Chapter-1

STEGNOGRAPHY v/s CRYPTOGRAPY

A Seminar report submitted in partial fulfilment for the award of the Degree of Bachelor of Technology (CS) in Department of Computer Science

Supervisor: Mr.Rajesh Jain Seminar Incharge

Submitted By: Pooja Jain 08ERICS062

Department of Computer Science Engineering Rajasthan Institute Of Engineering and Technology Rajasthan Technical University, Kota 2011-2012

Chapter-1

CERTIFICATE

This is to certify that Mr/Ms POOJA JAIN a student of B.Tech.(Computer Science Engineering) VIII semester has submitted His/her Seminar report entitled CRYPTOGRAPHY V/S STEGNOGRAPHY under my/our guidance.

Mr. Rajesh Jain (Seminar Incharge)

Chapter-1

Chapter-1

ABSTRACT
The Internet as a whole does not use secure links, thus information in transit may be vulnerable to interception as well. The important of reducing a chance of the information being detected during the transmission is being an issue now days. Some solution is used to passing information in a manner that the very existence of the message is unknown in order to repel attention of the potential attacker. Besides hiding data for confidentiality, this approach of information hiding can be extended to copyright protection for digital media. In this research, we clarify what steganography is, the definition, the importance as well as the technique used in implementing steganography. Basically, the purpose of cryptography and steganography is to provide secret communication. However, steganography is not the same as cryptography. Cryptography hides the contents of a secret message from a malicious people, whereas steganography even conceals the existence of the message. Steganography must not be confused with cryptography, where we transform the message so as to make it meaning obscure to a malicious people who intercept it. Therefore, the definition of breaking the system is different. In cryptography, the system is broken when the attacker can read the secret message. Breaking a steganographic system need the attacker to detect that steganography has been used and he is able to read the embedded message. In cryptography, the structure of a message is scrambled to make it meaningless and unintelligible unless the decryption key is available. It makes no attempt to disguise or hide the encoded message. Basically, cryptography offers the ability of transmitting information between persons in a way that prevents a third party from reading it. Cryptography can also provide authentication for verifying the identity of someone or something.

Chapter-1

An Overview of Cryptography

1. INTRODUCTION
The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable. As the Internet and other forms of electronic communication become more prevalent, electronic security is becoming increasingly important. Cryptography is used to protect e-mail messages, credit card information, and corporate data. One of the most popular cryptography systems used on the Internet is Pretty Good Privacy because it's effective and free. Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.

2. THE PURPOSE OF CRYPTOGRAPHY

Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet. Within the context of any application-to-application communication, there are some specific security requirements, including:

Authentication: The process of proving one's identity. (The primary forms of hostto-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.) Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.

Chapter-1

Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, publickey (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into cipher text which will in turn (usually) be decrypted into usable plaintext. In many of the descriptions below, two communicating parties will be referred to as Alice and Bob; this is the common nomenclature in the crypto field and literature to make it easier to identify the communicating parties. If there is a third or fourth party to the communication, they will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third party.

3. TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms. They will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are (Figure 1):

Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption Public Key Cryptography (PKC): Uses one key for encryption and another for decryption Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

Chapter-1

3.1. Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption. As shown in Figure 1A, the sender uses the key (or some set of rules) to encrypt the plaintext and sends the cipher text to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption. With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key. Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing. A block cipher is so-called because the scheme encrypts one block of data at a time using

Chapter-1

the same key on each block. In general, the same plaintext block will always encrypt to the same cipher text when using the same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a stream cipher. Block ciphers can operate in one of several modes; the following four are the most important:

Electronic Codebook (ECB) mode is the simplest, most obvious application: the secret key is used to encrypt the plaintext block to form a ciphertext block. Two identical plaintext blocks, then, will always generate the same cipher text block. Although this is the most common mode of block ciphers, it is susceptible to a variety of brute-force attacks. Cipher Block Chaining (CBC) mode adds a feedback mechanism to the encryption scheme. In CBC, the plaintext is exclusively-ORed (XORed) with the previous ciphertext block prior to encryption. In this mode, two identical blocks of plaintext never encrypt to the same ciphertext. Cipher Feedback (CFB) mode is a block cipher implementation as a selfsynchronizing stream cipher. CFB mode allows data to be encrypted in units smaller than the block size, which might be useful in some applications such as encrypting interactive terminal input. If we were using 1-byte CFB mode, for example, each incoming character is placed into a shift register the same size as the block, encrypted, and the block transmitted. At the receiving side, the ciphertext is decrypted and the extra bits in the block (i.e., everything above and beyond the one byte) are discarded. Output Feedback (OFB) mode is a block cipher implementation conceptually similar to a synchronous stream cipher

Secret key cryptography algorithms that are in use today include:

Data Encryption Standard (DES): The most common SKC scheme used today, DES was designed by IBM in the 1970s and adopted by the National Bureau of Standards (NBS) [now the National Institute for Standards and Technology (NIST)] in 1977 for commercial and unclassified government applications. DES is a block-cipher employing a 56-bit key that operates on 64-bit blocks. DES has a complex set of rules and transformations that were designed specifically to yield fast hardware implementations and slow software implementations, although this latter point is becoming less significant today since the speed of computer processors is several orders of magnitude faster today than twenty years ago. IBM also proposed a 112-bit key for DES, which was rejected at the time by the government; the use of 112-bit keys was considered in the 1990s, however, conversion was never seriously considered.

Chapter-1

DES enciphering algorithm.

Advanced Encryption Standard (AES): In 1997, NIST initiated a very public, 4-1/2 year process to develop a new secure cryptosystem for U.S. government applications. The result, the Advanced Encryption Standard, became the official successor to DES in December 2001. AES uses an SKC scheme called Randal, a block cipher designed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The algorithm can use a variable block length and key length; the latest specification allowed any combination of keys lengths of 128, 192, or 256 bits and blocks of length 128, 192, or 256 bits. NIST initially selected Rijndael in October 2000 and formal adoption as the AES standard came

Chapter-1

in December 2001. FIPS PUB 197 describes a 128-bit block cipher employing a 128-, 192-, or 256-bit key.
International Data Encryption Algorithm (IDEA): Secret-key cryptosystem written by Xuejia Lai and James Massey, in 1992 and patented by Ascom; a 64-bit SKC block cipher using a 128bit key. Also available internationally.

3.2 Public-Key Cryptography PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy to computer whereas their inverse function is relatively difficult to compute. Let me give you two simple examples: 1. Multiplication vs. factorization: Suppose I tell you that I have two numbers, 9 and 16, and that I want to calculate the product; it should take almost no time to calculate the product, 144. Suppose instead that I tell you that I have a number, 144, and I need you tell me which pair of integers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer because you first need to find the 8 pairs of integer factors and then determine which one is the correct pair. 2. Exponentiation vs. logarithms: Suppose I tell you that I want to take the number 3 to the 6th power; again, it is easy to calculate 36=729. But if I tell you that I have the number 729 and want you to tell me the two integers that I used, x and y so that logx 729 = y, it will take you longer to find all possible solutions and select the pair that I used. Public-key cryptography algorithms that are in use today for key exchange or digital signatures include:

RSA: The first, and still most common, PKC implementation, named for the three MIT mathematicians who developed it Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA today is used in hundreds of software products and can be used for key exchange, digital signatures, or encryption of small blocks of data. RSA uses a variable size encryption block and a variable size key. The key-pair is derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes may be 100 or more digits in length each, yielding an n with roughly twice as many digits as the prime factors. The public key information includes n and a derivative of one of the factors of n; an attacker cannot determine the prime factors of n (and, therefore, the private key) from this information alone and that is what makes the RSA algorithm so secure. (Some descriptions of PKC erroneously state that RSA's safety is due to the difficulty in factoring large prime numbers. In fact, large prime numbers, like small prime numbers, only have two factors!) The ability for computers to factor large numbers, and therefore attack schemes such as RSA, is rapidly improving and systems today can find the prime factors of numbers with more than 200 digits. Nevertheless, if a large number is created from two prime factors that are roughly the same size, there is no known factorization algorithm that will solve

Chapter-1

the problem in a reasonable amount of time; a 2005 test to factor a 200-digit number took 1.5 years and over 50 years of compute time.Regardless, one presumed protection of RSA is that users can easily increase the key size to always stay ahead of the computer processing curve. As an aside, the patent for RSA expired in September 2000 which does not appear to have affected RSA's popularity one way or the other. Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman came up with their own algorithm. D-H is used for secret-key key exchange only, and not for authentication or digital signatures. Digital Signature Algorithm (DSA): The algorithm specified in NIST's Digital Signature Standard (DSS), provides digital signature capability for the authentication of messages. 3.3. Hash Functions Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key (Figure 1C). Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file. Hash algorithms that are in common use today include:

Message Digest (MD) algorithms: A series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message. o MD2 (RFC 1319): Designed for systems with limited memory, such as smart cards. (MD2 has been relegated to historical status, per RFC 6149.) o MD4 (RFC 1320): Developed by Rivest, similar to MD2 but designed specifically for fast processing in software. (MD4 has been relegated to historical status, per RFC 6150.) o MD5 (RFC 1321): Also developed by Rivest after potential weaknesses were reported in MD4; this scheme is similar to MD4 but is slower because more manipulation is made to the original data. MD5 has been implemented in a large number of products although several weaknesses in the algorithm were demonstrated by German cryptographer Hans Dobbertin in 1996 ("Cryptanalysis of MD5 Compress"). Secure Hash Algorithm (SHA): Algorithm for NIST's Secure Hash Standard (SHS). SHA-1 produces a 160-bit hash value and was originally published as FIPS 180-1 and RFC 3174. FIPS 180-2 (aka SHA-2) describes five algorithms in the SHS: SHA-1 plus SHA-224, SHA-256, SHA-384, and SHA-512 which can produce hash values that are 224, 256, 384, or 512 bits in length, respectively. SHA-224, -256, -384, and -512 are also described in RFC 4634.

Chapter-1

3.4. Why Three Encryption Techniques? So, why are there so many different types of cryptographic schemes? Why can't we do everything we need with just one? The answer is that each scheme is optimized for some specific application(s). Hash functions, for example, are well-suited for ensuring data integrity because any change made to the contents of a message will result in the receiver calculating a different hash value than the one placed in the transmission by the sender. Since it is highly unlikely that two different messages will yield the same hash value, data integrity is ensured to a high degree of confidence. Secret key cryptography, on the other hand, is ideally suited to encrypting messages, thus providing privacy and confidentiality. The sender can generate a session key on a permessage basis to encrypt the message; the receiver, of course, needs the same session key to decrypt the message. Key exchange, of course, is a key application of public-key cryptography (no pun intended). Asymmetric schemes can also be used for non-repudiation and user authentication; if the receiver can obtain the session key encrypted with the sender's private key, then only this sender could have sent the message. Public-key cryptography could, theoretically, also be used to encrypt messages although this is rarely done because secret-key cryptography operates about 1000 times faster than public-key cryptography.

Figure 2 puts all of this together and shows how a hybrid cryptographic scheme combines all of these functions to form a secure transmission comprising digital signature and digital envelope. In this example, the sender of the message is Alice and the receiver is Bob.

Chapter-1

A digital envelope comprises an encrypted message and an encrypted session key. Alice uses secret key cryptography to encrypt her message using the session key, which she generates at random with each session. Alice then encrypts the session key using Bob's public key. The encrypted message and encrypted session key together form the digital envelope. Upon receipt, Bob recovers the session secret key using his private key and then decrypts the encrypted message. The digital signature is formed in two steps. First, Alice computes the hash value of her message; next, she encrypts the hash value with her private key. Upon receipt of the digital signature, Bob recovers the hash value calculated by Alice by decrypting the digital signature with Alice's public key. Bob can then apply the hash function to Alice's original message, which he has already decrypted (see previous paragraph). If the resultant hash value is not the same as the value supplied by Alice, then Bob knows that the message has been altered; if the hash values are the same, Bob should believe that the message he received is identical to the one that Alice sent. This scheme also provides nonrepudiation since it proves that Alice sent the message; if the hash value recovered by Bob using Alice's public key proves that the message has not been altered, then only Alice could have created the digital signature. Bob also has proof that he is the intended receiver; if he can correctly decrypt the message, then he must have correctly decrypted the session key meaning that his is the correct private key.

4.The advantages and disadvantages of cryptography

4.1 The advantages of Cryptography are:-It hides the message and your privacy is safe. -No one would be able to know what it says unless there's a key to the code. -You can write what ever you want and how ever you want (any theme any symbol for the code) to keep your code a secret. -You are able to use Cryptography during lessons without the teacher knowing. (BUT WILL TAKE LONG TO MAKE THE CODE, TO FIGURE IT OUT AND TO MAKE THE KEY) 4.2 The disadvantages of Cryptography are:-Takes a long time to figure out the code. -It takes long to create the code. -If you were to send a code to another person in the past, it will take long to get to that person. -OVERALL CRYPTOGRAPHY IT'S A LONG PROCESS.

Chapter-1

Steganography

1.Introduction
Steganography is the art and science of invisible communication. This is accomplished through hiding information in other information, thus hiding the existence of the communicated information. The word steganography is derived from the Greek words stegos meaning cover and grafia meaning writing defining it as covered writing. In image steganography the information is hidden exclusively in images. The art and science of hiding information by embedding messages within other, seemingly harmless messages. Steganography works by replacing bits of useless or unused data in regular computer files (such as graphics, sound, text, HTML, or even floppy disks ) with bits of different, invisible information. This hidden information can be plain text, cipher text, or even images. Steganography sometimes is used when encryption is not permitted. Or, more commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen. Two other technologies that are closely related to steganography are watermarking and fingerprinting . These technologies are mainly concerned with the protection of intellectual property, thus the algorithms have different requirements than steganography. These requirements of a good steganography algorithm will be discussed below. In watermarking all of the instances of an object are marked in the same way. The kind of information hidden in objects when using watermarking is usually a signature to signify origin or ownership for the purpose of copyright protection. With fingerprinting on the other hand, different, unique marks are embedded in distinct copies of the carrier object that are supplied to different customers. This enables the intellectual property owner to identify customers who break their licensing agreement by supplying the property to third parties. In watermarking and fingerprinting the fact that information is hidden inside the files may be public knowledge sometimes it may even be visible while in steganography the imperceptibility of the information is crucial. A successful attack on a steganography system consists of an adversary observing that there is information hidden inside a file, while a successful attack on a watermarking or fingerprinting system would not be to detect the mark, but to remove it.

Chapter-1

2. Overview of Steganography
To provide an overview of steganography, terms and concepts should first be explained. An overview of the different kinds of steganography is given at a later stage. 2.1 Steganography concepts Although steganography is an ancient subject, the modern formulation of it is often given in terms of the prisoners problem proposed by Simmons, where two inmates wish to communicate in secret to hatch an escape plan. All of their communication passes through a warden who will throw them in solitary confinement should she suspect any covert communication. The warden, who is free to examine all communication exchanged between the inmates, can either be passive or active. A passive warden simply examines the communication to try and determine if it potentially contains secret information. If she suspects a communication to contain hidden information, a passive warden takes note of the detected covert communication, reports this to some outside party and lets the message through without blocking it. An active warden, on the other hand, will try to alter the communication with the suspected hidden information deliberately, in order to remove the information.

Chapter-1

3. Different kinds of steganography

Almost all digital file formats can be used for steganography, but the formats that are more suitable are those with a high degree of redundancy. Redundancy can be defined as the bits of an object that provide accuracy far greater than necessary for the objects use and display. The redundant bits of an object are those bits that can be altered without the alteration being detected easily. Image and audio files especially comply with this requirement, while research has also uncovered other file formats that can be used for information hiding. Figure 1 shows the four main categories of file formats that can be used for steganography.

Hiding information in text is historically the most important method of steganography. An obvious method was to hide a secret message in every nth letter of every word of a text message. It is only since the beginning of the Text Images Audio/ video Protocol Internet and all the different digital file formats that is has decreased in importance. Text steganography using digital files is not used very often since text files have a very small amount of redundant data. Given the proliferation of digital images, especially on the Internet, and given the large amount of redundant bits present in the digital representation of an image, images are the most popular cover objects for steganography. This paper will focus on hiding information in images in the next sections. To hide information in audio files similar techniques are used as for image files. One different technique unique to audio steganography is masking, which exploits the properties of the human ear to hide information unnoticeably. A faint, but audible, sound becomes inaudible in the presence of another louder audible sound. This property creates a channel in which to hide information. Although nearly equal to images in steganographic potential, the larger size of meaningful audio files makes them less popular to use than images. The term protocol steganography refers to the technique of embedding information within messages and network control protocols used in network transmission. In the layers of the OSI network model there exist covert channels where steganography can be used. An example of where information can be hidden is in the header of a TCP/IP packet in some fields that are either optional or are never used.

Chapter-1

3.1 Text Steganography Steganography is the art and science of hidden writing. While an encryption program such as our companion JavaScrypt page protects your message from being read by those not in possession of the key, sometimes you wish to obscure the very fact you're sending an encrypted message at all. An encoded message just screams you're using encryption, which may attract unwanted attention to your activities even if snoopers cannot read the text of your messages. Steganography attempts to conceal the presence of an encrypted message; over history a wide variety of techniques have been used: secret compartments in objects, invisible ink, microdots, grilles used to hide letters of a message among innocent text, and, in the digital age, embedding messages as imperceptible noise in images and audio files. an encrypted message is converted to what, at first glance, looks like English text. It is, in fact, English text, but complete nonsense, consisting of words chosen from a dictionary of 65536 (216) words, each encoding two bytes of the message in the position of the word in the dictionary. Punctuation and paragraph breaks are sprinkled through the text to make it look (marginally) more plausible. Let's be frank: anybody who gives this text more than a cursory glance is going to immediately twig to the fact that something very odd is going on here (unless, perhaps, you give it a suitably postmodern title and cast it as a paper published in Social Text). To make things less obvious, you may wish to embed the text generated by this page into a long document, having beforehand established a convention with your correspondent to permit them to locate it.
Cipher Text

To convert an encrypted message to English text, paste the cipher text generated by JavaScrypt into the box below, then press the Hide button. You can control the approximate length of lines of text by setting the Line length, and suppress the interspersing of punctuation and paragraph breaks by unchecking Punctuation. The cipher text may be in any of the encodings supported by JavaScrypt. If the cipher text lacks the sentinels normally included by JavaScrypt (for example, if you're using this page to convert a Base64 file generated by another program to text), you must specify the encoding by checking the corresponding button in the Encoding section below the Hidden Text box.

Chapter-1 Hidden Text

To decode a message hidden as text, paste the hidden message into the box below. While blank lines and punctuation of all kinds are ignored, as is the case of letters, there must be no extraneous words in the text. Press the Seek button to decode the message into JavaScrypt-compatible cipher text in the box above. The cipher text will use the encoding specified by the Encoding buttons. If Base64 encoding is requested and the Sentinel box is unchecked, the usual JavaScrypt cipher text start and end sentinels will be omitted; this option permits creating Base64-encoded documents suitable for use with other programs.

3.2 Image steganography As stated earlier, images are the most popular cover objects used for steganography. In the domain of digital images many different image file formats exist, most of them for specific applications. For these different image file formats, different steganographic algorithms exist. 3.2.1 Image definition To a computer, an image is a collection of numbers that constitute different light intensities in different areas of the image. This numeric representation forms a grid and the individual points are referred to as pixels. Most images on the Internet consists of a rectangular map of the images pixels (represented as bits) where each pixel is located and its color. These pixels are displayed horizontally row by row. The number of bits in a color scheme, called the bit depth, refers to the number of bits used for each pixel. The smallest bit depth in current color schemes is 8, meaning that there are 8 bits used to describe the color of each pixel. Monochrome and grayscale images use 8 bits for each pixel and are able to display 256 different colors or shades of grey. Digital colour images are typically stored in 24-bit files and use the RGB colour model, also known as true colour. All colour variations for the pixels of a 24-bit image are derived from three primary colours: red, green and blue, and each primary colour is represented by 8 bits. Thus in one given pixel, there can be 256 different quantities of red, green and blue, adding up to more than 16-million combinations, resulting in more than 16-million

Chapter-1

colours. Not surprisingly the larger amount of colours that can be displayed, the larger the file size . 3.2.2 Applications Image Steganography has many applications, especially in todays modern, high-tech world. Privacy and anonymity is a concern for most people on the internet. Image Steganography allows for two parties to communicate secretly and covertly. It allows for some morally-conscious people to safely whistle blow on internal actions; it allows for copyright protection on digital files using the message as a digital watermark. One of the other main uses for Image Steganography is for the transportation of high-level or topsecret documents between international governments. While Image Steganography has many legitimate uses, it can also be quite nefarious. It can be used by hackers to send viruses and Trojans to compromise machines, and also by terrorists and other organizations that rely on covert operations to communicate secretly and safely2.

3.3 Audio/Video steganography:

3.3.1 Audio Steganography: Broadband communication networks and multimedia data available in a digital format opened many challenges and opportunities for innovation. Versatile and simple-to-use software and decreasing prices of digital devices have made it possible for consumers from all around the world to create and exchange multimedia data. Broadband Internet connections and near error-free transmission of data facilitate people to distribute large multimedia files and make identical digital copies of them. A perfect reproduction in digital domain have promoted the protection of intellectual ownership and the prevention of unauthorized tampering of multimedia data to become an important technological and research issue. Digital watermarking has been proposed as a new, alternative method to enforce intellectual property rights and protect digital media from tampering. Digital watermarking is defined as imperceptible, robust and secure communication of data related to the host signal, which includes embedding into and extraction from the host signal. The main challenge in digital audio watermarking and steganography is that if the perceptual transparency parameter is fixed, the design of a watermark system cannot obtain high robustness and a high watermark data rate at the same time. In this thesis, we address three research problems on audio watermarking: First, what is the highest watermark bit rate obtainable, under the perceptual transparency constraint, and how to approach the limit? Second, how can the detection performance of a watermarking system be improved using algorithms based on communications models for that system? Third, how can overall robustness to attacks to a watermark system be increased using attack characterization at the embedding side? An approach that combined theoretical consideration and experimental validation, including digital signal processing, psychoacoustic modeling and communications theory, is used in developing algorithms for audio watermarking and steganography. The main results of this study are the development of novel audio watermarking algorithms, with the state-of-the-art performance and an acceptable increase in computational complexity. The algorithms' performance is validated in the presence of

Chapter-1

the standard watermarking attacks. The main technical solutions include algorithms for embedding high data rate watermarks into the host audio signal, using channel models derived from communications theory for watermark transmission and the detection and modeling of attacks using attack characterization procedure. 3.3.2 Video Steganography Video Steganography is a technique to hide any kind of files in any extension into a carrying Video file. This project is the application developed to embed any kind of data (File) in another file, which is called carrier file. The carrier file must be a video file. It is concerned with embedding information in an innocuous cover media in a secure and robust manner. This system makes the Files more secure by using the concepts Steganography and Cryptography. An input content signal, e.g., representing video, is encoded to hide plural-bit auxiliary data therein. The process generates an intermediate signal that is a function of (a) the plural-bit auxiliary data, and (b) data related to human perception attributes of the content signal. This intermediate signal is then summed with the content signal to effect encoding. The plural-bit auxiliary data can include copy control data, i.e., data that can be sensed by a consumer electronic device and used to disable a copying operation. The intermediate signal may include a pseudo-random key signal so as to obscure the encoding and require knowledge of a corresponding key at the decoder to extract the auxiliary data from the encoded content. In some embodiments, calibration data is encoded in the content signal with the auxiliary data. This calibration data desirably has known properties (e.g., spectral attributes, data content, etc.) facilitating its identification in the encoded content signal. The encoding is desirably robust against various forms of content degradation, e.g., lossy compression/decompression, scaling, resampling, conversion from digital to analog and back again, etc., so that the auxiliary data can be detected from the content notwithstanding such corruption.

3.4 Protocol Steganography

Protocol steganography allows users who wish to communicate secretly to embed messages within other messages. These secret messages can be used for anonymous communication for purposes ranging from entertainment to protected business communication or national defense. An important consideration in the embedding process is whether it is semantics-preserving, i.e., whether the resulting message still conforms to the protocol specification. That property guarantees that if the message is interpreted at any point during its transmission, it will produce meaningful results. In addition to that, semantic preservation in modified messages helps to make them indistinguishable from unmodified cover messages. Using protocol steganography, we can embed information in overt channels, in contrast to the use of covert channels, which allow signaling mechanisms to occur where no explicit communication path exists. Advantages of protocol steganography include achieving greater bandwidth in hidden communication as well as taking advantage of the most widely-used network protocols. Two levels of semantics preservation, both of which imply that the stego-message is a correct message within the protocol. Weak semantics preservation means that the stego-message, while legal, has a different meaning than the original cover message. Strong semantics preservation means that the stego-message has the same meaning as the original cover. Networking protocols are divided into multiple layers,shown in Figure 1.
1

Chapter-1

The physical layer is responsible for communicating with the actual network hardware (e.g., the Ethernet card), dealing with the format of the bits on the wire. Therefore, it is tied to the local network technology, such as Fast Ethernet or 802.11b wireless. The network layer handles routing, and it is the IP layer of the TCP/IP protocol suite. The network layer is invisible to user programs. The transport layer handles the qualitycontrol issues of reliability, flow control, and error correction. The TCP/IP protocol suite defines two widely-used transport protocols: UDP and TCP1. There are several application protocols in the TCP/IP suite, including SMTP (for email service), FTP (for file transfer), SSH (for secure login), LDAP (for distributed directory services), and HTTP (for web browsing, which alone accounts for approximately 70% of all Internet traffic). There are several application protocols in the TCP/IP suite, including SMTP (for email service), FTP (for file transfer), SSH (for secure login), LDAP (for distributed directory services), and HTTP (for web browsing, which alone accounts for approximately 70% of all Internet traffic). A secure stego system can withstand an opponent that understands the system (or even has grounds for suspicion), meaning that the opponent cannot determine with a high degree of certainty the existence of the communication. A robust system can withstand an active attack, where the adversary makes legal (strong semantics-preserving) changes to the message. The most obvious way of hiding information within messages is to place data in unused or reserved fields of protocol headers or trailers. However, that method of steganography is easy to detect using simple intrusion detection systems, or is susceptible to traffic analysis, which makes it insecure and not robust. Even if analyzing the content of the hidden information becomes impossible, perhaps due to encryption, this approach is weak. Our techniques for protocol steganography aim to achieve strong steganography, wherein the system is both secure and robust. Given those goals and the intention to provide means of private communication, our approach to protocol steganography focuses mainly on trans-port layer protocols and application layer protocols, although other protocols at different layers of the TCP/IP protocol suite could also be considered. In particular, this paper describes how protocol steganography is feasible using the SSH protocol as proof-ofconcept. There are many potential applications for protocol steganography, considering when information hiding is used for both positive and negative means. When using information hiding for positive means, protocol steganography is appropriate to achieve private communication and, in some cases, anonymity and plausible deniability, such as environmentsMore specifically, protocol steganography seems to be appropriate for

Chapter-1

environments where unobtrusive communications are required. For example, in the military and intelligence agencies, even if the content of the communication is encrypted, a significant increase in communications between military units could signal an impending attack. Hiding information inside regular Internet traffic, such as browsing results, will avoid the need for extra communication, thereby giving no indication to ones adversaries that something is about to happen. On the other hand, considering a framework where the agents that wish to communicate secretly are not necessarily the initiators of the communication, the ability to embed messages in a variety of TCP/IP protocols gives us a much higher likelihood of being able to transmit the secret message within a reasonable time bound. When using information hiding with malignant purposes, the study of protocol steganography can help improving the design of network protocols and firewalls. Protocols can be harder to misuse. Firewalls can be harder to bypass. More specifically, protocol steganography seems to be appropriate for environments where unobtrusive communications are required. For example, in the military and intelligence agencies, even if the content of the communication is encrypted, a significant increase in communications between military units could signal an impending attack. Hiding information inside regular Internet traffic, such as browsing results, will avoid the need for extra communication, thereby giving no indication to ones adversaries that something is about to happen. On the other hand, considering a framework where the agents that wish to communicate secretly are not necessarily the initiators of the communication, the ability to embed messages in a variety of TCP/IP protocols gives us a much higher likelihood of being able to transmit the secret message within a reasonable time bound. When using information hiding with malignant purposes, the study of protocol steganography can help improving the design of network protocols and firewalls. Protocols can be harder to misuse. Firewalls can be harder to bypass.

4. Disadvantages & advantages:

Steganography has some pretty standard advantages and disadvantages. The advantages are that the hidden text doesn't stand out. It can be passed in innocuous content like an image. By making some slight changes to color values, for example, you can transmit a few bits here and there that are practically undetectable. The downside usually includes things like size and protection. You usually have to send much more padding around your secret text so that your secret text doesn't stand out. If you're only sending something simple like GPS coordinates or an email address, that's fine. But if you have a long document (e.g., a book) that you want to hide with steganography, it's pretty hard. And then there's the protection factor: typically secrets that are protected by steganography are not protected by anything else. If no one sees it, it's safe. If they see it, though, it's game over. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messagesno matter how unbreakablewill arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. However, it can also pose serious problems because it's difficult to detect. Network surveillance and monitoring systems will not flag messages or files that contain steganographic data. Therefore, if someone attempted to steal confidential data, they could conceal it within another file and send it in an innocent looking email.

Chapter-1

The obvious advantage of steganography is that you can hide a secret message in another message, be it text, image, audio, or whatever media you decide to hide your secret in. The main problem with this is that either you or the person you're sending the "secret" message to need to be able to find the message. And if you can find it, then the bad guys you want to keep the message a secret from can find it, too.

Chapter-1

Cryptography v/s Steganography

Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured. Quite often, steganography is hidden in pictures. The word "Steganography" is of Greek origin and means "covered, or hidden writing". Its ancient origins can be traced back to 440 BC. Herodotus mentions two examples of Steganography in The Histories of Herodotus [1]. Demeratus sent a warning about a forthcoming attack to Greece by writing it on a wooden panel and covering it in wax. Wax tablets were in common use then as re-usable writing surface, sometimes used for shorthand. Another ancient example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message was hidden. The purpose was to instigate a revolt against the Persians. Later, Johannes Trithemius's book Steganographia is a treatise on cryptography and steganography disguised as a book on black magic. Generally, a steganographic message will appear to be something else: a picture, an article, a shopping list, or some other message. This apparent message is the covertext. For instance, a message may be hidden by using invisible ink between the visible lines of innocuous documents. The advantage of steganography over cryptography alone is that messages do not attract attention to themselves, to messengers, or to recipients. An unhidden coded message, no matter how unbreakable it is, will arouse suspicion and may in itself be incriminating, as in countries where encryption is illegal. Steganography used in electronic communication include steganographic coding inside of a transport layer, such as an MP3 file, or a protocol, such as UDP. A steganographic message (the plaintext) is often first encrypted by some traditional means, and then a covertext is modified in some way to contain the encrypted message (ciphertext), resulting in stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message; only the recipient (who must know the technique used) can recover the message and then decrypt it. Francis Bacon is known to have suggested such a technique to hide messages (see Bacon's cipher). In cryptography letters are usually swapped like an "R" is really an "E" in the message and one just needs to decode the message. (simple explination of a complex theory) Where in steganography you have to find the message that you do not even know is there before you can even try to decode it.

Chapter-1

Steganography is hidden writing. The message is there, but nobody notices it. However, once noticed, it can be read. A relatively modern example is the microdot, a page of text photographically reduced to the size of a full stop, and glued into an ordinary letter. Cryptography is secret writing. Anybody can see the message, but nobody else can read it. Usually, this is because its letters have been re-arranged, or replaced by different letters, according to some scheme that only the sender and receiver know. Steganography is the art and science of hiding information by embedding messages within other, seemingly harmless messages. More commonly, steganography is used to supplement encryption. An encrypted file may still hide information using steganography, so even if the encrypted file is deciphered, the hidden message is not seen. Cryptography is the art of protecting information by encrypting it into an unreadable format, called cipher text. Only those who possess a secret key can decrypt the message into plain text. Encrypted messages can sometimes be broken by cryptanalysis, also called code breaking, although modern cryptography techniques are virtually unbreakable.

Chapter-1

Cryptography takes a file and transforms it, through a cryptographic algorithm, into a new file (usually of about the same size - although it may also pad it to bring it up to a standard size). This new file is known as cyphertext. The original file (also known as clear text) can be recovered from the cyphertext by application of the decryption algorithm. Usually the encryption requires some kind of "key" as part of the algorithm. If the same key is used to both encrypt and decrypt, it is known as "symmetric". If different keys are used to encrypt and decrypt, it is known as "asymmetric". Steganography hides a file within another file. Usually this is done by making changes to the bytes of the file in a way that does not obviously change the file that is being used as the repository for the hidden file. An example would be to take a graphic file and change the bits in the file that indicate the color of the pixels in the graphic file. The binary "word" 0110 0111 could be hidden in the graphic file by leaving the color of the first pixel, incrementing the color of the second and third by one, leaving the next two unchanged, then incrementing the next 3 by one. Changing the colors by one leaves the picture in the graphic file looking unchanged - a change of 1 in the value of the color is imperceptible to the human eye. The hidden message could be recovered by subtracting the values from the unaltered picture from the picture that has the message hidden in it. In the case of cryptography, the objective is to make the message unreadable to anyone who doesn't have the key and know the correct algorithm. In the case of steganography, the objective is to hide the existence of the message.

Chapter-1