www.1000projects.com www.fullinterview.com www.chetanasprojects.

com

STEGANOGRAPHY
---A Better information security mechanism

Introduction
As commercially available computational resources grow in power, so does their ability to break encryption schemes. To provide new ways to ensure security of internet communications, researchers are developing alternative techniques. To human eyes, data usually contains known forms like images,e-mail,sounds and text. Most Internet data naturally includes gratuitous headers, too. Take a moment to read the previous paragraph.If you think it is a vague and awkward,then I have succeeded in using a very simple form of steganography.By taking the first letter of the every word of the previous paragraph we will discover a message that says :The duck flies at midnight.

hides private information and even the existence of the information with in the other medium. Now, it is gaining new popularity with the current industry demands for digital watermarking and fingerprinting of audio and video.

Water Marking: Through the use of

advanced computer software, authors of images, music and software can place a hidden ``trademark'' in their product, allowing them to keep a check on piracy. This is commonly known as watermarking. Finger Printing: Hiding serial numbers or a set of characteristics that distinguishes an object from a similar object is known as fingerprinting. Together, these two are intended to fight piracy. The latter is used to detect copyright violators and the former is used to prosecute them. Perhaps when you were a child, you used lemon juice to write text on paper, then let the paper dry. Your writing would miraculously reappear on the apparently blank

Definitions:
Steganography: Steganography is a means
of storing information in such a way that it

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

sheet of paper when you heated it. Or perhaps when you were older, and were introduced to money, you noticed the image, or watermark, that would appear on bank notes when they were held up to the light. Both these types of situations are examples of steganography, the art of secret writing. Although related to cryptography, they are not the same. Steganography's intent is to hide the existence of the message, while cryptography scrambles a message so that it cannot be understood. More precisely, as Kuhn puts it: ``the goal of steganography is to hide messages inside other harmless messages in a way that does not allow any enemy to even detect that there is a second secret message present.'' Histiaeus shaved the head of a slave and tattooed a message on his scalp. When the slave's hair had grown long enough he was dispatched to Miletus. Invisible inks have always been a popular method of steganography. Ancient Romans used to write between lines using invisible inks based on readily-available substances such as fruit juices, urine and milk. When heated, the invisible inks would darken, and become legible. Invisible inks were used as recently as World War II. An early researcher in steganography and cryptography was Johannes Trithemius (1462-1526), a German monk. His first work on steganography, Steganographia, described systems of magic and prophecy, but also contained a complex system of cryptography. It was only published posthumously, as Trithemius had feared the reaction of the authorities if it was published. The earliest actual book on steganography was a four hundred page work written by Gaspari Schotti in 1665 and called Steganographica. But it was during the twentieth century that steganography truly flowered. For example, the following message was sent by a German spy during WWII: Apparently neutral's protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects pretext for embargo on by-products, ejecting suets and vegetable oils. Decoding this message by taking the second letter in each word reveals the following secret message: Pershing sails from NY June 1. As an interesting example of steganography of this era, many scholars suspect the authorship of the Shakespearean plays can be attributed to Francis Bacon, the noted Elizabethan statesman and writer. They back this up with the discovery of several hidden texts - steganographies - in the plays, which contain the name of Bacon. These ciphers, together with some interesting background information on Shakespeare and Bacon, makes for a convincing argument. Penn Leary, in his book ``The Second

Introduction to Terms used

In the field of steganography, some terminology has developed. The adjectives cover, embedded and stego were defined at the Information Hiding Workshop held in Cambridge, England. The term ``cover'' is used to describe the original, innocent message, data, audio, still, video and so on. When referring to audio signal steganography, the cover signal is sometimes called the ``host'' signal. The information to be hidden in the cover data is known as the ``embedded'' data. The ``stego'' data is the data containing both the cover signal and the ``embedded'' information. Logically, the processing of putting the hidden, or embedded data, into the cover data, is sometimes known as embedding. Occasionally, especially when referring to image steganography, the cover image is known as the container.

History
Our earliest records of steganography were recorded by the Greek historian Herodotus and date back to Greek times. When the Greek tyrant Histiaeus was held as a prisoner by king Darius in Susa during the 5th century BCE, he had to send a secret message to his son-in-law Aristagoras in Miletus.

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

Cryptographic Shakespeare'' discusses this in detail. Further development in the field occurred in 1883, with the publication of Auguste Kerckhoffs' Cryptographie militaire. Although this work was mostly about cryptography, it describes some principles that are worth keeping in mind when designing a new steganographic system. Later, Les Filigranes, written by Charle Briquet in 1907, was a historical dictionary of watermarks. principle. When embedding data, Bender et al. reminds us that it is important to remember the following restrictions and features: The cover data should not be significantly degraded by the embedded data, and the embedded data should be as imperceptible as possible. (This does not mean the embedded data needs to be invisible; it is possible for the data to be hidden while it remains in plain sight.) The embedded data should be directly encoded into the media, rather than into a header or wrapper, to maintain data consistency across formats. The embedded data should be as immune as possible to modifications from intelligent attacks or anticipated manipulations such as filtering and resampling. Some distortion or degradation of the embedded data can be expected when the cover data is modified. To minimize this, error correcting codes should be used. The embedded data should be selfclocking or arbitrarily re-entrant. This ensures that the embedded data can still be extracted when only portions of the cover data are available. For example, if only a part of image is available, the embedded data should still be recoverable.
COVER MEDIA (CARRIER)

Steganography Media

under

Various

In the following three sections we will try to show how steganography can and is being used through the media of text, images, and audio.

Embedding Data
The goal of steganography is to conceal data. There are a few features and restrictions to successfully hide data. The goal is for the data to remain hidden. . The word hidden has two meanings here, (1) the data can be hidden and not visible to the human eye (2) the data can be visible and still not visible to the human eye. If the focus is deterred from the data, the data will not be seen, which means that it is hidden. The following guidelines represent a few features and restrictions when embedding data. Often, although it is not necessary, the hidden messages will be encrypted. This meets a requirement posed by the ``Kerckhoff principle'' in cryptography. This principle states that the security of the system has to be based on the assumption that the enemy has full knowledge of the design and implementation details of the steganographic system. The only missing information for the enemy is a short, easily exchangeable random number sequence, the secret key. Without this secret key, the enemy should not have the chance to even suspect that on an observed communication channel, hidden communication is taking place. Most of the software that we will discuss later meets this

Secret Message (To be hidden)

StegoMedia (Carrier With Hidden Message)

(CARRIER)

Steganograp hy Technique Algorithm

Steganographic Process
In the above figure cover media is the carrier medium - such as text ,image ,audio, video and even the network packet.

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

The secret message is the private message that is to be hidden in the cover media.

Simultaneous transfer

image

and

text

file

Image as carrier
Images are a good medium for hiding the data. The more detailed an image, the fewer constraints there are on how much data it can hide before it becomes suspect. Digital images are a preferred media for hiding information due to their high capacity and low impact on visibility.

If you want to transfer an image file and a text file, you have to store the text inside the image file by using text-on-image algorithm.

Text-on-image algorithm
Inputs: Image file and the text file Output: Text embedded image Procedure: Step 1: Extract all the pixels in the given image and store it in the array called PixelArray Step 2: Extract all the characters in the given text file and store it in the array called Character-Array Step 3: Repeat for every pixel in the PixelArray a) If the index of the Pixel-Array is less than the size of the text file: (i) Store the current character value of the Character-Array in the Alpha field of the current pixel in the PixelArray. b) Else (i) Store the value 0 in the alpha field of the current pixel in the PixelArray c) Increment the index of both the arrays (Character-Array and Pixel-Array) The above algorithm works only if the size of the text file is less than the size of the image file. This algorithm changes only the Alpha field in every pixel. The change is not visible by the human eyes. Thus the image and the text files can be transferred in the same time it takes to transfer the image file. On the receiving side reverse of the algorithm is used to get the actual message.

Pixel Representation in RGB

The matrix of pixels represents every image. According to the basic RGB color model, every pixel is represented by the four bytes namely Alpha, red, green, blue. Their significance is as follows:

Alpha: Gives the degree of transparency for a pixel Red: Gives the intensity of red color in that pixel Green: Gives the intensity of green color in that pixel Blue: Gives the intensity of blue color in that pixel Therefore we can store one byte of information in the alpha field off every pixel, because it doesn't affect color value of the pixel. This way we can store the secret messages inside the image and send this message to the destination. At the receiving end, we extract the characters from the pixels and reconstruct the message from the image.

Bandwidth Reduced File Transfer

Lets say the image file takes six minutes to transfer and the text file takes three minutes to transfer from a machine A to B. If you transfer the image and text file separately, the transfer will take a total of nine minutes. With the reduced file transfer technique, you can transfer both the text and image file within six minutes.

IMAGE FILE

TEXT_ON_IMA GE ALGORITHM

TEXT EMBEDDED IMAGE FILE

TEXT FILE

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

IMAGE FILE1 IMAGE_ON_I MAGE ALGORITHM IMAGE EMBEDDED IMAGE FILE

IMAGE FILE2

Simultaneous transfer of two image files

If you want to transfer two image files, you have to store the second image inside the first image file by using image-on-image algorithm.

Image-on-Image algorithm
Inputs: Two image files Output: Image embedded image procedure: Step 1: Extract all the pixels in the given first image and store it in the array called PixelArray1 Step 2: Extract all the pixels in the given second image and store it in the array called Pixel-Array Step 3: Repeat for every pixel in the PixelArray1 1) If the index of Pixel-Array2 is less than the size of the first image: (i) Store the Red value of the current pixel in the pixelArray2 to the Alpha field of the current pixel in the PixelArray1 (ii) Increment the index value of the pixel-Array1 (iii)Store the Green value of the current pixel in the pixelArray2 to the Alpha field of the current pixel in the PixelArray1 (iv)Increment the index value of the pixel-Array1 (v)Store the Blue value of the current pixel in the pixelArray2 to the Alpha field of

the current pixel in the PixelArray1 (vi)Increment the index value of the pixel-Array1 2) Else (i) Store the value 0 to the Alpha field of the current pixel in the PixelArray1 (ii)Increment the index value of the Pixel-Array1 (iii) Store the value 0 to the Alpha field of the current pixel in the Pixel-Array1 (iv)Increment the index value of the Pixel-Array1 (v) Store the value 0 to the Alpha field of the current pixel in the PixelArray1 (vi)Increment the index value of the Pixel-Array1

3) Increment the index value of the Pixel-Array2

The above algorithm works only if the size of the second image file is one-third the size of the first image file. Because you need three pixels of the first image to store the red, green, blue values of a single pixel of the second image. On the receiving side reverse of the algorithm is used to get the actual message.

Future Enhancements
The bandwidth reduced file transfer technique has been worked out in a LAN network using Java as implementing language. This technique is particularly efficient and useful when implemented on the Internet. And it can be used as an alternative to the compression and decompression techniques in file transfer.

ACLASSOF STEGANOGRAPHIC PROTOCOLS

INTRODUCTION

Steganography is the art of hiding one message in another. In this note, the host message is defined as a block of random data available to both sender and receiver. This,

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

arguably, also classifies the following schemes as varieties of stream cipher. One use of this class could be to foil traffic analysis - the sender can automatically queue messages, randomise the apparent message rate and adjust the actual message rate accordingly. This assumes sufficient bandwidth to cope with messaging requirements.
SCOPE

where T1, T2 and T3 are used for the address of an eight entry dynamic look-up table that determines the message bit. For completeness, it should be noted that there could also be an Implied Look-Up Table scheme.

Protocol Control Channel

In these schemes there is a need for data other than message data to be transmitted. Examples might be messages to indicate that the size of look-up table or the encoding scheme is about to change. This can be accomplished by setting certain parameters outside of their normal bounds. If, say, there is a minimum limit set for the number of random bits that are transmitted between protocol events, then breaking this rule can be used as a message in itself or indicate that a larger message is immanent.

These comments apply to a group of protocols that embed a message, one bit at a time, in a block of (pseudo)random data. Implicit in these schemes is that both the sender and receiver have copies of, or can synthesize, the random data stream. The message should be compressed and then ciphered using standard techniques before the steganography is applied. The more random the message appears, the more difficult the attack will be. The requirement for message randomness may be fulfilled by a relatively weak cipher in this context. It is also assumed that the ratio of message to random data is quite low i.e. less than 1:10.

Indirect Dynamic Look-up Table

So far in these schemes, either all or part of the random data has been transmitted. In the case where a pseudorandom generator is used, if sufficient data is captured, an evesdropper may be able to guess the structure and state of the generator. This can be made much more difficult by sending a series of numbers that represent the distances between protocol events. This approach and the Implied Dynamic Look-up Table scheme reduce the amount of data transmitted and thus the capability of these schemes to defeat traffic analysis. In fact, it may be better to improve their efficiency and define them as a class of lossy cipher combiners.

Dynamic Look-Up Table

Leading on from 4.6, the look-up table could be dynamically modified each time it was used. This would probably be accomplished by swapping the entry that had just been used with one chosen at random. It should be noted that although bit inversion has been used to indicate the protocol event, bit insertion and bit deletion schemes can be used just as well.

Event Span
I am indebted to Bruce Christianson for this suggestion. The span or distance between protocol events is used as an index into a dynamic look-up table: R1, R2, R3, R4, R5, R6 -> R1, R2, ~R3, R4, ~R5, R6 ^ ^ ^ ^ Here the indicated events are two bits apart and the number two can then be used with a dynamic look-up table to produce the next message bit.

Implied Dynamic Look-Up Table

As the receiver already has the table index, there is no reason why it should be transmitted, thus reducing bandwidth. In this case, the table is positioned after the inversion flag and, during transmission -on, the table bits are omitted: R1, R2, R3, T1, T2, T3, R7, R8 -> R1, R2, ~R3, R7, R8 ^ ^ ^ ^ ^

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

Detecting Steganography
Attempts to detect the presence of steganographic messages are referred to as attacks. Usually attacks are either passive or active. In a passive attack, the interceptor is able to intercept the data. In an active attack the interceptor is ableto manipulate the data. Whether the attack is passive or active the steganographer must use caution when choosing certain data hiding techniques so that unusual patterns do not stand out to expose the possibility of hidden information. Shifts in word and line spacing may be difficult to detect hidden information in text. Opening the text with a word processor can easily reveal appended spaces and "invisible" characters. Images can appear to have distortions. The steganographer needs to ensure that the picture taken is the picture seen. The original image and the stego-image should not have detectable variations in color composition, luminance, and pixel relationships. Steganographers need to avoid well-known images for this reason. A checksum can be embedded into a stegoimage to be used as a tampering detector. The drawback here is that there is no way to tell how much the information has been tampered with. Audio can be detected with visible noise. Echoes and shadow signals reduce the chance of audible noise but can be detected with little processing.

sports chat rooms, pornographic bulletin boards and other websites, U.S. and foreign officials say." Modern steganographers have far-more-powerful tools. Software like White Noise Storm and S-Tools allow a paranoid sender to embed messages in digitized information, typically audio, video or still image files that are sent to a recipient. It has been noted that the Abul Nidal organization and Bin Ladens al Qaida organization were using computerized Internet files by methods of e-mail, steganography, and en-cryption to communicate to their operations. It has been reported that the alleged hijackers in the September 11th attacks had Internet email accounts and were using them to communicate with each other. Mohammed Atta, one of the alleged hijackers was repeatedly seen in a Florida library downloading pictures of children and Middle Eastern scenes which authorities suspect he used as secret method of communication.

Practical implementation
For practical implementation here the working of S-Tool is described the corresponding screenshots are as follows. Steps: Hiding process: 1.Drag the particular image(gif/bmp) or sound(wav) file on to the S-Tool window. 2. Drag the text or image file that we want to hide on to the earlier image. Then following screen will be appeared.

Bin Laden: Steganography Master?

If there's one thing the FBI hates more than Osama bin Laden, it's when Osama bin Laden starts using the Internet. So it should be no surprise that the feds are getting unusually jittery about what they claim is evidence that bin Laden and his terrorist allies are using message-scrambling techniques to evade law enforcement.USA Today reported on Tuesday that bin Laden and others "are hiding maps and photographs of terrorist targets and posting instructions for terrorist activities on

3. in the next step we have to give the pass phase, it will be useful to encrypt the

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com hidden text, the universal crypto algorithm used by the S-Tool is International Data Encryption Algorithm(IDEA).

Revealing process: 1. Just clicking the right click of the mouse on the stego image and select the option REVEAL, then following screen will be appeared.

missing is the secret key for decryption. Steganography is harder to detect under traditional traffic pattern analysis . Steganography enhances the privacy of personal communication. Since encryption can be detected and some governments prohibit the use of encryption, steganography can be used to supplement encryption. Additional layers of security are a benefit to secrecy. If a steganogrphic message is detected, there still is the need for the encryption key. A hidden message need not be encrypted to qualify as steganography. The method of encrypting a message and then using steganography is most widely used by steganographers.

Disadvantages
However, there are disadvantages to mention. One of the biggest disadvantages is that quite frequently the size of a stagnated image is usually larger that the original image. There can be color changes, especially evident if well-know images are chosen as the steganographic cover. Images can be degraded when trying to analyze them. Another issue to mention, text messages are limited in size for the hiding of data. They need redundant data to replace a secret message. Changing the type of the format or replacing the readable text can alter text messages. Through the use of new technology, some Internet firewalls can detect steganographic messages. As this technology evolves detecting steganographic messages can be a drawback because an important message may be deleted or quarantined and this message may be the one that will save a country.

2. Right click on the filename and select save option to save the hidden data file.

Advantages
Why use steganography? The advantage of using steganography is to conceal information The transmission of messages is transparent to any given viewer. Messages can be concealed in different formats that are undetectable and unreadable to the human eye. Steganographic technologies are very important in Internet privacy today. With the use of steganography and encryption, corporations, governments, and law enforcement agencies can communicate secretly. Encryption protects data and can be detected; the only thing

Conclusion:
Steganography tools are becoming abundant and very easy to use. Many Internet sites offer free downloadable software. Often, although it is not necessary, the hidden messages will be encrypted. Encryption paired with steganography creates an extra layer of privacy. The security of the system depends

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

www.1000projects.com www.fullinterview.com www.chetanasprojects.com

upon the assumption that the enemy has full knowledge of the design and details of the steganography. The missing information is the secret key. The success of steganography is dependent upon selecting the proper cover mechanism. Law enforcement agents are becoming very concerned about the use of steganography in criminal activity today. In the future, steganography will be more widely used and become a threat to corporations, law enforcement, and governments. Terrorists in the world will continue to communicate through the use of steganography. These messages will be not be easily detected. Unpopular web pages may hold images that contain hidden messages of the next terrorist attack. As the economy continues to slump and the job markets decline, fearful employees of job loss may pass confidential corporate information to competitors for payoffs or a new job proposal. Insider trading and stock tips can be passed securely without interception from the SEC. Drug and gambling activity has moved off the streets and onto the Internet, making it easier to communicate worldwide. Most data-hiding systems take advantage of human perceptual weaknesses, but have weaknesses of their own. We conclude that for now, it seems that no system of data-hiding is totally immune to attack. However, steganography has its place in security. It in no way can replace cryptography, but is intended to supplement it. Its application in watermarking and fingerprinting, for use in detection of unauthorised, illegally copied material, is continually being realized and developed. Also, in places where standard cryptography and encryption is outlawed, steganography can be used for covert data transmission. Steganography, formerly just an interest of the military, is now gaining popularity among the masses. Soon, any computer user will be able to put his own watermark on his artistic creations. We know that technology ideas and methods have room for improvement. Steganography methods will be examined and new ideas of "how to" will emerge. Transmission methods will be perfected to ensure data integrity and transfer. New media will be discovered to hide information. Better detection methods will be discovered. Steganography today is just the "ice cap" of what steganography will be in the future.

REFERENCES: 1. www.jjtc.com/steganography 2. www.cs.uct.ac.za/courses/cs400w/nis/ papers99/dsellrs/stego/htm 3. www.cotse.com/tools/stega.htm 4. A Research paper submitted at SANS Institute in 2003 as part of GIAC practical repository. 5. Information Technology magazine published in the month December 2002. 6. www.gyre.org/news/article/1575

www.1000projects.com www.fullinterview.com www.chetanasprojects.com