Top Banner

of 39

Cs9 Batch 1 Steganography

Apr 10, 2018

Download

Documents

kabbisharma
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
  • 8/8/2019 Cs9 Batch 1 Steganography

    1/39

    P a g e | 1

    CHAPTER 1 : INTRODUCTION

    1.1 INFORMATION SECURITY

    Information security means protecting information and information systems from unauthorized access, use,

    disclosure, disruption, modification or destruction.[1]The terms information security, computer security

    and information assurance are frequently incorrectly used interchangeably. These fields are interrelated

    often and share the common goals of protecting the confidentiality, integrity and availability of

    information; however, there are some subtle differences between them. These differences lie primarily in

    the approach to the subject, the methodologies used, and the areas of concentration. Information security is

    concerned with the confidentiality, integrity and availability of data regardless of the form the data may

    take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct

    operation of a computer system without concern for the information stored or processed by the computer.

    1.1.1 BASIC PRINCIPLE

    For over twenty years information security has held that confidentiality, integrity and availability (known

    as the CIA triad) as the core principles of information security.

    1.1.1.1 Confidentiality

    Confidentiality is the property of preventing disclosure of information to unauthorized individuals or

    systems. For example, a credit card transaction on the Internet requires the credit card number to be

    transmitted from the buyer to the merchant and from the merchant to a transaction processing network. The

    system attempts to enforce confidentiality by encrypting the card number during transmission, by limiting

    the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by

    restricting access to the places where it is stored. If an unauthorized party obtains the card number in any

    way, a breach of confidentiality has occurred. Confidentiality is necessary (but not sufficient) for

    maintaining the privacy of the people whose personal information a system holds.[citation needed]

    1.1.1.2 Integrity

    In information security, integrity means that data cannot be modified without authorization. This is not the

    same thing as referential integrity in databases. Integrity is violated when an employee accidentally or with

    malicious intent deletes important data files, when a computer virus infects a computer, when an employee

    is able to modify his own salary in a payroll database, when an unauthorized user vandalizes a web site,

    when someone is able to cast a very large number of votes in an online poll, and so on.

    There are many ways in which integrity could be violated without malicious intent. In the simplest case, a

    user on a system could mis-type someone's address. On a larger scale, if an automated process is not

    written and tested correctly, bulk updates to a database could alter data in an incorrect way, leaving the

  • 8/8/2019 Cs9 Batch 1 Steganography

    2/39

    P a g e | 2

    integrity of the data compromised. Information security professionals are tasked with finding ways to

    implement controls that prevent errors of integrity.

    1.1.1.3 Availability

    For any information system to serve its purpose, the information must be available when it is needed. This

    means that the computing systems used to store and process the information, the security controls used to

    protect it, and the communication channels used to access it must be functioning correctly. High

    availability systems aim to remain available at all times, preventing service disruptions due to power

    outages, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-

    service attacks.

    FIG 1.

    1.2 TOOLS TO OBTAIN SECURITY

    1.2.1 EncryptionEncryption is where data is rendered hard to read by an unauthorised party. Since encryption can be made

    extremely hard to break, many communication methods either use deliberately weaker encryption than

    possible, or have backdoors inserted to permit rapid decryption. In some cases government authorities have

    required backdoors be installed in secret. Many methods of encryption are also subject to "man in the

    middle" attack whereby a third party who can 'see' the establishment of the secure communication is made

    privy to the encryption method, this would apply for example to interception of computer use at an ISP.

  • 8/8/2019 Cs9 Batch 1 Steganography

    3/39

    P a g e | 3

    Provided it is correctly programmed, sufficiently powerful, and the keys not intercepted, encryption would

    usually be considered secure. The article on key size examines the key requirements for certain degrees of

    encryption security.

    The encryption can be implemented in way to require the use of encryption, i.e. if encrypted

    communication is impossible then no traffic is sent, or opportunisticly. Opportunistic encryption is a lower

    security method to generally increase the percentage of generic traffic which is encrypted. This is

    analogous to beginning every conversation with "Do you speak Navajo?" If the response is affirmative,

    then the conversation proceedes in Navajo, otherwise it uses the common language of the two speakers.

    This method does not generally provide authentication or anonymity but it does protect the content of the

    conversation from eavesdropping.

    1.2.2 Steganography: Hiding Information

    Steganography is the art and science of writing hidden messages in such a way that no one, apart from the

    sender and intended recipient, suspects the existence of the message, a form of security through obscurity.

    The word Steganography is of Greek origin and means "concealed writing". The first recorded use of the

    term was in 1499 by Johannes Trithemius in his Steganographia, a treatise on cryptography and

    Steganography disguised as a book on magic. Generally, messages will appear to be something else:

    images, articles, shopping lists, or some other covertext and, classically, the hidden message may be in

    invisible ink between the visible lines of a private letter.

    While we are discussing it in terms of computer security, Steganography is really nothing new, as it has

    been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was

    traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted

    to obscure the message - for purposes of military intelligence, for instance - they would use Steganography:

    the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax

    would then be poured on top of the message, thereby obscuring not just its meaning but its very

    existence[2].

    According to Dictionary.com, steganography (also known as "steg" or "stego") is "the art of writing in

    cipher, or in characters, which are not intelligible except to persons who have the key; cryptography" [3]. In

    computer terms, steganography has evolved into the practice of hiding a message within a larger one in

    such a way that others cannot discern the presence or contents of the hidden message[4]. In contemporary

    terms, steganography has evolved into a digital strategy of hiding a file in some form of multimedia, such

    as an image, an audio file (like a .wav or mp3) or even a video file.

  • 8/8/2019 Cs9 Batch 1 Steganography

    4/39

    P a g e | 4

    Signal Security Signal Intelligence

    Communication Security Communication Intelligence

    y Steganography (invisible inks, open codes,

    messages in hollow heels) and Transmission

    Security (spurt radio and spread spectrum systems)

    y Interception and direction-finding

    y Cryptography(codes and ciphers) y Cryptanalysis

    y Traffic security(call-sign changes, dummy

    messages, radio silence)

    y Traffic analysis (direction-finding,

    message-flow studies, radio finger

    printing)

    Electronic Security Electronic Intelligence

    yEmission Security (shifting of radar frequencies,spread spectrum)

    yElectronic Reconnaissance (eaves-dropping on radar emissions)

    y Counter-Countermeasures "looking through"

    (jammed radar)

    y Countermeasures (jamming radar

    and false radar echoes)

    Table 1: Kahn's Security Table

    The advantage of steganography, over cryptography alone, is that messages do not attract attention to

    themselves. Plainly visible encrypted messagesno matter how unbreakablewill arouse suspicion, and

    may in themselves be incriminating in countries where encryption is illegal. [5] Therefore, whereas

    cryptography protects the contents of a message, steganography can be said to protect both messages and

    communicating parties.

    1.2.3 Steganography and Security

    As mentioned previously, steganography is an effective means of hiding data, thereby protecting the data

    from unauthorized or unwanted viewing. But stego is simply one of many ways to protect the

    confidentiality of data. It is probably best used in conjunction with another data-hiding method. When usedin combination, these methods can all be a part of a layered security approach. Some good complementary

    methods include:

    y Encryption - Encryption is the process of passing data or plaintext through a series of

    mathematical operations that generate an alternate form of the original data known as ciphertext.

    The encrypted data can only be read by parties who have been given the necessary key to decrypt

  • 8/8/2019 Cs9 Batch 1 Steganography

    5/39

    P a g e | 5

    the ciphertext back into its original plaintext form. Encryption doesn't hide data, but it does make

    it hard to read!

    y Hidden directories (Windows) - Windows offers this feature, which allows users to hide files.

    Using this feature is as easy as changing the properties of a directory to "hidden", and hoping that

    no one displays all types of files in their explorer.

    y Hiding directories (Unix) - in existing directories that have a lot of files, such as in the /dev

    directory on a Unix implementation, or making a directory that starts with three dots (...) versus

    the normal single or double dot.

    y Covert channels - Some tools can be used to transmit valuable data in seemingly normal network

    traffic. One such tool is Loki. Loki is a tool that hides data in ICMP traffic (like ping).

    Steganography has its place in security. It is not intended to replace cryptography but supplement it. Hiding

    a message with steganography methods reduces the chance of a message being detected. However, if that

    message is also encrypted, if discovered, it must also be cracked (yet another layer of protection).

    1.3 History and Steganography

    Throughout history, a multitude of methods and variations have been used to hide information. David

    Kahn's The Codebreakers provides an excellent accounting of this history [Kahn67]. Bruce Norman

    recounts numerous tales of cryptography and steganography during times of war in Secret Warfare: The

    Battle of Codes and Ciphers.

    One of the first documents describing steganography is from the Histories of Herodotus. In ancient Greece,

    text was written on wax covered tablets. In one story Demeratus wanted to notify Sparta that Xerxes

    intended to invade Greece. To avoid capture, he scraped the wax off of the tablets and wrote a message on

    the underlying wood. He then covered the tablets with wax again. The tablets appeared to be blank and

    unused so they passed inspection by sentries without question.

    Another ingenious method was to shave the head of a messenger and tattoo a message or image on the

    messengers head. After allowing his hair to grow, the message would be undetected until the head was

    shaved again.

    Another common form of invisible writing is through the use of Invisible inks. Such inks were used with

    much success as recently as WWII. An innocent letter may contain a very different message written

    between the lines [Zim48]. Early in WWII steganographic technology consisted almost exclusively of

    invisible inks [Kahn67]. Common sources for invisible inks are milk, vinegar, fruit juices and urine. All of

    these darken when heated.

    With the improvement of technology and the ease as to the decoding of these invisible inks, more

    sophisticated inks were developed which react to various chemicals. Some messages had to be "developed"

    much as photographs are developed with a number of chemicals in processing labs.

  • 8/8/2019 Cs9 Batch 1 Steganography

    6/39

    P a g e | 6

    Null ciphers (unencrypted messages) were also used. The real message is "camouflaged" in an innocent

    sounding message. Due to the "sound" of many open coded messages, the suspect communications were

    detected by mail filters. However "innocent" messages were allowed to flow through. An example of a

    message containing such a null cipher from [JDJ01] is:

    Fishing freshwater bends and saltwater

    coasts rewards anyone feeling stressed.

    Resourceful anglers usually find masterful

    leapers fun and admit swordfish rank

    overwhelming anyday.

    By taking the third letter in each word, the following message emerges [Zevon]:

    Send Lawyers, Guns, and Money.

    The following message was actually sent by a German Spy in WWII [Kahn67]:

    Apparently neutral's protest is thoroughly discountedand ignored. Isman hard hit. Blockade issue affects

    pretext for embargo on by products, ejecting suets and

    vegetable oils.

    Taking the second letter in each word the following message emerges:

    Pershing sails from NY June 1.

    As message detection improved, new technologies were developed which could pass more information and

    be even less conspicuous. The Germans developed microdot technology which FBI Director J. Edgar

    Hoover referred to as "the enemy's masterpiece of espionage." Microdots are photographs the size of a

    printed period having the clarity of standard-sized typewritten pages. The first microdots were discovered

    masquerading as a period on a typed envelope carried by a German agent in 1941. The message was not

    hidden, nor encrypted. It was just so small as to not draw attention to itself (for a while). Besides being so

    small, microdots permitted the transmission of large amounts of data including drawings and photographs

    [Kahn67].

    With many methods being discovered and intercepted, the Office of Censorship took extreme actions such

    as banning flower deliveries which contained delivery dates, crossword puzzles and even report cards as

    they can all contain secret messages. Censors even went as far as rewording letters and replacing stamps on

    envelopes.

    With every discovery of a message hidden using an existing application, a new steganographic application

    is being devised. There are even new twists to old methods. Drawings have often been used to conceal or

    reveal information. It is simple to encode a message by varying lines, colors or other elements in pictures.

    Computers take such a method to new dimensions as we will see later.

  • 8/8/2019 Cs9 Batch 1 Steganography

    7/39

    P a g e | 7

    Even the layout of a document can provide information about that document. Brassil et al authored a series

    of publications dealing with document identification and marking by modulating the position of lines and

    words [Brassil-Infocom94, Brassil- Infocom94, Brassil-CISS95]. Similar techniques can also be used to

    provide some other "covert" information just as 0 and 1 are informational bits for a computer. As in one of

    their examples, word-shifting can be used to help identify an original document [Brassil-CISS95]. Though

    not applied as discussed in the series by Brassil et al, a similar method can be applied to display an entirely

    different message. Take the following sentence (S0):

    We explore new steganographic and cryptographic

    algorithms and techniques throughout the world to

    produce wide variety and security in the electronic web

    called the Internet.

    and apply some word shifting algorithm (this is sentence S1).

    We explore new steganographic and cryptographic

    algorithms and techniques throughout the world toproduce wide variety and security in the electronic web

    called the Internet.

    By overlapping S0 and S1, the following sentence is the result:

    We explore new steganographic and cryptographic

    algorithms and techniques throughout the world to

    produce wide variety and security in the electronic web

    called the Internet.

    1.4 TYPES OF STEGANOGRAPHY

    This is achieved by expanding the space before explore, the, wide, and web by one point and condensing

    the space after explore, world, wide and web by one point in sentence S1. Independently, the sentences

    containing the shifted words appear harmless, but combining this with the original sentence produces a

    different message: explore the world wide web.

    FIG 2.

  • 8/8/2019 Cs9 Batch 1 Steganography

    8/39

    P a g e | 8

    1.4.1 Physical Steganography

    Steganart example. Within this picture, the letters position of a hidden message are represented by

    increasing numbers (1 to 20), and a letter value is given by its intersection position in the grid. For instance,

    the first letter of the hidden message is at the intersection of 1 and 4. So, after a few tries, the first letter of

    the message seems to be the 14th letter of the alphabet; the last one (number 20) is the 5th letter of the

    alphabet.

    y Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then

    covered it with wax upon which an innocent covering message was written.

    y Hidden messages on messenger's body: also in ancient Greece. Herodotus tells the story of a

    message tattooed on a slave's shaved head, hidden by the growth of his hair, and exposed by

    shaving his head again. The message allegedly carried a warning to Greece about Persian invasion

    plans. This method has obvious drawbacks such as delayed transmission while waiting for the

    slave's hair to grow, and its one-off use since additional messages requires additional slaves. In

    WWII, the French Resistance sent some messages written on the backs of couriers using invisible

    ink.

    y Hidden messages on paper written in secret inks, under other messages or on the blank parts of

    other messages.

    y Messages written in morse code on knitting yarn and then knitted into a piece of clothing worn by

    a courier.

    y Messages written on the back of postage stamps.

    y During and after World War II, espionage agents used photographically produced microdots to

    send information back and forth. Microdots were typically minute, about or less than the size of

    the period produced by a typewriter. WWII microdots needed to be embedded in the paper and

    covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing

    against glancing light. Alternative techniques included inserting microdots into slits cut into the

    edge of post cards.

    y During World War II, a spy for the Japanese in New York City, Velvalee Dickinson, sent

    information to accommodation addresses in neutral South America. She was a dealer in dolls, and

    her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, the

    concealed 'plaintext' was itself encoded and gave information about ship movements, etc. Her casebecame somewhat famous and she became known as the Doll Woman.

    y Cold War counter-propaganda. During 1968, crew members of the USS Pueblo (AGER-2)

    intelligence ship held as prisoners by North Korea, communicated in sign language during staged

    photo opportunities, informing the United States they were not defectors but rather were being

    held captured by the North Koreans. In other photos presented to the US, crew members gave "the

  • 8/8/2019 Cs9 Batch 1 Steganography

    9/39

    P a g e | 9

    finger" to the unsuspecting North Koreans, in an attempt to discredit photos that showed them

    smiling and comfortable.[6]

    1.4.2 Digital Steganography

    Modern steganography entered the world in 1985 with the advent of the personal computer applied to

    classical steganography problems. [7] Development following that was slow, but has since taken off, going

    by the number of 'stego' programs available: Over 725 digital steganography applications have been

    identified by the Steganography Analysis and Research Center. [8] Digital steganography techniques

    include:

    Image of a tree. By removing all but the last 2 bits of each color component, an almost completely black

    image results. Making the resulting image 85 times brighter results in the image below.

    Image of a cat extracted from above image.

    y Concealing messages within the lowest bits of noisy images or sound files.

    y Concealing data within encrypted data. The data to be concealed is first encrypted before being

    used to overwrite part of a much larger block of encrypted data.

    y Chaffing and winnowing.

    y Mimic functions convert one file to have the statistical profile of another. This can thwart

    statistical methods that help brute-force attacks identify the right solution in a ciphertext-only

    attack.

    y Concealed messages in tampered executable files, exploiting redundancy in the i386 instruction

    set.

    y Pictures embedded in video material (optionally played at slower or faster speed).

    y Injecting imperceptible delays to packets sent over the network from the keyboard. Delays in key

    presses in some applications (telnet or remote desktop software) can mean a delay in packets, and

    the delays in the packets can be used to encode data.

    y Content-Aware Steganography hides information in the semantics a human user assigns to a

    datagram. These systems offer security against a non-human adversary/warden.

    y Blog-Steganography. Messages are fractionalized and the (encrypted) pieces are added as

    comments of orphaned web-logs (or pin boards on social network platforms). In this case the

    selection of blogs is the symmetric key that sender and recipient are using; the carrier of the

    hidden message is the whole blogosphere.

    1.4.3 Printed Steganography

    Digital steganography output may be in the form of printed documents. A message, the plaintext, may be

    first encrypted by traditional means, producing a ciphertext. Then, an innocuous covertext is modified in

    some way to as to contain the ciphertext, resulting in the stegotext. For example, the letter size, spacing,

  • 8/8/2019 Cs9 Batch 1 Steganography

    10/39

    P a g e | 10

    typeface, or other characteristics of a covertext can be manipulated to carry the hidden message. Only a

    recipient who knows the technique used can recover the message and then decrypt it. Francis Bacon

    developed Bacon's cipher as such a technique.

    1.5 METHODS FOR HIDING INFORMATION

    1.5.1 Encoding Secret Messages in Text

    Encoding secret messages in text can be a very challenging task. This is because text files have a very small

    amount of redundant data to replace with a secret message. Another drawback is the ease of which text

    based Steganography can be altered by an unwanted parties by just changing the text itself or reformatting

    the text to some other form (from .TXT to .PDF, etc.). There are numerous methods by which to

    accomplish text based Steganography. I will introduce a few of the more popular encoding methods below.

    = AF19 FA27 2F94 998D FDB5 DE3D F8B5 06E4 A169 4E46

    Line-shift encoding involves actually shifting each line of text vertically up or down by as little as 3

    centimeters. Depending on whether the line was up or down from the stationary line would equate to a

    value that would or could be encoded into a secret message.

    Word-shift encoding works in much the same way that line-shift encoding works, only we use the

    horizontal spaces between words to equate a value for the hidden message. This method of encoding is less

    visible than line-shift encoding but requires that the text format support variable spacing.

    Feature specific encoding involves encoding secret messages into formatted text

    by changing certain text attributes such as vertical/horizontal length of letters such as b, d, T, etc. This is by

    far the hardest text encoding method to intercept as each type of formatted text has a large amount of

    features that can be used for encoding the secret message.

    All three of these text based encoding methods require either the original file or

    the knowledge of the original files formatting to be able to decode the secret message.

    1.5.2 Encoding Secret Messages in Images

    Coding secret messages in digital images is by far the most widely used of all methods in the digital world

    of today. This is because it can take advantage of the limited power of the human visual system (HVS).

    Almost any plain text, cipher text, image and any other media that can be encoded into a bit stream can be

    hidden in a digital image. With the continued growth of strong graphics power in computers and the

  • 8/8/2019 Cs9 Batch 1 Steganography

    11/39

    P a g e | 11

    research being put into image based Steganography, this field will continue to grow at a very rapid pace.

    Before diving into coding techniques for digital images, a brief explanation of digital image architecture

    and digital image compression techniques should be explained.

    As Duncan Sellars [7] explains "To a computer, an image is an array of numbers that represent light

    intensities at various points, or pixels. These pixels make up the images raster data." When dealing with

    digital images for use with Steganography, 8-bit and 24-bit per pixel image files are typical. Both have

    advantages and disadvantages, as we will explain below.

    8-bit images are a great format to use because of their relatively small size. The drawback is that only 256

    possible colors can be used which can be a potential problem during encoding. Usually a gray scale color

    palette is used when dealing with 8-bit images such as (.GIF) because its gradual change in color will be

    harder to detect after the image has been encoded with the secret message. 24-bit images offer much more

    flexibility when used for Steganography. The large numbers of colors (over 16 million) that can be used gowell beyond the human visual system (HVS), which makes it very hard to detect once a secret message, has

    been encoded. The other benefit is that a much larger amount of hidden data can be encoded into a 24-bit

    digital image as opposed to an 8-bit digital image. The one major drawback to 24-bit digital images is their

    large size (usually in MB) makes them more suspect than the much smaller 8-bit digital images (usually in

    KB) when sent over an open system such as the Internet.

    Digital image compression is a good solution to large digital images such as the 24-bit images mentioned

    earlier. There are two types of compression used in digital images, lossy and lossless. Lossy compression

    such as (.JPEG) greatly reduces the size of a digital image by removing excess image data and calculating a

    close approximation of the original image. Lossy compression is usually used with 24-bit digital images to

    reduce its size, but it does carry one major drawback. Lossy compression techniques increase the possibility

    that the uncompressed secret message will lose parts of its contents because of the fact that lossy

    compression removes what it sees as excess image data. Lossless compression techniques, as the name

    suggests, keeps the original digital image in tact without the chance of loss. It is for this reason that it is the

    compression technique of choice for steganographic uses. Examples of lossless compression techniques are

    (.GIF and .BMP). The only drawback to lossless image compression is that it doesn't do a very good job at

    compressing the size of the image data.

    We will now discuss a couple of the more popular digital image encoding techniques used today. They are

    least significant bit (LSB) encoding and masking and filtering techniques.

    Least significant bit (LSB) encoding is by far the most popular of the coding techniques used for digital

    images. By using the LSB of each byte (8 bits) in an image for a secret message, you can store 3 bits of

    data in each pixel for 24-bit images and 1 bit in each pixel for 8-bit images. As you can see, much more

  • 8/8/2019 Cs9 Batch 1 Steganography

    12/39

    P a g e | 12

    information can be stored in a 24-bit image file. Depending on the color palette used for the cover image

    (i.e., all gray), it is possible to take 2 LSB's from one byte without the human visual system (HVS) being

    able to tell the difference. The only problem with this technique is that it is very vulnerable to attacks such

    as image changes and formatting (i.e., changing from .GIF to .JPEG).

    Masking and filtering techniques for digital image encoding such as Digital Watermarking (i.e.- integrating

    a companies logo on there web content) are more popular with lossy compression techniques such as

    (.JPEG). This technique actually extends an images data by masking the secret data over the original data

    as opposed to hiding information inside of the data. Some experts argue that this is definitely a form of

    Information Hiding, but not technically Steganography. The beauty of Masking and Filtering techniques are

    that they are immune to image manipulation which makes there possible uses very robust.

    There are techniques that use complex algorithms, image transformation techniques and image encryption

    techniques which are still, relatively new, but show promise to be more secure and robust ways to usedigital images in Steganography.

    1.5.3 Encoding Secret Messages in Audio

    Encoding secret messages in audio is the most challenging technique to use when dealing with

    Steganography. This is because the human auditory system (HAS) has such a dynamic range that it can

    listen over. To put this in perspective, the (HAS) perceives over a range of power greater than one million

    to one and a range of frequencies greater than one thousand to one making it extremely hard to add or

    remove data from the original data structure. The only weakness in the (HAS) comes at trying to

    differentiate sounds (loud sounds drown out quiet sounds) and this is what must be exploited to encode

    secret messages in audio without being detected.

    There are two concepts to consider before choosing an encoding technique for audio. They are the digital

    format of the audio and the transmission medium of the audio. There are three main digital audio formats

    typically in use. They are Sample Quantization, Temporal Sampling Rate and Perceptual Sampling. Sample

    Quantization which is a 16-bit linear sampling architecture used by popular audio formats such as (.WAV

    and. AIFF). Temporal Sampling Rate uses selectable frequencies (in the KHz) to sample the audio.

    Generally, the higher the sampling rate is, the higher the usable data space gets. The last audio format is

    Perceptual Sampling. This format changes the statistics of the audio drastically by encoding only the parts

    the listener perceives, thus maintaining the sound but changing the signal. This format is used by the most

    popular digital audio on the Internet today in ISO MPEG (MP3). Transmission medium (path the audio

    takes from sender to receiver) must also be considered when encoding secret messages in audio. W. Bender

    [8] introduces four possible transmission mediums:

  • 8/8/2019 Cs9 Batch 1 Steganography

    13/39

    P a g e | 13

    1) Digital end to end - from machine to machine without modification.

    2) Increased/decreased resampling - the sample rate is modified but remains digital.

    3) Analog and resampled - signal is changed to analog and resampled at a different rate.

    4) Over the air - signal is transmitted into radio frequencies and resampled from a microphone.

    We will now look at three of the more popular encoding methods for hiding data inside of audio. They are

    low-bit encoding, phase-coding and spread spectrum.

    Low-bit encoding embeds secret data into the least significant bit (LSB) of the audio file. The channel

    capacity is 1KB per second per kilohertz (44 kbps for a 44 KHz sampled sequence). This method is easy to

    incorporate but is very susceptible to data loss due to channel noise and resampling.

    Phase coding substitutes the phase of an initial audio segment with a reference phase that represents the

    hidden data. This can be thought of, as sort of an encryption for the audio signal by using what is known as

    Discrete Fourier Transform (DFT), which is nothing more than a transformation algorithm for the audio

    signal.Spread spectrum encodes the audio over almost the entire frequency spectrum. It then transmits the audio

    over different frequencies which will vary depending on what spread spectrum method is used. Direct

    Sequence Spread Spectrum (DSSS) is one such method that spreads the signal by multiplying the source

    signal by some pseudo random sequence known as a (CHIP). The sampling rate is then used as the chip

    rate for the audio signal communication.

    Spread spectrum encoding techniques are the most secure means by which to send hidden messages in

    audio, but it can introduce random noise to the audio thus creating the chance of data loss. There are many

    applications for Steganography, some good and some bad, which brings us to the closing section of our in-

    depth look at Steganography in which we will look at Steganalysis. Steganalysis is the art and science of

    stopping or detecting the use of all steganographic techniques mentioned earlier. In Steganalysis, the goal is

    to be able to compare the cover-object (cover message), the stego-object (the cover message with the

    hidden data embedded in it) and any possible portions of the stego-key (encryption method) in an effort to

    intercept, analyze and/or destroy the secret communication. As Fabien A.P. Petitcolas [2] points out in his

    book, there are six general protocols used to attack the use of Steganography.

    1) Stego only attack - only the stego object is available for analysis.

    2) Known cover attack - the original cover object and the stego object are available for analysis.

    3) Known message attack - the hidden message is available to compare with the stego-object.

    4) Chosen stego attack - the stego tool (algorithm) and stego-object are available for analysis.

    5) Chosen message attack - takes a chosen message and generates a stego object for future analysis.

    6) Known stego attack - the stego tool (algorithm), the cover message and the stego-objects are available

    for analysis.

  • 8/8/2019 Cs9 Batch 1 Steganography

    14/39

    P a g e | 14

    This discussion of Steganalysis by showing the reader one example of how someone could detect the use of

    steganographic tools that change the least significant bit (LSB) of an image in order to embed secret data

    inside of it.

    Generally, bitmap images (.BMP) have known and predictable characteristics. One such characteristic is

    the probability of near duplicate colors. Bitmap images get their color from a central color table, which by

    its nature have little, or no near duplicate colors. When hidden data is embedded into the (LSB) of a bitmap

    image, it increases the number of near duplicate colors dramatically. Generally speaking, any bitmap image

    with more than fifty near duplicate colors should raise the suspicion of embedded data being present.

    1.6 COUNTER MEASURES

    Detection of physical steganography requires careful physical examination, including the use of

    magnification, developer chemicals and ultraviolet light. It is a time-consuming process with obvious

    resource implications, even in countries where large numbers of people are employed to spy on their fellow

    nationals. Targeted mail screening is however feasible in the case of certain suspected individuals or

    institutions, such as prisons or prisoner of war camps. During World War II, a technology used to ease

    monitoring of POW mail was specially treated paper that would reveal invisible ink. An article in the June

    24, 1948 issue of Paper Trade Journal by the Technical Director of the United States Government Printing

    Office, Morris S. Kantrowitz, describes in general terms the development of this paper, three prototypes of

    which were named Sensicoat, Anilith, and Coatalith paper. These were for the manufacture of postal cards

    and stationery to be given to German prisoners of war in the U.S. and Canada. If POWs tried to write a

    hidden message the special paper would render it visible. At least two U.S. patents were granted related to

    this technology, one to Mr. Kantrowitz, No. 2,515,232, "Water-Detecting paper and Water-Detecting

    Coating Composition Therefor", patented July 18, 1950, and an earlier one, "Moisture-Sensitive Paper and

    the Manufacture Thereof," No. 2,445,586, patented July 20, 1948. A similar strategy is to issue prisoners

    with writing paper ruled with a water-soluble ink that 'runs' when in contact with a water-based invisible

    ink.

    In computing, detection of steganographically encoded packages is called steganalysis. The simplest

    method to detect modified files, however, is to compare them to known originals. For example, to detect

    information being moved through the graphics on a website an analyst can maintain known-clean copies of

    these materials and compare them against the current contents of the site. The differences, assuming the

    carrier is the same, will compose the payload. In general, using extremely high compression rate makes

    steganography difficult, but not impossible. While compression errors provide a hiding place for data, high

    compression reduces the amount of data available to hide the payload in, raising the encoding density and

    facilitating easier detection (in the extreme case, even by casual observation).

  • 8/8/2019 Cs9 Batch 1 Steganography

    15/39

    P a g e | 15

    1.7 APPLICATIONS

    1.7.1 Usage in modern printers

    Steganography is used by some modern printers, including HP and Xerox brand color laser printers. Tiny

    yellow dots are added to each page. The dots are barely visible and contain encoded printer serial numbers,as well as date and time stamps.

    1.7.2 Example from modern practice

    The larger the cover message is (in data content termsnumber of bits) relative to the hidden message, the

    easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used

    to hide messages on the Internet and on other communication media. It is not clear how commonly this is

    actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values

    (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The

    difference between 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by

    the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something

    else other than color information. If we do it with the green and the red as well we can get one letter of

    ASCII text for every three pixels.

    Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to

    ensure that the changes to the carrier (the original signal) due to the injection of the payload (the signal to

    covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are

    indistinguishable from the noise floor of the carrier.

    From an information theoretical point of view, this means that the channel must have more capacity than

    the 'surface' signal requires, that is, there must be redundancy. For a digital image, this may be noise from

    the imaging element; for digital audio, it may be noise from recording techniques or amplification

    equipment. In general, electronics that digitize an analog signal suffer from several noise sources such as

    thermal noise, flicker noise, and shot noise. This noise provides enough variation in the captured digital

    information that it can be exploited as a noise cover for hidden data. In addition, lossy compression

    schemes (such as JPEG) always introduce some error into the decompressed data; it is possible to exploit

    this for steganographic use as well.

    Steganography can be used for digital watermarking, where a message (being simply an identifier) is

    hidden in an image so that its source can be tracked or verified.

    In fact, not only picture files can host hidden information, but other file formats can also hide data such as

    audio files, text files, web pages[6]

    and many other file formats.

    1.7.3 Alleged usage by terrorists

    When one considers that messages could be encrypted steganographically in e-mail messages, particularly

    e-mail spam, the notion of junk e-mail takes on a whole new light. Coupled with the "chaffing and

    winnowing" technique, a sender could get messages out and cover their tracks all at once.

  • 8/8/2019 Cs9 Batch 1 Steganography

    16/39

    P a g e | 16

    An example showing how terrorists may use forum avatars to send hidden messages. This avatar contains

    the message "Boss said that we should blow up the bridge at midnight." encrypted with

    http://mozaiq.org/encrypt using "vxj" as password.

    FIG 3.

    Rumors about terrorists using steganography started first in the daily newspaper USA Today on February 5,

    2001 in two articles titled "Terrorist instructions hidden online" and "Terror groups hide behind Web

    encryption". In July of the same year, the information looked even more precise: "Militants wire Web with

    links to jihad". A citation from the USA Today article: "Lately, al-Qaeda operatives have been sending

    hundreds of encrypted messages that have been hidden in files on digital photographs on the auction site

    eBay.com". These rumors were cited many timeswithout ever showing any actual proofby other media

    worldwide, especially after the terrorist attack of 9/11. The Italian newspaper Corriere della Sera reported

    that an Al Qaeda cell which had been captured at the Via Quaranta mosque in Milan had pornographic

    images on their computers, and that these images had been used to hide secret messages (although no other

    Italian paper ever covered the story). The USA Today articles were written by veteran foreign

    correspondent Jack Kelley, who in 2004 was fired after allegations emerged that he had fabricated stories

    and invented sources.

    In October 2001, the New York Times published an article claiming that al-Qaeda had used steganographic

    techniques to encode messages into images, and then transported these via e-mail and possibly via

    USENET to prepare and execute the September 11, 2001 Terrorist Attack. The Federal Plan for Cyber

    Security and Information Assurance Research and Development,[7] published in April 2006 makes the

    following statements:

    y "immediate concerns also include the use of cyberspace for covert communications, particularly

    by terrorists but also by foreign intelligence services; espionage against sensitive but poorly

    defended data in government and industry systems; subversion by insiders, including vendors and

    contractors; criminal activity, primarily involving fraud and theft of financial or identity

    information, by hackers and organized crime groups"y "International interest in R&D for steganography technologies and their commercialization and

    application has exploded in recent years. These technologies pose a potential threat to national

    security. Because steganography secretly embeds additional, and nearly undetectable, information

    content in digital products, the potential for covert dissemination of malicious software, mobile

    code, or information is great."

  • 8/8/2019 Cs9 Batch 1 Steganography

    17/39

    P a g e | 17

    y "The threat posed by steganography has been documented in numerous intelligence reports." (p

    42)

    Moreover, a captured terrorist training manual, the "Technical Mujahid, a Training Manual for Jihadis"

    contains a section entitled "Covert Communications and Hiding Secrets Inside Images." A brief summary is

    provided by the Jamestown Foundation.[8]

    The above considered, there are no known instances of islamists actually using computer steganography.

    Islamist utilisation of steganography is somewhat simpler: In 2008 a British Muslim, Rangzieb Ahmed,

    was alleged to have a contact book with Al-Qaeda telephone numbers, written in invisible ink. He was

    convicted on terrorism charges.[9]

  • 8/8/2019 Cs9 Batch 1 Steganography

    18/39

    P a g e | 18

    CHAPTER 2: LITERATURE, SURVEY AND ITS ANALYSIS

    2.1 USE OF STEGANOGRAPHY

    Like many security tools, Steganography can be used for a variety of reasons, some good, some not so

    good. Legitimate purposes can include things like watermarking images for reasons such as copyright

    protection. Digital watermarks (also known as fingerprinting, significant especially in copyrighting

    material) are similar to Steganography in that they are overlaid in files, which appear to be part of the

    original file and are thus not easily detectable by the average person. Steganography can also be used as a

    way to make a substitute for a one-way hash value (where you take a variable length input and create a

    static length output string to verify that no changes have been made to the original variable length input)[4].

    Further, steganography can be used to tag notes to online images (like post-it notes attached to paper files).

    Finally, steganography can be used to maintain the confidentiality of valuable information, to protect the

    data from possible sabotage, theft, or unauthorized viewing[5].

    2.2 IMPORTANCE OF STEGANOGRAPHY

    Steganography or Stego as it is often referred to in the IT community, literally means, "Covered writing"

    which is derived from the Greek language. Steganography is defined by Markus Kahn [5] as follows,

    "Steganography is the art and science of communicating in a way which hides the existence of the

    communication. In contrast to Cryptography, where the enemy is allowed to detect, intercept and modify

    messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of

    Steganography is to hide messages inside other harmless messages in a way that does not allow any enemy

    to even detect that there is a second message present".

    In a digital world, Steganography and Cryptography are both intended to protect information from

    unwanted parties. Both Steganography and Cryptography are excellent means by which to accomplish this

    but neither technology alone is perfect and both can be broken. It is for this reason that most experts would

    suggest using both to add multiple layers of security.

    Steganography can be used in a large amount of data formats in the digital world of today. The most

    popular data formats used are .bmp, .doc, .gif, .jpeg, .mp3, .txt and .wav. Mainly because of their popularity

    on the Internet and the ease of use of the steganographic tools that use these data formats. These formats

    are also popular because of the relative ease by which redundant or noisy data can be removed from them

    and replaced with a hidden message.

    Steganographic technologies are a very important part of the future of Internet security and privacy on open

    systems such as the Internet. Steganographic research is primarily driven by the lack of strength in the

    cryptographic systems on their own and the desire to have complete secrecy in an open-systems

    environment. Many governments have created laws that either limit the strength of cryptosystems or

    prohibit them completely. This has been done primarily for fear by law enforcement not to be able to gain

    intelligence by wiretaps, etc. This unfortunately leaves the majority of the Internet community either with

  • 8/8/2019 Cs9 Batch 1 Steganography

    19/39

    P a g e | 19

    relatively weak and a lot of the times breakable encryption algorithms or none at all. Civil liberties

    advocates fight this with the argument that these limitations are an assault on privacy. This is where

    Steganography comes in. Steganography can be used to hide important data inside another file so that only

    the parties intended to get the message even knows a secret message exists. To add multiple layers of

    security and to help subside the "crypto versus law" problems previously mentioned, it is a good practice to

    use Cryptography and Steganography together. As mentioned earlier, neither Cryptography nor

    Steganography are considered "turnkey solutions" to open systems privacy, but using both technologies

    together can provide a very acceptable amount of privacy for anyone connecting to and communicating

    over these systems.

    E169 4E46

    2.3 STEGANOGRAPHIC METHODS

    The following formula provides a very generic description of the pieces of the steganographic process:

    cover_medium + hidden_data + stego_key = stego_medium

    In this context, the cover_medium is the file in which we will hide the hidden_data, which may also beencrypted using the stego_key. The resultant file is the stego_medium (which will, of course. be the same

    type of file as the cover_medium). The cover_medium (and, thus, the stego_medium) are typically image

    or audio files. In this article, I will focus on image files and will, therefore, refer to the cover_image and

    stego_image.

    Before discussing how information is hidden in an image file, it is worth a fast review of how images are

    stored in the first place. An image file is merely a binary file containing a binary representation of the color

    or light intensity of each picture element (pixel) comprising the image.

    Images typically use either 8-bit or 24-bit color. When using 8-bit color, there is a definition of up to 256

    colors forming a palette for this image, each color denoted by an 8-bit value. A 24-bit color scheme, as the

    term suggests, uses 24 bits per pixel and provides a much better set of colors. In this case, each pix is

    represented by three bytes, each byte representing the intensity of the three primary colors red, green, and

    blue (RGB), respectively. The Hypertext Markup Language (HTML) format for indicating colors in a Web

    page often uses a 24-bit format employing six hexadecimal digits, each pair representing the amount of red,

    blue, and green, respectively. The color orange, for example, would be displayed with red set to 100%

    (decimal 255, hex FF), green set to 50% (decimal 127, hex 7F), and no blue (0), so we would use

    "#FF7F00" in the HTML code.

    The size of an image file, then, is directly related to the number of pixels and the granularity of the color

    definition. A typical 640x480 pix image using a palette of 256 colors would require a file about 307 KB in

    size (640 480 bytes), whereas a 1024x768 pix high-resolution 24-bit color image would result in a 2.36

    MB file (1024 768 3 bytes).

    To avoid sending files of this enormous size, a number of compression schemes have been developed over

    time, notably Bitmap (BMP), Graphic Interchange Format (GIF), and Joint Photographic Experts Group

    (JPEG) file types. Not all are equally suited to steganography, however.

  • 8/8/2019 Cs9 Batch 1 Steganography

    20/39

    P a g e | 20

    GIF and 8-bit BMP files employ what is known as lossless compression, a scheme that allows the software

    to exactly reconstruct the original image. JPEG, on the other hand, uses lossy compression, which means

    that the expanded image is very nearly the same as the original but not an exact duplicate. While both

    methods allow computers to save storage space, lossless compression is much better suited to applications

    where the integrity of the original information must be maintained, such as steganography. While JPEG can

    be used for stego applications, it is more common to embed data in GIF or BMP files.

    The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In

    this method, we can take the binary representation of the hidden_data and overwrite the LSB of each byte

    within the cover_image. If we are using 24-bit color, the amount of change will be minimal and

    indiscernible to the human eye. As an example, suppose that we have three adjacent pixels (nine bytes)

    with the following RGB encoding:

    10010101 00001101 11001001

    10010110 00001111 11001010

    10011111 00010000 11001011

    Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually compressed prior to

    being hidden): 101101101. If we overlay these 9 bits over the LSB of the 9 bytes above, we get the

    following (where bits in bold have been changed):

    10010101 00001100 11001001

    10010111 00001110 11001011

    10011111 00010000 11001011

    Note that we have successfully hidden 9 bits but at a cost of only changing 4, or roughly 50%, of the LSBs.

    This description is meant only as a high-level overview. Similar methods can be applied to 8-bit color but

    the changes, as the reader might imagine, are more dramatic. Gray-scale images, too, are very useful for

    steganographic purposes. One potential problem with any of these methods is that they can be found by an

    adversary who is looking. In addition, there are other methods besides LSB insertion with which to insert

    hidden information. Without going into any detail, it is worth mentioning steganalysis, the art of detecting

    and breaking steganography. One form of this analysis is to examine the color palette of a graphical image.

    In most images, there will be a unique binary encoding of each individual color. If the image contains

    hidden data, however, many colors in the palette will have duplicate binary encodings since, for all

    practical purposes, we can't count the LSB. If the analysis of the color palette of a given file yields many

    duplicates, we might safely conclude that the file has hidden information.

    But what files would you analyze? Suppose I decide to post a hidden message by hiding it in an image file

    that I post at an auction site on the Internet. The item I am auctioning is real so a lot of people may access

    the site and download the file; only a few people know that the image has special information that only they

  • 8/8/2019 Cs9 Batch 1 Steganography

    21/39

    P a g e | 21

    can read. And we haven't even discussed hidden data inside audio files! Indeed, the quantity of potential

    cover files makes steganalysis a Herculean task.

    2.4HOW DO STEGANOGRAPHY TOOLS WORK?

    To show how easy Steganography is, I started out by downloading one of the more popular freeware tools

    out now: F5, then moved to a tool called SecurEngine, which hides text files within larger text files, and

    lastly a tool that hides files in MP3s called MP3Stego. I also tested one commercial Steganography

    product, Steganos Suite.

    F5 was developed by Andreas Westfield, and runs as a DOS client. A couple of GUIs were later developed:

    one named "Frontend", developed by Christian Wohne and the other, named "Stegano", by Thomas Biel. I

    tried F5, beta version 12. I found it very easy to encode a message into a JPEG file, even if the buttons in

    the GUI are written in German! Users can simply do this by following the buttons, inputting the JPEG file

    path, then the location of the data that is being hidden (in my case, I used a simple text file created in

    Notepad), at which point the program prompts the user for a pass phrase. As you can see by the before and

    after pictures below, it is very hard to tell them apart, embedded message or not.

    Figure 4.1: JPEG file without embedded text Figure 4.2: JPEG file with embedded text

    Granted, the file that I embedded here was very small (it included one line of text: "This is a test. This is

    only a test."), so not that many pixels had to be replaced to hide my message. But what if I tried to hide a

    larger file? F5 only hides text files. I tried to hide a larger word document and although it did hide the file, when I tried to decrypt it,

    it came out as garbage. However, larger text files seemed to hide in the picture just as well as my small, one-line message.

  • 8/8/2019 Cs9 Batch 1 Steganography

    22/39

    P a g e | 22

    SecurEngine doesn't seem to be as foolproof as the tools that hide text within pictures. When I hid my small text file in a bigger text

    file, I found an odd character at the bottom of the encoded file (""). This character was not in the original file. SecurEngine gives

    users the option of just hiding the image, hiding the image as well as encrypting it, or both. The test message was encrypted and

    decrypted without issue. SecurEngine also has a feature that helps to "wipe" files (to delete them more securely).

    MP3Stego, a tool that hides data in MP3 files worked very well. How the process works is like this: you encode a file, a text file for

    example, with a .WAV file, in order for it to be compressed into MP3 format. One problem that I ran into was that in order to hide

    data of any size, I had to find a file that was proportional in size. So, for instance, my small text message from the previous exercise

    was too big to hide in a .WAV file (the one that I originally tried was 121KB, and the text file was around 36 bytes). In order to

    ultimately hide a file that was 5 bytes (only bearing the message "test."), I found a .WAV file that was 627 KB. The ultimate MP3

    file size was 57KB.

    Steganos Suite is a commercial software package of numerous stego tools all rolled into one. In addition to a nifty Internet trace

    destructor function and a computer file shredder, it has a function called the File Manager. This allows users to encrypt and hide

    files on their hard drive. The user selects a file or folder to hide, and then selects a "carrier" file, which is defined as a graphic or

    sound file. It will also create one for you if you prefer, if you have a scanner or microphone available. If you don't have a file handy

    or if you want to create one, the File Manager will search your hard drive for an appropriate carrier. This tool looks for a wider

    variety of file types than the majority of the freeware tools that I perused (such as .DLL and .DIB files), so if you intend to do quite

    a bit of file hiding, you might want to invest in a commercial package.

    2.5 FEASIBILITY STUDY:

    Feasibility study is about the viability of a system. The proposed system has to be examined for its technical, economical and

    operational feasibility. This system for hiding text files within images was inspected with all these aspects in mind. Many

    alternatives are found and the best among them, which suits our requirement in a better way, is chosen. One should keep following

    points in mind to choose a better alternative.

    Greater speed of processing

    Effective procedures eliminating errors

    Better accuracy

    Fast retrieval of data

    Data security

    Efficient way to store data

    These alternatives are taken into account and a better system is designed. Then, the system is thoroughly scrutinized to make sure of

    its practicability.

    2.5.1 Technical Feasibility:

  • 8/8/2019 Cs9 Batch 1 Steganography

    23/39

    P a g e | 23

    It is the process of assessing the development organization's ability to construct a proposed system. Test is made to see whether

    reliable hardware and software, technical resources capable of meeting the needs of a proposed system can be acquired or developed

    by an organization in the required time. While accessing the technical feasibility, the various issues that are considered are system

    performance, system interfaces, development processes, risks, failure immunity and security.

    2.5.2 Economical feasibility:

    It is a process of identifying the financial benefits and costs associated with a development project. This project is found to be

    economically feasible since security is the need of the time. A cost-benefit analysis is made considering the intricacies such as

    development cost, time to implementation, support costs, business process effectiveness, and maintainable design.

    2.5.3 Operational feasibility:

    It is the process of assessing the degree to which a proposed system solves business problems or takes advantage of business

    opportunities the questions that are assessed are

    Will the solution fulfill the users requirements?

    To what degree?

    How will the solution change the users work environment?

    How do users feel about such a solution?

    The feedbacks for these questions are reviewed and the system proposed is found to be feasible.

    2.6 PROTECTING AGAINST MALICIOUS STEGANOGRAPHY

    Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized or unwanted activity. What can you

    do to prevent or detect issues with stego? There is no easy answer. If someone has decided to hide their data, they will probably be

    able to do so fairly easily. The only way to detect steganography is to be actively looking for in specific files, or to get very lucky.

    Sometimes an actively enforced security policy can provide the answer: this would require the implementation of company-wide

    acceptable use policies that restrict the installation of unauthorized programs on company computers.

    Using the tools that you already have to detect movement and behavior of traffic on your network may also be helpful. Network

    intrusion detection systems can help administrators to gain an understanding of normal traffic in and around your network and can

    thus assist in detecting any type of anomaly, especially with any changes in the behavior of increased movement of large images

    around your network. If the administrator is aware of this sort of anomalous activity, it may warrant further investigation. Host-

    based intrusion detection systems deployed on computers may also help to identify anomalous storage of image and/or video files.

    A research paper by Stefan Hetzel cites two methods of attacking steganography, which really are also methods of detecting it. They

    are the visual attack (actually seeing the differences in the files that are encoded) and the statistical attack: "The idea of the statistical

    attack is to compare the frequency distribution of the colors of a potential stego file with the theoretically expected frequency

    distribution for a stego file." It might not be the quickest method of protection, but if you suspect this type of activity, it might be the

    most effective. For JPEG files specifically, a tool called Stegdetect, which looks for signs of steganography in JPEG files, can be

  • 8/8/2019 Cs9 Batch 1 Steganography

    24/39

    P a g e | 24

    employed. Stegbreak, a companion tool to Stegdetect, works to decrypt possible messages encoded in a suspected steganographic

    file, should that be the path you wish to take once the stego has been detected

    2.7 SYSTEM ANALYSIS

    2.7.1 EXISTING SYSTEM

    Steganography is an evolving branch of cryptography. People not only want their messages to be encrypted but they want to hide

    the existence of such information. A variety of systems are providing this facility of hiding information. But, nobody can deny the

    fact that with a lot of hard work and sincere effort any good cryptologist could find whether an information is hidden in a file or

    not. Since we dont want such persons to learn our information, we need some system such that even when the information is

    revealed, it should be of no use.

    2.7.2 PROPOSED SYSTEM

    The system proposed by this project takes the above said problem into account and it combines the art of steganography with

    cryptology. It encodes a message and then,hides it in a file. This makes the message unreadable even after it is disclosed. By this

    way we can conceal our information. This project hides text files inside bmp files and creates a bmp file with secret message. A key

    should be given by the user to encode the message. The message is first encoded with this key and then embedded inside the

    specified file. It is then stored as per the name specified.

    To reveal the message that is inside a file, one should give the right key and then this key will decrypt the message and then the

    embedded message is extracted out for viewing. If an attempt is made with a wrong key, a warning is made to tell that that key is

    invalid. By this method we hide our secret message from invalid users.

    Several options are provided for the users so that they work in a modish environment. Users are provided with a facility to locate the

    files on the system through browsing. The image files can be viewed on the display panel and we could select one.

    Information about jpg as well as bmp files could be retrieved.

    An additional facility for sending these secret message files over the net is offered. One could open the internet explorer and send

    the relevant files to the intended destination.

    The working of the system is very simple but powerful. It uses bit shift method to encrypt. The encrypted message is then

    embedded inside the specified bmp file bit by bit after hard manipulations. The key is used to do this crypting works. The characters

    in the key are converted into binary strings and they are manipulated against the binary streams that are obtained from the individual

    characters of the secret message.

    Since the key is used to encrypt and embed it would be hard to reveal a secret message that is embedded inside the picture.

  • 8/8/2019 Cs9 Batch 1 Steganography

    25/39

    P a g e | 25

    CHAPTER 3 : ALGORITHMS AND METHODOLOGIES

    3.1 BLOWFISH (CIPHER)

    Blowfish

  • 8/8/2019 Cs9 Batch 1 Steganography

    26/39

    P a g e | 26

    The round function (Feistel function) of Blowfish

    General

    Designers Bruce Schneier

    First published 1993

    Successors Twofish

    Cipher detail

    Key sizes 32448 bits in steps of 8 bits; default 128 bits

    Block sizes 64 bits

    Structure Feistel network

    Rounds 16

    Best public cryptanalysis

    Four rounds of Blowfish are susceptible to a second-order differential attack (Rijmen, 1997); for a class

    of weak keys, 14 rounds of Blowfish can be distinguished from a pseudorandom permutation (Vaudenay,

    1996).

    In cryptography, Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number

    of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it

    has been found to date. However, the Advanced Encryption Standardnow receives more attention.

  • 8/8/2019 Cs9 Batch 1 Steganography

    27/39

    P a g e | 27

    Schneier designed Blowfish as a general-purpose algorithm, intended as a replacement for the aging DES and free of the problems

    and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary,

    encumbered by patents or were commercial/government secrets. Schneier has stated that, "Blowfish is unpatented, and will remain

    so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone."

    Notable features of the design include key-dependent S-boxes and a highly complex key schedule.

    3.1.2 THE ALGORITHM

    Blowfish has a 64-bit block size and a variable key length from 32 up to 448 bits. [1] It is a 16-round Feistel cipher and uses large

    key-dependent S-boxes. It is similar in structure to CAST-128, which uses fixed S-boxes.

    FIG 5. The Feistel structure of Blowfish

    The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-

    entry P-array and four 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is used

    every round, and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries.

    The diagram to the right shows Blowfish's F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the

    quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to produce the final 32-bit output.

    Decryption is exactly the same as encryption, except that P1, P2,..., P18 are used in the reverse order. This is not so obvious because

    xor is commutative and associative. A common mistake is to use inverse order of encryption as decryption algorithm (i.e. first

    XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order).

    Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which

    contain no obvious pattern (see nothing up my sleeve number). The secret key is then XORed with the P-entries in order (cycling

  • 8/8/2019 Cs9 Batch 1 Steganography

    28/39

  • 8/8/2019 Cs9 Batch 1 Steganography

    29/39

    P a g e | 29

    3.2 ADVANCED ENCRYPTION STANDARD (Rijndael)

    AES

    The SubBytes step, one of four stages in a round of AES

    General

    Designers Vincent Rijmen, Joan Daemen

    First

    published

    1998

    Derived from Square

    Successors Anubis, Grand Cru

    Certification AES winner, CRYPTREC, NESSIE, NSA

    Cipher detail

    Key sizes 128, 192 or 256 bits[1]

    Block sizes 128 bits[2]

    Structure Substitution-permutation network

    Rounds 10, 12 or 14 (depending on key size)

    Best public cryptanalysis

    A related-key attack can break 256-bit AES with a complexity of 2119, which is faster than brute force

    but is still infeasible. 192-bit AES can also be defeated in a similar manner, but at a complexity of 2176.

    128-bit AES is not affected by this attack. A chosen-plaintext attack can break 8 rounds of 192- and

    256-bit AES, and 7 rounds of 128-bit AES, although the workload is impractical at 2128

    - 2119

    .

  • 8/8/2019 Cs9 Batch 1 Steganography

    30/39

    P a g e | 30

    (Ferguson et al., 2000).

    In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The

    standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as

    Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have

    been analyzed extensively and are now used worldwide, as was the case with its predecessor, [3] the Data Encryption Standard

    (DES).

    AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26,

    2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was

    selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May

    26, 2002. As of 2009, AES is one of the most popular algorithms used in symmetric key cryptography. It is available in many

    different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information

    (see Security of AES, below).

    The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the

    AES selection process. Rijndael is a portmanteau of the names of the two inventors and is pronounced [rindal].[4]

    3.2.1 DESCRIPTION OF THE AES CIPHER

    AES is based on a design principle known as a Substitution

    permutation network. It is fast in both software and

    hardware,[5] is relatively easy to implement, and requires little

    memory.[citation needed] Unlike its predecessor DES, AES does

    not use a Feistel network.

    AES has a fixed block size of 128 bits and a key size of 128,

    192, or 256 bits, whereas Rijndael can be specified with

    block and key sizes in any multiple of 32 bits, with a

    minimum of 128 bits and a maximum of 256 bits.

    Assuming one byte equals 8 bits, the fixed block size of 128

    bits is 128 8 = 16 bytes. AES operates on a 44 array of

    bytes, termed the state (versions of Rijndael with a larger

    block size have additional columns in the state). Most AES

    calculations are done in a special finite field.

    The AES cipher is specified as a number of repetitions of

    transformation rounds that convert the input plain-text into

    the final output of cipher-text. Each round consists of several

    processing steps, including one that depends on the

    encryption key. A set of reverse rounds are applied to

    transform cipher-text back into the original plain-text using

    the same encryption key.

    3.2.2 HIGH-LEVEL DESCRIPTION OF THE

    ALGORITHM

    y KeyExpansion using Rijndael's key schedule

    y Initial Round

    1. AddRoundKey

    y Rounds

    1. SubBytesa non-linear substitution step where

    each byte is replaced with another according to a

    lookup table.

    2. ShiftRowsa transposition step where each row of

    the state is shifted cyclically a certain number of

    steps.

    3. MixColumnsa mixing operation which operates

    on the columns of the state, combining the four

    bytes in each column

  • 8/8/2019 Cs9 Batch 1 Steganography

    31/39

    P a g e | 31

    4. AddRoundKeyeach byte of the state is combined

    with the round key; each round key is derived from

    the cipher key using a key schedule.

    y Final Round (no MixColumns)

    1. SubBytes

    2. ShiftRows

    3. AddRoundKey

    3.2.2.1 THE SubBytes STEP

    FIG 6.

    In the SubBytes step, each byte in the state is replaced with

    its entry in a fixed 8-bit lookup table, S; bij = S(aij).

    In the SubBytes step, each byte in the array is updated using

    an 8-bit substitution box, the Rijndael S-box. This operation

    provides the non-linearity in the cipher. The S-box used is

    derived from the multiplicative inverse over GF(2

    8

    ), knownto have good non-linearity properties. To avoid attacks based

    on simple algebraic properties, the S-box is constructed by

    combining the inverse function with an invertible affine

    transformation. The S-box is also chosen to avoid any fixed

    points (and so is a derangement), and also any opposite fixed

    points.

    3.2.2.2 THE ShiftRows STEP

    FIG 7.

    In the ShiftRows step, bytes in each row of the state are

    shifted cyclically to the left. The number of places each byte

    is shifted differs for each row.

    The ShiftRows step operates on the rows of the state; it

    cyclically shifts the bytes in each row by a certain offset. For

    AES, the first row is left unchanged. Each byte of the second

    row is shifted one to the left. Similarly, the third and fourth

    rows are shifted by offsets of two and three respectively. For

    the block of size 128 bits and 192 bits the shifting pattern is

    the same. In this way, each column of the output state of the

    ShiftRows step is composed of bytes from each column of

    the input state. (Rijndael variants with a larger block size

    have slightly different offsets). In the case of the 256-bit

    block, the first row is unchanged and the shifting for second,

    third and fourth row is 1 byte, 3 bytes and 4 bytes

    respectively - this change only applies for the Rijndael cipher

    when used with a 256-bit block, AES doesn't use 256-bit

    blocks.

    3.2.5 THE MixColumns STEP

  • 8/8/2019 Cs9 Batch 1 Steganography

    32/39

    P a g e | 32

    FIG 8.

    In the MixColumns step, each column of the state is

    multiplied with a fixed polynomial c(x).

    In the MixColumns step, the four bytes of each column of the

    state are combined using an invertible linear transformation.

    The MixColumns function takes four bytes as input and

    outputs four bytes, where each input byte affects all fouroutput bytes. Together with ShiftRows, MixColumns

    provides diffusion in the cipher. Each column is treated as a

    polynomial overGF(28) and is then multiplied modulo x4 + 1

    with a fixed polynomial c(x) = 3x3 + x2 + x + 2. The

    MixColumns step can also be viewed as a multiplication by a

    particular MDS matrix in Finite field. This process is

    described further in the article Rijndael mix columns.

    3.2.2.3 THE AddRoundKey STEP

    FIG 9.

    In the AddRoundKey step, each byte of the state is combined

    with a byte of the round subkey using the XOR operation

    ().

    In the AddRoundKey step, the subkey is combined with the

    state. For each round, a subkey is derived from the main key

    using Rijndael's key schedule; each subkey is the same size

    as the state. The subkey is added by combining each byte of

    the state with the corresponding byte of the subkey using

    bitwise XOR.

    3.2.3 OPTIMIZATION OF THE CIPHER

    On systems with 32-bit or larger words, it is possible to speed

    up execution of this cipher by combining SubBytes and

    ShiftRows with MixColumns, and transforming them into a

    sequence of table lookups. This requires four 256-entry 32-

    bit tables, which utilizes a total of four kilobytes (4096 bytes)

    of memoryone kilobyte for each table. A round can now be

    done with 16 table lookups and 12 32-bit exclusive-or

    operations, followed by four 32-bit exclusive-or operations in

    the AddRoundKey step.[6]

    If the resulting four kilobyte table size is too large for a given

    target platform, the table lookup operation can be performed

    with a single 256-entry 32-bit table by the use of circular

    rotates.

    Using a byte-oriented approach it is possible to combine the

    SubBytes, ShiftRows, and MixColumns steps into a single

    round operation.

    CHAPTER 4 : EXPERIMENTAL RESULTS

  • 8/8/2019 Cs9 Batch 1 Steganography

    33/39

    P a g e | 33

    FIG 10.

    4.1 Some of the tools used for implementing

    steganography with various algorithms are:

    4.1.1. ABSOLUTE CHAOS 3.8

    Absolute CHAOS allows to encrypt the files and folders and

    to hide it as the files .ipg, .gif, .doc, .rtf or any others.

    Absolute CHAOS has high speed and allows variable-length

    keys, making it very reliable and easy to use. The program is

    compact, efficient and user friendly. Absolute CHAOS has

    comprehensive privacy tools including file/folder

    compression, file/folder shredder.

    4.1.2. ABSOLUTE PASSWORD PROTECTOR 1.0.547

    Absolute Password Protector is a strong steganography utility that securely encrypts files. The program hides your

    sensitive data into pictures. With the use of Absolute Password Protector, you can also hide encrypted files so that no

    one would know it's an encrypted file. Encrypted files can be safely transferred via e-mail. Absolute Password

    Protector adds "invisible" noise to digital photographic images. This noise will contain your sensitive data in an

    encrypted form. There are a lot of password protection utilities on the market today that promise a secure storage for

    your files. Unfortunately, simple password protection techniques do not guarantee safety and passwords are easily

    cracked. LastBit Software is a company providing password recovery solutions since 1997. The company has a great

    experience in this field and did the best to make the encryption utility as strong as possible. Absolute Password

    Protector uses the CleverLock (TM) technology that dramatically increases the time and efforts needed to recover even

    a short password. So, maximum possible brute-force attack speed is about 100 passwords per second (for example,search speed for Zip archives is up to tens of millions of passwords per second). There is no need to start the program

    each time you wish to encrypt or decrypt a file. Absolute Password Protector integrates into the Windows shell and

    can be invoked by a right click on a file, while in Windows Ex

    4.1.3. COMPUTER SECURITY 1.5

    Security should be a very important and concerning issue in

    company or a home user, it is very important to protect your

    sensitive data, hiding it in innocent carriers, allowing safe tr

    files beyond recovery and locking application from your child

    of over 20 algorithms like Twofish, Cast128, Blowfish or Shap

    overwrites every bit of information with a random number of l

    4.1.4. HIDE PRIVATE FILE PRO 6.01

    Hide Private File Pro allows you to encrypt, compress and hid

    BMP file so that the addition of the message to the container f

    If the file which has been hidden is deleted then there is no in

    from BMP file when you need to get at it, hide and recovered

    file of any size in one BMP image files (automation conversio

    hiding a message file in single BMP image file, (2) extract

    Advanced differs from others of this sort in two respects: 1. Th

    BMP is big enough. when you hidden, Hide2Image Advanced

    hide in this file), the other is 'Source Image' (when you recove

    support 8 kinds of encryption algorithms (for example: DES,

    like this if no login password of other man can't login Hid

    Manage BMP file.

    4.1.5. ID IMAGE PROTECTOR 1.2

    ID Image Protector is a program specifically designed to p

    imagine encrypting and embossing facilities. It safely secures

    keeping it away from unauthorized access. Main Features: - E

    advanced encrypting methods - Compresses imagines up to 7

    and a tutorial guide Detailed features: - ID Image Protector en

    images, without changing the original content of the files an

    other personal things you wish to keep private. It encodes

    encoding method and jeopardize your files including spyware

    its original size by the use of an integrated compressing system

    keys for a professional secure encryption. It provides, at y

  • 8/8/2019 Cs9 Batch 1 Steganography

    34/39

    P a g e | 34

    between the original and the encoded image. - Encodes files professionally by providing advanced encrypting services.

    ID Image Protector encodes files with a range starting from 8bits and reaching up to 16.384 bits and higher. - Offers a

    step-by-step wizard service which guides you through the menu and the services it provides. ID Image Protector also

    offers assistance with live tutorial presentations just in case you need them. - ID Image Protector has a convenient

    graphic interface which is very simple to use. It requires minimal space on your computer to operate efficiently.

    4.1.6. INVISIBLE SECRETS ENCRYPTION SOFTWARE 4.6

    Invisible Secrets Encryption Software 4 not only encrypts your data and files for safe keeping or for secure transfer

    across the net, it also hides them in places that on the surface appear totally innocent, such as picture or sound files, or

    web pages. These types of files are a perfect disguise for sensitive information. Nobody, not even your wife, boss, or a

    hacker would realize that your important papers or letters are stored in your last holiday pictures, or that you use your

    personal web page to exchange messages or secret documents. Invisible Secrets Encryption Software 4 features:

    strong encryption algorithms; steganography and a library of favorite carriers locations; a password management

    solution that stores all your passwords securely and helps you create secure passwords, faster access to your passwords

    by accessing the password manager directly from the tray menu; a virtual keyboard created in order to prevent any key

    logger software from stealing your passwords; a shredder that helps you destroy beyond recovery files, folders and

    internet traces; a locker that allows you to password protect certain applications; the ability to create self-decrypting

    packages and mail them to your friends or business partners, you will be able to safely send the self-decrypting

    packages as zip files; a tool that allows you to transfer a password securely over the internet; a cryptboard to help you

    use the program from Windows Explorer and a real-time news system that allows you to be kept up-to-date with new

    versions, new products, new features, and special offers, without having to browse our website searching for new

    information. Invisible Secrets Encryption Software 4 is shell integrated and offers a wizard that guides you through all

    the necessary steps needed to protect your data.

    4.1.7. MESSAGE SMUGGLER 2.2.10.8.027

    Message Smuggler is the leading software on the market of its kind, which used to smuggle or hide text message into

    images. Create secret picture message with 256-bit encryption algorithm and password protection. This software gives

    you: - end of censorship - absolute security - end of any suspicions - free choice of transfer method Message Smuggler

    is an ideal tool for individuals who share very sensitive data with colleagues, family, or friends, and require that data

    to remain secure. Main Features: - All messages smuggled into images are encrypted with special certified encryption

    method based on 256-bit encryption algorithm and password protected. - Password isn't stored within file. - Images

    containing hidden messages are fully functional and are identical to the original one. - Images absolutely don't lose on

    quality. - Although images containing hidden messages, y