Professional Documents
Culture Documents
2013
INVESTIGATION REPORT
1 Introduction
Information hiding has become a very big issue in the IT world. Hackers or intruders
have been known to steal information from companies, government agencies and other organizations for a long time. One of the ways of avoiding this kind of intrusion in the information systems is Steganography. Steganography is simply a way of hiding information in another media like an image or an audio file, where no one will know that piece of information is hidden there. The point of Steganography is to make sure the information is hidden in plane site. For example, Bill wants to send a secure message to John without anyone noticing, Bill can hide that information in an image and send the image to John instead of the actual message. This way an intruder wont know in that image there is a message, the intruder will see as a normal image thats it. Steganography is not the same as cryptography, its totally another thi ng. Cryptography is a way of hiding information in a way that its difficult for intruders to notice the meaning. Although cryptography is known to be a common way of encrypting information, Steganography is much more sufficient as the information can be hidden in plane site without the intruders knowing its there.
2013
For many years, the concept of hiding information has been a crucial subject to many organizations and government agencies. There are many ways one can hide messages from others, commonly and widely used are cryptography and Steganography. Cryptography is a way of hiding messages by changing the format of the real message and therefore making it hard to define the message. But this way of hiding information has been easy to notice, it can be detected using the safe guards tools within our systems and networks. (Backbone Sec, 2010) (Johnson, N. (2008) Confidentiality is a crucial element in a business world and government agencies today. Confidentiality is simply defined as, the state of being secret. Information and messages passed around is expected to be free from unauthorized viewing from anyone who is not involved. But with the threat of intruders like hackers and eavesdroppers, the need to have a better security on information flow is widely needed. Government agencies need to pass top secret information or messages to soldiers in combat or Agents without the possibility of enemies knowing what the message says. (Oriyano, S. 2009) (Westphal, K. 2010) (Oriyano, S. 2009) Copyright infringement and Fraud, Piracy has grown to a huge number these days, protecting what is yours is a great deal. Digital media like architecture drawings and images have been in trouble with piracy and copyright infringements. Steganography has been known to be used for digital watermarking to prevent copyright information, by overlaying files which appear to be part of the original file and therefore not easily detected by the naked eye. (Janssen, C.2010) (Westphal, K. 2010). For example, an architect can design building schematics for a certain organization. The designs can be stolen from the organization offices or email address of the architect and they can be sold or use by other architects as their own. So through steganography, the image can be used to hide certain information about the organization or architect signature about their work.
2013
1.1.2
Rationale
According to the problems above, Image Steganography System will be developed as a standalone application to counterpart the problems involved. The system will have tangible and intangible benefits as follows;
Tangible Benefits: The user will be able to secure information inside an image without the worry of it being detected. The user can choose images which can be used to hide information. Image output will be the same as the one entered.
Intangible Benefits: Authentication information wont be known to anyone unless they know the information hidden in the image.
1.1.3
Nature of Challenge
The main challenge to any project is mainly time and algorithms used to get to the goal. For this project the time given to finish the project will be crucial everything has to be done in a proper schedule. The algorithm used to encrypt the information is called Least Significant Bit (LSB) This is algorithm embeds the text by adjusting the least significant bit of pixels in the image. The challenge here is learning and understanding the algorithm LSB and applying it to the developed system to meet the requirements. Another challenge will be the programming language used to develop the application. The researcher will use Visual C#. Its a new programming language for the researcher and time and resources will be important to learning this language.
2013
The main aim of this project is to conduct a research on steganography and be able to develop a program called Image Steganography System for the purpose of securing information inside images.
Core function Demonstrate the process of hiding and extracting text inside an image. This will allow the user to hide text message into an image file. And also enable the user to extract the same message from that image file. This will make the security of the message strong because people wont notice the message embedded inside the image. Password protection. After hiding the text inside the image, the user will be required to key in a password to provide further protection of the message. This will increase the amount of security around the message because even if someone is able to detect the message inside, it will require a key (password) to see the message.
Enhanced function User interface (friendly) for a friendly operations The point of this is making the interface of the system as friendly as possible. Its much easier to walkthrough a simple and straight forward interface than in a complicated one.
2013
retrieve the message. This will be seen as someone just sending a normal picture while in the reality, inside the picture there is secret message. This fact is the point of steganography, that no one else besides those people who are chatting will know the message inside the image.
To develop a system that will hide messages in an image hence the term image steganography. To be able to choose algorithms appropriate for the system. The system developed should be easy to use; this means the system should have a user friendly interface with instruction on how to work the system. The system should provide the same image output as the one entered before hiding the information To develop the system that can work across platform if possible
Academic
To demonstrate project management skills learned in class modules To demonstrate a clear understanding and usage of systems development methodology To be able to show the capabilities of developing a system using programming language knowledge acquired. To demonstrate the ability of conducting research based on a certain topic To be able to put the research findings on a topic into use by developing and implementing a system based on the research. To demonstrate the skills learned in programming modules by developing a proper functioning system.
This project is based on period of 8 months to develop a complete working system. Depending on which the system developed this time can be either enough or not enough to develop a complete system. The project timeline will be shown in Gantt chart provided in the appendix.
2013
2013
2 Literature review
2.1 Domain research
2.1.1 Introduction to Image Steganography Steganography is the art of hiding information in such a way that people dont recognize that there is a communication that is taking place at a time. The principle behind this term steganography is hiding information in information. For example in World War 2, information was written in an invisible ink so that it appears to normal viewer as a blank page while in reality it is not (Garykessler.net, 2001). Another example, some government sources suspect that Osama Bin Ladens pre-recorded videos that are replayed on TV stations around the world contain hidden messages (Kessler, 2001). In todays world, steganography has become more complicated than old time. It allows hiding a huge number of information in images, audio and video files. In some case, steganography programs have another form of encryption called cryptography which increases the level of security in information. How this works is by first hiding information in one of the media files like images and then encrypting that image to make it difficult to get to the message if by chance an intruder get to crack the image. Image steganography simply means hiding information within an image.
The most widely usage of steganography is digital watermarking. According to Rouse, M from
Whatis.techtarget.com, 2013, Digital watermarking is a sequence of characters or code embedded
in a digital document, image, video or computer program to uniquely identify its originator and authorized user. Digital watermarking is used to protect the interest of designers and creators against illegal use and distribution of copyright digital works. For example, a designer can have their signature embedded within a design to prove that the work done on the design is theirs. Another usage of steganography is communication in underground communities. There are several reports, for example, of persecuted religious minorities using steganography to embed messages for the group within images that are posted to known Web sites. (Kessler, 2001) A graphical representation of the system
2013
Before discussing how information is hidden in an image file, it is worth a fast review of how images are stored in the first place. An image file is merely a binary file containing a binary representation of the color or light intensity of each picture element (pixel) comprising the image. Images typically use either 8-bit or 24-bit color. When using 8-bit color, there is a definition of up to 256 colors forming a palette for this image, each color denoted by an 8-bit value. A 24-bit
2013
color scheme, as the term suggests, uses 24 bits per pixel and provides a much better set of colors. In this case, each pixel is represented by three bytes, each byte representing the intensity of the three primary colors red, green, and blue (RGB), respectively. The Hypertext Mark-up Language (HTML) format for indicating colors in a Web page often uses a 24-bit format employing six hexadecimal digits, each pair representing the amount of red, blue, and green, respectively. The color orange, for example, would be displayed with red set to 100% (decimal 255, hex FF), green set to 50% (decimal 127, hex 7F), and no blue (0), so we would use "#FF7F00" in the HTML code. The size of an image file, then, is directly related to the number of pixels and the granularity of the color definition. A typical 640x480 pix image using a palette of 256 colors would require a file about 307 KB in size (640 480 bytes), whereas a 1024x768 pix high-resolution 24-bit color image would result in a 2.36 MB file (1024 768 3 bytes).
2.2.2 Image Compression Schemes
To avoid sending files of this enormous size, a number of compression schemes have been developed over time, notably Bitmap (BMP), Graphic Interchange Format (GIF), and Joint Photographic Experts Group (JPEG) file types. Not all are equally suited to steganography, however. GIF and 8-bit BMP files employ what is known as lossless compression, a scheme that allows the software to exactly reconstruct the original image. JPEG, on the other hand, uses lossy compression, which means that the expanded image is very nearly the same as the original but not an exact duplicate. While both methods allow computers to save storage space, lossless compression is much better suited to applications where the integrity of the original information must be maintained, such as steganography. While JPEG can be used for stego applications, it is more common to embed data in GIF or BMP files.
2.2.3 Least Significant Bit (LSB) Insertion
The simplest approach to hiding data within an image file is called least significant bit (LSB) insertion. In this method, we can take the binary representation of the hidden data and overwrite
2013
the LSB of each byte within the cover image. If we are using 24-bit color, the amount of change will be minimal and indiscernible to the human eye. As an example, suppose that we have three adjacent pixels (nine bytes) with the following RGB encoding: 10010101 00001101 11001001 10010110 00001111 11001010 10011111 00010000 11001011 Now suppose we want to "hide" the following 9 bits of data (the hidden data is usually compressed prior to being hidden): 101101101. If we overlay these 9 bits over the LSB of the 9 bytes above, we get the following (where bits in bold have been changed): 10010101 00001100 11001001 10010111 00001110 11001011 10011111 00010000 11001011 Note that we have successfully hidden 9 bits but at a cost of only changing 4, or roughly 50%, of the LSBs. This description is meant only as a high-level overview. Similar methods can be applied to 8-bit color but the changes, as the reader might imagine, are more dramatic. Grey-scale images, too, are very useful for Steganographic purposes. One potential problem with any of these methods is that they can be found by an adversary who is looking. In addition, there are other methods besides LSB insertion with which to insert hidden information.
2.2.4 Steganalysis
Without going into any detail, it is worth mentioning Steganalysis, the art of detecting and breaking steganography. One form of this analysis is to examine the cooler palette of a graphical image. In most images, there will be a unique binary encoding of each individual cooler. If the
10
2013
image contains hidden data, however, many colors in the palette will have duplicate binary encodings since, for all practical purposes, we can't count the LSB. If the analysis of the cooler palette of a given file yields many duplicates, we might safely conclude that the file has hidden information.
2.3 Cryptography
The term cryptography has been around for many years. According to Kessler, 1900 B.C was the first time the use of cryptography was documented when Egyptian scribe used non-standard hieroglyphs in an inscription. The next appearance of cryptography was noticed again when writing was invented. At this time, it was used in diplomatic missives to war-time battle plans. After this, came the age of computers, where communication of information and data were needed to be safe when transferring data over the internet. At this time the development of new ways of cryptography emerged. (Kessler, 2013) By definition, Cryptography is the art and science of keeping messages secure by using mathematical equations known as algorithms. Cryptography covers several important aspects of in any security field authentication, Privacy or confidentiality, integrity and non-repudiation. In simple terms, authentication is to prove someones identity. Privacy or confidentiality is to make sure that information is read by the appropriate person. Integrity is to assure someone that information is in its original form not altered. Nonrepudiation means proving the information came from the right person. There are three elements in cryptography, plain text which are original text that has not been altered yet. Cipher text is a message that has already been altered using cryptography. And then there is encryption and decryption process. Encryption is the process of changing plain text into cipher text and decryption is the opposite of encryption, changing the cipher text into an original text. In communication, these processes are the ones used to encrypt messages and decrypt messages. (Kessler, 2013)
11
2013
2.3.1 Types of cryptography There are basically three types of cryptography. Each type uses different form of key function to secure information. A key in cryptography is referred to as numerical value in an algorithm to secure information. This key is like a password used to encrypt and decrypt information. The three types of cryptography algorithms are discussed below: 2.3.1.1 Secret key cryptography Secret key cryptography also known as symmetric key cryptography, the base of this type is usage of a single key to encrypt and decrypt information. This means the message is encrypted by using a key and then that key is used to decrypt that encrypted information. These are the common algorithms for symmetric key are Data Encryption Standard (DES), 3DES, Advanced Encryption Standard (AES) and Blowfish. The main advantage of symmetric key cryptography is speed. The principle problems with this system are key distribution and scalability. Keys need to be distributed securely, and each secure channel needs a separate key. Symmetric key systems provide confidentiality but do not provide authenticity of the message, and the sender can deny having sent the message. (Winding, 2013)
2.3.1.2 Public key Cryptography Public key cryptography also known as asymmetric key cryptography, it uses a separate key to encrypt and decrypt information. These keys are referred to as public and private key because they work in pair. The public key and the private key are used in pair to encrypt and decrypt a message. The private key is kept secret by the owner. But the public key will be shared to the other party. The public key will used to initiate the decryption process. The following example illustrates how public key cryptography works:
Ann wants to communicate secretly with Bill. Ann encrypts her message using Bills public key (which Bill made available to everyone) and Ann sends the scrambled message to Bill.
When Bill receives the message, he uses his private key to unscramble the message so that he can read it.
12
2013
When Bill sends a reply to Ann, he scrambles the message using Anns public key. When Ann receives Bills reply, she uses her private key to unscramble his message.
(Support.citrix.com, 2013) 2.3.1.3 Hash function A hash function uses a mathematical signature to encrypt information. A message of subjective length and compute a fixed signature often called a message digest for the message. This type of cryptography is used in files, email messages and Hard-drive Images. Examples of this cryptography are as follows: Message-Digest algorithm 5 (MD5) and Secure Hash Algorithm (SHA). (Winding, 2013)
1) Key ExpansionRound keys are derived from the cipher key using Rijndael's key schedule. 2) Initial Round a) Add Round Keyeach byte of the state is combined with the round key using bitwise XOR. 3) Rounds a) Sub Bytesa non-linear substitution step where each byte is replaced with another according to a lookup table.
13
2013
b) Shift Rowsa transposition step where each row of the state is shifted cyclically a certain number of steps. c) Mix Columnsa mixing operation which operates on the columns of the state, combining the four bytes in each column. d) Add Round Key 4) Final Round (no Mix Columns) a) Sub Bytes b) Shift Rows c) Add Round Key (Kumar, 2012)
14
2013
Algorithm
Key Size
Block Size
Algorithm Structure
Rounds
Cracked?
Existing Cracks
AES
SubstitutionPermutation Network
10, 12 or 14
No
Side attacks
channel
128 bits, 192 bits or bits 32-448 bit in Feistel Network 256 128 bits Feistel Network 16 No
Twofish
Schneier in 1993
Ron RC4 Rivest in Variable 1987 8-128 Ron RC2 Rivest in 1987 bits in 64 bits SourceHeavy Feistel Network 16 Mixing 2 Yes Mashing Variable Stream Unknown Yes
Related-Key attack
default
15
2013
3DES
IBM 1978
in
Feistel Network
48
No
DES
IBM 1975
in
56 bits
64 bits
Feistel Network
AES is faster compared to other encryption algorithms like RSA because of the key length. The more the key length the more time it takes to encrypt data. Also the RSA uses 2 key which makes the steps of encrypting and decrypting take longer than the AES using one key. AES is the current standard accepted by the US Federal organizations to be used as encryption for everyone. Its the successor of DES algorithm. Simplicity in implementation and system memory usage is very little. Considered as practically crack-proof: Brute force attacks against AES have no success to date. According to Windowsfilemanager.com, 2013, We strongly recommend to use this algorithm with 256 key sizes as your default algorithm. (Windowsfilemanager.com, 2013)
16
2013
Features: Hide data into image files support for JPEG, BMP, GIF files (http://anyfile2image.sourceforge.net/)
17
2013
DeepSound DeepSound is a steganography tool that hides secret data into audio files - wave and flac. The application also enables you to extract secret files directly from audio CD tracks. DeepSound might be used as copyright marking software for wave, flac and audio CD. DeepSound also support encrypting secret files using AES-256(Advanced Encryption Standard) to improve data protection. (Jpinsoft.net, 2012)
(Jpinsoft.net, 2012)
18
2013
2.7.1
Image Steganography System Password encryption (AES) Steganography technique (LSB) File hidden Carrier file Yes Text Any Image files No Text WAV and flac No Text Any image file Yes Yes No Deep sound AnyFile2Image
C# is a new programming language developed by Microsoft that runs in a .NET framework. C# is a simple, modern, object-oriented and type-safe programming language. For programmers who are familiar with C and C++ this programming language will be very familiar to them because they have few differences between each other. (Msdn.microsoft.com, 2003) The Microsoft development tool used for C# programming is called Visual C#.NET. It includes a compiler, a debugger and a development environment for developing user interface for windows and web applications. According to Voegele, 2008, C# has a built-in security which means the language ability to determine if a piece of code comes from a trusted source and providing permissions for the code if its trusted.
19
2013
2.8.2
C#
JAVA
C++
Yes
Yes
Yes
Yes
No Multiplatform yes
No
No
checking array indexes and variable Yes initialization Perform reflection Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
Yes
No
No
20
2013
2.8.3 Justification for programming language selected After going through looking at the similarities and differences of C#, JAVA and C++, the developers chose C# for the development of the system of several reasons. The availability of algorithms for the Steganography is widely available in C#. The research found many systems developed using this language. C# has the capability of developing a system allowing developer to create and design a user interface using .NET framework. For example, the developer can drag and drop buttons checkboxes and other tools available in the platform. The compilation in C# is fast and efficient than JAVA. With C# using a .NET framework, the develop can use the tools within the framework to produce the executable program for user which makes it easy unlike JAVA and C++ the production of executable files for installation is done in another platform, one has to search on application which can help in this process. On top of that C# is based on Object oriented which in turn allows the reusability of codes in the program. Reusability of code helps the developer to reduce coding time and execution of the program. Because C#.NET uses the Microsoft .NET framework it is also easy to make programs which are supported by Microsoft Windows Operating system. This will help the developer because the users who are using Microsoft Operating Systems are many than other platforms.
21
2013
Diagram: Overview of Waterfall Model (image from Istqbexamcertification.com, 2013) The project timeline for this model is straight forward and fixed no going back. This means if changes happen in the next stage, the developer cant go back and make changes to that stage. Therefore at the end of each stage a critical analysis is done to ensure every detail is correct to move to the next stage. Waterfall model is more suitable for new developers and small projects because it helps the system analyst to follow and analyze each stage before completion. And also it helps developers to concentrate on the coding without going back to the requirements stages.
22
2013
Its easy and simple to understand The development process is done stages by stage to avoid mistakes ahead. Each process is completed and analyzed before moving forward Its suitable for small projects with strict timeline for developers to finish in time.
Disadvantages of Waterfall Model
Not suitable if projects is big and requires frequent changes Users cant see the system until testing stages and this due to the linear format of the model, any changes found at testing stages cant be done because there is no going back The documentation of waterfall model project can be excessive.
2.9.2 Overview of Prototype Model In Prototype model, a prototype program is built to understand the requirements of the project. By doing this the users can have a feel of how the actual system is going to be and therefore allow the user to understand what they need for the system. This type of model helps users to determine their requirements early on the stages and the system can be created and tested by them along the way as a prototype. Diagram of Prototype model
the model provides users will actively interaction in the development of the system
23
2013
Detection of error will be much earlier as the system is being developed and tested by user at the same time Flexibility is high as features can be added in different stages as they come.
Disadvantages
As the prototype is just to show the user how the system might work, this can cause users to think otherwise that the prototype is the real system. It may lead to complexity of the system as the scope of the system may expand beyond the requirements plan.
2.9.3 Hybrid Model Overview A hybrid model is a combination of other software development methodologies. This works by combining the best features from multiple development methods. In this project, the hybrid model will combine the first two model mention above, waterfall and Prototyping disregarding the features not needed to make one model which will have the benefits of both models. Waterfall model will be used to cover investigation, analysis and design and then the prototype model will cover coding and implementations. The benefit of this Hybrid model is that, its high flexible and it adopts the benefits of both models. 2.9.4 Rationale for choosing Hybrid Model By taking two software methodologies and combining them together, it will give the systems analyst and developer an opportunity to make due of the advantages of both waterfall and prototype model. Waterfall model is known for a strict and step by step guideline through stages and its much suitable for beginner developers with little experience in software development. Prototype model is useful for its capabilities of repetitive stages in development and testing. This will be helpful in this project because it requires customer feedback in development and testing stages. 2.9.5 Rationale for choosing Unified Modeling Language (UML) According to Whitten, J. L. et al. 2001, p.p.646, Unified Modeling Language is a set of modeling conventions that is used to specify or describe a software system in terms of objects . UML Language is mainly used in Object Oriented Analysis and Design, its uses diagrams to show how the system works. As the name sounds, it divides the system into objects to get a better analysis.
24
2013
UML contains several diagrams like Use Cases, Class diagrams, sequence diagrams and activity diagrams. Use case shows the functionality of the system with external actors. Class diagram show the relationships between classes. A sequence diagrams shows how the system interacts, showing messages between objects. An Activity diagram show how the internal processes work flows. Its more efficient to develop a system in object oriented concepts. They provide the developer with tools to view the whole system. This allows the developer to design and implement the system properly than in traditional approach (Structured). UML will be used to break down the system into objects and design each part showing relationship between the objects and therefore give a clear picture of how the system will work.
25
2013
3 Research methods
3.1 Primary research
Primary research is very important in finding out information from users of the system. There are several techniques of collecting information from users and customers. There are questionnaires, interviews and observations. The questionnaires conducted by the researcher here are online questionnaires. Online questionnaires are conduct via the internet with questions created on a certain website and given out via different internet service to be answered. Mostly, this type of online research are same with the local ones but they are conduct through the internet as for these the internet is huge resource for information and one can gather information from different people in wider range. The researcher used Google Docs which has an option to create and manage questionnaires. Online questionnaires include options like radio button, check boxes, and pull down menus, textboxes and other tools which can help in getting the information from respondents. The intended respondents for this research are normal users with low or no background in IT knowledge and users who have a medium or high experience in IT environment. The questionnaires are suitable to collect information from Normal user around the internet
26
2013
3.3 Questionnaire
The part of the survey is intended to analyze the group of user who are involved in the research. This information is crucial to know as it will impact the analysis of the research. Knowing what background the users have is important. This will help the system analyst to know if what IT knowledge does the user have and how can they help in developing the system. User Background survey 1. Computer Usage: very often, often, rarely, not at all 2. Any IT knowledge: low, medium, high 3. Operating System Using (Daily Bases): Microsoft windows, Mac OS, Linux, Others System Survey 1. How often do you spend time on the internet? Justification: this is to get the timing of their usage on the internet. 2. What internet services do you use (Daily Bases)? Justification: this is intended to check what services they use in their daily life in the internet. Services like social media (Facebook, twitter), emails, entertainment and others. 3. Do you send image over the internet? Justification: this is to know if the users send images over the internet. 4. Do you know what encryption is?
5. Have you ever use an encryption program before to secure your information? Justification: this question is to check if the users have used an encryption program before.
6. Do you think its important to have your files secured before sending them over the internet?
27
2013
Justification: This question is intended to know if the users think its important to secure their files before the files are sent over the internet 7. What User interface do you preferred? Justification: this question is intended to find out what type of interface will be suit the users and what they expect.
28
2013
4 Analysis
In this chapter of Data analysis, the developer has done analysis based on the research techniques used in the above chapter 3 (Research Methods). Analysis done in this section is based on the findings obtained while conducting research using questionnaires.
4.1 Questionnaires
This questionnaire was posted online and there were 28 respondents who came up to answer the questionnaire.
Analysis: based on the chart above, the amount of people who very often use computer is the highest with 79% of the respondent and the next is 21% of them often use their pc. This analysis will help the developer to know how many respondents use the computer also this question is based on the back ground of the user information.
Analysis: Based on the chart above, the amount of users who have IT knowledge are different many of them being in the medium level with 50%, 43% of them are the professional ones and 2 % of them are
29
2013
have low knowledge. Based on the result found here, the developer will know if users of this system will be able to know
Analysis: this analysis will help the developer to know which Operating System the intended users are using as this will help in knowing what language to choose in developing the system and if the system will successful be developed then the success of it being used is high.
30
2013
Analysis: this shows more user use the internet to perform whatever they are doing working or emailing. 25%of the respondents show that they spend more time on the internet.
Analysis: this chart shows that most of the users use the internet in social media activities like Facebook maybe chatting and sending images and emails. This will help knowing that the users will need image steganography system to secure their information before sending them over the internet
Analysis: Based on the chart above, 93% of the respondent say they do send images over the internet so this will help to know if the system is successful, users might uses it to hide their information and send them over the internet as a secret messages.
31
2013
Analysis: Based on the chart above from respondents, 79% of the users have an idea and know what encryption is. This is good because the system developed here is important to know what is based on and what its going to achieve in the end. This helps the developer knowing that the users intended for the system know what its all about.
Analysis: based on the above information/chart, 68% of the respondents have said they have not used an encryption program before and 10% of them have used one before. This shows that not many of the users have used an encryption program before and this might impact the users of this system Image Steganography System.
32
2013
Analysis: based on the above chart, 100% of the respondents think its important to secure their files before sending them over the internet. This shows that the system might have a success because prefer their file to be secured.
Analysis: In this response, according to the respondents here all of them prefer the simple and straight forward user interface. This is crucial in the designing of the system as the developer has to be careful to create a system which should be simple and straight forward with clear direction on what to do, enough help and clear interface.
33
2013
5 Design
5.1 Introduction to Design
In the design phase, the primary objective is to design models which will help to show the workflow and activities performed in the system. In this design chapter, the designer will be using UML models to show how the system will work and to give a realization of the system. UML diagrams contain several diagrams to design and understand the system but for this project the system designer will be using 3 diagrams to design and show how the system works
2. Activity diagram In activity diagram, it shows the business and operational flow of the system processes.
3. Sequence diagram
In sequence diagram, it shows the interaction between different objects in the system and the messages sent between them.
34
2013
Hide
User
Extract message
35
2013
Select image
enter message
Set password
User
36
2013
Select image
extract message
enter password
User
view message
37
2013
Hide Message
Nelson Perez User This use case show the functionalities of the user when hiding information An image must be selected before the beginning of the function
1. User selected an image to carry the information 2. User inputs information that they want to hide 3. Enter password to encrypt the hidden information 4. Hide the file inside the image
Post conditions:
Extract Message
Extract Message
Nelson Perez User This use case shows the functionalities of the user when extracting the hiding information An image with information hidden within must be selected before the beginning of the function
1. User selected an image carrying the information 2. Enter password to decrypt the hidden information 3. Message is shown in the message
38
2013
39
2013
5.2.3
load image
Enter password
40
2013
Enter password
41
2013
GUI
Processes
2. Set image
5. Change image compound to replace message 5. Enter message 6. Enter password 7. Hide message
image is saved
42
2013
Extract message
GUI
Processes
2. Set image
8. Message extracted
9. Display information
information saved
43
2013
44
2013
5.3.1
45
2013
Sketch 1 is shows the beginning of the system where the user will have to buttons option, one for hiding and other one for extraction. Sketch 2 shows the hide interface where user will be able to load the image carrier, input data file or text and then save the output. The user will have two buttons, one for encryption where sketch 3 will appear for password entry and then press the hide button to hide the information inside the image Sketch 4 shows the extraction form, it gives the user a place to input the image with information inside and choose which output type they want but selecting a radio button of that type of output. Then they will hit the button extract after this process the password interface (Sketch 3) will appear and then after password input then the text will be displayed in the text box or the output path they choose.
46
2013
6 Conclusion
6.1 What was achieved at the end of the first leg of the project?
Steganography is the art of hiding message in another form of media file like an image for the purpose of obscurity. Cryptography is the art of hiding message using a mathematical computation. This document explains the researcher will implement Image Steganography System by using both of these methods of hiding information. Steganography has its own benefits that help in hiding information. But the combination of embedding messages within an image and encrypting that information will increase the level of security in this system. As seen in the domain research steganography uses Least Significant Bit to hide information and based on the choice of the researcher Advanced Encryption Standard AES algorithm will be used to encrypt the information hidden inside the image. The research will be using Hybrid methodology, a combination of Waterfall methodology and Prototyping methodology. This will give more flexibility because in terms of programming sometimes the requirements may change and waterfall model doesnt allow going back to previous stages. This is where Prototyping comes in to make thing more flexible because Prototyping allows going back to previous stages and making changes where needed. The programming language chosen by the developer is Visual C#. Visual C# uses .NET framework developed by Microsoft which has several advantages like having a great interface for designing graphical interface with a lot of tools and options. Its implementation is also easy. It also allows the production of the complete system to an executable file for installation to users machine. The researcher used online questionnaire to get the feedback from users. The analysis on this document is based on the questionnaire given out. And finally, the design of the system was done by using UML models like Use Case explaining the functions of the system, activity diagrams showing the processes and sequence diagram show the flow of messages inside the system.
6.2 Were you able to do enough investigation / research with regards to what you want to achieve / do?
Based on the journals, articles, books and other resources used to gather information the research is done is enough to a certain point depending on the research topic, scope and objectives needed. In the research in a topic like steganography, the time given for this project is not enough, there is a lot of information still out there and new information comes in every day.
6.3 Were there any gaps in your research, analysis and design where you may want to further explore and identify/ improve?
The researcher is not optimistic with the research method. The questionnaire seems very shallow in a way not concerned with the system involved. The researcher would like to further explore more on this part of
47
2013
the research by clearly developing another questionnaire and perhaps perform an interview for further information gathering in technical areas.
48
2013
7 References
Bateman, P. (2008) Image Steganography and Steganalysis. [Online] Available at: http://www.computing.surrey.ac.uk/personal/st/H.Schaathun/projects/Past/phil-msc.pdf [Accessed: 16 Jan 2013]. Bright Hub. 2010. Encryption vs. Cryptography - What is the Difference? [Online] Available at: http://www.brighthub.com/computing/enterprise-security/articles/65254.aspx [Accessed: 15 Aug2013]. Cheddad, A. 2010. Digital image steganography: Survey and analysis of current methods. [Online] Available at: http://www.researchgate.net/publication/222828997_Digital_image_steganography_Survey_and_analysi s_of_current_methods?ev=pub_cit_inc [Accessed: 15 Aug 2013]. Cs.wustl.edu. 1974. Performance Analysis of Data Encryption Algorithms. [Online] Available at: http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/ [Accessed: 15 Aug2013]. Cs.wustl.edu. 1974. Performance Analysis of Data Encryption Algorithms. [Online] Available at: http://www.cs.wustl.edu/~jain/cse567-06/ftp/encryption_perf/ [Accessed: 15 Aug 2013]. Forlanda, J. and Stonecypher, L. 2010. Encryption vs. Cryptography - What is the Difference? [Online] Available at: http://www.brighthub.com/computing/enterprise-security/articles/65254.aspx [Accessed: 15 Aug 2013]. Janssen, C. (2010) What is Steganography? - Definition from Techopedia. [Online] Available at: http://www.techopedia.com/definition/4131/steganography [Accessed: 01 Feb 2013]. Johnson, N. (2006) Steganography & Digital Watermarking - Attacks and Countermeasures. [Online] Available at: http://www.jjtc.com/Steganography/ [Accessed: 10 Jan 2013]. Johnson, N. and Katzenbeisseir, S. 2013. A survey of Steganographic Techniques. [E-book] Available through: artechhouse.com http://www.artechhouse.com/uploads/public/documents/chapters/Petitcolas035-ch03.pdf [Accessed: 14 Aug 2013]. Jpinsoft.net. 2012. Jospin Software. [Online] Available at: http://www.jpinsoft.net/DeepSound/ [Accessed: 15 Aug 2013].
49
2013
Kellermansoftware. 2007. What is the strongest encryption algorithm? [Online] Available at: http://www.kellermansoftware.com/t-ArticleStrongestAlgo.aspx [Accessed: 5 Sep 2013]. Kessler, G. (2008) Steganography. [Online] Available at: http://www.garykessler.net/library/steganography.html [Accessed: 12 Jan 2013]. Kessler, G. 2001. Steganography. [Online] Available at: http://www.garykessler.net/library/steganography.html [Accessed: 4 Sep 2013]. Kumar, L. 2012. Novel Security Scheme for Image Steganography using Cryptography Technique. [Ebook] Ghaziabad, India: Available through: http://www.ijarcsse.com/ .ijarcsse.com/docs/papers/April2012/Volume_2_issue_4/V2I400120.pdf [Accessed: 20 Aug 2013]. Li, B. et al. (2011) A Survey on Image Steganography and Steganalysis. Journal of Information Hiding and Multimedia Signal Processing, 2 Available at: http://bit.kuas.edu.tw/~jihmsp/2011/vol2/JIH-MSP2011-03-005.pdf [Accessed: 02 Feb 2013]. Msdn.microsoft.com. 2003. 1. Introduction (C#). [Online] Available at: http://msdn.microsoft.com/enus/library/aa645597%28v=vs.71%29.aspx [Accessed: 26 Aug 2013]. Oriyano, S. (2009) Using steganography to avoid observation. [Online] Available at: http://www.ibm.com/developerworks/web/library/wa-steganalysis/index.html#why [Accessed: 16 Jan 2013]. Radcliff, D. (2002) QuickStudy: Steganography: Hidden Data. [Online] Available at: http://www.computerworld.com/s/article/71726/Steganography_Hidden_Data [Accessed: 01 Feb 2013]. Rouse, M. 2013. What is forensic watermark (digital watermark)? - Definition from WhatIs.com. [Online] Available at: http://whatis.techtarget.com/definition/forensic-watermark-digital-watermark [Accessed: 4 Sep 2013]. Sans.org (n.d.) Untitled. [Online] Available at: http://www.sans.org/reading_room/whitepapers/stenganography/hiding-plain-view-steganographyterrorist-tool_551 [Accessed: 01 Feb 2013]. Sarc-wv.com (2008) SARC - Steganography Analysis and Research Center : Why Use Steganography?. [online] Available at: http://www.sarc-wv.com/about_steganography/why_use_steganography.aspx [Accessed: 12 Jan 2013].
50
2013
scribd.com (2011) Steganography Project Report for Major Project in B.Tech. [online] Available at: http://www.http://www.scribd.com/doc/61193138/Steganography-Project-Report-for-Major-Project-in-BTech/doc/61193138/Steganography-Project-Report-for-Major-Project-in-B-Tech [Accessed: 03 Feb 2013]. Searchsecurity.techtarget.com (2013) What is steganography? - Definition from WhatIs.com. [Online] Available at: http://searchsecurity.techtarget.com/definition/steganography [Accessed: 01 Feb 2013]. Searchsecurity.techtarget.com. 2013. What is encryption? - Definition from WhatIs.com. [Online] Available at: http://searchsecurity.techtarget.com/definition/encryption [Accessed: 16 Aug 2013]. Software, K. 2007. What is the strongest encryption algorithm? [Online] Available at: http://www.kellermansoftware.com/t-ArticleStrongestAlgo.aspx [Accessed: 16 Aug 2013]. Support.citrix.com. 2013. Types of Cryptography - Citrix eDocs. [Online] Available at: http://support.citrix.com/proddocs/topic/xenapp5fp-w2k3/sg-cryptography-types.html [Accessed: 16 Aug 2013]. Westphal, K. (2010) Steganography Revealed | Symantec Connect Community. [Online] Available at: http://www.symantec.com/connect/articles/steganography-revealed [Accessed: 12 Jan 2013]. Winding, R. 2013. Cryptography Techniques for Secure Communications - Certification Magazine. [online] Available at: http://www.certmag.com/read.php?in=1243 [Accessed: 16 Aug 2013]. Windowsfilemanager.com. 2013. Sprintbit File Manager. [Online] Available at: http://www.windowsfilemanager.com/help/html/index.html?cryptography.htm [Accessed: 5 Sep 2013].
51
2013
8 Appendices
8.1 Log sheets (a minimum of 6)
52
2013
53
2013
54
2013
55
2013
56
2013
57
2013
58
2013
59
2013
60
2013
8.3 PSF
STUDENT ID INTAKE ID STUDENT NAME : TP025838 : UC3F1305IT (ISS) : NELSON PEREZ SWAI
A. Project Title
B. Brief description on project background. (i.e. problem context, rationale, description problem area, nature of challenge)
Problem Context
Steganography on the other hand is the opposite of what cryptography does. According to techtarget.com, Steganography is the hiding of a secret message within an ordinary message and the extraction of it at its destination. Steganography takes cryptography a step farther by hiding an encrypted message so that no one suspects it exists. Ideally, anyone scanning your data will fail to know it contains encrypted data. This way of hiding information is much more efficient due to the fact that the hidden message cant be detected in the first place so there will be no way of someone knowing what kind of message is been hidden under an image file or an audio file that has been used to hide the information. (Backbone Sec, 2010) (Johnson, N. (2008) (Oriyano, S. 2009) For many years, the concept of hiding information has been a crucial subject to many organizations and government agencies. There are many ways one can hide messages from others, commonly and widely used are cryptography and Steganography. Cryptography is a way of hiding messages by changing the format of the real message and therefore making it hard to define the message. But this way of hiding information has been easy to notice, it can be detected using the safe guards tools within our systems and networks. (Backbone Sec, 2010) (Johnson, N. (2008)
61
2013
Confidentiality is a crucial element in a business world and government agencies today. Confidentiality is simply defined as, the state of being secret. Information and messages passed around is expected to be free from unauthorized viewing from anyone who is not involved. But with the threat of intruders like hackers and eavesdroppers, the need to have a better security on information flow is widely needed. A company has to be able to protect its clients information and government agencies need to pass top secret information or messages to soldiers in combat or Agents without the possibility of enemies knowing what the message says. (Oriyano, S. 2009) (Westphal, K. 2010) (Oriyano, S. 2009)
Copyright infringement and Fraud, digital media like images and others have been in trouble with piracy and copyright infringements. Piracy has grown to a huge number these days, protecting what is yours is a great deal. Steganography has been known to use digital watermarking to prevent copyright information, by overlaying files which appear to be part of the original file and therefore not easily detected by the naked eye. (Janssen, C.2010) (Westphal, K. 2010)
Rationale According to the problems above, Image Steganography System will be developed as a standalone application to counterpart the problems involved. The system will have tangible and intangible benefits as follows;
Tangible Benefits: The user will be able to secure information inside an image without the worry of it being detected. The user can choose images which can be used to hide information. Image output will be the same as the one entered.
Intangible Benefits: Authentication information wont be known to anyone unless they know the information hidden in the image.
Nature of Challenge
62
2013
The main challenge to any project is mainly time and techniques used to get to the goal. For this project the time given to finish the project will be crucial everything has to be done in a proper schedule. The technique used to encrypt the information is called Least Significant Bit (LSB) This is algorithm embeds the text by adjusting the least significant bit of pixels in the image. Another challenge will be the programming language used to develop the application. The researcher will use C#. Its a new programming language for the research and time and resources will be important to learning this language.
Deliverables
In this Project Proposal, the main aim is to research on the image Steganography and later to provide the appropriate technique that can hide information inside an image file. Another aim for this project is to develop a complete working system based on the research obtained. The objectives of the proposed project title are as follows:
To develop a system that will hide messages in an image using 24 bit image To choose which algorithm techniques will be appropriate for the system such as LSB algorithm The system developed should be easy to use; this means the system should have a user friendly interface with instruction on how to work the system. The system should provide the same image output as the one entered before hiding the information To develop the system that can work across platform if possible
63
2013
D. Brief description of the resources needed by the proposal. (i.e. hardware, software, access to information / expertise, user involvement etc.)
Hardware The minimum requirements needed are a laptop or a PC with Processor Intel Core 2 Duo Random Access Memory (RAM) 1 GB An external hard drive for backup Software
The minimum software requirements for the development and execution of the project are as follows:
Code Editor Visual C# 2008 .Net framework 4.0 Documentation and Planning Microsoft Office Full Package 2007 Access to information / expertise The development of this project will require the all kinds of access to information from internet, IT experts and books from libraries. User Involvement Users are important in the project because they are the ones who will use the system. The system will be used by novice, intermediate and experts who have the same or extra knowledge with the developer.
E. Academic research being carried out and other information, techniques being learnt. (i.e. what are the names of books you are going to read / data sets you are going to use)
Its difficult to know exactly what resources will be used at this time but from library books to internet resources like articles, journals, white papers and other website that provide significant information to the researcher. Nelson Perez (TP025838), UC3F1305IT (ISS)
64
2013
Microsoft Visual C# 2010 Step By Step Sams Teach Yourself Visual C# 2010 In 24 Hours
Internet:
Learning videos about C# from YouTube. Johnson, N. (2006) Steganography & Digital Watermarking - Attacks and Countermeasures. [Online] Available at: http://www.jjtc.com/Steganography/ [Accessed: 10 Jan 2013]. Kessler, G. (2008) Steganography. [Online] Available at: http://www.garykessler.net/library/steganography.html [Accessed: 12 Jan 2013]. 12 Jan 2013]. Bateman, P. (2008) Image Steganography and Steganalysis. [Online] Available at: http://www.computing.surrey.ac.uk/personal/st/H.Schaathun/projects/Past/phil-msc.pdf [Accessed: 16 Jan 2013]. Oriyano, S. (2009) Using steganography to avoid observation. [Online] Available at: http://www.ibm.com/developerworks/web/library/wa-steganalysis/index.html#why [Accessed: 16 Jan 2013].
F. Brief description of the development plan for the proposed project. (i.e. which software methodology and why, the major areas of functions to be developed and the order in which developed)
Methodology Simply put, a software methodology is a way used to structure, plan and control the development of an information system. There are many types of software methodology but in this project will be using two methodologies Waterfall Model and Prototyping.
65
2013
The waterfall Model is a linear sequential flow. In which progress is seen as flowing steadily downwards (like a waterfall) through the phases of software implementation. This means that any phase in the development process begins only if the previous phase is complete. So once the stage is passed there is no going back if any changes are required. This methodology is appropriate for beginners of projects as it is easy to follow and easy to explain because each stage is finished first before going to the next. Another methodology is the Prototyping. This methodology was made to correct the mistakes in waterfall module. With Prototyping, the risk is reduced because the project is broken down into segments which help in noticing problems earlier in the project than later.
G. Brief description of the evaluation and test plan for the proposed project. (i.e. what is the success criteria and how will be evaluated and implementation will be tested, indicate the estimated size of the demonstration / test database)
Success Criteria The main goal of the project is make sure the Image Steganography System is made accomplishing all the objectives and making sure the users are well satisfied by the outcome system.
Unit testing
Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program inputs produce valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.
66
2013
Integration testing
Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components is correct and consistent. Integration testing is specifically aimed at exposing the problems that arise from the combination of components.
Functional test
Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements, system documentation, and user manuals. Functional testing is centered on the following items: Valid Input Invalid Input Functions Output : identified classes of valid input must be accepted. : identified classes of invalid input must be rejected. : identified functions must be exercised. : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked. Organization and preparation of functional tests is focused on requirements, key functions, or special test cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined processes, and successive processes must be considered for testing. Before functional testing is complete, additional tests are identified and the effective value of current tests is determined.
System Test
System testing ensures that the entire integrated software system meets requirements. It tests a configuration to ensure known and predictable results. An example of system testing is the configuration oriented system integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process links and integration points.
67
2013
68
2013
69
2013
70
2013
71
2013
8.5 Gantt chart (detailed) 8.6 Sample questionnaires completed by the respondents (3 sets)
72