Professional Documents
Culture Documents
By
BACHELOR OF TECHNOLOGY
in
Information Technology
ii
TABLE OF CONTENTS
1. INTRODUCTION....7
1.3. METHODOLOGY.....9
CHAPTER 2
2.1 STEGANOGRAPHY..12
2.2. CRYPTOGRAPHY..17
CHAPTER 3
3. DESIGN.29
CHAPTER 4
CHAPTER 5
5. TESTING.
CHAPTER 6
CHAPTER 7
7. FUTURE ENHANCEMENTS
CHAPTER 8
8. References:
TABLE OF CONTENTS
Page
DECLARATION ..........................................................................................iv
CERTIFICATE............................................................................................ v
v
ACKNOWLEDGEMENTS ........................................................................vi
ABSTRACT ............................................................................................... .vii
LIST OF TABLES........................................................................................viii
LIST OF FIGURES..................................................................................... ix
LIST OF SYMBOLS .....................................................................................x
CHAPTER 1: ONLINE SHOPPING1
1.1 About Online Shopping....1
1.2 Payment...1
1.3 Product Delivery2
1.4 Shopping Cart System..3
1.5 Design.3
1.5.1 Information Load...3
1.5.2 Consumer Needs and Expectations...4
1.5.3 User Interface....4
1.6 Advantages.5
1.7 Disadvantages.5
2.2 Services6
2.4 Aim..7
2.5 Feature.8
2.6 Limitations...8
3.5.1 Advantages.....14
3.5.2 Drupal Modules Used.14
3.6 About Ubercart20
3.6.1 Required modules........21
3.6.2 Optional Core Modules.......22
CHAPTER 4: DESIGN...24
CHAPTER 5: SCREENSHOTS.....26
CHAPTER 7: CONCLUSION....41
APPENDIX A ....42
BIBLIOGRAPHY...47
DECLARATION
I hereby declare that this submission is my own work and that, to the best of my
knowledge and belief, it contains no material previously published or written by another
person nor material which to a substantial extent has been accepted for the award of any
vii
other degree or diploma of the university or other institute of higher learning, except where
due acknowledgment has been made in the text.
Signature
Name: Shreya Gupta
Signature
Name: Sidharth Bais
Signature
Name: Umang Juyal
Signature
Name: Vineet Kumar Maurya
Date: 18/04/2013
CERTIFICATE
work carried out by him under my/our supervision. The matter embodied in this thesis is
original and has not been submitted for the award of any other degree.
Date: Supervisor
ACKNOWLEDGEMENT
It gives us a great sense of pleasure to present the report of the B. Tech Project undertaken
during B. Tech. Final Year. We owe special debt of gratitude to Ms. Megha Chhillar
Department of Information Technology for his constant support and guidance throughout
ix
the course of our work. His sincerity, thoroughness and perseverance have been a constant
source of inspiration for us. It is only his cognizant efforts that our endeavors have seen
light of the day.
We also take the opportunity to acknowledge the contribution of Dr. Archana Verma,
Head, Department of Information Technology for his full support and assistance during the
development of the project.
We also do not like to miss the opportunity to acknowledge the contribution of all faculty
members of the department for their kind assistance and cooperation during the
development of our project. Last but not the least, we acknowledge our friends for their
contribution in the completion of the project.
Signature:
Roll No.:0909013104
Date :18/04/2013
Signature :
Roll No.:0909013109
Date : 18/04/2013
Signature :
Roll No.:0909013121
Date : 18/04/2013
Signature :
Roll No.:09090131125
Date : 18/04/2013
ABSTRACT
Steganography is the art of hiding the fact that communication is taking place, by hiding
information in other information. Many different carrier file formats can be used, but
digital images are the most popular because of their frequency on the internet. For hiding
secret information in images, there exists a large variety of steganography techniques some
are more complex than othersand all of them have respective strong and weak points.
xi
Different applications may require absolute invisibility of the secret information, while
others require a large secret message to be hidden. This project report intends to give an
overview of image steganography, its uses and techniques. It also attempts to identify the
requirements of a good steganography algorithm and briefly reflects on which
steganographic techniques are more suitable for which applications.
LIST OF FIGURES
GANTT CHART
WATERFALL METHODOLOGY.
xii
FLOW DIAGRAM.. 25
ER DIAGRM..26
LIST OF SYMBOLS
Flow of information
xiii
Condition/ Relationship
Input or Output
14
CHAPTER 1:
INTRODUCTION
One of the reasons that intruders can be successful is the most of the information they acquire
from a system is in a form that they can read and comprehend. Intruders may reveal the
information to others, modify it to misrepresent an individual or organization, or use it to launch
an attack. One solution to this problem is, through the use of steganography. Steganography is a
technique of hiding information in digital media. In contrast to cryptography, it is not to keep
others from knowing the hidden information but it is to keep others from thinking that the
information even exists.
Steganography become more important as more people join the cyberspace revolution.
Steganography is the art of concealing information in ways that prevents the detection of hidden
messages. Stegranography include an array of secret communication methods that hide the
message from being seen or discovered.
Due to advances in ICT, most of information is kept electronically. Consequently, the security of
information has become a fundamental issue. Besides cryptography, streganography can be
employed to secure information. In cryptography, the message or encrypted message is
embedded in a digital host before passing it through the network, thus the existence of the
message is unknown. Besides hiding data for confidentiality, this approach of information hiding
can be extended to copyright protection for digital media: audio, video and images.
The growing possibilities of modern communications need the special means of security
especially on computer network. The network security is becoming more important as the
number of data being exchanged on the internet increases. Therefore, the confidentiality and
data integrity are requires to protect against unauthorized access and use. This has resulted in an
explosive growth of the field of information hiding
15
Fingerprint, the owner of the data set embeds a serial number that uniquely identifies the
user of the data set. This adds to copyright information to makes it possible to trace any
unauthorized used of the data set back to the user.
Steganography hide the secrete message within the host data set and presence
imperceptible and is to be reliably communicated to a receiver. The host data set is purposely
corrupted, but in a covert way, designed to be invisible to an information analysis.
16
What is Steganography?
Steganography is the practice of hiding private or sensitive information within something that
appears to be nothing out to the usual. Steganography is often confused with cryptology because
the two are similar in the way that they both are used to protect important information. The
difference between two is that steganography involves hiding information so it appears that no
information is hidden at all. If a person or persons views the object that the information is hidden
inside of he or she will have no idea that there is any hidden information, therefore the person
will not attempt to decrypt the information.
What steganography essentially does is exploit human perception, human senses are not trained
to look for files that have information inside of them, although this software is available that can
do what is called Steganography. The most common use of steganography is to hide a file inside
another file.
17
Problem Statement:
The former consists of linguistic or language forms of hidden writing. The later, such as invisible
ink, try of hide messages physically. One disadvantage of linguistic steganography is that users
must equip themselves to have a good knowledge of linguistry. In recent years, everything is
trending toward digitization. And with the development of the internet technology, digital media
can be transmitted conveniently over the network. Therefore, messages can be secretly carried by
digital media by using the steganography techniques, and then be transmitted through the internet
rapidly
Steganography is the art of hiding the fact that communication is taking place, by hiding
information in other information. Many different carrier file formats can be used, but digital
images are the most popular because of their frequency on the internet. For hiding secret
information in images, there exists a large variety of steganography techniques some are more
complex than others and all of them have respective strong and weak points.
So we prepare this application, to make the information hiding more simple and user friendly.
18
Objective
The other goal of steganography is to avoid drawing suspicion to the existence of a hidden
message. This approach of information hiding technique has recently became important in a
number of application area
Steganography sometimes is used when encryption is not permitted. Or, more commonly,
steganography is used to supplement encryption. An encrypted file may still hide information
using steganography, so even if the encrypted file is deciphered, the hidden message is not seen
19
Methodology:
User needs to run the application. The user has two tab options encrypt and decrypt. If user
select encrypt, application give the screen to select image file, information file and option to save
the image file. If user select decrypt, application gives the screen to select only image file and
ask path where user want to save the secrete file.
In encryption the secrete information is hiding in with any type of image file.
Project Scope:
This project is developed for hiding information in any image file. The scope of the project is
implementation of steganography tools for hiding information includes any type of information
file and image files and the path where the user wants to save Image and extruded file.
21
CHAPTER 2:
STEGANOGRAPHY
hiding the one information into other sources of information like text, image or audiofile, so that
it is not visible to the natural view. There are varieties of steganographic techniques available to
hide the data depending upon the carriers we use.Steganography and cryptography both are used
for the purpose of sending the data securely. The same approach is followed in Steganography as
in cryptography like encryption, decryption and secret key. In steganography the message is kept
secret without any changes but in cryptography the original content of the message is differed in
different stages like encryption and decryption.Steganography supports different types of digital
formats that are used for hiding the data. These files are known as carriers. Depending upon the
redundancy of the
object the suitable formats are used. "Redundancy" is the process of providing better accuracy
for the object that is used for display by the bits of object.
The main file formats that are used for steganography are Text, images, audio,video, protocol
1. Pure steganography
Pure steganography: Pure steganography is the process of embedding the datainto the object
without using any private keys. This type of steganography entirely depends upon the secrecy.
This type of steganography uses a cover image in which data is to be embedded, personal
information to be transmitted, and encryption decryption algorithms to embed the message into
image.
This type of steganography cant provide the better security because it is easy for extracting the
message if the unauthorised person knows the embedding method. Ithas one advantage that it
reduces the difficulty in key sharing.
This type of steganography provides better security compared to puresteganography. The main
problem of using this type of steganographic system issharing the secret key. If the attacker
knows the key it will be easier to decrypt andaccess original information
23
Public key steganography:Public key steganography uses two types of keys: onefor encryption
and another for decryption. The key used for encryption is a private
key and for decryption, it is a public key and is stored in a public database.
CRYPTOGRAPHY:
The word cryptography is derived from two Greek words which mean secret
writing.Cryptography is the process of scrambling the original text by rearranging
andsubstituting the original text, arranging it in a seemingly unreadable format for
others.Cryptography is an effective way to protect the information that is transmittingthrough the
network communication paths.
Cryptology is the science that deals about cryptography and cryptanalysis.Cryptography is the
approach of sending the messages secretly and securely to thedestination. Cryptanalysis is the
method of obtaining the embedded messages intooriginal texts.
2. Encryption algorithm
24
3. Secret key
4. Cipher text
5. Decryption algorithm
Plain text: The plain text is an original piece of information that is needed to sendinformation to
the destination.
Encryption algorithm: This is the main key to any cryptographic system. Thisencryption
algorithm subjects the plain text to various substitutions andtransformations.Secret key: The
secret key is given by the user which will act as an input to theencryption algorithm. Based on
this key, various substitutions and transformations onthe plain text will differ.Cipher text: This is
the output generated by the encryption algorithm. The cipher textis the jumbled text. The cipher
text differs with each and every secret key that hasgiven to the encryption algorithm.
cipher text and secret key as an input and produce plain text as an output.Cryptographic
Algorithms: There are many cryptographic algorithms available whichdiffer on their type of
encryption. Based on the type of encryption standards thealgorithms are grouped into two types
2.2.1
Symmetric Encryption
level for this type of encryption will depend on the length of the key.
2.2.2
26
Asymmetric Encryption
Asymmetric encryption is also known as Public key encryption. The AES works
same as Symmetric encryption, the main difference between AES and Symmetricencryption is in
using keys. In asymmetric encryption, the encryption and decryptionwill be done by two
different keys. It will use plain text, encryption algorithm anddecryption algorithm same as
Symmetric encryption as discussed in above section
In 'Asymmetric encryption', only the data that is encrypted using public key can be
decrypted using the same algorithm. And the message which is encrypted usingprivate key can
be decrypted using only the matching public key.The main problem with Asymmetric algorithm
is cipher keys. Whenever two different people want to exchange the data simultaneously using
asymmetricencryption they need to have four different keys. It will be more confusing to
resolveas the corresponding key is required for the particular file to open.
27
CHAPTER 3
DESIGN:
The data hiding patterns using the steganographic technique in this project canbe explained using
this simple block diagram. The block diagram for steganographictechnique is as follows.
The procedure for data hiding using steganographic application in this project is as follows
The sender first uses the steganographic application for encrypting the secret message.
For this encryption, the sender uses text document in which the data is written and the
image as a carrier file in which the secret message or text document to be hidden
28
The sender sends the text document to the encryption phase for data encyption with key,
in which the text document is encrypted into the cipher text.
The sender sends the carrier file and cipeher text document to the encryption in image
phase for data embedding, in which the encrypted text document is embedded into the
image file.
Now the carrier file acts as an input for the decryption phase.
The receiver receives the carrier file and places the image in the decryption phase
The decryption phase decrypts the encrypted text document using the least significant bit
decoding and decrypts the encrypted message.
As mentioned in the above block diagram, the data hiding and the data extracting willbe done in
two phases.
1. Encryption phase
2. Decryption phase
The "Encryption phase" uses two types of files for encryption purpose. One is the
secret file which is to be transmitted securely, and the other is a carrier file such as
image. In the encryption phase the data is embedded into the image using LeastSignificant Bit
algorithm (LSB) by which the least significant bits of the secret
document are arranged with the bits of carrier file such as image, Such that the message bits will
merge with the bits of carrier file. In this procedure LSB algorithmhelps for securing the
originality of image.
The Decryption phase is reverse to encryption phase. In decryption phase, thecarrier image in
which the data is hided is given as an input file. The decryptionphase uses the same password
29
which was given for the encryption and decryption inorder to secure from unauthorised access.
After giving the correct password the
decryption section uses the Least Significant bit Algorithm (LSB) by which the
encoded bits in the image is decoded and turns to its original state and gives theoutput as a text
document as well as image.
Data flow diagrams are the basic building blocks that define the flow of data in asystem to the
particular destination and difference in the flow when anytransformation happens. It makes
whole procedure like a good document and makessimpler and easy to understand for both
programmers and non-programmers bydividing into the sub process.The data flow diagrams are
the simple blocks that reveal the relationship betweenvarious components of the system and
provide high level overview, boundaries ofparticular system as well as provide detailed overview
of system elements.
"DFD level 0" is the highest level view of the system, contains only one process
which represents whole function of the system. It doesnt contain any data stores
and the data is stored with in the process.For constructing DFD level 0 diagram for the proposed
approach we need two
sources one is for "source" and another is for "destination" and a "process".
For constructing "DFD level 1", we need to identify and draw the process that make the level 0
process. In the project for transferring the personal data from source todestination, the personal
data is first encrypted and processed and latter decrypted.
The image and the text document are given to the encryption phase. The encryptionalgorithm is
used for embedding the data into the image.The resultant image acting as a carrier image is
transmitted to the decryption phaseusing the transmission medium. For extracting the message
from the carrier image, itis sent to the decryption section. The plain text is extracted from the
carrier imageusing the decryption algorithm.
31
The sender sends the message to the receiver using three phases. Since we areusing the
steganographic approach for transferring the message to the destination,the sender sends text as
well as image file to the primary phase i.e., to encryptionphase. The encryption phase uses the
encryption algorithm by which the carrierimage is generated. The encryption phase generates the
carrier image as output.
32
GANTT CHART
33
30
25
TESTING 20
Series 3
CODING 15
Series 2
Series 1
DESIGN 10
5
REQ.
ANALYSIS
0
ALA 20 DAYS 45 DAYS 90 DAYS 105 DAYS
DURATION (DAYS)>
34
WATERFALL METHODOLOGY
Req. &
Analysis
System Design
Detailed Design
Testing
Oper. &
Maintenance
35
Start Application
Encryption Decryption
CHAPTER 4:
4.1 HARDWARE AND SOFTWARE REQUIREMENTS
Hardware Requirements:
Processor : Pentium.
RAM : 64 MB.
Hard Disk : 2 GB.
Cache : 512 KB.
Monitor : SVGA Color Monitor.
Keyboard : 101 keys.
Mouse : 2 buttons.
Software Requirements:
Java (jdk1.7)
Net Beans(IDE)
OPERATING SYSTEM:
A multimedia PC running a windows 98 , 2000 , XP or 7operating system .
38
CHAPTER 5:
5. TESTING
Testing defines the status of the working functionalities of any particularsystem. Through testing
particular software one can't identify the defects in it but can analyse the performance of
software and its working behaviour. By testing thesoftware we can find the limitations that
become the conditions on which theperformance is measured on that particular level. In order to
start the testing processthe primary thing is requirements of software development cycle. Using
this phasethe testing phase will be easier for testers.The capacity of the software can be
calculated by executing the code and inspectingthe code in different conditions such as testing
the software by subjecting it todifferent sources as input and examining the results with respect
to the inputs.After the designing phase, the next phase is to develop and execute the code
indifferent conditions for any errors and progress to the developing phase. Withouttesting and
execution, the software cannot be moved to the developing phase.There are two types of testing.
They are: The functional testing, which defines thespecified function of a particular code in the
program. This type of testing gives us a brief description about the program's performance and
security in the various functional areas.The other type of testing is non-functional testing. Non-
functional testing defines thecapabilities of particular software like its log data etc. It is opposite
to functionaltesting and so will not describe the specifications like security and performance.The
performance of the particular program not only depends on errors in coding. Theerrors in the
code can be noticed during execution, but the other types of errors canaffect the program
performance like when the program is developed based on oneplatform that may not perform
well and give errors when executed in differentplatform. So, compatibility is another issue that
reduce the software performance.The code tuning helps us in optimising the program to perform
at its best utilizingminimal resources possible under varied conditions.
The main aim of testing is to analyse the performance and to evaluate the errors thatoccur when
the program is executed with different input sources and running indifferent operating
environments.In this project, I developed a steganographic application based on Microsoft
VisualStudio which focuses on data hiding based on Least Significant Bit algorithm. Themain
39
aim of testing in this project is to find the compatibility issues as well as theworking performance
when different sources are given as the inputs.
There are different types of approaches for testing a JAVA framework basedapplication. The
types of testing are
Unit testing
Validation testing
Integration testing
User acceptance testing
Output testing
Black box and white box testing.
'Unit testing' is the approach of taking a small part of testable application and executing it
according to the requirements and testing the application behaviour. Unittesting is used for
detecting the defects that occur during execution.When an algorithm is executed, the integrity
should be maintained by the datastructures. Unit testing is made use for testing the functionality
of each algorithmduring execution.Unit testing can be used in the bottom up test approach which
makes the integrationtest much easier. Unit testing reduces the ambiguity in the units. Unit
testing usesregression testing, which makes the execution simpler. Using regression testing,
thefault can be easily identified and fixed.In this project, I have developed an application using
different phases like encryption,decryption, etc. So, for getting the correct output all the
functions that are used areexecuted and tested at least once making sure that all the control paths,
errorhandling and control structures are in proper manner.Unit testing has it's applications for
extreme programming, testing unit frame works and good support for language level unit testing.
Validation is the process of finding whether the product is built correct or not. Thesoftware
application or product that is designed should fulfil the requirements andreach the expectations
set by the user. Validation is done while developing or at thefinal stage of development process
to determine whether it is satisfies the specifiedrequirements of user.
Using validation test the developer can qualify the design, performance and itsoperations. Also
the accuracy, repeatability, selectivity, Limit of detection andquantification can be specified
using 'Validation testing'.
After completion of validation testing the next process is output testing. Outputtesting is the
process of testing the output generated by the application for thespecified inputs. This process
checks weather the application is producing the required output as per the user's specification or
not. The 'output testing' can be done by considering mainly by updating the test plans,the
behaviour of application with different type of inputs and with produced outputs,making the best
use of the operating capacity and considering the recommendationsfor fixing the issues.
'Integration testing' is an extension to unit testing, after unit testing the units are integrated with
the logical program. The integration testing is the process ofexamining the working behaviour of
the particular unit after embedding with program. This procedure identifies the problems that
occur during the combination of units.
41
Top-down approach
Bottom-up approach
Umbrella approach
In the top-down approach the highest level module should be considered first andintegrated. This
approach makes the high level logic and data flow to test first andreduce the necessity of drivers.
One disadvantage with top-down approach is its poor support and functionality islimited.
Bottom-up approach is opposite to top-down approach. In this approach, the lowestlevel units are
considered and integrated first. Those units are known as utility units.The utility units are tested
first so that the usage of stubs is reduced. Thedisadvantage in this method is that it needs the
respective drivers which make thetest complicated, the support is poor and the functionality is
limited.
The third approach is umbrella approach, which makes use of both the top - bottomand bottom -
top approaches. This method tests the integration of units along with itsfunctional data and
control paths. After using the top - bottom and bottom-topapproaches, the outputs are integrated
in top - bottom manner. The advantage of this approach is that it provides good support for the
release oflimited functionality as well as minimizing the needs of drivers and hubs. The
maindisadvantage is that it is less systematic than the other two approaches.
42
'User acceptance testing' is the process of obtaining the confirmation from the user that the
system meets the set of specified requirements. It is the final stage ofproject; the user performs
various tests during the design of the applications andmakes further modifications according to
the requirements to achieve the final result. The user acceptance testing gives the confidence to
the clients about theperformance of system
'Black box testing' is the testing approach which tells us about the possible combinations for the
end-user action. Black box testing doesn't need the knowledge about the interior connections or
programming code. In the black box testing, theuser tests the application by giving different
sources and checks whether the outputfor the specified input is appropriate or not.
'White box testing' is also known as 'glass box' or 'clear box' or 'open box' testing. It is opposite
to the black box testing. In the white box testing, we can create testcases by checking the code
and executing in certain intervals and know the potentialerrors.
The analysis of the code can be done by giving suitable inputs for thespecified applications and
using the source code for the application blocks. The limitation with the white box testing is that
the testing only applies to unit testing,system testing and integration testing
43
CHAPTER 6:
6. CONCLUSION AND FUTURE WORK
In the present world, the data transfers using internet is rapidly growing because it is so easier as
well as faster to transfer the data to destination.
So, many individuals and business people use to transfer business documents, important
information using internet.
Security is an important issue while transferring the datausing internet because any unauthorized
individual can hack the data and make ituseless or obtain information un- intended to him.
The proposed approach in this project uses a new steganographic approach called image
steganography. The application creates a stego image in which the personaldata is embedded and
is protected with a password which is highly secured.
The main intention of the project is to develop a stegano graphic application that provides good
security. The proposed approach provides higher security and can protect the message from stego
attacks.
The image resolution doesn't change much and is negligible when we embed the message into
the image and the image is protected with the personal password.
So, it is not possible to damage the data by unauthorized personnel.I used the Least Significant
Bit algorithm in this project for developing the application which is faster and reliable and
compression ratio is moderate compared to other algorithms.
The major limitation of the application is designed for bit map images (.bmp). It accepts only bit
map images as a carrier file, and the compression depends on the document size as well as the
carrier image size.
The future work on this project is to improve the compression ratio of the image tothe text.
This project can be extended to a level such that it can be used for thedifferent types of image
formats like .bmp, .jpeg, .tif etc., in the future.
44
The securityusing Least Significant Bit Algorithm is good but we can improve the level to a
certain extent by varying the carriers as well as using different keys for encryption and
decryption.
45
CHAPTER 7:
Future Enhancements:
CHAPTER 8:
References:
Guide to stegnography
http://en.wikipedia.org/wiki/Steganography
http://www.scribd.com
www.google.com
www.infor.com/content/brochures/30083/
www.nexstepworld.com