EFFICIENT STEGANOGRAPHY USING LSB AND ENCRYPTION TECHNIQUE
A B.tech Project Report Report submitted in partial fulfillment of the requirement for the B.Tech. under Biju Patnaik University of Technology, Rourkela.
Submitted By
SIDHARTHA SANKAR PRADHAN
Reg. No #0801314109
ATMASWAROOPA TRIPATHY
Reg No. #0801314098 #0801314098
JULY - 2012
Under the guidance of
Dr. SATYARANJAN PATTANA P ATTANAIK IK
APEX INSTITUTE OF TECHNOLOGY & MANAGEMENT M ANAGEMENT Pahala, Bhubaneswar, Odisha – 752101, India
Efficient Steganography using LSB and encryption technique
Steganography is the process of hiding one file inside another such that others can neither
identify the meaning of the embedded object, nor even recognize its existence. Current trends favor using digital image files as the cover file to hide another digital file that contains the secret message or information. Steganography become more important as more people join the cyberspace revolution. Steganography is the art of concealing information in ways that prevent the detection of hidden messages. The goal of steganography is to avoid drawing suspicion to the existence of a hidden message. This approach of information hiding technique has recently become important in a number of application areas. Digital audio, video, and pictures are increasingly furnished with distinguishing but imperceptible marks, which may contain a hidden copyright notice or serial number or even help to prevent unauthorized copying directly. Military communications system make increasing use of traffic security technique which, rather than merely concealing the content of a message using encryption, seek to conceal its sender, its receiver or its very existence. Similar techniques are used in some mobile phone systems and schemes proposed for digital elections. One of the most common methods of implementation is Least Significant Bit Insertion, in which the least significant bit of every byte is altered to form the bit-string representing the embedded file. Altering the LSB will only cause minor changes in color, and thus is usually not noticeable to the human eye. While this technique works well for 24-bit color image files, steganography has not been as successful when using an jpeg color image file, due to limitations in color variations and the use of a color map. The advantages of LSB are its simplicity to embed the bits of the message directly into the LSB plane of coverimage and many techniques use these methods . Modulating the LSB does not result in a humanperceptible difference because the amplitude of the change is small. Therefore, to the human eye, the resulting stego-image will look identical to the cover-image. This allows high perceptual transparency of LSB. Another level of security adds to steganography by using an encryption technique for encrypting message before adding to image.
i
Efficient Steganography using LSB and encryption technique
Steganography is the process of hiding one file inside another such that others can neither
identify the meaning of the embedded object, nor even recognize its existence. Current trends favor using digital image files as the cover file to hide another digital file that contains the secret message or information. Steganography become more important as more people join the cyberspace revolution. Steganography is the art of concealing information in ways that prevent the detection of hidden messages. The goal of steganography is to avoid drawing suspicion to the existence of a hidden message. This approach of information hiding technique has recently become important in a number of application areas. Digital audio, video, and pictures are increasingly furnished with distinguishing but imperceptible marks, which may contain a hidden copyright notice or serial number or even help to prevent unauthorized copying directly. Military communications system make increasing use of traffic security technique which, rather than merely concealing the content of a message using encryption, seek to conceal its sender, its receiver or its very existence. Similar techniques are used in some mobile phone systems and schemes proposed for digital elections. One of the most common methods of implementation is Least Significant Bit Insertion, in which the least significant bit of every byte is altered to form the bit-string representing the embedded file. Altering the LSB will only cause minor changes in color, and thus is usually not noticeable to the human eye. While this technique works well for 24-bit color image files, steganography has not been as successful when using an jpeg color image file, due to limitations in color variations and the use of a color map. The advantages of LSB are its simplicity to embed the bits of the message directly into the LSB plane of coverimage and many techniques use these methods . Modulating the LSB does not result in a humanperceptible difference because the amplitude of the change is small. Therefore, to the human eye, the resulting stego-image will look identical to the cover-image. This allows high perceptual transparency of LSB. Another level of security adds to steganography by using an encryption technique for encrypting message before adding to image.
i
Efficient Steganography using LSB and encryption technique
We would like to express our immense sense of gratitude to our guide, Dr. Satya Ranjan Pattanaik, for his valuable instructions, guidance and support throughout our project.
We again owe our special thanks to Dr. Satya Ranjan Patanaik, B.Tech. project Coordinator for giving us an opportunity to do this report.
And finally thanks to Prof. R.C. Das, Principal, AITM for his continued drive for better quality in everything that happens at AITM. This report is a dedicated contribution towards that greater goal.
SIDHARTHA SANKAR PRADHAN REG. NO.-0801314109
ATMASWAROOPA TRIPATHY REG. NO-0801314098
ii
Efficient Steganography using LSB and encryption technique
Synopsis List of Figures List of Tables
Chapter No.
Description
1
Introduction and Scope of the Thesis
Page No.
1.1
Introduction
1
1.2
Scientific Background
1
1.3
Background of the Problem
2
1.4
Objective
3
1.5
Scope
3
2
Information hiding using Steganography 2.1
Introduction
4
2.2
Overview of Steganography
5
2.3
Summary
10
3
Least Significant Bit insertion
3.1
Introduction
11
3.2
Least Significant Bit Insertion
11
3.3
Secure Information Hiding System
12
3.4
Advantage of LSB Technique
15 iii
Efficient Steganography using LSB and encryption technique
3.5
Disadvantage of LSB Technique
16
3.6
Summary
16
4
Encryption and RSA algorithm 4.1
Introduction
17
4.2
Types of Encryption
18
4.3
Asymmetric Encryption Schemes
19
4.4
RSA algorithm
22
4.5
Summary
26
5
Experimental Process, Results & Discussion 5.1
Concealing Message
27
5.2
Extracting Message
28
5.3
Experimental Results
29
5.4
Discussion
30
6
Conclusion 6.1
Future thoughts
31
6.2
Conclusion
31
Bibliography
iv
Efficient Steganography using LSB and encryption technique
Figure No.
Description
Page No.
2.1
Basic Steganography model
6
3.1
Producing Stego image process
13
5.1
Steganography at sender side
29
5.1
Output at the Receivers side
30
v
Efficient Steganography using LSB and encryption technique
Chapter - 1
One of the reasons that intruders can be successful is that most of the information they acquire from a system is in a form that they can read and comprehend. Intruders may reveal the information to others, modify it to misrepresent an individual or organization, or use it to launch an attack. One solution to this problem is, through the use of steganography. Steganography is a technique of hiding information in digital media. In contrast to cryptography, it is not to keep others from knowing the hidden information but it is to keep others from thinking that the information even exist
Steganography is an ancient technology that has applications even in today‟s modern society. A
Greek word meaning “covered writing,” steganography has taken many forms since its origin in ancient Greece. During the war between Sparta and Xerxes, Dermeratus wanted to warn Sparta
of Xerxes‟ pending invasion. To do this, he scraped the wax off one of the wooden tablets they used to send messages and carved a message on the underlying wood. Covering it with wax
again, the tablet appeared to be unused and thereby slipped past the sentries‟ inspection. However, this would not be the last time steganography would be used in times of war. In World War II, the Germans utilized this technology. Unlike the Greeks, these messages were not
physically hidden; rather they used a method termed “null ciphering.” Null ciphering is a process of encoding a message in plain sight. For example, the second letter of each word in an innocent message could be extracted to reveal a hidden message. Although its roots lay in ancient Greece, steganography has continually been used with great success throughout history. Today 1
Efficient Steganography using LSB and encryption technique
steganography is being incorporated into digital technology. The techniques have been used to
create the watermarks that are in our nation‟s currency, as well as encode music information in the ever-popular mp3 music file. Copyrights can be included in files, and fingerprints can be used to identify the people who break copyright agreements. However, this technology is not always used for good intentions; terrorists and criminals can also use it to convey information.
According to various officials and experts, terrorist groups are “hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on sports chat rooms, and other Web sites. This aspect of steganography is what sparked the research into this vast field and Education and understanding are the first steps toward security. Thus, it is important to study steganography in order to allow innocent messages to be placed in digital media as well as intercept abuse of this Technology.
Steganography [1] become more important as more people join the cyberspace revolution. Steganography is the art of concealing information in ways that prevent the detection of hidden messages. Steganography include an array of secret communication methods that hide the message from being seen or discovered.
The goal of steganography is to avoid drawing suspicion to the existence of a hidden message. This approach of information hiding technique has recently become important in a number of application areas. Digital audio, video, and pictures are increasingly furnished with distinguishing but imperceptible marks, which may contain a hiding copyright notice or serial number or even help to prevent unauthorized copying directly.
Military communications system make increasing use of traffic security technique which, rather than merely concealing the content of a message using encryption, seek
to conceal its sender, its receiver or its very existence. Similar techniques are used in some mobile phone systems and schemes proposed for digital elections. Some of the techniques used in steganography are domain tools or simple system such as least significant bit (LSB) insertion 2
Efficient Steganography using LSB and encryption technique
and noise manipulation, and transform domain that involve manipulation algorithms and image transformation such as discrete cosine transformation and wavelet transformation. However there are technique that share the characteristic of both of the image and domain tools such as patchwork, pattern block encoding, spread spectrum methods and masking.
This project comprehends the following objectives:
(i) To produce security tool based on steganographic techniques. (ii) To explore techniques of hiding data using steganography.
The scope of the project as follow:
(i) Implementation of steganographic tools for hiding information includes text and image files. (ii)
Three different approaches being explored which are least significant bit, masking and
filtering and algorithms and transformation
3
Efficient Steganography using LSB and encryption technique
Chapter - 2
Due to advances in ICT (Inverse Cryptography technology), most of information is kept electronically. Consequently, the security of information has become a fundamental issue. Besides cryptography, steganography can be employed to secure information. Steganography is a technique of hiding information in digital media.
In contrast to cryptography, the message or
encrypted message is embedded in a digital host before passing it through the network, thus the existence of the message is unknown. Besides hiding data for confidentiality, this approach of information hiding can be extended to copyright protection for digital media: audio, video, and images.
The growing possibilities of modern communications need the special means of security especially on computer network. The network security is becoming more important as the number of data being exchanged on the Internet increases. Therefore, the confidentiality and data integrity are requires to protect against unauthorized access and use. This has resulted in an explosive growth of the field of information hiding.
In addition, the rapid growth of publishing and broadcasting technology also require an alternative solution in hiding information. The copyright such as audio, video and other source available in digital form may lead to large-scale unauthorized copying. This is because the digital formats make possible to provide high image quality even under multi-copying. Therefore, the special part of invisible information is fixed in every image that could not be easily extracted
4
Efficient Steganography using LSB and encryption technique
without specialized technique saving Image quality simultaneously [2]. All this is of great concern to the music, film, book and software publishing industries.
Information hiding is an emerging research area, which encompasses applications such as copyright protection for digital media, watermarking, fingerprinting, and steganography [3]. All these applications of information hiding are quite diverse [4].
•
In watermarking applications, the message contains information such as owner identification and a digital time stamp, which usually applied for copyright protection.
•
Fingerprint, the owner of the data set embeds a serial number that uniquely identifies the user of the data set. This adds to copyright information to makes it possible to trace any unauthorized used of the data set back to the user.
•
Steganography hide the secret message within the host data set and presence imperceptible.
In those applications, information is hidden within a host data set and is to be reliably communicated to a receiver. The host data set is purposely corrupted, but in a covert way, designed to be invisible to an informal analysis. However, this paper will only focus on information hiding using steganography approach.
The word steganography comes from the Greek Steganos, which mean covered or secret and – graphy mean writing or drawing. Therefore, steganography means, literally, covered writing. Steganography is the art and science of hiding information such that its presence cannot be detected [1] and a communication is happening [1,3]. Secret information is encoding in a manner such that the very existence of the information is concealed. Paired with existing communication methods, steganography can be used to carry out hidden exchanges.
The main goal of steganography is to communicate securely in a completely undetectable manner [5] and to avoid drawing suspicion to the transmission of a hidden data [4]. It is not to 5
Efficient Steganography using LSB and encryption technique
keep others from knowing the hidden information, but it is to keep others from thinking that the information even exists. If a steganography method causes someone to suspect the carrier medium, then the method has failed [6] .Until recently, information hiding techniques received very much less attention from the research community and from industry than cryptography. This situation is, however, changing rapidly and the first academic conference on this topic was organized in 1996. There has been a rapid growth of interest in steganography for two main reasons [7]:
•
The publishing and broadcasting industries have become interested in techniques for hiding encrypted copyright marks and serial numbers in digital films, audio recordings, books and multimedia products.
•
Moves by various governments to restrict the availability of encryption services have motivated people to study methods by which private messages can be embedded in seemingly innocuous cover messages.
The basic model of steganography consists of Carrier, Message and Password. Carrier is also known as cover-object, which the message is embedded and serves to hide the presence of the message.
Fig 2.1 Basic Steganography Model 6
Efficient Steganography using LSB and encryption technique
Basically, the model for steganography is shown on Figure 2.1[1]. Message is the data that the sender wishes to remain it confidential. It can be plain text, cipher text, other image, or anything that can be embedded in a bit stream such as a copyright mark, a covert communication, or a serial number. Password is known as stego-key, which ensures that only recipient who know the corresponding decoding key will be able to extract the message from a cover-object. The coverobject with the secretly embedded message is then called the stego-object.
Recovering message from a stego-object requires the cover-object itself and a corresponding decoding key if a stego-key was used during the encoding process. The Original image may or may not be required in most applications to extract the message.
There are several suitable carriers below to be the cover-object[8]:
(i) Network Protocols such as TCP, IP and UDP (ii) Audio that using digital audio formats such as wav, midi, avi, mpeg, mpi and voc (iii) File and Disk that can hides and append files by using the slack space (iv) Text such as null characters, just alike morse code including html and java (v) Images file such as bmp, gif and jpg, where they can be both color and gray-scale.
In general, the information hiding process extracts redundant bits from cover-objec[4,8]t. The process consists of two steps
(i) Identification of redundant bits in a cover-object. Redundant bits are those bits that can be modified without corrupting the quality or destroying the integrity of the cover-object.
(ii) The embedding process then selects the subset of the redundant bits to be replaced with data from a secret message. The stego-object is created by replacing the selected redundant bits with message bits
7
Efficient Steganography using LSB and encryption technique
Basically, the purpose of cryptography and steganography is to provide secret communication. However, steganography is not the same as cryptography. Cryptography hides the contents of a secret message from a malicious people, whereas steganography even conceals the existence of the message. Steganography must not be confused with cryptography, where we transform the message so as to make it meaning obscure to a malicious people who intercept it. Therefore, the definition of breaking the system is different [6]. In cryptography, the system is broken when the attacker can read the secret message. Breaking a steganographic system need the attacker to detect that steganography has been used and he is able to read the embedded message.
In cryptography, the structure of a message is scrambled to make itmeaningless and unintelligible unless the decryption key is available. It makes noattempt to disguise or hide the encoded message. Basically, cryptography offers theability of transmitting information between persons in a way that prevents a third party from reading it. Cryptography can also provide authentication for verifying the identity of someone or something.
In contrast, steganography does not alter the structure of the secret message, but hides it inside a cover-image so it cannot be seen. A message in cipher text, for instance, might arouse suspicion
on the part of the recipient while an “invisible” message created with steganographic methods will not. In other word, steganography prevents an unintended recipient from suspecting that the data exists. In addition, the security of classical steganography system relies on secrecy of the data encoding system. Once the encoding system[4] is known, the steganography system is defeated.
It is possible to combine the techniques by encrypting message using cryptography and then hiding the encrypted message using steganography. The resulting stego-image can be transmitted without revealing that secret information is being exchanged. Furthermore, even if an attacker were to defeat the steganographic technique and detect the message from the stego-object, he would still require the cryptographic decoding key to decipher the encrypted message[1] . 8
Efficient Steganography using LSB and encryption technique
There are many applications for digital steganography of image, including copyright protection, feature tagging, and secret communication [1,2]. Copyright notice or watermark can embedded inside an image to identify it as intellectual property. If someone attempts to use this image without permission, we can prove by extracting the watermark.
In feature tagging, captions, annotations, time stamps, and other descriptive elements can be embedded inside an image. Copying the stego – image also copies of the embedded features and only parties who possess the decoding stego-key will be able to extract and view the features. On the other hand, secret communication does not advertise a covert communication by using steganography. Therefore, it can avoid scrutiny of the sender, message and recipient. This is effective only if the hidden communication is not detected by the others people.
Over the past few years, numerous steganography techniques that embed hidden messages in multimedia objects have been proposed [9]. There have been many techniques for hiding information or messages in images in such a manner that the alterations made to the image are perceptually indiscernible. Common approaches are include[10]:
(i) Least significant bit insertion (LSB) (ii) Masking and filtering (iii) Transform techniques
Least significant bits (LSB) insertion is a simple approach to embedding information in image file. The simplest steganography techniques embed the bits of the message directly into least significant bit plane of the cover-image in a deterministic sequence. Modulating the least significant bit does not result in human-perceptible difference because the amplitude of the change is small.
9
Efficient Steganography using LSB and encryption technique
Masking and filtering techniques, usually restricted to 24 bits and gray scale images, hide information by marking an image, in a manner similar to paper watermarks. The techniques performs analysis of the image, thus embed the information in significant areas so that the hidden message is more integral to the cover image than just hiding it in the noise level.
Transform techniques embed the message by modulating coefficients in a transform domain, such as the Discrete Cosine Transform (DCT) used in JPEG compression, Discrete Fourier Transform, or Wavelet Transform. These methods hide messages in significant areas of the cover-image, which make them more robust to attack. Transformations can be applied over the entire image, to block throughout the image, or other variants.
In this paper we gave an overview of steganography. It can enhance confidentiality of information and provides a means of communicating privately. We have also presented an image steganographic system using LSB approach. However, there are some advantages and disadvantages of implementing LSB on a digital image as a carrier. All these are define based on the perceptual transparency, hiding capacity, robustness and tamper resistance of the method. In future, we will attempt another two approaches of steganographic system on a digital image. This will lead us to define the best approach of steganography to hide information.
10
Efficient Steganography using LSB and encryption technique
Chapter - 3
Least significant bits (LSB) insertion is a simple approach to embedding information in image file. The simplest steganographic techniques embed the bits of the message directly into least significant bit plane of the
cover-image in a deterministic sequence. Modulating the least
significant bit does not result in human-perceptible difference because the amplitude of the change is small.
One of the most common techniques used in steganography today is called least significant bit (LSB) insertion. This method is exactly what it sounds like; the least significant bits of the cover-image are altered so that they form the embedded information. The following example shows how the letter A can be hidden in the first eight bytes of three pixels in a 24-bit image[10]. Pixels:
(00100111 11101001 11001000) (00100111 11001000 11101001) (11001000 00100111 11101001)
A:
01000001
Result:
(00100110 11101001 11001000) (00100110 11001000 11101000) (11001000 00100111 11101001)
11
Efficient Steganography using LSB and encryption technique
The three underlined bits are the only three bits that were actually altered.
LSB insertion
requires on average that only half the bits in an image be changed. Since the 8-bit letter A only requires eight bytes to hide it in, the ninth byte of the three pixels can be used to begin hiding the next character of the hidden message.
An information hiding system has been developed for confidentiality. However, in this paper, we study an image file as a carrier to hide message. Therefore, the carrier will be known as coverimage, while the stego-object known as stego-image. The implementation of system will only focus on Least Significant Bit (LSB) as one of the steganography techniques as mentioned in previous section 2For embedding the data into an image, we require two important files. The first is the original image so called cover-image. The image (Figure 4), which in and gif format will hold the hidden information. The second file is the message itself, which is the information to be hidden in the image. In this process, we decided to use a plaintext as the message. Before embedding process, the size of image and the message must be defined by the system. This is important to ensure the image can support the message to be embedded. The ideal image size is 800x600 pixels, which can embed up to 60kB messages.
The cover-image will be combined with the message. This will produce the output called stegoimage. Figure 2.1 is illustrated the process. The Stego-image seems identical to the cover-image. However, there are hidden message that imperceptible. This process simply embedded the message into the cover-image without supplied any password or stego-key. At this stage, we decided to do so because we have to understand the ways of LSB insert the message bit into the image and extract the message from the stego-image produced.
12
Efficient Steganography using LSB and encryption technique
Figure 3.1 Producing Stego-Image Process
To illustrate this we are giving an example how to insert information in to an image. Basically an image is a matrix so in simple form we are inserting information in to an matrix. The under given example will show how to insert information into matrix.
Example 3.1
Clear all clc Close all disp('Matrix size should be greater than input') X=input('Enter your text'); x=input('Enter the matrix size'); Y=uint8(X) l=length(Y);
B=dec2bin(Y,8) RB(1,:)=B(1,:); 13
Efficient Steganography using LSB and encryption technique
for i=2:l RB=[RB,B(i,:)]; end lll=length(RB); M=magic(x) m=1; for ii=1:x for jj=1:x if(m<=lll) if(RB(1,m)=='0') if(mod(M(ii,jj),2)==1) M(ii,jj)=M(ii,jj)-1; end else if(mod(M(ii,jj),2)==0) M(ii,jj)=M(ii,jj)+1; end end m=m+1; else
break; end end end cc=1; for ii=1:x for jj=1:x if(cc<=lll) RRB(1,cc)=dec2bin(mod(M(ii,jj),2)); cc=cc+1; 14
Efficient Steganography using LSB and encryption technique
else break end end end for ll=1:cc/8 RBB(ll,1:8)=RRB(1,(ll-1)*8+1:ll*8); end RRR=bin2dec(RBB); RR=uint8(RRR); RR=reshape(RR,1,l); char(RR) Output:
Matrix size should be greater than input Enter your text 'hello world' Enter the matrix size 16 Ans = hello world
The advantages of LSB are its simplicity to embed the bits of the message directly into the LSB plane of cover-image and many techniques use these methods [11]. Modulating the LSB does not result in a human-perceptible difference because the amplitude of the change is small. Therefore, to the human eye, the resulting stego-image will look identical to the cover-image. This allows high perceptual transparency of LSB
15
Efficient Steganography using LSB and encryption technique
We noticed that in the approach discussed above, the time taken for generating the random numbers depends on the size of the key. In our approach it means that it also depends on the cover-image size.
Although the LSB embedding methods hide data in such a way that the humans do not perceive it, such schemes can be easily destroyed by an opponent such as using lossy compression algorithms or a filtering process.
Any process that modifies the values of some pixels, either directly or indirectly, may result in degrading of the quality of the original object.
A slight variation of this technique allows for embedding the message in two or more of the least significant bits per byte. This increases the hidden information capacity of the cover-object, but the cover-object is degraded more, and therefore it is more detectable. Other variations on this technique include ensuring that statistical changes in the image do not occur. Some intelligent software also checks for areas that are made up of one solid color. Changes in these pixels are then avoided because slight changes would cause noticeable variations in the area and. While LSB insertion is easy to implement, it is also easily attacked. Slight modifications in the color palette and simple image manipulations will destroy the entire hidden message. Some examples of these simple image manipulations include image resizing and cropping.
In this chapter we have presented an enhancement of the steganographic system using LSB approach to provide a means of secure communication. Future work we would to extend the system to be more robust and efficient and using LSB technique for image steganography along with different encryption technique.
16
Efficient Steganography using LSB and encryption technique
Chapter - 4
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key [12]. The result of the process is encrypted information (in cryptography, referred to as cipher text). The reverse process, i.e., to make the encrypted information readable again, is referred to as decryption (i.e., to make it unencrypted).In many contexts, the word encryption may also implicitly refer to the reverse process, decryption e.g. “software for encryption” can typically also perform decryption.
Encryption has long been used by militaries and governments to facilitate secret communication. It is now commonly used in protecting information within many kinds of civilian systems. For example, the Computer Security Institute reported that in 2007, 71% of companies surveyed utilized encryption for some of their data in transit, and 53% utilized encryption for some of their data in storage. Encryption can be used to protect data "at rest", such as files on computers and storage devices (e.g. USB flash drives). In recent years there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encrypting such files at rest helps protect them should physical security measures fail. Digital rights management systems which prevent unauthorized use or reproduction of copyrighted material and protect software against reverse engineering (see also copy protection) are another somewhat different example of using encryption on data at rest. Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, e-commerce), mobile telephones, wireless microphones, wireless intercom 17
Efficient Steganography using LSB and encryption technique
systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature. Standards and cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single slip-up in system design or execution can allow successful attacks. Sometimes an adversary can obtain unencrypted information without directly undoing the encryption. See, e.g., traffic analysis, TEMPEST, or Trojan horse. One of the earliest public key encryption applications was called Pretty Good Privacy (PGP). It was written in 1991 by Phil Zimmermann and was purchased by Symantec in 2010. Digital signature and encryption must be applied at message creation time (i.e. on the same device it has been composed) to avoid tampering. Otherwise any node between the sender and the encryption agent could potentially tamper it.
Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
18
Efficient Steganography using LSB and encryption technique
The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys-a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.
The setting of public- key cryptography is also called the “asymmetric” setting due to the asymmetry in key information held by the parties. Namely one party has a secret key while another has the public key that matches this secret key. This is in contrast to the symmetry in the private key setting, where both parties had the same key. Asymmetric encryption is thus another name for public-key encryption, the mechanism for achieving data privacy in the public key or asymmetric setting. Our study of asymmetric encryption (following our study of other primitives) will begin by searching for appropriate notions of security, and models and formalizations via which they are captured. We then consider constructions, where we look at how to design and analyze various schemes. With regard to notions of security, we will be
19
Efficient Steganography using LSB and encryption technique
able to build considerably on our earlier study of symmetric encryption. Indeed, from this point of view there is very little di ff erence between symmetric and asymmetric encryption; not much more than the fact that in the latter the adversary gets the public key as input. This is important (and re-assuring) to remember. All the intuition and examples we have studied before carry over, so that we enter the study of asymmetric encryption already having a good idea of what encryption is, how security is modeled, and what it means for a scheme to be secure.
Accordingly we will deal with the security issues quite briefly, just re-formulati ng the definitions we have seen before. The second issue (namely constructions) is a di
ff erent
story. Designs of
asymmetric encryption schemes rely on tools and ideas di ff erent from those underlying the design of symmetric encryption schemes. Namely in the asymmetric case, the basis is (typically) computationally intractable problems in number theory, while for the symmetric case we used block ciphers. Thus, the greater part of the e ff ort in this chapter will be on schemes and their security properties.
An asymmetric encryption scheme is just like a symmetric encryption scheme except for an asymmetry in the key structure. The key pk used to encrypt is di ff erent from the key sk used to decrypt. Furthermore pk is public, known to the sender and also to the adversary. So while only a receiver in possession of the secret key can decrypt, anyone in possession of the corresponding public key can encrypt data to send to this one receiver. An asymmetric encryption scheme AE = (K,E,D) consists of three algorithms [12],as follows:
•
The randomized key generation algorithm K (takes no inputs and) returns a pair (pk, sk) of keys, the public key and matching secret key, respec tively. We write (pk, sk) ←$ K for the operation of executing K and letting (pk, sk) be the pair of keys returned.
•
The encryption algorithm E takes the public key pk and a plaintext (also called a message) M to return a value called the cipher text. The algorithm may be randomized, but not stateful. We write C ←$ Epk(M) or C ←$ E(pk , M) for the operation of running E on inputs pk, M and letting C be the cipher text returned.
•
The deterministic decryption algorithm D takes the secret key sk and a cipher text C not equal to return a message M. We write M ← Dsk(C) or M ← D(sk,C). The message 20
Efficient Steganography using LSB and encryption technique
space associated to a public key pk is the set Plaintexts(pk) of all M for which Epk(M)never returns . We require that the scheme provide correct decryption, which means that for anykey-pair (pk, sk) that might be output by K and any message M
∈
Plaintexts(pk), if C was returned by Epk(M) then Dsk(C) = M.
Let R be an entity that wants to be able to receive encrypted communications. The first step is key generation: R runs K to generate a pair of keys (pk, sk) for itself. Note the key generation
algorithm is run locally by R. Anyone in possession of R‟s public key pk can then send a message M privately to R. To do this, they would encrypt M via C ← Epk(M) and send the cipher text C to R. The latter will be able to decrypt C using sk via M ← Dsk(C). Note that an
entity wishing to send data to R must be in possession of R‟s public key pk, and must be assured that the public key is authentic, meaning really is the R‟s public-key, and not someone else‟s public key. We will look later into mechanisms for assuring this state of knowledge. But the key management processes are not part of the asymmetric encryption scheme itself. In constructing and analyzing the security of asymmetric encryption schemes, we make the assumption that any prospective sender is in possession of an authentic copy of the public key of the receiver. This assumption is made in what follows. A viable scheme of course requires some security properties. But these are not our concern now. First we want to pin down what constitutes a
specification of a scheme, so that we know what are the kinds of objects whose security we want to assess. The key usage is the “mirror -image” of the key usage in a digital signature sch eme. In an asymmetric encryption scheme, the holder of the secret key is a receiver, using the secret key to decrypt cipher texts sent to it by others. In a digital signature scheme, the holder of the secret key is a sender, using the secret key to tag its own messages so that the tags can be verified by others. The last part of the definition says that cipher texts [12] that were correctly generated will decrypt correctly. The encryption algorithm might be randomized, and must for security. But unlike in a symmetric encryption scheme, we will not consider stateful asymmetric encryption algorithms. This is because there is no unique sender to maintain state; many di
ff erent
entities are
sending data to the receiver using the same public key. The decryption algorithm is deterministic and stateless. We do not require that the message or cipher text be strings. Many asymmetric encryption schemes are algebraic or number-theoretic, and in the natural formulation of these schemes messages might be group elements and cipher texts might consist of several group 21
Efficient Steganography using LSB and encryption technique
elements. However, it is understood that either messages or cipher texts can be encoded as strings wherever necessary. (The encodings will usually not be made explicit.) In particular, we might talk of the length of a message of cipher text, with the understanding that we mean the length of some binary encoding of the quantity in question
RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard Adleman , who first publicly described it in 1978. A user of RSA creates and then publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The prime factors must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key is large enough, only someone with knowledge of the prime factors can feasibly decode the message. Whether breaking RSA encryption is as hard as factoring is an open question known as the RSA problem.
Clifford Cocks, an English mathematician working for the UK intelligence agency GCHQ, described an equivalent system in an internal document in 1973, but given the relatively expensive computers needed to implement it at the time, it was mostly considered a curiosity and, as far as is publicly known, was never deployed. His discovery, however, was not revealed until 1998 due to its top-secret classification, and Rivest, Shamir, and Adleman devised RSA independently of Cocks' work. The RSA algorithm was publicly described in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT; the letters RSA are the initials of their surnames, listed in the same order as on the paper. MIT was granted U.S. Patent 4405829 [3] for a "Cryptographic communications system and method" that used the algorithm in 1983.The patent would have expired on September 21, 2000 (the term of patent was 17 years at the time), but the algorithm was released to the public domain by RSA Security on 6 September 2000, two weeks earlier. Since a paper describing the algorithm had been published in August 1977,[12] 22
Efficient Steganography using LSB and encryption technique
prior to the December 1977 filing date of the patent application, regulations in much of the rest of the world precludedpatents elsewhere and only the US patent was granted. Had Cocks' work been publicly known, a patent in the US might not have been possible. From the DWPI's abstract of the patent, The system includes a communications channel coupled to at least one terminal having an encoding device and to at least one terminal having a decoding device. A message-tobe-transferred is enciphered to cipher text at the encoding terminal by encoding the message as a number M in a predetermined set. That number is then raised to a first predetermined power (associated with the intended receiver) and finally computed. The remainder or residue, C, is computed when the exponentiated number is divided by the product of two predetermined prime numbers (associated with the intended receiver).
The RSA algorithm involves three steps
•
key generation
•
Encryption
•
Decryption.
In Key generation RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way[12]:
1. Choose two distinct prime numbers p and q. For security purposes, the integer p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. 2. Compute n = p*q . n is used as the modulus for both the public and private keys 3. Compute φ(n) = (p – 1)(q – 1), where φ is Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor of (e, φ(n)) = 1;
i.e., e and φ(n) are co-prime. e is released as the public key exponent. e having a short bitlength and small Hamming weight results in more efficient encryption - most commonly 23
Efficient Steganography using LSB and encryption technique
0x10001 = 65,537. However, small values of e (such as 3) have been shown to be less secure in some settings.[13] 5. Determine d as:
d= e
-1
mod(ɸ(n))
(4.1)
i.e., d is the multiplicative inverse of e mod φ(n). • This is more clearly stated as solve for d given (d*e) mod φ(n) = 1 • This is often computed using the extended Euclidean algorithm. • d is kept as the private key exponent. The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d which must be kept secret. Notes:
•
An alternative, used by PKCS#1, is to choose d matching de ≡ 1 mod λ with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n).
•
The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q match additional requirements: be strong primes, and be different enough that Fermat factorization fails.
In Encryption Alice transmits her public key to Bob and keeps the private key secret. Bob then wishes to send message M to Alice.He first turns M into an integer m, such that by using an agreed-upon reversible protocol known as a padding scheme[14]. He then computes the cipher text corresponding to e
C= M mod(n)
(4.2)
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice. Note that at least nine values of m will yield a cipher text c equal to m,[12] but this is very unlikely to occur in practice.
24
Efficient Steganography using LSB and encryption technique
During Decryption Alice can recover from by using her private key exponent via computing d
M= C mod(n)
(4.3)
Given, she can recover the original message M by reversing the padding scheme.(In practice, there are more efficient methods of calculating using the pre computed values below.)
Here is an example of RSA encryption and decryption. The parameters used here are artificially small, but one can also use Open SSL to generate and examine a real key pair.
Example 4.1
1. Choose two distinct prime numbers, such as P=61and Q=53. 2. Compute n=P*Q giving n = 61 × 53 = 3,233. 3. Compute the totient of the product as ɸ (n)=(p-1)*(q-1) giving
ɸ (3233) = (61-1)*(53-1) = 3120. 4. Choose any number 1< e <3120 that is co-prime to 3,120. Choosing a prime number for leaves us only to check that is not a divisor of 3120. Let e=17. 5. Compute d, the modular multiplicative inverse of (d*e) mod((p-1)*(q-1))=1yielding D=2753. The public key is (n=3,233 & e=17). For a padded plaintext message „M‟, the encryption 17
function is M mod (3233).
25
Efficient Steganography using LSB and encryption technique
The private key is (n=3,233 & d=2753). For an encrypted cipher text , the decryption function 2753
is C
mod(3233)
For instance, in order to encrypt M=65, we calculate 17
C= 65 mod (3233) = 2790 To decrypt C=2790, we calculate 2753
M= 2790
mod (3233) = 65.
Both of these calculations can be computed efficiently using the square-and-multiply algorithm for modular exponentiation. In real life situations the primes selected would be much larger; in our example it would be relatively trivial to factor „n‟, 3,233, obtained from the freely available public key back to the primes P and Q. Given „e‟, also from the public key, we could then compute „d‟ and so acquire the private key.
In this paper we give overview of encryption and RSA algorithm. RSA algorithm is a popular and efficient algorithm. Encryption in steganography plays a crucial role which increases the level of security and increases productivity of the steganography process.
26
Efficient Steganography using LSB and encryption technique
Chapter - 5
The proposed method is designed for BMP images. It first compares the length of the message to be concealed with the size of the image to ensure that the image can hold the secret file. If the size of secret file is more, then a new image is selected. When using a 24 bit color image, a bit of each of the red, green and blue color components can be used, so a total of 3 bits can be stored in each pixel. So one layer between R, G, B is selected and message is inserted in the selected layer. Thus, a 800 × 600 pixel image can contain a total amount of 800x600x1=480.000 bits (60.000 bytes) of secret data. It has three levels of security as follows.
Level I-The message is inserted at a random pixel value of the image as inserted by the sender. It can be any row and column of the image matrix. But precaution must be taken such that message length should not exceed matrix size.
Level 2-The message to be sent is encrypted using an encryption algorithm (here we have used RSA algorithm).
27
Efficient Steganography using LSB and encryption technique
Level 3-The encrypted message now inserted to image using LSB technique. In LSB technique encrypted message is converted to binary form and inserted in the least significant bit of pixel value as inserted before.
These the three level of security enable the process to be a highly secure message system. If anyone try to break into the system then he has to know the starting position of the message then encryption method used and method of insertion. Till he/she got all information the value of information might have lost.
Algorithm for Concealing messages (Sender Side)
Input: message, cover image Output: stego image (containing message)
1. store location of image where message to be hidden 2. Insert the message 3. Encrypt the entered message 4. Convert the encrypted message to unsigned integer form 5. Find the length of the message inserted 6. Now convert it in to binary form 7. Store the message in a one row matrix 8. Store the message length in a predefined position of image 9. Now insert the binary format message in to image 10. Save the image 11. End
The same stego key is used for decoding of secret message from the stego image. The stego key is used to generate the same random number with which selection of the pixels is done and the order of block.
28
Efficient Steganography using LSB and encryption technique
Algorithm Extraction message (Receiver side)
Input: stego image(containing message) Output: hidden message
1. Enter location to start(Stego key) 2. Retrieve the size of the hidden message 3. Retrieve the message by same insertion method 4. Decrypt the retrieved message 5. Display the message 6. End
Sender Result
Fig 5.1(Steganography at Sender side) 29
Efficient Steganography using LSB and encryption technique
Receiver Result
Fig 5.2(Output at Receiver side)
In the above two figures in figure 5.1 both original and the stego image is shown. Stego image look alike the original image which does not show any distortion. Thus the stego image will not attract attention towards itself. So it can be transferred to the recipient without displaying information within itself.
30
Efficient Steganography using LSB and encryption technique
Chapter - 6
We hope to add support to hide all file formats. This allows for a much broader spectrum of uses: one would be able to encode .exe, .doc, .pdf, .mp3, etc. The program would be more versatile becau se often hiding text just isn‟t enough.
We also would like to implement batch image processing and statistical analysis so that We can run the program through a dataset of images and detect Steganography and perhaps crawl through Google Image Search to see how prevalent Steganography is.
We eventually plan to port the program to use C/C++ other programming language so that we may take advantage of bit- fields in C and learn to code GUI‟s as well.
With this project we have learned a lot, especially about bit operations and different encryption technique. This project was fun from the start and only got more interesting as we went on developing it. We became more interested in the subject the more we researched it. We have learned that while implementing Image Steganography is important, thinking of how to detect and attack it and the methods to do so are far more complex than actually doing the Steganography itself. There is a lot of research that is beginning to discover new ways to detect Steganography, most of which involves some variation of statistical analysis. It is interesting to see what other methods will be developed and how accurate they will be at detecting Steganography 31
Efficient Steganography using LSB and encryption technique
EFFICIENT STEGANOGRAPHY USING LSB AND ENCRYPTION TECHNIQUE
BIBLIOGRAPHY
[1] C. Cachin, “An Information-Theoretic Model for Steganography”, in proceeding 2nd Information Hiding Workshop, vol. 1525, pp. 306-318, 1998. [2] D. Artz, “Digital Steganography: Hiding Data within Data”, IEEE Internet Computing, pp. 75-80, May-Jun 2001. [3] E.T. Lin and E.J. Delp, "A Review of Data Hiding in Digital Images," in Proceedings of the Image Processing, Image Quality, Image Capture Systems Conference, PICS '99, Ed., Apr. 1999, pp. 274--278. [4] F.A.P Peticolas, R.J. Anderson and M.G. Kuhn, “Information Hiding – A Survey”, in proceeding of IEEE, pp. 1062-1078, July 1999. [5] J. Zollner, H. Federrath, H. Klimant, et al., “Modeling the Security of Steganographic
Systems”, in 2nd Workshop on Information Hiding, Portland, April 1998, pp. 345-355. [6] M.M. Amin, M. Salleh, S. Ibrahim, et al., “Information Hiding Using Steganography”, 4th National Conference On Telecommunication Technology Proceedings (NCTT2003), Shah Alam, Malaysia, pp. 21-25, January 14-15, 2003. [7] M. Ramkumar & A.N. Akansu. “Some Design Issues For Robust Data hiding Systems”, http://citeseer.nj.nec.com/404009.html [8] N.F. Johnson, S. Jajodia, “Staganalysis: The Investigation of Hiding Information”, IEEE, pp. 113-116, 1998. [9] N.F. Johnson & S . Jajodia, “Steganalysis of Images Created Using Current Steganography
Software”, in Proceeding for the Second Information Hiding Workshop, Portland Oregon, USA, April 1998, pp. 273-289. [10] R. Chandramouli, N. Memon, “Analysis of LSB Based Image Steganography Techniques”, IEEE pp. 1019-1022, 2001. 32