as to locate any distortions in the image. The snapshot is given below.


Page |

Figure 20. Viewing the image in a bigger window

3.6.4 When help is clicked

Figure 21. After clicking the help strip


Page |

It gives us the option to View Help and also gain some information about the developers by clicking the About strip. The help file has been done in .chm format which provides easy navigation and easy search to any particular section as desired. A snapshot is given below.

Figure 22. The help file

The About strip gives general description on the developers. The snapshots are given below.


Page |

Figure 23. The about box

Figure 24. The detailed About Box 3.6.5 The encryption process

At first we have to select the Steganography algorithm from the list of the available algorithms. After that we have to write the text we want to hide in the textbox provided. After the text has been written we can press the Select your Image button to bring up the image selection window. The snapshot is given below.


Page |

Figure 25. The Open File window If a BMP image of sufficient size is selected then the user can proceed to the next step. Otherwise there will be an error window displayed. All the possible error windows are shown below.

Figure 26. Error window on choosing an extension other than BMP


Page |

Figure 27. Error on selecting a very small image (less than 64*64)

After an image file with the correct extension is chosen, he can enter the password to encrypt the image with. Again if there are errors while providing the password error windows are presented. All the possible error windows are shown below.

Figure 28. Selecting a password less than 4 characters


Page |

Figure 29. If the values of the Enter Password & Confirm Password does not match then this error is shown.

If a correct set of password are provided Steganography operation is carried out and we are provided with the following window.


Page |

Figure 30. After Steganography has been successfully performed

3.6.6 The decryption process

When we want to decrypt a file we select the Decrypt A File option from the menu bar which provides us with the following screen.

Figure 31. After Decrypt has been clicked.

Now we are provided with a window to select the image which we want to decrypt. Again if we select an improper image, the errors as shown above will be repeated. The screenshot is given below.


Page |

Figure 32. Select a file for decryption

After an image has been selected we are prompted to enter a password through an information box. The screenshot is given below.

Figure 33. The enter password dialog box


Page |

If a wrong password or a clean image is chosen before, we are provided with the following error messages.

Figure 34. Upon entering a wrong password


Page |

Figure 35. If the image selected does not have any Steganographic content.

If the correct password and the correct image are chosen the decrypted text is shown in the textbox in the centre. The user can then choose to save the text in a text file. The snapshot is given below.

Figure 36. The decrypted file


Page |

4. TEST PLAN 4.1 Introduction

Testing defines the status of the working functionalities of any particular system. Through testing particular software one can’t identify the defects in it but can analyse the performance of software and its working behaviour. By testing the software we can find the limitations that become the conditions on which the performance is measured on that particular level. In order to start the testing process the primary thing is requirements of software development cycle. Using this phase the testing phase will be easier for testers. The capacity of the software can be calculated by executing the code and inspecting the code in different conditions such as testing the software by subjecting it to different sources as input and examining the results with respect to the inputs. After the designing phase, the next phase is to develop and execute the code in different conditions for any errors and progress to the developing phase. Without testing and execution, the software cannot be moved to the developing phase. There are two types of testing. The functional testing , which defines the specified function of a particular code in the program. This type of testing gives us a brief description about the program’s performance and security in the various functional areas. The other type of testing is non-functional testing . Non-functional testing defines the capabilities of particular software like its log data etc. It is opposite to functional testing and so will not describe the specifications like security and performance. The performance of the particular program not only depends on errors in coding. The errors in the code can be noticed during execution, but the other types of errors can affect the program performance like when the program is developed based on one platform that may not perform well and give errors when executed in different platform. So, compatibility is another issue that reduce the software performance. The code tuning helps us in optimising the program to perform at its best utilizing minimal resources possible under varied conditions. 4.2 Aim of Testing


Page |

The main aim of testing is to analyse the performance and to evaluate the errors that occur when the program is executed with different input sources and running in different operating environments. In this project, we developed a steganographic application based on Microsoft Visual Studio which focuses on data hiding based on various algorithms. The main aim of testing in this project is to find the compatibility issues as well as the working performance when different sources are given as the inputs. 4.3 Test Cases

Tests have been performed throughout the implementation of the application. When the tests have found an error, the problem was found and resolved. The following tests cases were done after the system was “completed”.

4.3.1 Start up Screen Display

Test #

Description

Expected Outcome

As Expected

Open The software 4.3.1.1

The software will be loaded up as intended. There are no glitches or anomalies.

Yes

4.3.1.2

File > New

The required interface will appear. If any operation was half done a confirmation box will pop up

Yes

Action > Decrypt

The decryption screen will appear and the option to select an image will appear

Yes

4.3.1.3

1. If it is checked the advanced view for the software will appear 4.3.1.4

Action > Advanced View

Yes 2. If it is unchecked, the basic view for the software will appear

4.3.1.5

Action > Save text as a file

An option to save the decrypted file in an external text file will appear. If there is no text in the box then a pop up will show.


Yes

Page |

4.3.1.6

4.3.1.7

Action > View image

Image will be shown in a new window. If no file was encrypted when this button was pressed, then no action will be taken

Yes

File > Exit

If any operation was half done ask for confirmation otherwise close the application

Yes

4.3.2 For Encryption

Test #

Description

Expected Outcome

As Expected

4.3.2. 1

Click on New to start encryption

The required interface will appear. If any operation was half done a confirmation box will pop up

Yes

4.3.2. 2

Select the algorithm to be used from the combo box

Selected algorithm will be displayed in the combo box

Yes

4.3.2. 3

Enter the text to be hidden from the keyboard

Textbox will be filled with the text

Yes

4.3.2. 4

Select the image from the hard drive by clicking the picture box

Image will be selected if there are no errors while selecting. In case of any error an appropriate pop up will be displayed

Yes

4.3.2. 5

A password is required and it also needs to be confirmed.

Accept the password if there are no errors else pop an error window

Yes

4.3.2. 6

Click on the “Perform the Steganography”

The operations will be performed and it will be shown in the text boxes (in case of advanced view)

Yes

View the Image in a different window

The image will be displayed in a different window if steganography has been successfully performed on it.

Yes

4.3.2. 7


Page |

4.3.2. 8

After step 4.3.2.1 click the basic view interface and continue with the steps.

The operations will be performed in a similar manner

Yes

4.3.3 For Decryption

Test #

Description

Expected Outcome

As Expected

4.3.3. 1

Click on the action button

Four file menu will be shown

Yes

Click on the decrypt button

The decryption screen will appear and the option to select an image will appear

Yes

Select an Image File for Decryption

Image will be selected if there are no errors while selecting. In case of any error an appropriate pop up will be displayed. Also a pop up for entering the password will appear

Yes

4.3.3. 4

After entering the password

If the correct password is entered the image is decrypted otherwise an error message is popped. After decryption the plain text is shown in the textbox provided.

Yes

4.3.3. 5

User clicks the ‘Save Text’ button

An option to save the text in an external file will appear.

Yes

4.3.3. 2

4.3.3. 3


Page |

5. USER DOCUMENTATION 5.1 Welcome to steganography 5.1.1 What is Steganography:

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos (στεγανός) meaning "covered or protected", and graphei (γράφη) meaning "writing". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves .Plainly visible encrypted messages—no matter how unbreakable—will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Department of Information Technology (NEHU) 53

Page |

Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic coding inside of a transport layer, such as a document file, image file, program or protocol. Media files are ideal for steganographic transmission because of their large size. As a simple example, a sender might start with an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not specifically looking for it is unlikely to notice it. 5.2 Getting Started: 5.2.1 Install / Uninstall Steganography

Steps to Install: 1. Copy the setup file . 2. Run the setup file and select the directory where to install it. Steps to Uninstall: 1. Go to Control Panel

Add or Remove Programs.

2. Right click on the Steganography and click Uninstall. 5.3 How to use the software

Encrypt a file:

•

First select the algorithm for hiding the data from the combo box whether to select “LSB”, or “F5” or “Hide and Seek”.

•

Then enter your text to be hidden in the given text box.

•

Select the image to be used to hide the text by clicking the Select button and browsing the image from the directory.

•

Give a password for encryption.

•

Click the “Perform Steganography” button to hide the text within the image.

•

The result will be shown in the “Image with your Text” picture box.


Page |

Decrypt a file:

•

Start the “Hide Your Secret” executable file.

•

Click on option

•

After clicking the option four submenu options appears

•

Select the Decrypt option

•

A directory will be shown,

•

Select your image file to be decrypted.

•

The selected image will be shown in the “selected image” picture box.

•

Give the correct password and confirm password

•

Click the “Perform Steganography” button to decrypt the image

•

The encrypted text will be shown to the user in the text box

5.4 Menus for operating the software “Hide Your Secret”

File Menu: New: To encrypt a new text click File  New Exit: To close the application click on the Exit FileExit Action Menu: Decrypt: To decrypt an image file click ActionDecrypt. Advanced view: To switch the application interface between regular and advanced mode click on the Advanced New menu. Department of Information Technology (NEHU) 55

Page |

ActionAdvanced New

Save Text As File: To save the Text as file click on save text as file and it will show the directory where to save the file. ActionSave Text as File View Image: To view the image click on “View Image” ActionView Image. Help Menu: View Help: To view the detail help of the application click on the View Help HelpView Help About: To see the details of the developers click on About. Project Members: Firoz Ahmed Choudhury. Hriday Das. Pranjal Bharali. Trinayan Chakraborty. Contact Information: Email Id: [email protected] Phone Number:+918011284486

6. RESULTS AND CONCLUSION 6.1 Result


Page |

The Stegenographic schemes which were present for more than 1000 years were studied and analyzed in details in this report. Various algorithms were analyzed, compared and implemented. For designing the steganographic application, we worked on different phases like encryption, decryption and data transmission. An application for sending the personal data securely to the destination has been developed successfully. The design phase is the primary phase, which gives a brief idea about the different levels used for developing an application with the help of block diagrams. The software is designed in a user friendly manner. So, it is simple to use for developing a prototype of the application. The most important phase in the project is the execution phase. The execution phase is developed with the help of design phase. For executing the application, we worked on two sections: one is encryption and another is decryption. As we designed the program using .NET platform, the next part is debugging the program. We faced some problems when writing the code, but at last we were successful in executing the program without errors. We used different approaches for testing the application, which helped us to know about the limitations. In this project we mainly concentrated on embedding the data into an image. We have designed the steganographic application which embedded the data into the image. Normally, after embedding the data into the image, the image may lose its resolution. In the proposed approach, the image remains unchanged in its resolution as well in size. The speed of embedding the data into the image is also high in the proposed approach such that the image is protected and the data to the destination is sent securely. For the decryption phase, we have used the same .NET programming language for the purpose of designing. We have used security keys like personal password for protecting the image from unauthorized modification, which improved the security level. We have chosen image steganography because it is simple to use and its user friendly application. There are many applications for image hiding but the proposed approach is created using Microsoft .NET frame work which is easier for coding and the performance is better compared to other languages.

6.2 Conclusion


Page |

In the present world, the data transfers using internet is rapidly growing because it is so easier as well as faster to transfer the data to destination. So, many individuals and business people use to transfer business documents, important information using internet. Security is an important issue while transferring the data using internet because any unauthorized individual can hack the data and make it useless or obtain information un- intended to him. The proposed approach in this project uses a new steganographic approach called image steganography. The application creates a stego image in which the personal data is embedded and is protected with a password which is highly secured. The main intention of the project is to analyze the various steganography algorithms and develop a steganographic application using those algorithms such that it provides good security. The proposed approach provides higher security and can protect the message from stego attacks. The image resolution doesn’t change much and is negligible when we embed the message into the image and the image is protected with the personal password. So, it is not possible to damage the data by unauthorized personnel. This project gave us good experience in dealing with the data security issues in theoretical as well as in technical domain and in .NET programming as we used Microsoft visual studio for designing steganographic application. We did the project in satisfactory level with the help and good guidance from our supervisor Mr. A.K. Maji. The major limitation of the application is designed for bit map images (.bmp). It accepts only bit map images as a carrier file, and the compression depends on the document size as well as the carrier image size. . 6.3 Future Work

The future work on this project will be to improve the compression ratio of the image to the text. This project can be extended to a level such that it can be used for the different types of image formats like .bmp, .jpeg, .tif etc., in the future. Further work could include developing a YASS (Yet Another Steganographic Scheme) and strong encryption algorithms like AES or DES.


Page |

Further the GUI can be refined and made more user friendly. Also a command line version can be developed for this application so that it will suit the more experienced users.


Page |

REFERENCE

1] Alfred J, M et al ., 1996. Hand book of applied Cryptography . First edition. 2] Bloom,J. A. et al., 2008. Digital watermarking and Steganography. 2nd edition. 3] A. Westfeld. "F5 - A Steganographic Algorithm: High Capacity Despite Better Steganalysis", Lecture Notes in Computer Science, vol. 2137, pp. 289-302, 2001. 4] X. Yu, Y. Wang, and T. Tan , "On Estimation of Secret Message

Length in JSteglike Steganography", Proceedings of the 17th International Conference on Pattern Recognition, vol. 4, pp. 673-676, 2004. 5] Q. Weiwei, G. Yanqing, and K. Xiangwei . "JPEG Quantization-Distribution Steganalytic Method Attacking JSteg", International Journal of Computer Science and Network Security, vol. 6, pp. 192-195.

6] Bandyopadhyay, S.K ., 2010. An Alternative Approach of Steganography Using Reference Image. International Journal of Advancements in Technology, 1(1), pp.05-11. 7] www.ijcaonline.org/journal/number15/pxc387502.pdf 8] S. William, Cryptography and Network Security: Principles and Practice, 2nd edition, Prentice-Hall, Inc., 1999 pp 23-50 9] http://www.jjtc.com/pub/r2026.pdf 10]

Hide & Seek: An Introduction to Steganography: Niles Provos and Peter Honey man, IEEE Security & Privacy Magazine, May/June 2003.

11] Image Compression and Discrete Cosine Transform - Ken Cabin and Peter Gent, Math 45 College of the Redwoods,1998 12] Steganography Primer - Ruid, Computer Academic underground, 2004 13] Artz, D., “Digital Steganography: Hiding Data within Data”, IEEE Internet Computing Journal, June 2001 14] Owens, M., “A discussion of covert channels and steganography”, SANS Institute, 2002 Department of Information Technology (NEHU)

15] Petitcolas, F.A.P., Anderson, R.J. & Kuhn, M.G ., “Information Hiding – A survey”, Proceedings of the IEEE, 87:07, July 1999

ii 16] Bender, W., Gruhl, D., Morimoto, N. & Lu, A ., “Techniques for data hiding”, IBM Systems Journal, Vol. 35, 1996 17] Jamil, T., “Steganography: The art of hiding information is plain sight”, IEEE Potentials, 18:01, 1999. 18] Currie, D.L. & Irvine, C.E., “Surmounting the effects of lossy compression on Steganography”, 19th National Information Systems Security Conference, 1996 19] Artz, D., “Digital Steganography: Hiding Data within Data”, IEEE Internet Computing Journal , June 2001 20] Anderson, R.J. & Petitcolas , F.A.P., “On the limits of steganography”, IEEE Journal of selected Areas in Communications, May 1998 21] http://www.devx.com/projectcool/Article/19997 22] Glenford et al., 2004. The art of software testing. 2nd edn, pg no. 183, john wiley. Hellman, M.E., 2002. An overview of public key cryptography . IEEE comm. 23] M. Naor and A. Shamir , “Visual cryptography,” in Advances in Cryptology: EUROCRYPT ’94 (A. De Santis, ed.), vol. 950 of Lecture Notes in Computer Science, pp. 1–12, Springer, 1995. 24] O. Goldreich, Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. 25] www.zurich.ibm.com/~cca/papers/encyc.pdf 26] www.infosecwriters.com/text_resources/pdf/steganographyDTEC6823.pdf 27] www. paper.ijcsns.org/07_book/201008/20100825.pdf 28] www.scribd.com/doc/... /Internet & Technology 29] www.computing.surrey.ac.uk/personal/st/H.Schaathun/.../phil-msc.pdf 30] www.jiit.ac.in/jiit/ic3/IC3_2008/IC3-2008/APP2_21.pdf


31] www.scribd.com/doc/.../Steganography-View 32] Amirthanjan,R. Akila,R & Deepikachowdavarapu, P., 2010. A Comparative Analysis of Image Steganography, International Journal of Computer Application, 2(3), pp.2-10. 33] Chan, C.K. Cheng, L.M., 2004. Hiding data in images by simple lsb substitution: pattern recognition.vol 37. Pergamon. 34] Kahate, A., 2008. Cryptography and network security. 2nd ed. Mc Graw-hill. 35] Kevin, H., 2006. Microsoft Visual Basic 2005 unleashed. 4th edn, SAMS. 36] D. Fu, Y. Shi, D. Zou, and G. Xuan. "JPEG Steganalysis Using Empirical Transition Matrix in Block DCT Domain", IEEE: 8th Workshop on Multimedia Signal Processing 2006, pp. 310-313, 2006. 37] M. Halvorson,. Visual basic 2008, Step by Step. 38] Evangelos Petroutsos and Mark Ridgeway,: Mastering Microsoft Visual Basic 2008 39] Rod Stephens,: Visual Basic 2008-Programmers Reference. 40] Microsoft MSDN help.


APPENDIX A

Steganography: It is the process of hiding digital data (text, image, audio or video) within another digital data (text, image, audio or video). Steganography Algorithms: These are the techniques by which we can hide a media within another media. Steganalysis: Steganalysis is the art and science of detecting messages hidden using steganography; this is analogous to cryptanalysis applied to cryptography. Cryptography: It is the process of encrypting a media so that it is not possible to understand without decrypting. Internet Security: Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. Different methods have been used to protect the transfer of data, including encryption. Security Attacks: The data is transmitted from source to destination which is known as its normal flow. But the hackers might hack the network in order to access or modify the original data. These types of attacks are formally known as security attacks. .NET Framework: The .NET Framework (pronounced dot net ) is a software framework that runs primarily on Microsoft Windows. It includes a large library and supports several programming languages which allow language interoperability (each language can use code written in other languages). The .NET library is available to all the programming languages that .NET supports. Programs written for the .NET Framework execute in a software environment (as contrasted to hardware environment), known as the Common Language Runtime (CLR), an application virtual machine that provides important services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework. Visual Basic: Visual Basic (VB) is the third-generation event-driven programming language and integrated development environment (IDE) from Microsoft for its COM programming model. Visual Basic is relatively easy to learn and use. Visual Basic


iii

was derived from BASIC and enables the rapid application development (RAD) of graphical user interface (GUI) applications, access to databases using Data Access Objects, Remote Data Objects, or ActiveX Data Objects, and creation of ActiveX controls and objects. Scripting languages such as VBA and VBScript are syntactically similar to Visual Basic, but perform differently. Graphical User Interface: It is a type of user interface that allows users to interact with electronic devices with images rather than text commands. GUI s can be used in computers, hand-held devices such as MP3 players, portable media players or gaming devices, household appliances and office equipment. A GUI represents the information and actions available to a user through graphical icons and visual indicators such as secondary notation, as opposed to text-based interfaces, typed command labels or text navigation. The actions are usually performed through direct manipulation of the graphical elements. Common Language Runtime (CLR): The Common Language Runtime (CLR) is a special run time environment that provides the underlying infrastructure for Microsoft's .NET framework. This runtime is where the source code of an application is compiled into an intermediate language called CIL, originally known as MSIL (Microsoft Intermediate Language). When the program is then run, the CIL code is translated into the native code of the operating system using a just-in-time (JIT) compiler. Discrete Cosine Transformation: A discrete cosine transform (DCT) expresses a sequence of finitely many data points in terms of a sum of cosine functions oscillating at different frequencies. DCTs are important to numerous applications in science and engineering, from lossy compression of audio (e.g. MP3) and images (e.g. JPEG) (where small high-frequency components can be discarded), to spectral methods for the numerical solution of partial differential equations. The use of cosine rather than sine functions is critical in these applications: for compression, it turns out that cosine functions are much more efficient (as explained below, fewer are needed to approximate a typical signal), whereas for differential equations the cosines express a particular choice of boundary conditions. XOR Operation: In cryptography, the simple XOR cipher is a simple encryption algorithm that operates according to the principles: A

0 = A,

A

A = 0,

(A

B)

C=A

(B

C),

(B

A)

A=B

0 = B,


image steganography

Recommend Documents