1. INTRODUCTION 1.1 INTRODUCTION:Information security (sometimes shortened to InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless o f the form the data may take (electronic, physical, etc... )[1]
Below are the fundamentals when dealing with information security: IT Security = Sometimes referred to as computer security, Information Technology Security is information security when applied to technology (most often some form of computer system). Information Assurance = The act of ensuring that data is not lost when critical issues arise. T hese issues include but are not limited to; natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost.
Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business' customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to negative consequences. Protecting confidential information is a business requirement, and in many cases also an ethical and l egal requirement. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved evolved significantly in recent years. In the project we study about and apply algorithms related to an important part of information security, steganography using both image and text as a cover cover medium.
i
1.2 NECESSITY:One of the reasons that intruders can be successful is t he most of the information they acquire from a system is in a form that they can read and comprehend. Intruders may reveal the information to others, modify it to misrepresent an individual or organization, or use it to launch an attack. One solution to this problem is, through the use of steganography. Steganography is a technique of hiding information in digital media. In contrast to cryptography, it is not to keep others from knowing the hidden information but it is to keep others from thinking that no information even exists. Steganography became more more important as more people joined the cyberspace revolution. revolution. On a more general sense, steganography is the art of concealing information in ways that prevents even the detection of hidden messages. Steganography includes an array of secret communication methods that keeps the message from being seen or discovered. Due to advances in computing, networking and internetworking most of information is kep t electronically. Consequently, the security of information has become a fundamental issue. Besides cryptography, steganography can be employed to secure information in the next level. In steganography, the message or encrypted message is embedded in a digital host before passing it through the network, thus the existence of the message is unknown. Besides hiding data for confidentiality, this approach of information hiding can be extended to authentication i.e., copyright protection for digital media: audio, video and images. The growing possibilities of modern communications need the special means of security especially on computer network. The network security is becoming more important as the number of data being exchanged on the internet increases. increases. Therefore, the confidentiality and data integrity are requires to protect against unauthorized access and use. This has resulted in an explosive growth of the field of information hiding. Information hiding is an emerging research area, which encompasses applications such as copyright protection for digital media, watermarking, watermarking, fingerprinting, and steganography. In watermarking applications, the message contains information such as owner identification and a digital time stamp, which usually applied for copyright protection. Fingerprint, the owner of the data set embeds a serial number that uniquely identifies the user of the data set. This adds to copyright information to makes it poss ible to trace any unauthorized used of the data set back to the user. Steganography Steganography hide the secrete message within the host data set and makes it‟s presence imperceptible and is to be reliably communicated to a receiver. The host data set is p urposely corrupted, but in a covert way, designed to be invisible to an information analysis.
ii
1.2 NECESSITY:One of the reasons that intruders can be successful is t he most of the information they acquire from a system is in a form that they can read and comprehend. Intruders may reveal the information to others, modify it to misrepresent an individual or organization, or use it to launch an attack. One solution to this problem is, through the use of steganography. Steganography is a technique of hiding information in digital media. In contrast to cryptography, it is not to keep others from knowing the hidden information but it is to keep others from thinking that no information even exists. Steganography became more more important as more people joined the cyberspace revolution. revolution. On a more general sense, steganography is the art of concealing information in ways that prevents even the detection of hidden messages. Steganography includes an array of secret communication methods that keeps the message from being seen or discovered. Due to advances in computing, networking and internetworking most of information is kep t electronically. Consequently, the security of information has become a fundamental issue. Besides cryptography, steganography can be employed to secure information in the next level. In steganography, the message or encrypted message is embedded in a digital host before passing it through the network, thus the existence of the message is unknown. Besides hiding data for confidentiality, this approach of information hiding can be extended to authentication i.e., copyright protection for digital media: audio, video and images. The growing possibilities of modern communications need the special means of security especially on computer network. The network security is becoming more important as the number of data being exchanged on the internet increases. increases. Therefore, the confidentiality and data integrity are requires to protect against unauthorized access and use. This has resulted in an explosive growth of the field of information hiding. Information hiding is an emerging research area, which encompasses applications such as copyright protection for digital media, watermarking, watermarking, fingerprinting, and steganography. In watermarking applications, the message contains information such as owner identification and a digital time stamp, which usually applied for copyright protection. Fingerprint, the owner of the data set embeds a serial number that uniquely identifies the user of the data set. This adds to copyright information to makes it poss ible to trace any unauthorized used of the data set back to the user. Steganography Steganography hide the secrete message within the host data set and makes it‟s presence imperceptible and is to be reliably communicated to a receiver. The host data set is p urposely corrupted, but in a covert way, designed to be invisible to an information analysis.
ii
1.3 OBJECTIVES:This project is developed for hiding information i.e, text in any image or text file. The scope of the project is implementation of steganography tools for hiding information using algo rithms such as the LSB algorithm (for the cover medium image) and the White Space algorithm (for the cover medium text). T hus the main objectives of our project, like most steganographic tool, are:
To communicate reliably a secret message from a source to a destination. To hide the presence of the secret message from the third party. To design practical secured stego methods.
1.3.1 METHODOLOGIES:The project presents a user-friendly and simple but efficient application which effectively hides a text message in an image file or text file selected by the user. I f the user wants to use an image as a cover medium, the message is hidden using a steganographic steganographic algorithm, LSB. If , on the other hand, text is selected as the cover medium, the White Space algorithm is used. In case of the LSB, after using the encrypt menu, we achieve an i mage that looks apparently identical to the original image we selected for our application. To extract the information (or, the hidden text on our case) we select the decrypt option and on running the decrypt function the application separates the message from the image thus fulfilling the basic project objective. objective. This technique is chosen, because this system includes not only imperceptibility but also un-detectability by any steganalysis tool. While, in case of the White Space algorithm, the message is encrypted by using the white spaces in the messages , that depend on whether the particular bit in the message is a 0 or a 1. Later , during decryption, the white spaces are decoded to give us back the bits to be reconstructed into the respective characters using the ASCII values, thus giving us back the original text. An authentication mechanism in each of the particular encrypted file (be it image or text) has been introduced in the form of a unique authentication code randomly generated by the system during encryption. This authentication ID enables one to access the file and thus adds security on an individual file basis.
iii
1.4 THEME:Information hiding (or data hiding) is a general term encompassing a wide range of proble ms beyond that of embedding messages in content. The term hiding here hiding here can refer to either either making the information imperceptible (as in watermarking) or keeping the existence of the information secret. [1]
The inventor of the word steganography is Trithemius, the author of the early publications on cryptography: Polygraphia and Steganographia. The technical technical term itself is derived from the Greek words steganos, which means “covered,” and graphia, which means “writing.” Steganography is the art of concealed communication. The very existence of a message is secret. Steganography is the practice of hiding private or sensitive information within something that appears to be nothing out to the usual. Steganography is often confused confused with cryptology because the two are similar in the way that they both are used to protect important information. The difference between two is that steganography involves hiding information so it appears that no information is hidden at all. If a person or persons views the object that the information is hidden inside of he or she will have no idea that there there is any hidden information, therefore the person will not attempt to decrypt the information.
What steganography essentially does is exploit human perception, human senses are not trained to look for files that have information inside of them, although this software is a vailable that can do what is called Steganography. The most common use of steganography is to hide a fil e inside another file. Two different applications of steganography are: The first is what we call classical steganography , and its aim is that of transmitting a message by means of another innocent or casual-looking medium The second is invisible digital watermarking, which purpose is to assess the ownership or integrity Of some pieces of information, named after the watermarks we are used to see on bills or legal documents for the same purpose. It can be used also to p rovide additional information on a message inside a message itself. Since we are using both image and text file for hiding text and using different algorithms for both subparts of our application, here we attempt to give a brief insi ght into the functioning of both,, namely LSB and White Space algorithm.
iv
1.4.1 STEGANOGRAPHIC SYSTEM:-
FIG 1.4.1: Steganographic System
The terms used are as follows :
steganographic function "embedding" steganographic function "extracting" cover data in which embedding will be hidden message to be hidden parameter of f E and f E-1 cover data with the hidden message
f E f E-1 cover emb key stego
: : : : : :
Note :
cover* are the cover data in whi ch emb was hi dden and has been extr acted emb* is the hi dden text that has been extracted.
The following formula provides a very generic description of the pieces of the steganographic process: cover medium + hidden data + stegokey = stegomedium In this context, the cover medium is the file in which we will hide the hidden data, which may also be encrypted using the stegokey. The resultant file is the stegomedium (which will, of course. b e the same type of file as the covermedium). The covermedium (and, thus, the stegomedium) are typically image or audio files.
The main motivation for this is largely due to fear of encryption services getting outlawed, and copyright owners who want to track confidential and intellectual property copyright against unauthorized access and use in digital materials such as music, film, book and so ftware through the use of digital watermarks .
There are many ways to hide information in digital images. We look at the following approaches
least significant bit insertion masking and filtering algorithms and transformations
Each of these techniques has varying degrees of success. We used the LSB insertion technique for our project work.
v
1.4.2 LEAST SIGNIFICANT BIT (LSB) INSERTION:Many stego tools make use of least significant bit ( LSB). For example, 11111111 is an 8 -bit binary number. The rightmost bit is called the LSB because changing it has the least e ffect on the value of the number. The idea is that the LSB of every byte can be replaced with little change to the overall file. T he binary data of the secret message is broken up into bits and then inserted into the LSB of each pixel in the image file. Algorithmic Concept :Today, when converting an analog image to digital format, we usually choose between three different ways of representing colors: · 24-bit color: every pixel can have one in 2^24 colors, and these are represented as d ifferent quantities of three basic colors: red (R), green (G), blue (B) , given by 8 bits (256 values) each. · 8-bit color: every pixel can have one in 256 (2^8) colors, chosen from a palette, or a table of colors. · 8-bit gray-scale: every pixel can have one in 256 (2^8) shades of gray. LSB insertion modifies the LSBs of each color in 24-bit images, or the LSBs of t he 8-bit value for 8-bit images. The larger the cover message is (in data content terms — number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 2 8 different values of blue. The difference between say 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels.
vi
1.4.3 WHITE SPACE ALGORITHM:The algorithm deals with steganography with cover medium as text while the message is also in text format. The text to be hidden is converted into a bit stream. Depending on whether the bit is a 0 or a 1, the white space between two words varies. More precisely, the gap , or space as we call it between two words is one character of white space if the bit is a zero and t wo white spaces if the bit is a one. Thus, the basic concept lies in the following: The user initiates the procedure of hiding a text message by initially opening the application and selecting “text”. Then the message to be hidden is supplied to the procedure and a suitable cover medium is either selected by the user or created inside the application by the user him/hersel f. Let us suppose the text to be hidden is: “today is the day”. Then each of the characters in the above text such as „t‟ , „o‟, „d‟............ „ „, „i‟........ „y‟ are replaced with the binary form of their respective ASCII values.... As an aid to understanding, let us assume the binary stri ng below represents the above message: 110000010001001110001010100010010 Now coming to the cover medium...the user provides it to the application in the form as below:: “Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell people (administrators, users and operators) how to use products to ensure information security within the organizations.” Now once the above cover medium is used to hide the text in it... it will look like the following : “Information Security Attributes: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are composed in three main portions, hardware, software and communications with the purpose to help identify and apply information security industry standards, as mechanisms of protection and prevention, at three levels or layers: physical, personal and organizational. Essentially, procedures or policies are implemented to tell people (administrators, users and operators) how to use products to ensure information security within the organizations.” The number of blanks differs between two words until the b inary string is complete. In the application, we append the length of the string (in binary) at the front. The length is initially read and the program decodes the white spaces uptil that length. Thus we have the initial binary string back, which is then transfor med back into the text message based on the same ASCII values.
vii
2. LITERATURE SURVEY
Steganography (a rough Greek translation of the term Steganography is secret writing) has been used in various forms for 2500 years. It has found use in variously in military, diplomatic, pers onal and intellectual property applications. Briefly stated, steganography is the term applied to any number of processes that will hide a message within an object, where the hidden message will not be apparent to an observer. This paper will explore steganography from its earliest instances through potential future application.
2.1 STEGANOGRAPHY THROUGH AGES :Johannes Trithemius (1462-1516) was a German Abbot. His writing, “ Steganographia:hoe est ars per occultam scripturam animi sui voluntatem absentibus aperiendi certa” is ostensibly a work describing methods to communicate with spirits. A very rough tr anslation of this Latin title is : “Steganography: the art through which writing is hidden requiring recovery by the minds of men.” Published as a trilogy in Latin, the fir st two parts of his works are apparently some of the first books on cryptology describing methods to hide messages in writing. The third part of the trilogy is outwardly a book on occult astrology. The third book contains a number of tables containing numbers. Two researchers, Dr. Thomas Ernst and Dr Jim Reeds were convinced that the third book contained hidden code. Dr Ernst, while a graduate student at the University of Pittsburgh published a 200 page paper, but it attracted little attention . Dr. Reeds, a mathematician at AT&T Labs independently began delving into this matter . As he searched for information on Trithemius‟ works, he discovered Dr. Ernst paper.These two researchers discovered in relatively short order, that there were hidden messages contained in the third book. The messages contained in the tables were of minor interest. One message contained the Latin equivalent of “The quick brown fox jumps over the lazy dog.” A second message was “The bearer of this letter is a rogue and a thief. Guard yourself against hi m. He wants to do something to you.” And, the third message was the beginning of the 23rd Psalm. Although “Steganographia” is the work that we derive the term steganography fro m, it is certainly not the first example of hidden writing. There are examples from histor y that serve to illustrate the desire to hide messages or so me type of intelligence from others.
Mary Queen of Scots used a combination of cryptography and steganography to hide letters. Her letters were hidden in the bunghole of a beer barrel, which freely passed in and out of her prison.
Other uses of steganography weren‟t limited to normal writing materials. One may consider the huge geoglyphs of the Nazca in Peru to be a form of steganography. The geoglyphs are obviously open to view, yet many of the images were not detected until viewed from the air.
Human vectors include the efforts of Histaiacus in the 5th century BC. Histaiac us shaved the head of a messenger, wrote a note encouraging Aristagoras of Miletus to revolt against the king of Persia. After the messenger‟s hair grew back, the messenger was dispatched with the message. Obviously, this message wasn‟t especially time constrained.
Another human vector example includes writing messages on silk, which would then be compressed into a ball and covered with wax. The messenger would swallow the wax ball. The method of retrieval is not described.
In 480 BC a Greek by the name of Demaratus sent a message to the Spartans warning of a pending invasion by Xerxes. Heroclotus described the method used by Demaratus :
viii
“As the danger of discovery was great, there was only one way in which he could contrive to get the message through: this was by scraping the wax off a pair of wooden folding tables, writing on the wood underneath what Xerxes intended to do, and then covering the message over with the wax again. In this way the tablets, being apparently blank, would cause no trouble with the guards along the road….”
2.2 RECENT WORK :In more recent history, several stenographic methods were used during W orld War II .
Microdots developed by the Nazis are essentially microfilm chips created at high magnification (usually over 200X). These microfilm chips are the size of periods on a standard typewriter. These dots could contain pages of information, drawings, etc.
The Nazis also employed invisible inks and null ciphers.
Currently, the emphasis has been on various forms of digital steganography. Commonly there are a number of digital technologies that the community is concerned with, namely text files. After the events of September 11, 2001, there was immediate concern voiced regarding the possible use of steganography by the al Queda network.
Although we are currently more interested in digital steganography, other forms of steganography are in use today, primarily in physical security measures. The venerable microdots pioneered by the Nazis are recently being marketed as a si mple technique that can be used to mark equipment. Equipment marked with microdots aids in identification in the case of theft. There are a number of firms producing microdots for this purpose. [2]
2.3 STEGANOGRAPHY vs. CRYPTOGRAPHY :Since cryptography and steganography both largely deal with security methods, here‟s comparing both branches : Basically, the purpose of cr yptography and steganography is to pr ovide secret communication. However, steganography is not the same as cryptography.
Cryptography hides the contents of a secret message from a malicious people, whereas steganography even conceals the existence of the message.
Steganography must not be confused with cryptography, where we transform the message so as to make it meaning obscure to a malicious people who intercept it. Therefore, the definition of breaking the system is different. In cryptography, the system is broken when the attacker can read the secret message. Breaking a steganographic system need the attacker to detect that steganography has been used and he is able to read the embedded message.
In cryptography, the structure of a message is scrambled to make it meaningless and unintelligible unless the decryption key is available. It makes no attempt to disguise or hide the encoded message. Basically, cryptography offers the ability of transmitting information between persons in a way that prevents a third party from reading it. Cryptography can also provide authentication for verifying the identity of someone or something.
ix
2.4 DIFFERENT STEGANOGRAPHIC TECHNIQUES :The steganography techniques are broadly classified into :
Spatial Domain Transform Domain Spread Spectrum Statistical Methods Distortion Technique Cover Generation.
Spatial Domain Techniques are also called as Substitution Techniques. In substitution technique the secret message bits is encoded in the insignificant parts of the cover image. Since there are only minor changes in the image the sender assumes the attacker will not notice the changes in the original image. But it is vulnerable to signal processing attacks and also it loses the total information for lossy compression techniques. The Transform Domain Techniques hides the information in significant bits of the cover image hence it is robust to the techniques like compression and cropping. Most common transform domain techniques are discrete cosine transform and wavelet transforms. A trade off exists between the amount of secret information to be embedded and the robustness obtained . Spread Spectrum deals either cover image as noise or tries to add pseudo random noise to the cover image.
The next is Statistical Technique also called as model based technique which modifies the statistical characteristic of the cover image in addition it preserves them in embedding process. This modification can be perceived by humans by identifying the luminance variation. This technique is vulnerable to rotating, cropping, scaling attacks and also all the watermarking attacks. The Distortion technique requires the knowledge of the cover image in the decoding process. In practice it is not efficient method because the secret message can be extracted if the original cover image is available to the attacker. In earlier days most text based hiding methods were distortion type.
The last technique is Cover Generation; in this method the digital cover is generated only for the purpose of being a cover for secret message transfer. Regular expressions and mimic functions are used to generate a cover.[3]
x
2.5 TEXTUAL STEGANOGRAPHY :British Prime Minister Margaret Thatcher became so irritated at press leaks of cabinet documents that she had the word processors programmed to encode their identity in the word spacing of documents, so that disloyal ministers could be traced. This type of steganography is available due to the precision with which text can be printed on modern printers (from 300 to 1600 dpi and up) . In addition, there are a number of techniques that can be employed in textual steganography.
Open space methods Line shift coding Word shifting coding Syntactic methods Semantic methods Feature coding
There are several applications/services that will encode messages into plaintext that do not rely on line or word shifting, however they may produce results that would invite investigation.
xi
3. SYSTEM DEVELOPMENT 3.1 DATA FLOW DIAGRAMS:Here , in this module, we attempt at a guided diagrammatic representation of the various paths that control may and can take due to the various choices of the user and the operations that the application undergoes, by showing the flow of data during the whole process.
FIG 3.1.1: 0 Level DFD
The above shows the whole logic and functioning of our steganographic application in a nutshell. Below, in the diagram, the two major functions of the application has been separated for the paths and data flows to be shown more clearly.
FIG 3.1.2: 1 Level DFD
xii
An elaborate path description and flow of data and control is shown next. It breaks do wn the abstracted form to the most detailed level. We begin with encryption:
FIG 3.1.3: Encryption Process
xiii
After encryption has been shown, decryption follows next:
FIG 3.1.4 Decryption Process
The above data analysis diagrams give a complete understanding about the flow of data and control from a logical point of view.
xiv
3.2 PICTORIAL REPRESENTATION:\ Continuing the modelling part by a brief navigation of the entire application based on steganography:
The application opens and the user is affronted with a main menu page that is simple yet conclusive. One needs to decide between the options encode and decode.
If encode is chosen, the user needs to decide between using an image for a cover medium or text as the cover medium.
If decode is chosen, the user needs to provide the application with the previously encoded file. We discuss decoding later.
FIG 3.2.1 : Welcome Screen
xv
ENCODING PROCEDURE:
The user needs to decide on the cover medium, choose between text and image: Image being the more effective procedure while text scores high on the insusceptibility.
If image is the cover medium, then the user browses the picture from the computer.
If text is the selected cover medium, then we can either browse and input the text from the computer, or input it
In both the above cases, the user is required to input the message to be hidden.
On the completion of the above, the encode button encodes both the text giving the user the encoded file and the system saves it.
The user is provided with a unique id which serves as an access control during decoding and encoding finishes. FIG 3.2.2 : Encoding Process
xvi
DECODING PROCESS:
In case the decode option is chosen, the user is asked to select the medium which has been used for the encoding of the file to be decoded.
The user then is asked to select the particular file that needs to be decoded.
The authentication check takes place with t he user being asked to provide the unique id provided by the system during encryption of that particular file. Decryption proceeds only if the correct id has been rovided.
After a successful verification check, the encrypted file, be it picture or text ids decoded usin the decode button.
After decoding is successfully over, the user is provided with the hidden message and the process is complete.
FIG 3.2.3 : Decoding Process xvii
3.3 IMPLEMENTATION TOOLS: The proposed System has two main aspects :
Software Requirements :
Java (JDK 1.6) Netbeans IDE (7.1)
Hardware Requirements:
Intel Pentium 1.5 Ghz. 1 GB main memory. 3 GB of free hard disk space. 14” or bigger monitor. Mouse. Standard Keyboard.
Case Tool :
EDraw Max
Others:
MS Word 2007 MS Powerpoint 2007 Windows XP(Development)
xviii
3.4 SCREENSHOTS AND USER INTERFACE:From the physical point of view, the system model follows i n the form of screen shots: Screenshot 1:
FIG 3.3.1: Welcome Screen
xix
Screenshot 2 :
FIG 3.3.2 Main Menu
Screenshot 3:
FIG 3.3.3 Cover Medium Selection Screen
xx
Screenshot 4:
FIG 3.3.4 Text Pad For Writing The Hidden Message
Screenshot 5(a) :
FIG 3.3.5(A) : Encoding Screen For Image Steganography
xxi
Screenshot 5(b):
FIG 3.3.5(B) : Encoding Screen For Text Steganography
Screenshot 6:
FIG 3.3.6 : Completion Of Encoding
Screenshot 7:
FIG 3.3.7: File Saved
xxii
Screenshot 8:
FIG 3.3.8: System Generated User -ID
Screenshot 9:
FIG 3.3.9 : Encoded Image
xxiii
Screenshot 10:
Fig 3.3.10 : User Authentication
Screenshot 11:
FIG 3.3.11 Access Verification xxiv
Screenshot 12 (a):
FIG 3.3.12(A): Decoding The Encoded Image
Screenshot 12(b):
FIG 3.3.12(B): Decoding Of Text
xxv
Screenshot 13 :
FIG 3.3.13 : Completion Of Decoding
Screenshot 14 :
FIG 3.3.14 : Display Of Hidden Text
xxvi
Screenshot 15:
FIG 3.3.15: Input Cover Text
xxvii
4. PERFORMANCE ANALYSIS
4.1 TESTING OF SOFTWARE:We begin with designing the test case to check the proper functionality of the software. A test case in software engineering is a set of conditions or variables under which a tester will determine whether an application or software system is working correctly. The mechanism for determining whether a software program or system has passed or failed such a test is known as a test oracle. In some settings, an oracle could be a requirement or use case, while in others it could be a heuristic. It may take many test cases to determine that a software program or system is considered sufficiently scr utinized to be released. Test cases are often referred to as test scripts, particularly when written. Written test cases are usually collected into test suites.
4.1.1 TEST CASES FOR IMAGE STEGANOGRAPHY:
TEST CASE ID
TEST SCENARIO
TDIE1
Check Encryption Of Blank Text
TDIE2
Check Encryption Of Normal Text
TDIE3
Check Encryption Of A Text Longer Than The Permitted Size
TDIE4
Check Encryption Using “jpeg” I mage
TDIE5
Check Encryption Using A Previously Encrypted Image
TDIE6
Check Encryption Using “png” Image
TDIE7
Check Encryption Using an Unsupported File
TDID1
Check Decryption For A Normal Encoded File
TDID2
Check Decryption For A Normal “png” File
TDID3
Check Decryption For A Normal “ jpeg” File
TDID4
Check Decryption Of Image Using Wrong Password
TDID5
Check Limit Of Wrong Entry Of Password
xxviii
4.1.2 RESULTS FOR TESTING :
TEST CASE ID
EXPECTED RESULT
OUTCOME
STATUS
TDIE1
Error Message
Pass
TDIE2
Encryption process is completed successfully Error Message & System exit
Error Message “File Cannot Be Created” Encoded Image is successfully created and saved on disk Shows message “ Target File Cannot Hold Message And exits Encoded image is successfully created and saved on disk Encoded image is successfully created and saved on disk Encoded image is successfully created and saved on disk Shows message “ Please Select Correct File” and returns to previous window Decryption complete. Hidden message shown. System interrupts abnormally
TDIE3
TDIE4 TDIE5 TDIE6 TDIE7
TDID1 TDID2
Encryption process is completed successfully Encryption process is completed successfully Encryption process is completed successfully Error Message
Decryption process is completed successfully Decryption successfully done and shows that the file contains no hidden image
TDID3
Decryption successfully done and shows that the file contains no hidden image
Shows message “File Contains No Hidden Data”
TDID4
File cannot be read
File cannot be read
TDID5
System Exits after three unsuccessful attempts
System exits after three unsuccessful attempts
xxix
Pass Pass
Pass Pass Pass
Pass Pass Fail (Problem Solved Using Password Protection) Pass (Further Improved By Adding Password Protection) Pass Pass
4.1.3 TEST CASES FOR TEXT STEGANOGRAPHY: TEST CASE ID
TEST SCENARIO
TDTE1
Check Encryption Of Blank Text
TDTE2
Check Encryption Of A Text Longer Than The Permitted Size
TDTE3
Check Encryption Using “txt” File
TDTE4
Check Encryption Using A Previously Encrypted File
TDTE5
Check Encryption Using an Unsupported File
TDTD1
Check Decryption For A Normal Encoded File
TDTD2
Check Decryption For A Normal “txt” File
TDTD3
Check Decryption Of Image Using Wrong Password
TDTD4
Check Limit Of Wrong Entry Of Password
4.1.4 RESULTS FOR TESTING:
TEST CASE ID
EXPECTED RESULT
OUTCOME
STATUS
TDTE1
Error Message
Pass
TDIE2
Error Message & System exit
TDIE3 TDIE4
Encryption process is completed successfully Error Message
TDIE5
Error Message
TDID1 TDID2
Decryption process is completed successfully Decryption successfully done and shows that the file contains no hidden image
Error Message “File Cannot Be Created” Shows message “ Target File Cannot Hold Message And Exits Encoded Image is successfully created and saved on disk Message Shown “Encryption Failed. Try With Different File” Shows Message “ Please Select Correct File” and returns to previous window Decryption complete. Hidden message shown. Shows message “File Contains No Hidden Data”
TDID3
File cannot be read
File Cannot Be Read
TDID4
System Exits after three unsuccessful attempts
System Exits after three unsuccessful attempts
xxx
Pass Pass Pass
Pass Pass Pass (Further Improved By Adding Password Protection) Pass Pass
4.2 COMPARATIVE STUDY OF DIFFERENT COVER MEDIUM:
IMAGE STEGANOGRAPHY LSB Algorithm
LSB Algorithm
COVER FILE EXTENSION
“.png”
“.jpeg”
MESSAGE FILE EXTENSION
“.txt”
“.txt”
SIZE OF MESSAGE FILE
1.62
1.62
SIZE OF MINIMAL COVER FILE
10.3
1.96
67*67
67*67
1.62:10.63
1.62:1.96
15.73%
82.65%
Only 15.73% of the entire png file can be utilized for encoding
Thus, 82.65% of the entire jpeg file can be utilized for encoding
ALGORITHM USED
RESOLUTION SECRET MESSAGE TO COVER SIZE RATIO UTILIZATION % OUTCOME
TEXT STEGANOGRAPHY ALGORITHM USED
White Space Algorithm
COVER FILE EXTENSION
“.txt”
MESSAGE FILE EXTENSION
“.txt”
SIZE OF MESSAGE FILE
5 bytes
SIZE OF MINIMAL COVER FILE
89 bytes
SECRET MESSAGE TO COVER SIZE RATIO UTILIZATION %
5:89
OUTCOME
0.56% Only 0.56% of the entire txt file can be utilized for encoding
xxxi
0 0 1
0 8
0 6
0 4
0 2
0
JPEG
PNG
TXT
Comparison between different cover medium (Utilization % plotted on Y-Axis) FIG 4.1 Comparison Bar Graph
xxxii
5. CONCLUSIONS
5.1 CONCLUSION:Steganography can be used for hidden communication. We have explored the limits of ste ganography theory and practice. We pointed out the enhancement of the image steganographic system using LSB approach to provide a means of secure communication. A stego-key has been applied to the system during embedment of the message into the cover-image. In our proposed approach, the message bits are embedded in the least significant position , thus keeping the picture completely indistinguishable from the previous form to the human eye. The option of using text as a cover medium has also been provided. Although text hardly competes with image when it comes to efficient steganography, yet it gains some ground when you‟d like your cover image to be so regular and unsuspecting that analysis of the file is out of the equation. In this paper we gave an overview of steganography. It can enhance confidentiality of information and provides a means of communicating privately. We have also presented an image steganographic system using LSB approach and a text steganography system using White Space algorithm. Both the algori thms are effectively capable of hiding messages in cover medium with a reasonable robustness rate. Moreover, we have avoided the prevalent and common username-password security and instead have opted for the unique individual file authorization procedure. It not only provides enhanced security, it even narrows down damage due to a privacy breach. While a password breach can expose all the files one user uses, the unique id system narrows it down to one file. Again, it r educes the user load by taking away the necessity of remembering and protecting a username and password , even if the user rarely accesses the software. Our application on steganography, although fundamental in nature, is simple, efficient, hasslefree , user friendly and secure.
xxxiii
5.2 FUTURE SCOPE:In this paper we have presented a broad study on steganography and an application of the image steganographic system using LSB approach to provide a means of secure communication. A stego-key has been applied to the system during embedment of the message into the cover-image. In our future scope we‟d like to propose, the message bits are embedded randomly into the cover -image pixels instead of sequentially. We could even enhance the efficiency of the text steganography algorithm and try to reduce the ratio of the words in the message to the words in the cover medium.
The application ofcourse has certain limitations that can be overcome through certain improvements:
The image file used to hide the information can be of certain formats only and the cover image after encryption is of .png format only.
Using this application allows us to hide only text information in a n image. We cannot hide an image in another image using the application.
In order to use this application we need to have NetBeans IDE installed in our computer.
Future work :we would to extend the system to be more robust and efficient. T he research will include the enhancement of the algorithm that will utilize the entire image for embedding the message. We will also analyze the processing time to generate the random number and introduce method(s) to minimize the time. Moreover, the access mechanisms can be improved by allowing the decryption of a file only once. This not only rules out the chances that someone might decrypt it before or after the intended and authorized recipient without even been found out. The application, currently running on a stand alone computer , can be taken to the next level by making it web based. The message , being currently only English, can be extended to other languages as well.
xxxiv
5.3 STEGANOGRAPHY APPLICATIONS:The goal of steganography is to avoid drawing suspicion to the existence of a hidden mess age. This approach of information hiding technique has recently become important in a number of application areas. Digital audio, video, and pictures are increasingly furnished with distinguishing but imperceptible marks, which may contain a hidden copyright notice or serial number or even help to prevent unauthorized copying directly. Military communications system make increasing use of traffic security technique which, rather than merely concealing the content of a message using encryption, seek to conceal its sender, its receiver or its very existence. Similar techniques are used in some mobile phone systems and schemes proposed for digital elections. There are many applications for digital steganography of image, including copyright protection, feature tagging, and secret communication .Copyright notice or watermark can embedded inside an image to identify it as intellectual property. If someone attempts to use th is image without permission, we can prove by extracting the watermark. In feature tagging, captions, annotations, time stamps, and other descriptive elements can be embedded inside an image. Copying the stego – image also copies of the embedded features and only parties who posses the decoding stego-key will be able to extract and view the features. On the other hand, secret communication does not advertise a covert communication by using steganography. Therefore, it can avoid scrutiny of the sender, message and recipient. This is effective only if the hidden communication is not detected by the others people. Usage in modern printers :Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers, as well as date and time stamps Example from modern practice, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the injecti on of the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier. Any medium can be a carrier, but media with a large amount of redundant or compressible information are better suited.
From an information theoretical point of view, this means that the channel must have more capacity than the "surface" signal requires; that is, there must be redundancy. For a digital image, this may be noise from the imaging element; for digital audio, it may be noise from recording techniques or amplification equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital information that it can be exploited as a noise cover for hidden data. In addition, lossy compression schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit this for steganographic use as well. Steganography can be used for digital watermarking, where a message (being simply an identifier) is hidden in an image so that its source can be tracked or verified (for example, Coded Anti-Piracy), or even just to identify an image (as in the EURion constellation).
xxxv
Use by terrorists :
When one considers that messages could be encrypted steganographically in e-mail messages, particularly e-mail spam, the notion of junk e-mail takes on a whole new light. Coupled with the "chaffing and winnowing" technique, a sender could get messages out and cover their tracks all at once. Rumours about terrorists using steganography started first in the daily newspaper USA Today on February 5, 2001 in two articles titled "Terrorist instructions hidden online" and "Terror groups hide behind Web encryption". In July the same year, an article was titled even more precisely: "Militants wire Web with links to jihad". A citation from the article: " Lately, al-Qaeda operatives have been sending hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site eBay.com". Other media worldwide cited these rumours many times, especially after the terrorist attack of 9/11, without ever showing proof Alleged use by intelligence services :
In 2010, the Federal Bureau of Investigation revealed that the Russian foreign intelligence service uses customized steganography software for embedding encrypted text messages inside image files for certain communications with "illegal agents" (agents under non-diplomatic cover) stationed abroad.[1]
xxxvi
REFERENCES
1. Wikipedia (www.wikipedia.org) 2. SANS institute reading room on information security, 2001 3. University of Malaysia paper on information hiding using steganography, 2003 4. http://docs.oracle.com/javase/7/docs/webnotes/install/windows/jdk-installation-windows.html 5. https://netbeans.org/community/releases/71/install.html
xxxvii
APPENDICES TECHNICAL MANUAL: Here we provide the steps to install and run the software properly. It consists of three steps:
Installing Java (JDK 1.6) Installing Netbeans IDE 7.1 Adding the project to the Netbeans environment.
We can also run the software if Java is pre installed on the system by simply double clicking the j ar file located in the dist f older. However, in this case we won‟t have access to the source code. To install JDK 1.6:
In this procedure, you will run the self -installing executable file to unpack and install the JDK. As part of the JDK, this installation includes an option to include the public Java Runtime Environment. (The JDK also contains a private JRE for use only by its tools; see Private Versus Public JRE for more information.) Install the JDK by doing the following:
Downloading the Installer Running the JDK Installer Updating the PATH Variable (Optional)
1.
Downloading the Installer :If you save the self-installing executable file to disk without running it from the download page at the web site, note that its byte size provided on the download page. After the download has completed, verify that you have downloaded the full, uncorrupted software file.
2.
Running the JDK Installer :You must have administrative permissions in ord er to install the JDK on Microsoft Windows. The file jdk-7-windows-i586-i.exe is the JDK installer for 32-bit systems. The file jdk-7-windows-x64.exe is the JDK installer for 64-bit systems. If you downloaded either file instead of running it directly from the web site, double -click the installer's icon. Then, follow the instructions the installer provides. The installer may ask you to reboot your computer. When finished with the installation, you can delete the downloaded file to recover disk space. Note: Installers for JDK 7u6 and later install the J avaFX SDK and integrate it into the JDK installation directory. Installers for JDK 7u2 to 7u5 install t he JDK first, then start the JavaFX SDK installer, which installs JavaFX SDK in the default directory C:\Program Files\Oracle\JavaFX 2.0 SDK or C:\Program Files (x86)\Oracle\JavaFX 2.0 SDK on 64-bit
operating systems 3.
Updating the PATH Environment Variable (Optional) :You can run the JDK without setting the PATH environment variable, or you can optionally set it so that you can conveniently run the JDK executable files (javac.exe, java.exe, javadoc.exe, and so for th) from any directory without having to type the full path of the command. If you do not set the PATH variable, you need to specify the full path to the executable file every time you run it, such as: C:\> "C:\Program Files\Java\jdk1.7.0\bin\javac" MyClass.java It is useful to set the PATH variable permanently so it will persist after rebooting.
xxxviii
To set the PATH variable permanently, add the full path of the jdk1.7.0\bin directory to the PATH variable. Typically, this full path looks something like C: \Program Files\Java\jdk1.7.0\bin. Set the PATH variable as follows on Microsoft Windows: 1. 2. 3.
Click Start, then Control Panel, then System. Click Advanced, then Environment Variables. Add the location of the bin folder of the JDK installation for the PATH variable in System Variables. The following is a typical value for the P ATH variable: C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\Java\jdk1.7.0\bin
Note:
The PATH environment variable is a series of directories separated by semicolons ( ;) and is not case-sensitive. Microsoft Windows looks for programs in the PATH directories in order, from left to right. You should only have one bin directory for a JDK in t he path at a time. Those following the first instance are ignored. If you are not sure where to add the path, add it to the right of the value of the PATH variable. The new path takes effect in each new command window you open after setting the P ATH variable.
To install NETBEANS 7.1:
1.
2.
3. 4. 5. 6.
7. 8. 9.
After the download completes, run the installer. a. For Windows, the installer executable file has the .exe extension. Double-click the installer file to run it. b. For Solaris and Linux platforms, the installer file has the .sh extension. For these platforms, you need to make the installer files executable by using the following command: chmod +x You can customize your installation. Perform the following steps at the Welcome pa ge of the installation wizard: a. Click Customize. b. In the Customize Installation dialog box, make your selections. c. Click OK. At the Welcome page of the installation wizard, click Next. At the License agreement page, r eview the license agreement, click the acceptance check box, and click Next. At the JUnit License Agreement page, decide if you want to install JUnit and click the appr opriate option, click Next. At the NetBeans IDE installation page, do the following: a. Accept the default installation directory for the NetBeans IDE or sp ecify another directory. ( Note: The installation directory must be empty and the user profile you are using to run the installer must have read/write permissions for this directory.) b. Accept the default JDK installation to use with the NetBeans IDE or select a different installation from the drop-down list. If the installation wizard did not find a compatible JDK installation to use with the NetBeans IDE, your JDK is not installed in the default location. In this case, specify the path to an installed JDK and click Next, or cancel the current installation. After installing the required JDK version you can restart the installation. If the GlassFish Server Open Source Edition 3.1.2 installation page opens, accept the default installation directory or specify another installation location. If you are installing Apache Tomcat, on its installation page, accept the default installation directory or specify another installation location. Click Next. At the Summary page, verify that the list of co mponents to be installed is correct and that you have adequate space on your system for the installation.
xxxix