Professional Documents
Culture Documents
INTRODUCTION
1.0 Background to the Study
The internet is an integral part of our daily lives, and the proportion of the
people who are expected to be able to manage their bank account anywhere, anytime
is constantly growing. As such, internet mobile banking has come of age as a crucial
banking uses mobile phone with internet facility as the delivery channel to conduct
banking activities like transferring funds, paying bills, viewing account statements,
a key component of their growth strategy, and use of the mobile phone to conduct
banking and financial services tasks continues to rise among early adopters. (Barnes,
S.J., and Corbitt, B. Mobile Banking: Concept and Potential, International Journal of
Cryptography and steganography are well known and widely used techniques
These techniques have many applications in computer science and other related fields:
they are used to protect e-mail messages, credit card information, corporate data, and
way which hides the existence of the communication (Johnson and Jajodia, 1998). A
authentication, and data origin authentication (Menezes, A., Van Oorschot, P., and
Vanstone, S. 1996).
Many different carrier file formats can be used, but digital images are the most
popular because of their frequency on the internet. For hiding secret information in
images, there exists a large variety of Steganography techniques some are more
complex than others and all of them have respective strong and weak points.
Cryptography was used to assure only secrecy, signatures, and other physical
mechanisms were typically used to assure integrity of the media and authenticity of
the sender.
for integrity began to surpass its use for secrecy. In the information age,
steganography has become one of the major methods for protection in all applications.
Over the years, internet banking in Nigeria has played the role of the intermediate
body in banking sector to ensure the smooth running of the economy and coordination
involved in the circular flow of income in Nigeria economy but however, Growth in
internet mobile banking bas been reduced due to lack of security in internet banking
which leads to financial crime. Frauds have had adverse impact on development of our
financial system and hacking is starting to become a major issue and this is the reason
The amount of transactions through internet mobile banking has led to attract criminal
attention, serious operational risks and potential liabilities are associated with security
breaches in accessing of bank accounts over the internet. Meanwhile this has to be
controlled.
i. To gain insight into the current status of internet banking security challenge
and to identify security threats and goals in internet mobile banking system.
ii. To create a system that will bridge internet mobile banking security between
aid mutual authentication and to provide adequate protection against internet banking
The techniques methodologies that will be embarked in carrying out this research
work are:
banks.
ii. Comparison of selected online portals.
iii. Java will be used for implementation
iv. System testing will be performed to know how effective the security is.
At the end of this research work internet mobile banking will be secured to
handle banking operations which require high level of security. Every year many users
face problem related to security of their account and causing loss of valuable
information and money too. The Improved internet banking security that will be done
in this research work will help both user and bank to keep their data safe.
CHAPTER TWO
LITERATURE REVIEW
Internet service. The two terminals, that are the principals in this transaction, must
cooperate for the exchange to take place. A logical information channel is established
by defining a route through the Internet from the source to the destination and by the
Security aspects come into play when it is necessary or desirable to protect the
confidentiality, authenticity, and so on. All the techniques for providing security have
two components:
Figure 2.1: Model for Network Security (Source: William Stallings, 2006)
encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can
Some secret information shared by the two principals and, it is hoped, unknown
reception.
example, a third party may be responsible for distributing the secret information to the
two principals while keeping it from any opponent. Or a third party may be needed to
arbitrate disputes between the two principals concerning the authenticity of a message
This general model shows that there are four basic tasks in designing a particular
security service:
The algorithm should be such that an opponent cannot defeat its purpose.
information.
4. Specify a protocol to be used by the two principals that makes use of the
service.
Symmetric Encryption
key encryption in the 1970s. It remains by far the most widely used of the two types of
encryption.
called the ciphertext. The process of converting from plaintext to cipher-text is known
deciphering or decryption.
The many schemes used for encryption constitute the area of study known as
Techniques used for deciphering a message without any knowledge of the enciphering
details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls
The areas of cryptography and cryptanalysis together are called cryptology (William
Stallings, 2006).
i. Plaintext: This is the original intelligible message or data that is fed into the
algorithm as input.
iii. Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the time.
on the key.
iv. Cipher-text: This is the scrambled message produced as output. It depends on
the plaintext and the secret key. For a given message, two different keys will
reverse. It takes the cipher-text and the secret key and produces the original
plaintext.
component from being accessible to its clients, using either programming language
Michael L, 2009).
Not all agree on the distinctions between the two though; one may think of
information hiding as being the principle and encapsulation being the technique. A
A common use of information hiding is to hide the physical storage layout for
data so that if it is changed, the change is restricted to a small subset of the total
with three floating point scalar variables and later, the representation is changed to a
single array variable of size three, a module designed with information hiding in mind
would protect the remainder of the program from such a change (Parnas, December
1972).
thereby protecting the data from unauthorized or unwanted viewing. But stego is
simply one of many ways to protect the confidentiality of data. It is probably best used
methods can all be a part of a layered security approach. Some good complementary
methods include:
series of mathematical operations that generate an alternate form of the original data
known as cipher text. The encrypted data can only be read by parties who have been
given the necessary key to decrypt the cipher text back into its original plaintext form.
2.5 Steganography
innocuous text spells out the real message. Various other techniques have been used
overwritten in pencil. The marks are ordinarily not visible unless the paper is
b. Invisible ink: A number of substances can be used for writing but leave no
c. Pin punctures: Small pin punctures on selected letters are ordinarily not visible
d. Typewriter correction ribbon: Used between lines typed with a black ribbon,
the results of typing with the correction tape are visible only under a strong light.
Steganography is also the art of hiding the fact that communication is taking place, by
Its ancient origins can be traced back to 440 BC. In Histories the Greek historian
The goal of Steganography is to mask the very presence of communication making the
true message not discernible to the observer. As steganography has very close to
cryptography and its applications, we can with advantage highlight the main
differences. Cryptography is about concealing the content of the message. At the same
information. Steganography goes a step further and makes the cipher-text invisible to
unauthorized users.
making the true message not discernible to the observer. As steganography is very
close to cryptography and its applications, we can with advantage highlight the main
differences. Cryptography is about concealing the content of the message. At the same
information. Steganography goes a step further and makes the cipher-text invisible to
unauthorized users. Two other technologies that are closely related to steganography
are watermarking and fingerprinting. These technologies are mainly concerned with
the protection of intellectual property. But steganography is concern with the hiding of
a. Image
b. Audio
c. Video
d. Protocol
The first recorded use of the term was in 1499 by Johannes Trithemiusin his
magic. Generally, the hidden messages appear to be (or be part of) something else:
images, articles, shopping lists, or some other cover text. For example, the hidden
message may be in invisible ink between the visible lines of a private letter. Some
secret message does not attract attention to itself as an object of scrutiny. Plainly
alone, steganography is concerned with concealing the fact that a secret message is
coding inside of a transport layer, such as a document file, image file, program or
protocol. Media files are ideal for steganographic transmission because of their large
size. For example, a sender might start with an innocuous image file and adjust the
color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle
host before passing it through the network, thus the existence of the message is
unknown. Besides hiding data for confidentiality, this approach of information hiding
can be extended to copyright protection for digital media: audio, video, and images
(Artz, 2001).
important as the number of data being exchanged on the Internet increases. Therefore,
the confidentiality and data integrity are requires to protect against unauthorized
access and use. This has resulted in an explosive growth of the field of information
hiding.
video and other source available in digital form may lead to large-scale unauthorized
copying. This is because the digital formats make possible to provide high image
quality even under multi-copying. Therefore, the special part of invisible information
is fixed in every image that could not be easily extracted without specialized technique
saving Image quality simultaneously. All this is of great concern to the music, film,
steganography. All these applications of information hiding are quite diverse (Cachin,
1998).
identification and a digital time stamp, which usually applied for copyright
protection.
(ii) Fingerprint, the owner of the data set embeds a serial number that uniquely
identifies the user of the data set. This adds to copyright information to makes
it possible to trace any unauthorized use of the data set back to the user.
(iii) Steganography hide the secret message within the host data set and
host data set and is to be reliably communicated to a receiver. The host data set
informal analysis. However, this paper will only focus on information hiding
using steganography approach.
The basic model of steganography consists of Carrier, Message and Password. Carrier
is also known as cover-object, which the message is embedded and serves to hide the
Basically message is the data that the sender wishes to remain it confidential. It can be
plain text, cipher text, other image, or anything that can be embedded in a bit stream
known as stego-key, which ensures that only recipient who know the corresponding
decoding key will be able to extract the message from a cover-object. The cover-
object with the secretly embedded message is then called the stego-object.
corresponding decoding key if a stego-key was used during the encoding process. The
Original image may or may not be required in most applications to extract the
message.
Cryptography hides the contents of a secret message from a malicious people, whereas
steganography even conceals the existence of the message. Steganography must not be
meaning obscure to a malicious people who intercept it. Therefore, the definition of
breaking the system is different. In cryptography, the system is broken when the
attacker can read the secret message. Breaking a steganographic system need the
attacker to detect that steganography has been used and he is able to read the
embedded message.
disguise or hide the encoded message. Basically, cryptography offers the ability of
transmitting information between persons in a way that prevents a third party from
reading it. Cryptography can also provide authentication for verifying the identity of
someone or something.
In contrast, steganography does not alter the structure of the secret message,
but hides it inside a cover-image so it cannot be seen. A message in cipher text, for
instance, might arouse suspicion on the part of the recipient while an invisible
message created with steganographic methods will not. In other word, steganography
prevents an unintended recipient from suspecting that the data exists. In addition, the
system. Once the encoding system is known, the steganography system is defeated.
cryptography and then hiding the encrypted message using steganography. The
technique and detect the message from the stego-object, he would still require the
Over the past few years, numerous steganography techniques that embed hidden
messages in multimedia objects have been proposed. There have been many
techniques for hiding information or messages in images in such a manner that the
alterations made to the image are perceptually indiscernible. Common approaches are
include:
bits of the message directly into least significant bit plane of the cover-image in
a deterministic sequence. Modulating the least significant bit does not result in
b. Masking and filtering techniques, usually restricted to 24 bits and gray scale
watermarks. The techniques performs analysis of the image, thus embed the
transform domain, such as the Discrete Cosine Transform (DCT) used in JPEG
them more robust to attack. Transformations can be applied over the entire
All the adoption model [like TAM, Theory of Planned Behavior [TPB], and the
Theory of Reasoned Action [TRA] were developed for studying technology adoption
Environment [T-O-E] framework by Tornatzky and Fleischer, [1990]; three factors are
includes both internal and external technologies applicable for the firm.
and size. Environment context includes both the direct and indirect roles of
competitors, industry associations, and the governments. Following this, Tan and Teo,
[2000] adopted organization reputation as one of the factors for determining adoption
Singapore. The variety of services offered and familiarity with the bank are also
The CBN recognizes that electronic banking and payments services are still at
the early stages of development in Nigeria. Arising from the three major roles of the
CBN in the areas of monetary policy, financial system stability and payments system
which anticipates the likely impact of the movement towards electronic banking and
payments on the achievement of CBNs core objectives. Following from the findings
developed as follows:
issues relating to technology solutions deployed, and ensure that they meet
the needs of consumers, the economy and international best practice in the
Outsourcing.
ii. Monetary Policy, to address issues relating to how increased usage of Internet
iii. Legal guidelines to address issues on banking regulations and consumer rights
protection.
The Guidelines are expected to inform the future conduct of financial institutions in e-
3.1 Introduction
After analyzing the requirements of the task to be performed, the next step is to
analyze the problem and understand its context. The first activity in the phase is
studying the existing system and other is to understand the requirements and domain
of the new system. Both the activities are equally important but the first activity serves
as a basis of giving the functional specifications and then successful design of the
The model that is basically being followed is WATER FALL Model which
states that the phases are organized in a linear order. First of all, the feasibility study is
done. Once that part is over, the requirement analysis and project planning begins. If
system exists as a whole but modification and addition of new module is needed,
The design starts after the requirement analysis is complete and the coding
begins after the design is complete. Once the programming is completed, the testing is
project are:
i. Requirement Analysis
ii. Project Planning
iii. System Design
iv. Detail Design
v. Coding
vi. Unit Testing
vii. System Integration & Testing
Here the linear ordering of these activities is critical. At the end of the phase,
the output of one phase is the input to other phase. The output of each phase should be
consistent with the overall requirement of the system. Some of the qualities of spiral
model are also incorporated like after the people concerned with the project review
WATER FALL Model has been chosen because all requirements were known
3.1.2.1 GUIS
For flexibility, the User Interface has been developed with a graphics concept in mind,
associated through a browser interface. The GUIS at the top level have been
categorized as:
that is practically, part of the organizational activities and which needs proper
authentication for the data collection. This interface helps the administration with all
the transactional states like Data Insertion, Data Deletion and Data Updation along
The Operational/Generic User Interface helps the users upon the system in
transactions through the existing data and required services. The Operational User
Interface also helps the ordinary users in managing their own information in a
In the existing system of the project we had just e-banking that is usage through
computers, here users can bank through the internet from a personal computer located
at a particular point of place or through a mobile which uses WML (Web Markup
As mentioned above we can use both personal computer and the mobile for
banking but the problem here is when we use a personal computer it is required that
the person has to be compulsorily at a place which requires time, he cant carry his
computer with him where ever he go it is a drawback, to overcome with this usage of
internet banking through mobile has been introduced here we can do banking from
any place but the problem here is it completely uses WML for the purpose. When
WML is used it repeatedly has to download every bit of data from the internet which
takes a lot of time, for which mobile E banking by using J2ME has been introduced.
concerns.
As the above disadvantages cant be solved with, in this application has been
proposed and also the security will be much improved than the existing system as we
are implementing the special method called Steganography, here we develop a jar file
by using J2ME for banking, a customer here will get a unique ID & Password, once
he dumps the application in to the mobile and after installing he gets the page to get
started with. Here after he enters the ID & Password he gets logged in and he will
have an easily understandable interface where he can have two options i.e. account
details and money transfer. In this process the applications gets interacted not to an
internet server but to the administrator server which makes easy processing and takes
no time.
for E-banking
ii. Proactive and simple alerting services reduces branch/ call center costs
iii. M-banking is expected to account for an increasingly high proportion of
transactions.
iv. Mobile device can be an ideal POS device allowing transactions to be
functionality)
iv. Higher Security mechanisms
v. Applications capitalize on the mobile aspects and diversify from existing web
based solutions
Symmetric algorithms encrypt and decrypt a message using the same key. If you hold
a key, you can exchange messages with anybody else holding the same key. It is a
shared secret. But be careful who you give the key to. Once it gets in the wrong hands,
there is no getting it back. That person can read all of your past messages, and create
a. Blowfish
b. DES
d. AES
The encrypting key is called the public key and the decrypting key is the private key. If
you hold the private key, I can send you a message that only you can read.
These keys will also work in the opposite direction. That is, anything you
encrypt with your private key, I can decrypt with your public key. You can use this to
digitally sign a document. Encrypt it with your private key, and I'll be able to verify
your signature by decrypting with your public key. I have confidence that the message
came from you, because only someone who holds your private key could have
(i) Diffie-Hellman
(ii) RSA
Diffie-Hellman is not quite suitable for establishing identity as describe above, but the
other two are. RSA is the most common today, but Elliptic Curve appears to be on its
compute a digest, a smaller number based on the larger message. The way I do that is
Some hash functions were invented for error detection during transmission. These
hash functions are not suitable for digital signature because they are easily reversible.
hashes that are hard to reverse. In other words, given a hash, it's hard to make up a
a. MD5
b. SHA 1
MD5 has been found to contain weaknesses, and is therefore no longer recommended
for use. SHA 1 is somewhat stronger, but should still be phased out at this time. SHA
2 is secure, but was invented by the NSA. SHA 3 is secure, and was invented using an
because people often transmit digital pictures over email and other Internet
communication (e.g., eBay). Moreover, after digitalization, images contain the so-
called quantization noise which provides space to embed data (Westfeld and
Pfitzmann, 1999).
prisoners problem
(Simmons, 1984; Kharrazi et al., 2004) where Alice and Bob are two inmates who
between them is examined by the warden, Wendy, who will put them in solitary
Specifically, in the general model for steganography, Alice (the sender) wishing
to send a secret message M to Bob (the receiver): in order to do this, Alice chooses a
cover image C.
The steganographic algorithm identifies Cs redundant bits (i.e., those that can be
modified without arising Wendys suspicion), then the embedding process creates a
S is transmitted over a public channel (monitored by Wendy) and is received by Bob only
ifWendy has no suspicion on it. Once Bob recovers S, he can get M through the extracting
process.
The embedding process represents the critical task for a steganographic system since S
must be as similar as possible to C for avoiding Wendys intervention (Wendy acts for the
eavesdropper).
Least significant bit (LSB) insertion is a common and simple approach to embed
information in a cover file: it overwrites the LSB of a pixel with an Ms bit. If we choose
a 24-bit image as cover, we can store 3 bits in each pixel. To the human eye, the resulting
stego-image will look identical to the cover image (Johnson and Jajodia, 1998).
the histogram of colour frequencies in a predictable way (Provos and Honeyman, 2003;
In the next chapter a new method able to perform steganography providing strong
Purpose: The main purpose for preparing this document is to give a general insight into
the analysis and requirements of the existing system or situation and for determining the
Scope: This Document plays a vital role in the development life cycle (SDLC) and it
describes the complete requirement of the system. It is meant for use by the developers
and will be the basic during testing phase. Any changes made to the requirements in the
i. Developing the system, which meets the SRS and solving all the requirements of
the system?
ii. Demonstrating the system and installing the system at client's location after the
User name and Password for the website for the purpose of banking issued by the
administrator.
3.9Software Requirements
i. Language: JAVA
ii. Front End: J2ME
iii. Back End: My SQL
iv. Web Server: Apache Tomcat
v. Build Tools: Apache ANT
vi. Testing Tool: J2ME unit test
CHAPTER FOUR
This section explains the activities carried out in the implementation stage. The
end product of this project at this stage was a first aid system fully supported on web and
mobile SMS platform to provide information to the public. This phase also involved the
construction of the new system and the delivery of that system into production.
The system implementation phase of a software system entails all procedures that are
carried out to put the computerized system into use. It is the process of describing
component, service and technology of the solution from the perspective of developments
required. There are different ways by which system implementation may be carried out.
determined by the nature of the system, the cost that will be involved in changeover, time
required, Quality of new system, using the modern architecture to solve the searching
problem.
includes screens, reports and documentation. Simply, the user interface in any part of the
system the user comes in contact with. The solution must be attractive and user friendly.
The users of this system are the End-user and the Administrator.
The report generated from this system design are: The report on mobile data,
The screen design of this system has been putting into consideration all design
color combination or large number of flashing signals. The screen design is consistent and
mechanisms which handles errors perfectly. The screen layout is made up of menus to
facilitate easy usage of the application and to access the command and tool contained in
The interaction style used in this new application in user-friendly involves direct
1. Phone Memory: memory storage with 66mtz or higher, 2gb RAM required.
2. Memory: 16MB of RAM from windows 200 or later (at least 32MB recommended)
information.
iii. The system must be configured to send report via email to specified location. They
iv. MS Access database: the back end functionality of the proposed system.
Language).
vi. Java Programming Language required to develop and run the application.
ii. All password and fingerprints template stored in the database must be hashed.
iii. Only the administrator or the end-user can view the most important aspect of this
application.
i. User manual
The user interface of the system is a web user interface. A proficient user of the internet
4.10 TRAINING
The development software application has been done using design principle of
software development. It is design a consistent manner and users if the system can
order to ensure that the software still meet its initial objectives.
The system would also need to be reviewed and maintained periodically for the
following reason:
1. To ascertain that the system is able to cope with changing requirement of the system
2. To ensure that the requirements are met and to ensure that there is enough capacity
i. Corrective Maintenance
The corrective Maintenance for the project would require running the codes and
locating errors that may result well as correcting the errors. Adaptive maintenance would
ensure that the developed system can be easily adjusted and up graded into newer
stages involved as well as the component. The documentation includes the comments in
the program codes as the user guide. Other forms of maintenance are handling of the
system component which include the power supply, memory, hard drive and input
devices.
the system. A backup of the database should be carried out by the database administrator.
CHAPTER FIVE
This project is a short introduction to the world of mobile internet banking security
using Steganography. It shows how the simplest methods work and how they can be
this field has already begun. Next to Steganography, one of the most active fields of
research is mass detection tools for hidden contents. This research project has exposed a
lot, especially about bit operations and different encryption technique. This project is
interesting from the start and only got more interesting as it went on developing. It
became more interested in the subject the more we researched it. It learnt that while
and the methods to do so are far more complex than actually doing the Steganography
itself. There is a lot of research that is beginning to discover new ways to detect
interesting to see what other methods will be developed and how accurate they will be at
detecting Steganography.
5.1 Recommendations
In todays world, we often listen to a popular term Hacking. Hacking is nothing but an
unauthorized access of data which can be collected at the time of data transmission. With
respect to Steganography, Steganography may be some of the future solution for this
above mentioned problem. In the near future, the most important use of Stenographic
techniques will probably be lying in the field of digital watermarking. Content providers
are eager to protect their copyrighted works against illegal distribution and digital
watermarks provide a way of tracking the owners of these materials. Although it will not
prevent the distribution itself, it will enable the content provider to start legal actions
against the violators of the copyrights, as they can now be tracked down.
We hope to add support to hide all file formats. This allows for a much broader
spectrum of uses: one would be able to encode .exe, .doc, .pdf, .mp3, etc. The program
would be more versatile because often hiding text just isnt enough.
We also would like to implement batch image processing and statistical analysis so
that we can run the program through a dataset of images and detect Steganography and
perhaps crawl through Google Image Search to see how prevalent Steganography is. We
eventually plan to port the program to use java other programming language so that we