Thesis Report on image steganography using wavelet transform

EFFICIENT STEGANOGRAPHY USING LSB AND

ENCRYPTION TECHNIQUE

A B.tech Project Report submitted in partial fulfillment of the requirement for the B.Tech.

under Biju Patnaik University of Technology, Rourkela.

Submitted By

SIDHARTHA SANKAR PRADHAN Reg. No #0801314109

ATMASWAROOPA TRIPATHY Reg No. #0801314098

JULY - 2012

Under the guidance of

Dr. SATYARANJAN PATTANAIK

APEX INSTITUTE OF TECHNOLOGY & MANAGEMENT Pahala, Bhubaneswar, Odisha – 752101, India

Efficient Steganography using LSB and encryption technique

i

SYNOPSIS

Steganography is the process of hiding one file inside another such that others can neither

identify the meaning of the embedded object, nor even recognize its existence. Current trends

favor using digital image files as the cover file to hide another digital file that contains the secret

message or information. Steganography become more important as more people join the

cyberspace revolution. Steganography is the art of concealing information in ways that prevent

the detection of hidden messages. The goal of steganography is to avoid drawing suspicion to the

existence of a hidden message. This approach of information hiding technique has recently

become important in a number of application areas. Digital audio, video, and pictures are

increasingly furnished with distinguishing but imperceptible marks, which may contain a hidden

copyright notice or serial number or even help to prevent unauthorized copying directly. Military

communications system make increasing use of traffic security technique which, rather than

merely concealing the content of a message using encryption, seek to conceal its sender, its

receiver or its very existence. Similar techniques are used in some mobile phone systems and

schemes proposed for digital elections. One of the most common methods of implementation is

Least Significant Bit Insertion, in which the least significant bit of every byte is altered to form

the bit-string representing the embedded file. Altering the LSB will only cause minor changes in

color, and thus is usually not noticeable to the human eye. While this technique works well for

24-bit color image files, steganography has not been as successful when using an jpeg color

image file, due to limitations in color variations and the use of a color map. The advantages of

LSB are its simplicity to embed the bits of the message directly into the LSB plane of cover-

image and many techniques use these methods . Modulating the LSB does not result in a human-

perceptible difference because the amplitude of the change is small. Therefore, to the human eye,

the resulting stego-image will look identical to the cover-image. This allows high perceptual

transparency of LSB. Another level of security adds to steganography by using an encryption

technique for encrypting message before adding to image.


ii

Acknowledgement

We would like to express our immense sense of gratitude to our guide, Dr. Satya Ranjan

Pattanaik, for his valuable instructions, guidance and support throughout our project.

We again owe our special thanks to Dr. Satya Ranjan Patanaik, B.Tech. project Coordinator

for giving us an opportunity to do this report.

And finally thanks to Prof. R.C. Das, Principal, AITM for his continued drive for better quality

in everything that happens at AITM. This report is a dedicated contribution towards that greater

goal.

SIDHARTHA SANKAR PRADHAN

REG. NO.-0801314109

ATMASWAROOPA TRIPATHY

REG. NO-0801314098


iii

Table of Contents

Synopsis

List of Figures

List of Tables

Chapter No. Description Page No.

1 Introduction and Scope of the Thesis

1.1 Introduction 1

1.2 Scientific Background 1

1.3 Background of the Problem 2

1.4 Objective 3

1.5 Scope 3

2 Information hiding using Steganography

2.1 Introduction 4

2.2 Overview of Steganography 5

2.3 Summary 10

3 Least Significant Bit insertion

3.1 Introduction 11

3.2 Least Significant Bit Insertion 11

3.3 Secure Information Hiding System 12

3.4 Advantage of LSB Technique 15


iv

3.5 Disadvantage of LSB Technique 16

3.6 Summary 16

4 Encryption and RSA algorithm

4.1 Introduction 17

4.2 Types of Encryption 18

4.3 Asymmetric Encryption Schemes 19

4.4 RSA algorithm 22

4.5 Summary 26

5 Experimental Process, Results & Discussion

5.1 Concealing Message 27

5.2 Extracting Message 28

5.3 Experimental Results 29

5.4 Discussion 30

6 Conclusion

6.1 Future thoughts 31

6.2 Conclusion 31

Bibliography


v

List of Figures

Figure No. Description Page No.

2.1 Basic Steganography model 6

3.1 Producing Stego image process 13

5.1 Steganography at sender side 29

5.1 Output at the Receivers side 30


1

Chapter - 1

Introduction and Scope of the Thesis

1.1 General Introduction

One of the reasons that intruders can be successful is that most of the information they acquire

from a system is in a form that they can read and comprehend. Intruders may reveal the

information to others, modify it to misrepresent an individual or organization, or use it to launch

an attack. One solution to this problem is, through the use of steganography. Steganography is a

technique of hiding information in digital media. In contrast to cryptography, it is not to keep

others from knowing the hidden information but it is to keep others from thinking that the

information even exist

1.2 Scientific Background

Steganography is an ancient technology that has applications even in today‟s modern society. A

Greek word meaning “covered writing,” steganography has taken many forms since its origin in

ancient Greece. During the war between Sparta and Xerxes, Dermeratus wanted to warn Sparta

of Xerxes‟ pending invasion. To do this, he scraped the wax off one of the wooden tablets they

used to send messages and carved a message on the underlying wood. Covering it with wax

again, the tablet appeared to be unused and thereby slipped past the sentries‟ inspection.

However, this would not be the last time steganography would be used in times of war. In World

War II, the Germans utilized this technology. Unlike the Greeks, these messages were not

physically hidden; rather they used a method termed “null ciphering.” Null ciphering is a process

of encoding a message in plain sight. For example, the second letter of each word in an innocent

message could be extracted to reveal a hidden message. Although its roots lay in ancient Greece,

steganography has continually been used with great success throughout history. Today


2

steganography is being incorporated into digital technology. The techniques have been used to

create the watermarks that are in our nation‟s currency, as well as encode music information in

the ever-popular mp3 music file. Copyrights can be included in files, and fingerprints can be

used to identify the people who break copyright agreements. However, this technology is not

always used for good intentions; terrorists and criminals can also use it to convey information.

According to various officials and experts, terrorist groups are “hiding maps and photographs of

terrorist targets and posting instructions for terrorist activities on sports chat rooms, and other

Web sites. This aspect of steganography is what sparked the research into this vast field and

Education and understanding are the first steps toward security. Thus, it is important to study

steganography in order to allow innocent messages to be placed in digital media as well as

intercept abuse of this Technology.

1.3 Background of the Problem

Steganography [1] become more important as more people join the cyberspace revolution.

Steganography is the art of concealing information in ways that prevent the detection of hidden

messages. Steganography include an array of secret communication methods that hide the

message from being seen or discovered.

The goal of steganography is to avoid drawing suspicion to the existence of a hidden message.

This approach of information hiding technique has recently become important in a number of

application areas. Digital audio, video, and pictures are increasingly furnished with

distinguishing but imperceptible marks, which may contain a hiding copyright notice or serial

number or even help to prevent unauthorized copying directly.

Military communications system make increasing use of traffic security technique which, rather

than merely concealing the content of a message using encryption, seek

to conceal its sender, its receiver or its very existence. Similar techniques are used in some

mobile phone systems and schemes proposed for digital elections. Some of the techniques used

in steganography are domain tools or simple system such as least significant bit (LSB) insertion


3

and noise manipulation, and transform domain that involve manipulation algorithms and image

transformation such as discrete cosine transformation and wavelet transformation. However there

are technique that share the characteristic of both of the image and domain tools such as

patchwork, pattern block encoding, spread spectrum methods and masking.

1.4 Objective

This project comprehends the following objectives:

(i) To produce security tool based on steganographic techniques.

(ii) To explore techniques of hiding data using steganography.

1.5 Scope

The scope of the project as follow:

(i) Implementation of steganographic tools for hiding information includes text and image files.

(ii) Three different approaches being explored which are least significant bit, masking and

filtering and algorithms and transformation


4

Chapter - 2

Information Hiding Using Steganography

2.1 Introduction

Due to advances in ICT (Inverse Cryptography technology), most of information is kept

electronically. Consequently, the security of information has become a fundamental issue.

Besides cryptography, steganography can be employed to secure information. Steganography is a

technique of hiding information in digital media. In contrast to cryptography, the message or

encrypted message is embedded in a digital host before passing it through the network, thus the

existence of the message is unknown. Besides hiding data for confidentiality, this approach of

information hiding can be extended to copyright protection for digital media: audio, video, and

images.

The growing possibilities of modern communications need the special means of security

especially on computer network. The network security is becoming more important as the

number of data being exchanged on the Internet increases. Therefore, the confidentiality and data

integrity are requires to protect against unauthorized access and use. This has resulted in an

explosive growth of the field of information hiding.

In addition, the rapid growth of publishing and broadcasting technology also require an

alternative solution in hiding information. The copyright such as audio, video and other source

available in digital form may lead to large-scale unauthorized copying. This is because the digital

formats make possible to provide high image quality even under multi-copying. Therefore, the

special part of invisible information is fixed in every image that could not be easily extracted


5

without specialized technique saving Image quality simultaneously [2]. All this is of great

concern to the music, film, book and software publishing industries.

Information hiding is an emerging research area, which encompasses applications such as

copyright protection for digital media, watermarking, fingerprinting, and steganography [3]. All

these applications of information hiding are quite diverse [4].

• In watermarking applications, the message contains information such as owner

identification and a digital time stamp, which usually applied for copyright protection.

• Fingerprint, the owner of the data set embeds a serial number that uniquely identifies the

user of the data set. This adds to copyright information to makes it possible to trace any

unauthorized used of the data set back to the user.

• Steganography hide the secret message within the host data set and presence

imperceptible.

In those applications, information is hidden within a host data set and is to be reliably

communicated to a receiver. The host data set is purposely corrupted, but in a covert way,

designed to be invisible to an informal analysis. However, this paper will only focus on

information hiding using steganography approach.

2.2 Overview Steganography

The word steganography comes from the Greek Steganos, which mean covered or secret and –

graphy mean writing or drawing. Therefore, steganography means, literally, covered writing.

Steganography is the art and science of hiding information such that its presence cannot be

detected [1] and a communication is happening [1,3]. Secret information is encoding in a manner

such that the very existence of the information is concealed. Paired with existing communication

methods, steganography can be used to carry out hidden exchanges.

The main goal of steganography is to communicate securely in a completely undetectable

manner [5] and to avoid drawing suspicion to the transmission of a hidden data [4]. It is not to


6

keep others from knowing the hidden information, but it is to keep others from thinking that the

information even exists. If a steganography method causes someone to suspect the carrier

medium, then the method has failed [6] .Until recently, information hiding techniques received

very much less attention from the research community and from industry than cryptography.

This situation is, however, changing rapidly and the first academic conference on this topic was

organized in 1996. There has been a rapid growth of interest in steganography for two main

reasons [7]:

• The publishing and broadcasting industries have become interested in techniques for

hiding encrypted copyright marks and serial numbers in digital films, audio recordings,

books and multimedia products.

• Moves by various governments to restrict the availability of encryption services have

motivated people to study methods by which private messages can be embedded in

seemingly innocuous cover messages.

The basic model of steganography consists of Carrier, Message and Password. Carrier is also

known as cover-object, which the message is embedded and serves to hide the presence of the

message.

Fig 2.1 Basic Steganography Model


7

Basically, the model for steganography is shown on Figure 2.1[1]. Message is the data that the

sender wishes to remain it confidential. It can be plain text, cipher text, other image, or anything

that can be embedded in a bit stream such as a copyright mark, a covert communication, or a

serial number. Password is known as stego-key, which ensures that only recipient who know the

corresponding decoding key will be able to extract the message from a cover-object. The cover-

object with the secretly embedded message is then called the stego-object.

Recovering message from a stego-object requires the cover-object itself and a corresponding

decoding key if a stego-key was used during the encoding process. The Original image may or

may not be required in most applications to extract the message.

There are several suitable carriers below to be the cover-object[8]:

(i) Network Protocols such as TCP, IP and UDP

(ii) Audio that using digital audio formats such as wav, midi, avi, mpeg, mpi and voc

(iii) File and Disk that can hides and append files by using the slack space

(iv) Text such as null characters, just alike morse code including html and java

(v) Images file such as bmp, gif and jpg, where they can be both color and gray-scale.

In general, the information hiding process extracts redundant bits from cover-objec[4,8]t. The

process consists of two steps

(i) Identification of redundant bits in a cover-object. Redundant bits are those bits that can be

modified without corrupting the quality or destroying the integrity of the cover-object.

(ii) The embedding process then selects the subset of the redundant bits to be replaced with data

from a secret message. The stego-object is created by replacing the selected redundant bits with

message bits


8

2.2.1 Steganography vs. Cryptography

Basically, the purpose of cryptography and steganography is to provide secret communication.

However, steganography is not the same as cryptography. Cryptography hides the contents of a

secret message from a malicious people, whereas steganography even conceals the existence of

the message. Steganography must not be confused with cryptography, where we transform the

message so as to make it meaning obscure to a malicious people who intercept it. Therefore, the

definition of breaking the system is different [6]. In cryptography, the system is broken when the

attacker can read the secret message. Breaking a steganographic system need the attacker to

detect that steganography has been used and he is able to read the embedded message.

In cryptography, the structure of a message is scrambled to make itmeaningless and

unintelligible unless the decryption key is available. It makes noattempt to disguise or hide the

encoded message. Basically, cryptography offers theability of transmitting information between

persons in a way that prevents a third party from reading it. Cryptography can also provide

authentication for verifying the identity of someone or something.

In contrast, steganography does not alter the structure of the secret message, but hides it inside a

cover-image so it cannot be seen. A message in cipher text, for instance, might arouse suspicion

on the part of the recipient while an “invisible” message created with steganographic methods

will not. In other word, steganography prevents an unintended recipient from suspecting that the

data exists. In addition, the security of classical steganography system relies on secrecy of the

data encoding system. Once the encoding system[4] is known, the steganography system is

defeated.

It is possible to combine the techniques by encrypting message using cryptography and then

hiding the encrypted message using steganography. The resulting stego-image can be transmitted

without revealing that secret information is being exchanged. Furthermore, even if an attacker

were to defeat the steganographic technique and detect the message from the stego-object, he

would still require the cryptographic decoding key to decipher the encrypted message[1] .


9

2.2.2 Steganography Applications

There are many applications for digital steganography of image, including copyright protection,

feature tagging, and secret communication [1,2]. Copyright notice or watermark can embedded

inside an image to identify it as intellectual property. If someone attempts to use this image

without permission, we can prove by extracting the watermark.

In feature tagging, captions, annotations, time stamps, and other descriptive elements can be

embedded inside an image. Copying the stego–image also copies of the embedded features and

only parties who possess the decoding stego-key will be able to extract and view the features.

On the other hand, secret communication does not advertise a covert communication by using

steganography. Therefore, it can avoid scrutiny of the sender, message and recipient. This is

effective only if the hidden communication is not detected by the others people.

2.2.3 Steganography Techniques

Over the past few years, numerous steganography techniques that embed hidden messages in

multimedia objects have been proposed [9]. There have been many techniques for hiding

information or messages in images in such a manner that the alterations made to the image are

perceptually indiscernible. Common approaches are include[10]:

(i) Least significant bit insertion (LSB)

(ii) Masking and filtering

(iii) Transform techniques

Least significant bits (LSB) insertion is a simple approach to embedding information in image

file. The simplest steganography techniques embed the bits of the message directly into least

significant bit plane of the cover-image in a deterministic sequence. Modulating the least

significant bit does not result in human-perceptible difference because the amplitude of the

change is small.


10

Masking and filtering techniques, usually restricted to 24 bits and gray scale images, hide

information by marking an image, in a manner similar to paper watermarks. The techniques

performs analysis of the image, thus embed the information in significant areas so that the hidden

message is more integral to the cover image than just hiding it in the noise level.

Transform techniques embed the message by modulating coefficients in a transform domain,

such as the Discrete Cosine Transform (DCT) used in JPEG compression, Discrete Fourier

Transform, or Wavelet Transform. These methods hide messages in significant areas of the

cover-image, which make them more robust to attack. Transformations can be applied over the

entire image, to block throughout the image, or other variants.

2.3 Summary

In this paper we gave an overview of steganography. It can enhance confidentiality of

information and provides a means of communicating privately. We have also presented an image

steganographic system using LSB approach. However, there are some advantages and

disadvantages of implementing LSB on a digital image as a carrier. All these are define based on

the perceptual transparency, hiding capacity, robustness and tamper resistance of the method. In

future, we will attempt another two approaches of steganographic system on a digital image. This

will lead us to define the best approach of steganography to hide information.


11

Chapter - 3

Least Significant Bit Insertion

3.1 Introduction

Least significant bits (LSB) insertion is a simple approach to embedding information in image

file. The simplest steganographic techniques embed the bits of the message directly into least

significant bit plane of the cover-image in a deterministic sequence. Modulating the least

significant bit does not result in human-perceptible difference because the amplitude of the

change is small.

3.2 Least Significant Bit Insertion

One of the most common techniques used in steganography today is called least significant bit

(LSB) insertion. This method is exactly what it sounds like; the least significant bits of the

cover-image are altered so that they form the embedded information. The following example

shows how the letter A can be hidden in the first eight bytes of three pixels in a 24-bit image[10].

Pixels: (00100111 11101001 11001000)

(00100111 11001000 11101001)

(11001000 00100111 11101001)

A: 01000001

Result: (00100110 11101001 11001000)

(00100110 11001000 11101000)

(11001000 00100111 11101001)


12

The three underlined bits are the only three bits that were actually altered. LSB insertion

requires on average that only half the bits in an image be changed. Since the 8-bit letter A only

requires eight bytes to hide it in, the ninth byte of the three pixels can be used to begin hiding the

next character of the hidden message.

3.3 Secure Information Hiding System (SIHS)

An information hiding system has been developed for confidentiality. However, in this paper, we

study an image file as a carrier to hide message. Therefore, the carrier will be known as cover-

image, while the stego-object known as stego-image. The implementation of system will only

focus on Least Significant Bit (LSB) as one of the steganography techniques as mentioned in

previous section 2For embedding the data into an image, we require two important files. The first

is the original image so called cover-image. The image (Figure 4), which in and gif format will

hold the hidden information. The second file is the message itself, which is the information to be

hidden in the image. In this process, we decided to use a plaintext as the message. Before

embedding process, the size of image and the message must be defined by the system. This is

important to ensure the image can support the message to be embedded. The ideal image size is

800x600 pixels, which can embed up to 60kB messages.

The cover-image will be combined with the message. This will produce the output called stego-

image. Figure 2.1 is illustrated the process. The Stego-image seems identical to the cover-image.

However, there are hidden message that imperceptible. This process simply embedded the

message into the cover-image without supplied any password or stego-key. At this stage, we

decided to do so because we have to understand the ways of LSB insert the message bit into the

image and extract the message from the stego-image produced.


13

Figure 3.1 Producing Stego-Image Process

To illustrate this we are giving an example how to insert information in to an image. Basically an

image is a matrix so in simple form we are inserting information in to an matrix. The under given

example will show how to insert information into matrix.

Example 3.1

Clear all

clc

Close all

disp('Matrix size should be greater than input')

X=input('Enter your text');

x=input('Enter the matrix size');

Y=uint8(X)

l=length(Y);

B=dec2bin(Y,8)

RB(1,:)=B(1,:);


14

for i=2:l

RB=[RB,B(i,:)];

end

lll=length(RB);

M=magic(x)

m=1;

for ii=1:x

for jj=1:x

if(m<=lll)

if(RB(1,m)=='0')

if(mod(M(ii,jj),2)==1)

M(ii,jj)=M(ii,jj)-1;

end

else

if(mod(M(ii,jj),2)==0)

M(ii,jj)=M(ii,jj)+1;

end

end

m=m+1;

else

break;

end

end

end

cc=1;

for ii=1:x

for jj=1:x

if(cc<=lll)

RRB(1,cc)=dec2bin(mod(M(ii,jj),2));

cc=cc+1;


15

else

break

end

end

end

for ll=1:cc/8

RBB(ll,1:8)=RRB(1,(ll-1)*8+1:ll*8);

end

RRR=bin2dec(RBB);

RR=uint8(RRR);

RR=reshape(RR,1,l);

char(RR)

Output:

Matrix size should be greater than input

Enter your text 'hello world'

Enter the matrix size 16

Ans =

hello world

3.4 Advantage of LSB

The advantages of LSB are its simplicity to embed the bits of the message directly into the LSB

plane of cover-image and many techniques use these methods [11]. Modulating the LSB does not

result in a human-perceptible difference because the amplitude of the change is small. Therefore,

to the human eye, the resulting stego-image will look identical to the cover-image. This allows

high perceptual transparency of LSB


16

3.5 Disadvantage of LSB

We noticed that in the approach discussed above, the time taken for generating the

random numbers depends on the size of the key. In our approach it means that it also

depends on the cover-image size.

Although the LSB embedding methods hide data in such a way that the humans do not

perceive it, such schemes can be easily destroyed by an opponent such as using lossy

compression algorithms or a filtering process.

Any process that modifies the values of some pixels, either directly or indirectly, may

result in degrading of the quality of the original object.

A slight variation of this technique allows for embedding the message in two or more of the least

significant bits per byte. This increases the hidden information capacity of the cover-object, but

the cover-object is degraded more, and therefore it is more detectable. Other variations on this

technique include ensuring that statistical changes in the image do not occur. Some intelligent

software also checks for areas that are made up of one solid color. Changes in these pixels are

then avoided because slight changes would cause noticeable variations in the area and. While

LSB insertion is easy to implement, it is also easily attacked. Slight modifications in the color

palette and simple image manipulations will destroy the entire hidden message. Some examples

of these simple image manipulations include image resizing and cropping.

3.6 Summary

In this chapter we have presented an enhancement of the steganographic system using LSB

approach to provide a means of secure communication. Future work we would to extend the

system to be more robust and efficient and using LSB technique for image steganography along

with different encryption technique.


17

Chapter - 4

Encryption and RSA algorithm

4.1 Introduction

In cryptography, encryption is the process of transforming information (referred to as plaintext) using an

algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge,

usually referred to as a key [12]. The result of the process is encrypted information (in cryptography,

referred to as cipher text). The reverse process, i.e., to make the encrypted information readable again,

is referred to as decryption (i.e., to make it unencrypted).In many contexts, the word encryption may

also implicitly refer to the reverse process, decryption e.g. “software for encryption” can typically also

perform decryption.

Encryption has long been used by militaries and governments to facilitate secret communication.

It is now commonly used in protecting information within many kinds of civilian systems. For

example, the Computer Security Institute reported that in 2007, 71% of companies surveyed

utilized encryption for some of their data in transit, and 53% utilized encryption for some of their

data in storage. Encryption can be used to protect data "at rest", such as files on computers and

storage devices (e.g. USB flash drives). In recent years there have been numerous reports of

confidential data such as customers' personal records being exposed through loss or theft of

laptops or backup drives. Encrypting such files at rest helps protect them should physical

security measures fail. Digital rights management systems which prevent unauthorized use or

reproduction of copyrighted material and protect software against reverse engineering (see also

copy protection) are another somewhat different example of using encryption on data at rest.

Encryption is also used to protect data in transit, for example data being transferred via networks

(e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom


18

systems, Bluetooth devices and bank automatic teller machines. There have been numerous

reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to

secure it as it is often difficult to physically secure all access to networks.

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still

needed to protect the integrity and authenticity of a message; for example, verification of a

message authentication code (MAC) or a digital signature. Standards and cryptographic software

and hardware to perform encryption are widely available, but successfully using encryption to

ensure security may be a challenging problem. A single slip-up in system design or execution

can allow successful attacks. Sometimes an adversary can obtain unencrypted information

without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse.

One of the earliest public key encryption applications was called Pretty Good Privacy (PGP). It

was written in 1991 by Phil Zimmermann and was purchased by Symantec in 2010. Digital

signature and encryption must be applied at message creation time (i.e. on the same device it has

been composed) to avoid tampering. Otherwise any node between the sender and the encryption

agent could potentially tamper it.

4.2 Types of Encryption

4.2.1 Symmetric Encryption

Symmetric encryption is the oldest and best-known technique. A secret key, which can be a

number, a word, or just a string of random letters, is applied to the text of a message to change

the content in a particular way. This might be as simple as shifting each letter by a number of

places in the alphabet. As long as both sender and recipient know the secret key, they can

encrypt and decrypt all messages that use this key.


19

4.2.2 Asymmetric Encryption

The problem with secret keys is exchanging them over the Internet or a large network while

preventing them from falling into the wrong hands. Anyone who knows the secret key can

decrypt the message. One answer is asymmetric encryption, in which there are two related keys--

a key pair. A public key is made freely available to anyone who might want to send you a

message. A second, private key is kept secret, so that only you know it.

Any message (text, binary files, or documents) that are encrypted by using the public key can

only be decrypted by applying the same algorithm, but by using the matching private key. Any

message that is encrypted by using the private key can only be decrypted by using the matching

public key.

This means that you do not have to worry about passing public keys over the Internet (the keys

are supposed to be public). A problem with asymmetric encryption, however, is that it is slower

than symmetric encryption. It requires far more processing power to both encrypt and decrypt the

content of the message.

4.3 Asymmetric encryption schemes

The setting of public-key cryptography is also called the “asymmetric” setting due to the

asymmetry in key information held by the parties. Namely one party has a secret key while

another has the public key that matches this secret key. This is in contrast to the symmetry in the

private key setting, where both parties had the same key. Asymmetric encryption is thus another

name for public-key encryption, the mechanism for achieving data privacy in the public key or

asymmetric setting. Our study of asymmetric encryption (following our study of other

primitives) will begin by searching for appropriate notions of security, and models and

formalizations via which they are captured. We then consider constructions, where we look at

how to design and analyze various schemes. With regard to notions of security, we will be


20

able to build considerably on our earlier study of symmetric encryption. Indeed, from this point

of view there is very little difference between symmetric and asymmetric encryption; not much

more than the fact that in the latter the adversary gets the public key as input. This is important

(and re-assuring) to remember. All the intuition and examples we have studied before carry over,

so that we enter the study of asymmetric encryption already having a good idea of what

encryption is, how security is modeled, and what it means for a scheme to be secure.

Accordingly we will deal with the security issues quite briefly, just re-formulating the definitions

we have seen before. The second issue (namely constructions) is a different story. Designs of

asymmetric encryption schemes rely on tools and ideas different from those underlying the

design of symmetric encryption schemes. Namely in the asymmetric case, the basis is (typically)

computationally intractable problems in number theory, while for the symmetric case we used

block ciphers. Thus, the greater part of the effort in this chapter will be on schemes and their

security properties.

An asymmetric encryption scheme is just like a symmetric encryption scheme except for an

asymmetry in the key structure. The key pk used to encrypt is different from the key sk used to

decrypt. Furthermore pk is public, known to the sender and also to the adversary. So while only a

receiver in possession of the secret key can decrypt, anyone in possession of the corresponding

public key can encrypt data to send to this one receiver.

An asymmetric encryption scheme AE = (K,E,D) consists of three algorithms [12],as follows:

• The randomized key generation algorithm K (takes no inputs and) returns a pair (pk, sk)

of keys, the public key and matching secret key, respectively. We write (pk, sk) ←$ K for

the operation of executing K and letting (pk, sk) be the pair of keys returned.

• The encryption algorithm E takes the public key pk and a plaintext (also called a

message) M to return a value called the cipher text. The algorithm may be randomized,

but not stateful. We write C ←$ Epk(M) or C ←$ E(pk , M) for the operation of running

E on inputs pk, M and letting C be the cipher text returned.

• The deterministic decryption algorithm D takes the secret key sk and a cipher text C not

equal to return a message M. We write M ← Dsk(C) or M ← D(sk,C). The message


21

space associated to a public key pk is the set Plaintexts(pk) of all M for which

Epk(M)never returns . We require that the scheme provide correct decryption, which

means that for anykey-pair (pk, sk) that might be output by K and any message M ∈

Plaintexts(pk), if C was returned by Epk(M) then Dsk(C) = M.

Let R be an entity that wants to be able to receive encrypted communications. The first step is

key generation: R runs K to generate a pair of keys (pk, sk) for itself. Note the key generation

algorithm is run locally by R. Anyone in possession of R‟s public key pk can then send a

message M privately to R. To do this, they would encrypt M via C ← Epk(M) and send the

cipher text C to R. The latter will be able to decrypt C using sk via M ← Dsk(C). Note that an

entity wishing to send data to R must be in possession of R‟s public key pk, and must be assured

that the public key is authentic, meaning really is the R‟s public-key, and not someone else‟s

public key. We will look later into mechanisms for assuring this state of knowledge. But the key

management processes are not part of the asymmetric encryption scheme itself. In constructing

and analyzing the security of asymmetric encryption schemes, we make the assumption that any

prospective sender is in possession of an authentic copy of the public key of the receiver. This

assumption is made in what follows. A viable scheme of course requires some security

properties. But these are not our concern now. First we want to pin down what constitutes a

specification of a scheme, so that we know what are the kinds of objects whose security we want

to assess. The key usage is the “mirror-image” of the key usage in a digital signature scheme. In

an asymmetric encryption scheme, the holder of the secret key is a receiver, using the secret key

to decrypt cipher texts sent to it by others. In a digital signature scheme, the holder of the secret

key is a sender, using the secret key to tag its own messages so that the tags can be verified by

others. The last part of the definition says that cipher texts [12] that were correctly generated will

decrypt correctly. The encryption algorithm might be randomized, and must for security. But

unlike in a symmetric encryption scheme, we will not consider stateful asymmetric encryption

algorithms. This is because there is no unique sender to maintain state; many different entities are

sending data to the receiver using the same public key. The decryption algorithm is deterministic

and stateless. We do not require that the message or cipher text be strings. Many asymmetric

encryption schemes are algebraic or number-theoretic, and in the natural formulation of these

schemes messages might be group elements and cipher texts might consist of several group


22

elements. However, it is understood that either messages or cipher texts can be encoded as

strings wherever necessary. (The encodings will usually not be made explicit.) In particular, we

might talk of the length of a message of cipher text, with the understanding that we mean the

length of some binary encoding of the quantity in question

4.4 RSA Algorithm

RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of

factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and

Leonard Adleman , who first publicly described it in 1978. A user of RSA creates and then

publishes the product of two large prime numbers, along with an auxiliary value, as their public

key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message,

but with currently published methods, if the public key is large enough, only someone with

knowledge of the prime factors can feasibly decode the message. Whether breaking RSA

encryption is as hard as factoring is an open question known as the RSA problem.

4.4.1 History

Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ,

described an equivalent system in an internal document in 1973, but given the relatively

expensive computers needed to implement it at the time, it was mostly considered a curiosity

and, as far as is publicly known, was never deployed. His discovery, however, was not revealed

until 1998 due to its top-secret classification, and Rivest, Shamir, and Adleman devised RSA

independently of Cocks' work. The RSA algorithm was publicly described in 1978 by Ron

Rivest, Adi Shamir, and Leonard Adleman at MIT; the letters RSA are the initials of their

surnames, listed in the same order as on the paper. MIT was granted U.S. Patent 4405829 [3] for

a "Cryptographic communications system and method" that used the algorithm in 1983.The

patent would have expired on September 21, 2000 (the term of patent was 17 years at the time),

but the algorithm was released to the public domain by RSA Security on 6 September 2000, two

weeks earlier. Since a paper describing the algorithm had been published in August 1977,[12]


23

prior to the December 1977 filing date of the patent application, regulations in much of the rest

of the world precludedpatents elsewhere and only the US patent was granted. Had Cocks' work

been publicly known, a patent in the US might not have been possible. From the DWPI's abstract

of the patent, The system includes a communications channel coupled to at least one terminal

having an encoding device and to at least one terminal having a decoding device. A message-to-

be-transferred is enciphered to cipher text at the encoding terminal by encoding the message as a

number M in a predetermined set. That number is then raised to a first predetermined power

(associated with the intended receiver) and finally computed. The remainder or residue, C, is

computed when the exponentiated number is divided by the product of two predetermined prime

numbers (associated with the intended receiver).

4.4.2 Operation

The RSA algorithm involves three steps

• key generation

• Encryption

• Decryption.

In Key generation RSA involves a public key and a private key. The public key can be known to

everyone and is used for encrypting messages. Messages encrypted with the public key can only

be decrypted using the private key. The keys for the RSA algorithm are generated the following

way[12]:

1. Choose two distinct prime numbers p and q. For security purposes, the integer p and q

should be chosen at random, and should be of similar bit-length. Prime integers can be

efficiently found using a primality test.

2. Compute n = p*q . n is used as the modulus for both the public and private keys

3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function.

4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1;

i.e., e and φ(n) are co-prime. e is released as the public key exponent. e having a short bit-

length and small Hamming weight results in more efficient encryption - most commonly


24

0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less

secure in some settings.[13]

5. Determine d as:

d= e -1

mod(ɸ(n)) (4.1)

i.e., d is the multiplicative inverse of e mod φ(n).

• This is more clearly stated as solve for d given (d*e) mod φ(n) = 1

• This is often computed using the extended Euclidean algorithm.

• d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e. The private

key consists of the modulus n and the private (or decryption) exponent d which must be kept

secret.

Notes:

• An alternative, used by PKCS#1, is to choose d matching de ≡ 1 mod λ with λ = lcm(p −

1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more

choices for d. λ can also be defined using the Carmichael function, λ(n).

• The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p

and q match additional requirements: be strong primes, and be different enough that

Fermat factorization fails.

In Encryption Alice transmits her public key to Bob and keeps the private key secret. Bob then

wishes to send message M to Alice.He first turns M into an integer m, such that by using an

agreed-upon reversible protocol known as a padding scheme[14]. He then computes the cipher

text corresponding to

C= M e mod(n) (4.2)

This can be done quickly using the method of exponentiation by squaring. Bob then transmits to

Alice. Note that at least nine values of m will yield a cipher text c equal to m,[12] but this is very

unlikely to occur in practice.


25

During Decryption Alice can recover from by using her private key exponent via computing

M= C d mod(n) (4.3)

Given, she can recover the original message M by reversing the padding scheme.(In practice,

there are more efficient methods of calculating using the pre computed values below.)

Here is an example of RSA encryption and decryption. The parameters used here are artificially

small, but one can also use Open SSL to generate and examine a real key pair.

Example 4.1

1. Choose two distinct prime numbers, such as

P=61and Q=53.

2. Compute n=P*Q giving

n = 61 × 53 = 3,233.

3. Compute the totient of the product as ɸ (n)=(p-1)*(q-1) giving

ɸ (3233) = (61-1)*(53-1) = 3120.

4. Choose any number 1< e <3120 that is co-prime to 3,120. Choosing a prime number for

leaves us only to check that is not a divisor of 3120.

Let e=17.

5. Compute d, the modular multiplicative inverse of (d*e) mod((p-1)*(q-1))=1yielding

D=2753.

The public key is (n=3,233 & e=17). For a padded plaintext message „M‟, the encryption

function is M17

mod (3233).


26

The private key is (n=3,233 & d=2753). For an encrypted cipher text , the decryption function

is C2753

mod(3233)

For instance, in order to encrypt M=65, we calculate

C= 6517

mod (3233) = 2790

To decrypt C=2790, we calculate

M= 27902753

mod (3233) = 65.

Both of these calculations can be computed efficiently using the square-and-multiply algorithm

for modular exponentiation. In real life situations the primes selected would be much larger; in

our example it would be relatively trivial to factor „n‟, 3,233, obtained from the freely available

public key back to the primes P and Q. Given „e‟, also from the public key, we could then

compute „d‟ and so acquire the private key.

4.5 Summary

In this paper we give overview of encryption and RSA algorithm. RSA algorithm is a popular

and efficient algorithm. Encryption in steganography plays a crucial role which increases the

level of security and increases productivity of the steganography process.


27

Chapter - 5

Experimental Process, Results and

Discussions

5.1 Concealing Message

The proposed method is designed for BMP images. It first compares the length of the message to

be concealed with the size of the image to ensure that the image can hold the secret file. If the

size of secret file is more, then a new image is selected. When using a 24 bit color image, a bit of

each of the red, green and blue color components

can be used, so a total of 3 bits can be stored in each pixel. So one layer between R, G, B is

selected and message is inserted in the selected layer. Thus, a 800 × 600 pixel image can contain

a total amount of 800x600x1=480.000 bits (60.000 bytes) of secret data.

It has three levels of security as follows.

Level I-The message is inserted at a random pixel value of the image as inserted by the sender. It

can be any row and column of the image matrix. But precaution must be taken such that message

length should not exceed matrix size.

Level 2-The message to be sent is encrypted using an encryption algorithm (here we have used

RSA algorithm).


28

Level 3-The encrypted message now inserted to image using LSB technique. In LSB technique

encrypted message is converted to binary form and inserted in the least significant bit of pixel

value as inserted before.

These the three level of security enable the process to be a highly secure message system. If

anyone try to break into the system then he has to know the starting position of the message then

encryption method used and method of insertion. Till he/she got all information the value of

information might have lost.

Algorithm for Concealing messages (Sender Side)

Input: message, cover image

Output: stego image (containing message)

1. store location of image where message to be hidden

2. Insert the message

3. Encrypt the entered message

4. Convert the encrypted message to unsigned integer form

5. Find the length of the message inserted

6. Now convert it in to binary form

7. Store the message in a one row matrix

8. Store the message length in a predefined position of image

9. Now insert the binary format message in to image

10. Save the image

11. End

5.2 Extracting Message

The same stego key is used for decoding of secret message from the stego image. The stego key

is used to generate the same random number with which selection of the pixels is done and the

order of block.


29

Algorithm Extraction message (Receiver side)

Input: stego image(containing message)

Output: hidden message

1. Enter location to start(Stego key)

2. Retrieve the size of the hidden message

3. Retrieve the message by same insertion method

4. Decrypt the retrieved message

5. Display the message

6. End

5.3 Experimental Results

Sender Result

Fig 5.1(Steganography at Sender side)


30

Receiver Result

Fig 5.2(Output at Receiver side)

5.4 Discussion

In the above two figures in figure 5.1 both original and the stego image is shown. Stego

image look alike the original image which does not show any distortion. Thus the stego

image will not attract attention towards itself. So it can be transferred to the recipient without

displaying information within itself.


31

Chapter - 6

Conclusion

6.1 Future thoughts

We hope to add support to hide all file formats. This allows for a much broader spectrum of

uses: one would be able to encode .exe, .doc, .pdf, .mp3, etc. The program would be more

versatile because often hiding text just isn‟t enough.

We also would like to implement batch image processing and statistical analysis so that We can

run the program through a dataset of images and detect Steganography and perhaps crawl

through Google Image Search to see how prevalent Steganography is.

We eventually plan to port the program to use C/C++ other programming language so that we

may take advantage of bit-fields in C and learn to code GUI‟s as well.

6.2 Conclusion

With this project we have learned a lot, especially about bit operations and different encryption

technique. This project was fun from the start and only got more interesting as we went on

developing it. We became more interested in the subject the more we researched it. We have

learned that while implementing Image Steganography is important, thinking of how to detect

and attack it and the methods to do so are far more complex than actually doing the

Steganography itself. There is a lot of research that is beginning to discover new ways to detect

Steganography, most of which involves some variation of statistical analysis. It is interesting to

see what other methods will be developed and how accurate they will be at detecting

Steganography


32

EFFICIENT STEGANOGRAPHY USING LSB AND ENCRYPTION TECHNIQUE

BIBLIOGRAPHY

[1] C. Cachin, “An Information-Theoretic Model for Steganography”, in proceeding 2nd

Information Hiding Workshop, vol. 1525, pp. 306-318, 1998.

[2] D. Artz, “Digital Steganography: Hiding Data within Data”, IEEE Internet Computing, pp.

75-80, May-Jun 2001.

[3] E.T. Lin and E.J. Delp, "A Review of Data Hiding in Digital Images," in Proceedings of the

Image Processing, Image Quality, Image Capture Systems Conference, PICS '99, Ed., Apr.

1999, pp. 274--278.

[4] F.A.P Peticolas, R.J. Anderson and M.G. Kuhn, “Information Hiding – A Survey”, in

proceeding of IEEE, pp. 1062-1078, July 1999.

[5] J. Zollner, H. Federrath, H. Klimant, et al., “Modeling the Security of Steganographic

Systems”, in 2nd Workshop on Information Hiding, Portland, April 1998, pp. 345-355.

[6] M.M. Amin, M. Salleh, S. Ibrahim, et al., “Information Hiding Using Steganography”, 4th

National Conference On Telecommunication Technology Proceedings (NCTT2003), Shah

Alam, Malaysia, pp. 21-25, January 14-15, 2003.

[7] M. Ramkumar & A.N. Akansu. “Some Design Issues For Robust Data hiding Systems”,

http://citeseer.nj.nec.com/404009.html

[8] N.F. Johnson, S. Jajodia, “Staganalysis: The Investigation of Hiding Information”, IEEE, pp.

113-116, 1998.

[9] N.F. Johnson & S. Jajodia, “Steganalysis of Images Created Using Current Steganography

Software”, in Proceeding for the Second Information Hiding Workshop, Portland Oregon,

USA, April 1998, pp. 273-289.

[10] R. Chandramouli, N. Memon, “Analysis of LSB Based Image Steganography Techniques”,

IEEE pp. 1019-1022, 2001.

http://citeseer.nj.nec.com/404009.html


33

[11] R.J. Anderson, F.A.P. Petitcolas, “On The Limits of Steganography”, IEEE Journal of

Selected Area in Communications, pp. 474-481, May 1998.

[12] Mao, Wenbo (2004).Modern Cryptography Theory and Practice ISBN 0-13-066943-1. An

up-to-date book on cryptography.

[13] Patterson & wayne (1998). Mathematical cryptography for Computer scientists and

mathematician, Roman & littlefield‟

[14] Dominic Welsh – Codes and Cryptography, Oxford University Press, 1988.

http://en.wikipedia.org/wiki/Special:BookSources/0130669431

Thesis Report on image steganography using wavelet transform

Documents