1. Table of contents
Certificate ……………………………………………………………………………………………………………………… I
Abstract…………………………………………………………………………………………………………………………..II
List of Figures………………………………………………………………………………………………………………….III
Acronyms……………………………………………………………………………………………………………………….IV
1. Introduction………………………………………………………………………………………………………………..1
1.1 Motivation……………………………………………………………………………………………………….
1.2 Problem Statement…………………………………………………………………………………………
1.2.1 E-governance and Information of Governments………………………………...
1.2.2 Need Securing Information Assets of Government……………………………..
1.3 Scope and Objective of project………………………………………………………………………..
1.4 Methodology Used…………………………………………………………………………………………
1.5 Document Outlines………………………………………………………………………………………..
2. Literature Review and Background……………………………………………………………………………
2.1 Steganography……………………………………………………………………………………………………….
2.1.1 Introduction……………………………………………………………………………………………..
2.1.2 Video Formats………………………………………………………………………………………….
2.1.3 Encoding Techniques………………………………………………………………………………..
2.1.4 LSB Randomization Techniques………………………………………………………………
2.2 Cryptography……………………………………………………………………………………………………….
2.2.1 Introduction……………………………………………………………………………………………………….
2.2.2 Cryptographic Algorithms………………………………………………………………………………….
2.2.2.1 Secrete key Cryptography……………………………………………………………………..
2.2.2.2 Public Key Cryptography………………………………………………………………………
2. 3. System Design and Modeling……………………………………………………………………………………
3.1 Steganography Design process
3.1.1 Splitting of video into image frames phase…………………………………………………
3.1.2 The embedding Phase………………………………………………………………………………..
3.1.3 The Extracting Phase………………………………………………………………………………….
3.2 Cryptography Design part……………………………………………………………………………………….
3.2.1 The RSA algorithm…………………………………………………………………………………….
3.3 Graphic User Interface (GUI)…………………………………………………………………………………..
4. Implementation……………………………………………………………………………………………………..
5. Results, conclusion and Recommendation……………………………………………………………..
5.1 Results…………………………………………………………………………………………………….
5.2 Conclusion………………………………………………………………………………………………
5.3 Recommendation…………………………………………………………………………………….
6. Bibliography ……………………………………………………………………………………………………….
3. Acknowledgment
We would like to express our special thanks of gratitude to all who helped us finish this project.
Our heartfelt thanks goes to our advisors Mr. Desta Gebre and Mr. Higigat for their support and
continuous comments.
Also we would like to thank the Management and the whole community of Mekelle Institute of
Technology, for providing us all the facilities to accomplish this project.
Gebremedhin Fitsum
Mulugeta Yikuno
Robel Hayelom
Solomon Kahasi
4. Abstract
The use of internet has increased tremendously over the years and the concept of data security is
gaining momentum. Data could get corrupted if attacked by a virus or a hacker. The data needs to
be protected from unauthorized users to prevent undesired actions. E-governance systems are
prone to these actions as government officials communicate many secret information over the
internet. It is very essential to transmit important data like banking and military information in a
secure manner. This paper deals with data security in which secret data is embedded in cover
video. Video Steganography is the process of hiding some secret information inside a video. The
addition of this information to the video is not recognizable by the human eye as the change of a
pixel color is negligible. A methodology for creation of a stego video is defined using the Least
Significant Bit (LSB) Replacement algorithm. The secret data to be hidden is replaced at the LSB
positions of pixels of the carrier video frame. Thus it becomes very difficult for an intruder to guess
that data is hidden in the video and the purpose of data security can be achieved.
This paper aims to provide an efficient and a secure method for video Steganography. The
proposed method creates an index for the secret information and the index is placed in a frame of
the video itself. With the help of this index, the frames containing the secret information are
located. Hence, during the extraction process, instead of analyzing the entire video, the frames
containing the secret data are analyzed with the help of index at the receiving end. At the sender
side thesecret messageis encryptedbeforeitis hidden in the hostvideo anda key will begenerated
by sender that will be sent through secure channel so that the receiver will decrypt using the same
key. When steganography by this method, the probability of finding the hidden information by an
attacker is lesser when compared to the normal method of hiding information frame-by-frame in
a sequential manner. It also reduces the computational time taken for the extraction process.
1. Introduction
5. 1.1 Motivation
Information is an asset which, like other important business assets, has value to an organization
and consequently needs to be suitably protected. Information can be Printed or written on paper,
Stored electronically, Transmitted by post or using electronics means, Shown on corporate videos,
Displayed / published on web, Verbal – spoken in conversation. Whatever form the information
takes, or means by which it is shared or stored, it should always be appropriately protected.[1]
Governments are moving towards e-Governance to improve convenience, reduce time, improve
transparency in delivering services to businesses and citizens. Businesses and citizens expect high
standards of services, instant access to information, efficient transactions and support, whenever
and wherever they need it, but in a secure fashion.
The two major components of the approach are the information delivery and service delivery. In
the first component, various web-based information services are used by the Governments of
different granularity. On the other hand, in the second component, the citizen is given access to the
Government business related IT systems to provide transaction services (e.g. tax payments, filing
of forms, issuing certificates etc)
The revolution in digital information has created new challenges for sending a message in a safe
andsecureway. Whatevermethod we choose,themost important question is its degreeof security.
Numerous approaches have been developed for addressing the issue of information security such
as cryptography and steganography. Cryptography provides an obvious approach to securing
information. It scrambles the secret message, such that it becomes meaningless to eavesdroppers.
However, this is not always adequate in practice as the encrypted content itself draws attention.
Regardlesshowstrongis the encryptionalgorithm, givenenoughtime and tools, it could bebroken.
Furthermore, some cases require sending information without anyone noticing that the
communication happened. In such cases, steganography is the answer.
Internet communication has a lot of security holes. There is a huge potential for anonymous
parties to gain access to data on transmission. Most of the time this data is plainly visible and even
if it is encrypted those professional attackers could breach its security by exploiting known
loopholes in the network structure and the security mechanism used to encrypt the data. So, the
best means to reduce potential attacks is to conceal the presence of sensitive data inside a
visually unsuspicious/innocuous disguise media creating a security layer. This is called
Steganography.
There are many techniques by which external data is inserted into the disguise media, the
simplest and most commonly used being the LSB. Though simple to use, LSB technique is
vulnerable to easy steganographic analysis (steganalysis) in which attackers can extract the
6. hidden information from the LSB bits. Thus as a cure to this problem, the bytes of the disguise
media are randomly selected so as to be used as the bit insertion points for the secret data making
it difficult to simply extract the LSB bits where the information is inserted. This all by itself
makes a secret data visually imperceptible. However, under intensive analysis of the carrier
media holding the secret data, adversaries could extract the message by reconstructing the LSBs
from noticeable patterns of the randomized byte positions. Therefore, to address this problem we
have devised another layer of security level that of Cryptography.
There are two schemes of Cryptography: Symmetric and Asymmetric. Symmetric Encryption
Scheme uses a single secret key known by the communicating parties for encryption and
decryption processes. This scheme is the oldest and best-known technique for encryption of
relatively large amount of data in a reasonable amount of time. The secret key has to be known a
priority among legitimate parties through key exchange mechanisms without falling into the
wrong hands. However, there is no secure means of doing this over an insecure Internet using only
symmetric cryptography. This is where the Asymmetric counterpart fits in.
Asymmetric cryptographicschemeusesapair ofkeys (private andpublic) instead ofa single secret
key in which the public key is made freely available to anyone who wants to send a message and
the private is kept secret by the owner [2]. Any message that is encrypted by using the public key
can only be decrypted by applying the same algorithm, but by using the matching private key. Any
message that is encrypted by using the private key can only be decrypted by using the matching
public key. This avoids any threat against confidentiality, authenticity and integrity of the secret
message that can be posed by potential attackers. As a result, this is a clever means of key
exchanging over the Internet. However, it is a very slow process for encrypting large amount of
data. So, it‘s usually preferred to be used for small data encryption. Such data like secret keys.
To benefit from both schemes, first we use asymmetric key cryptography to exchange the secret
key between the communicating parties then the message to be transmitted is encrypted using
symmetric key cryptography. Although cryptography and steganography try to protect data, but
neither technology alone is perfect. Therefore, sometimes it is better to combine both approaches
together to increase the security level of the system [3].
In this case, even if the communications existence was detected and the steganography was
defeated, the attacker still has to break the encryption to know the message. so that a software is
to be implemented combining these security mechanisms and applied to government offices that
support e-governance.
1.2 Problem Statement
7. Since government services are entering to the e-governance system and Internet is inherently
insecure, sensitive data transaction among communicating parties couldeasily be compromised.
Thus, the question of security has become as necessary as basic necessities. Everything in the
digitized world requires strong security, for instance; credit card information, Intelligence
documents etc. To tackle this catastrophe different security mechanisms have been devised so the
Internet may be used for secure electronic communication.
Despite the presence of all these threats against Internet security, its use in our day to day
activities is significantly high. Its usesin any kind ofdata transactions such asemail and credit card
credential transactions, file sharing services etc has reverted the traditional ways of
communication and become the inevitable ways of the future. As a result, the need for a strong
security infrastructure arises for reasons of suitability, reliability and dependability of Internet
based communications. So far the infrastructure uses Cryptography based security systems.
However, Steganography has emerged as a promising improvement over new trends of the
Internet security. Therefore, its important values can be added to the already existing security
systems resulting in a vigorous outcome.
1.2.1 E-governance and Information of Governments
Models of e-Governance From the developmental perspective, e-Governance can be defined as the
application of electronic means (in particular the ICT) in:
(1) The interaction between Government and citizens and Government and businesses,
(2) Internal Government operations to simplify and improve democratic, Government and
business aspects of Governance
8. Figure 1.2
1.2.2 Securing the information assets
• Security of information & information assets is becoming a major area of concern
• With every new application, newer vulnerabilities crop up, posing immense challenges to those
who are mandated to protect the IT assets
• e-Government security requirements can be studied by examining the overall process, beginning
with the citizens end and ending with the e-Gov server
• The assets that must be protected to ensure secure e-Gov include client computers, the messages
traveling on the communication channel, and the Web and e-gov servers – including any hardware
attached to the servers
Need for Information security in Governments
• In the current climate of elevated risk created by the vulnerabilities of and threats to the Nations
IT infrastructure, cyber security isnot just a paperwork drill.
• Adversaries are capable of launching harmful attacks on IT systems, networks, and information
assets.
• Enterprise concerns have been heightened by increasingly sophisticated hacker attacks and
identity thefts, warnings of cyber terrorism, and the pervasiveness of IT uses.
9. • Many in the industry and critical infrastructure organizations have come to recognize that their
continued ability to gain citizens confidence will depend on improved software development,
systems engineeringpractices andthe adoptionofstrengthenedsecurity modelsand bestpractices
• Governments amass a great deal of confidential information about their employees, customers,
products, research, and financial status.
• Most of this information is now collected, processed and stored on electronic computers and
transmitted across networks to other computers.
• A breach of security could lead to lost opportunities, defamation, loss of goodwill, repudiation
loss, financial loss , transactional loss , loss of citizens confidence and many others.
To solve the above all security problems a Video steganography is introduced and implemented in
this project. Using video steganography government offices and e-governance systems can benefit
a security of their information asset from hackers and any intruders.
1.3 Scope and Objectives of the project
The project is divided two major focus points. The first phase emphasizes on Steganographic
functions and how data hiding is implemented using the video as a cover medium. Primitive
encryption techniques such as Caesar cipher along with a secret key known only for the sender
and receiver are used to scramble the secret data before it is hid in the host video.
The second phase of this project concentrates on the cryptographic aspects which mainly consist
of the implementation RSA public key cryptographyforkey exchangeandBlowfish for encryption
scheme for data encryption purposes.
General Objectives
10. To develop a security system for e-governance during exchange of information/data over the
internet.
Specific objectives
1. To implement LSB technique for steganography
2. Randomization of byte positions of host video frames
3. Encryption/Decryption through RSA
1.4 Methodology
LSB is one of the oldest and most famous substitution-based techniques. In spite of its simplicity, it
is capable of hiding large secret messages. It operates by replacing some LSBs of pixels from the
cover video with the secret message bits. The secret message is a colored image of dimensions in
frames, and the cover is an AVI home video. The video has as many as required frames each of
selected dimensions .
Least Significant Bit (LSB) insertion is a common, simple approach to embedding information
in a cover video. Video is converted into a number of frames, and then convert each frame in to
an image[4].After that, the LeastSignificant Bit (in otherwordsthe 8 bit) ofsomeor all ofthe bytes
inside an image is changed to a bit of each of the Red, Green and Blue colour components can be
used, since they are each represented by a byte.
In the world of cryptography, the notions of symmetry and asymmetry have been under immense
research and usage. Both cryptographic schemes have their own positive and negative attributes
but are equally important for use in particular areas where each one of them is more suitable.
Symmetric cryptography is best used in encrypting a bulk amount of data within a reasonable
amount oftime and the asymmetric scheme is used to encrypta very small amount of data but with
secure key exchanging capability. However, both used together to cancel out each other‘s
shortcomings is a trend which has shown astounding cryptographic benefits.
Our project deals with both schemes, taking out their best features and combining them to get one
strong cryptographic system. For the symmetric cryptography part we have chosen the RSA
encryption scheme due to it robustness, effective computation, and uncompromisedalgorithm..
11. 1.5 Document Outline
This document is composed of five chapters. The first chapter deals with the introductory part. It
covers the sections motivation, problem statement, scope and objectives of the project and the
methodology used.
The second chapter is about the literature reviews and backgrounds of Steganography and
cryptography. The third chapter discusses the design aspects of the system. It composes of
three sections, Steganography, cryptography and the transmission.
Fourth chapter is about implementation details of the project. The java programming language is
used to do the coding and many of its libraries are employed. The fifth chapter is composed
of results and discussions, summarizes the documentation by giving important conclusions,
citing recommendations for further work and compiling list of bibliography, appendix and
references.
Chapter 2
2. Literature Review and Background
In this section we will see the definitions and details of the Steganography and Cryptography
systems as separate subjects. The first part of this section describes the Steganographic aspects
12. which emphasizes on how to conceal any message into a cover-video (host media). The other part
gives detail information about Cryptography which deals with scrambling the plain text before
hiding.
2.1 Steganography
2.1.1 Introduction
The word steganography is derived from the Greek words “stegos” meaning “cover” and “grafia”
meaning “writing” defining it as “covered writing” . Steganographyis one such pro-security
innovation in which secret data is embedded in a cover .
Steganography and cryptography are closely related. Cryptography scrambles messages so
they cannot be understood. Steganography on the otherhand, will hide the message so there is no
knowledge of the existence of the message in the first place. In some situations, sending an
encryptedmessage will arousesuspicion while an ”invisible” message will not do so. Bothsciences
can be combined to produce better protection of the message. In this case, when the
steganography fails and the message can be detected, it is still of no use as it is encrypted
using cryptography techniques.
There exist two types of materials in steganography: message and carrier. Message is the secret
data that should behidden and carrier is the material that takes the message in it. There are many
types of steganography methods. In this paper, we are going to take a look at video
steganography methods.
History of Steganography
Throughout history Steganography has been used to secretly communicate information between
people. Some examples of use of Steganography are past times are:
13. 1. Hidden messages within wax tablet— in ancient Greece, people wrote messages on the wood,
and then covered it with wax upon which an innocent covering message was written.
2. Hidden messagesonmessenger'sbody — also used in ancient Greece. Herodotustells the story
ofa messagetattooed onthe shaved headof aslave ofHistiaeus, hidden bythe hair that afterwards
grew over it, and exposed by shaving the head again. The message allegedly carried a warning to
Greece about Persian invasion plans. This method has obvious drawbacks, such as delayed
transmission while waiting for the slave's hair to grow, and the restrictions on the number and
size of messages that can be encoded on one person's scalp.
3. During WW2, the French Resistance sent some messages written on the backs of couriers using
invisible ink.
4. Hidden messages on paper written in secret ink, under other messages or on the blank parts of
other messages.
2.1.2 Video Basics
A video consists of a set of frames (images) that are played back at certain frame rates
based on the video standards. Quality of the video depends on a set of parameters such as
the number of pixels in a frame, the fps (frames per second), and frame size .The fps parameter is
almost standard (between 24 and 30 fps) in many common video formats, however, the other two
parameters present several altered from one video standard to another.
Each image, which is called a frame, consists of pixels having three or four color compounds
such as RGB (RedGreen Blue) or CMYK (Cyan Magenta Yellow Black). The rest of the
intermediary colors are composed from a mixture of these primary colors. Since the human
eye is principally sensitive to green color tones, in some video standards the number of bits of
each color compound may differ. For example, the red and blue colors are encoded in 5 bits while
the green color consists of 6 bits for 16-bit color standard.
In 24-bit RGB color,eachred, green,andblue componentis 8 bits long andhas 256variants in color
density.
In the CMYK standard on the other hand, 32-bit is needed and this standard is ordinarily used
in modern computer displays. AVI (Audio Video Interleave), which was advanced by Microsoft
and IBM as part of RIFF (Resource Interchange File Format) in 1992, is a most common
sequence video format. It acts as containers for various sequences of different data types such
as audio and video sequences in which the images are stored in BMP (Bit Map) format.
14. Therefore, capacity and resolution computations on bitmap images can be applied to the AVI
video sequences without any major change.
2.1.2.1 Video Formats
FLV
Flash Video is a container file format used to deliver video over the Internet using Adobe Flash
Player version 6 and newer. Flash Video content may also be embedded within SWF files. There
are two different video file formats known as Flash Video: FLV and F4V. The audio and video data
within FLV files are encoded in the same manner as they are within SWF files. The F4V file format
is based on the ISO base media file format and is starting with Flash Player 9 update 3Both formats
are supported in Adobe Flash Player and developed by Adobe Systems. FLV was originally
developed by Macromedia.[10]
Flash Video is the de facto standard for web-based streaming video (over RTMP). Notable users of
it include Hulu, VEVO, Yahoo! Video, metacafe, Reuters.com, and many other news providers.
FLV files store multibyte integers in big-endian byte order.
3GP
3GP is the MPEG4 basedvideo format usedmostly in mobile terminals, suchas mobile phones.This
file format is designed for 3rd generation mobile devices. 3GPP is defined by the 3rd Generation
Partnership Project and 3GPP is defined by 3rd Generation Partnership Project 2. They are the
worldwide standards for the creation, delivery and playback of multimedia over 3rd generation.
These standards seek to provide uniform delivery of rich multimedia over newly evolved,
broadband mobile networks (3rd generation networks) to the latest multimedia-enabled wireless
devices, such as cell phones.
ASF
ASF stands for Advanced Streaming Format. ASF is a highly compressed file format that contains
streaming video, audio. Whenan ASFfile is played back, content is deliveredto you asa continuous
flow of data. You no longer have to wait for the whole video and audio file to fully download before
you start to view them. So, this file format is specially designed to run on networks. When an AVI
file is compressed and converted to an .asf file, the file begins playing after only a few seconds.
ASF files can be played back with the Windows Media Player (provided the appropriate codecs are
installed), streamed with Windows Media Services or optionally packaged with Windows Media
Rights Manager.
AVI
AVI stands for Audio Video Interleaved and developed by Microsoft. An AVI file can use different
codecs and formats so there is no set format for an AVI file unlike for example standard VCD video
which sets a standard for resolution, bitrates, and codecs used. Most commonly used video codecs
that use AVI structure are M-JPEG and DivX.
15. MPEG
MPEG stands forMoving Picture Expert Groupin chargeofthe development ofstandardsforcoded
representation of digital audio and video. There are several audio/video formats which bear this
group's name, such as MPEG1, MPEG2, MPEG4.
MPEG1
MPEG1 formatis oftenusedin digital camerasand camcordersto capturesmall, easily transferable
motion video clips. It is also the compression format used to create Video CDs. In addition, The
well-known MP3 audio format is part of the MPEG1 codec.
MPEG2
MPEG2 format, a video standard developed by MPEG group, is often used in digital TVs, DVD
movies and in SVCDs.It is not a successorforMPEG1,but an addition instead. both ofthese formats
have their own purposes in life. MPEG1 is meant for medium-bandwidth usage and MPEG2 is
meant for high-bandwidth/broadband usage.
MPEG4
MPEG4, the latest compression method standardized by MPEG group, is used for both streaming
and downloadable web content, and is also the video format employed by a growing number of
portable video recorders. One of the best-known MPEG4 encoders is DivX which since version 5
has been fully standard-compliant MPEG4 encoder.
MPEG7
MPEG7 doesn't itself offer any new encoding features and it is not meant for representing
audio/video content, unlike its siblings MPEG1, MPEG2 and MPEG4. Instead, it offers metadata
information for audio and video files, allowing searching and indexing of audio/video data based
on the information about the content instead of searching the actual content bit stream.
MPEG7 is based on XML and therefor is universal and all the existing tools that support XML
parsing should be able to read the data as well, provided that they can ignore binary parts of the
file. MPEG7 is not used at the moment, but it is under serious development and standardization
process at the moment and hopefully we see first fully featured MPEG-7 tools within few years.
MOV
MOV is a file extension used by the QuickTime-wrapped files. QuickTime Content (.mov, .qt),
developedby Apple Computer,is a file format forstoring and playing back movies with sound. This
flexible format isn't limited to Macintosh operating systems.
It's also commonly used in Windows systems, and other types of computing platforms.
16. RA
RA stands for Real Audio. RA is a Real Media audio file extension, indicating a file readable by the
RealOne Media Player.
RM
RM stands for Real Media. Real Media is one of the most popular formats for streaming content on
the Internet, RealMedia includes the RealAudio codec for sound clips and RealVideo codec for
movies. RealAudio and RealVideo files are often given the common RealMedia ".RM" file extension.
RealMedia files areoftenheavily compressedso theycan streamoverdial-up Internet connections.
RMVB
RMVB stands for Real Media Variable Bitrate. RMVB is commonly used to contain Real Video 9 and
RA (RealAudio).
WMV
WMV stands for Windows Media Video. WMV, developed by Microsoft, is a generic name of
Microsoft's video encoding solutions and doesn't necessarily define the technology what it uses. In
WMV7, Microsoft has used its own flavour of MPEG4 video encoding technology. You can use a
.wmv file either to download and play files or to stream content. Windows Media Video is used for
both streaming and downloading content via the Internet. Microsoft's Windows Media Player, a
application bundled with Windows XP operating systems, lets you playback and manage a range
of audio and video file types, including, of course, WMA and WMV.
DivX
It is video encoding technology, released by company called DivXNetworks. The DivX codec is
basedonthe MPEG-4 compressionstandard.This codec is so advancedthat it canreducean MPEG-
2 video (the same format used for DVD or Pay-Per-View) to ten percent of its original size.
XviD
XviD is an ISO MPEG4 compliant video codec. It's not a product but an open source project which
is developed and maintained by people around the world. XviD, like many other MPEG4 formats,
can be played with certain MPEG4 compatible, stand-alone DVD/DivX/XviD players
2.1.3 Encoding Techniques
Popular digital Video frames encoding techniques used today are least significant bit (LSB)
encoding and masking and filtering techniques. The video is separated into frames of images.
Least significant bit (LSB) encoding is by far the most popular of the coding techniques used for
digital images. By using the LSB of each byte (8 bits) in an image for a secret message, you can
17. store 4 bits of data in each pixel for 32-bit image, 3 bits of data in each pixel for 24-bit images
and 1 bit in each pixel for 8-bit images. As you can see, much more information can be stored in
a 32-bit and 24-bit image file.
Picking a Good Medium
As important as the steganographic technique is, equally important is the choice of the cover
Video . In LSB Embedding, a poor choice of cover video can lead to a stego -video that is easily
differentiable from the original.
Video formats can be divided into two broad categories, lossy and lossless (Johnson & Jojodia,
1998). Lossey videos have lossy image frames and are those formats, which loses some of the
image‘s data when stored. Since LSB Embedding spreads the hidden message throughout the
image‘s data, the loss of the image‘s data by compression would lead to the lost of parts of the
hidden message. On the other hand, lossless images are suitable for LSB Embedding, since the
integrity of the image data is preserved. But not all lossless videos are good candidates as
a cover image. 32-bit and 24-bit bitmaps, as well as gray scale images and other color images
with small variations in its palette are good candidates as cover videos.[6]
A typical 32 bit video frame of picture of width=n pixels and height = m pixels can be represented
by an m x n matrix of pixels.
2.1.4 LSB randomization techniques
Sequential LSB technique was very much prone to vulnerability. Since the secret message is
placed sequentially in one area on the cover video, the possibility of attracting attention of
attackers would be high. Therefore, in order to make LSB more robust, the best cure is LSB
randomization technique. LSB randomization, in which the secret data are, spread out among the
image data in a seemingly random manner. This can be achieved if both the sender and receiver
share a secret key (stego-key). They can use this key to generate pseudo-random numbers,
which will identify where, and in what order the hidden message is laid out. LSB randomization
makes it difficult for an attacker knows that there is a secret message to figure out the
message. It also makes it harder to determine that there was a secret message in the first place.
The reason is because the randomness makes the embedded message seem more like noise during
statistical analyses than in the sequential method.
2.2 Cryptography
2.2.1 Introduction
Encryption and decryption:
18. Data that can be read and understood without any special measures is called plaintext or
cleartext. The method of disguising plaintext in such a way as to hide its substance is called
encryption. Encrypting plaintext results in unreadable gibberish called ciphertext. You use
encryption to ensure that information is hidden from anyone for whom it is not intended, even
those who can see the encrypted data. The process of reverting ciphertext to its original plaintext
is called decryption.
Figure 2.1 Encryption and Decryption
What is cryptography?
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography
enables you to store sensitive information or transmit it across insecure networks (like the
Internet) so that it cannot be read by anyone except the intended recipient. While cryptography is
the science of securing data, cryptanalysis is the science of analyzing and breaking secure
communication. Classical cryptanalysis involves an interesting combination of analytical
reasoning, application of mathematical tools; pattern finding, patience, determination, and luck.
Cryptanalysts arealso called attackers. Cryptologyembracesbothcryptographyand Cryptanalysis.
History of Cryptography
Messages were first encrypted in ancient Egypt as a result of hieroglyphics. The Egyptians
encrypted messages by simply replacing the original picture with another picture. This method of
encryption was known as substitution cipher. In this method, each letter of the clear text message
was replaced by some other letter, which results in an encrypted message or cipher text.
For example, the message:-WELCOME TO THE WORLD OF CRYPTOGRAPHY
can be encrypted by using substitution cipher as
XFMDPNF UP UIF XPSME PG DSZQUPHSBQIZ
19. In the preceding example, each letter of the plaintext message has been replaced with the next
letter in the alphabet. This type of substitution is also known as Caesar cipher. Caesar cipher is an
example of shift cipher because it involves shifting each letter of the plaintext message by some
number of spaces to obtain the ciphertext. For example, if you shift the letters by 5, you get the
following combination of plaintext and ciphertext letters:
Plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
However, simple substitution ciphers are not a very reliable type and can easily be broken down.
In such a case, an alternative way is to use multiple alphabets instead of one alphabet.
This type of a cipher, which involves multiple cipher alphabets, is known as a polyalphabetic
substitution cipher. An example of the polyalphabetic substitution cipher is the Viennese cipher.
With the recent advances in mathematical techniques, there has acceleration in the development
of newer methods of encryption. Today, cryptography has emerged so powerful that it is
considered rather impossible to break some ciphers.
Cryptography has now become an industry standard for providing information security, trust,
controlling access to resources, and electronic transactions. Its use is no longer limited to just
securing sensitive military information. In fact, cryptography is now recognized as one of the
major components of the security policy of an organization.
2.2.2 Types of Cryptographic Algorithms
There are different ways of classifying the Cryptographic Algorithms. In this project, they are
categorized based on the number of keys that are employed for encryption/decryption process.
The main two algorithms are:
1. Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
2. Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
20. Figure 2.2 Cryptographic algorithms
Secret Key Cryptography
With secret key cryptography, a.k.a symmetric cryptography, a single key is used for both
encryption and decryption. As shown in Figure x, the sender uses the key (or some set of rules) to
encrypt the plaintext and sends the cipher text to the receiver.
The receiver applies the same key (or rule set) to decrypt the message and recover the plaintext.
Because a single key is used for both functions, secret key cryptography is also called
symmetric encryption. With this form of cryptography, it is obvious that the key must be known to
boththe senderandthe receiver;that, in fact, is thesecret. The biggest difficulty with this approach,
of course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers
or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and
implement someformoffeedback mechanism so that the key is constantly changing. A block cipher
is so-called because the scheme encrypts one block of data at a time using the same key on each
block.
In general, the same plaintext block will always encrypt to the same cipher text when using the
same key in a block cipher whereas the same plaintext will encrypt to different cipher text in a
stream cipher.
21. Public key Cryptography
Public-key cryptography has been said to be the most significant new development in
cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford
University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper
described a two-key crypto system in which two parties could engage in a secure communication
over a non-secure communications channel without having to share a secret key.
PKC depends upon the existence of so-called one-way functions, or mathematical functions that
are easy to computer whereas their inverse function is relatively difficult to compute. The
following two are widely used examples:
1. Multiplication vs. factorization: The multiplication of two numbers to get a third
is a relatively trivial job when compared to the reverse process of factoring it back to
its factors. An effort concluded in 2009 by several researchers factored a 232-digit number
(RSA-768), utilizing hundreds of machines over a span of 2 years. This computational
difficulty is also called integer factorization problem (IFP) [5].
2. Exponentiation vs. logarithms: this is another good example of a mathematically
hardproblem. The computation of the power of a number is relatively easy to the reverse
process of computing that number from its exponent value via logarithmic computation.
This problem is widely known as the Discrete Logarithm problem (DLP) and it has been
under significant use since its introduction in Deffie-Hellman‘s research on public key
cryptography during the 1970s. Now it is used in many public key cryptographic
algorithms such as the RSA encryption and digital signature scheme.
The mathematical "trick" in PKC is to find a trap door in the one-way function so that the
inverse calculation becomes easy given knowledge of some item of information. (The problem
is further exacerbated because the algorithms don't use just any old integers, but very large prime
numbers.) Generic PKC employs two keys that are mathematically related although knowledge of
one key does not allow someone to easily determine the other key. One key is used to encrypt the
plaintext and the other key is used to decrypt the ciphertext. The important point here is that it
does not matter which key is applied first, but that both keys are required for the process to work.
Because a pair of keys is required, this approach is also called asymmetric cryptography.
Chapter 3
System Design
This chapter illustrates the designs of the subsystems Steganography, Cryptography and the
combination of both using diagrams as well as description. In addition to this, the graphical user
interface (GUI) of the software will be described.
22. 3.1 Steganography Design process
The diagram below shows and describes Steganographic hiding technique of video steganography
that will be implemented in our project.
The Block Diagram for sender side:
The Block Diagram at Reciever side
select cover
video
secret
message
Frames encrypted using
LSB method of
embedding
Video splitting to
frames
Audio and
other frames
stego-frames
stego-video
key
stego video file
23. The procedure for secret data hiding using Steganographic Techniques will be discussed as
follows:
1. A cover Video is selected and split into frames of images
There are two ways to enter the cover video to be used
I. From File by browsing
II. From Text Area of direct input from user
2. The Sender uses the Steganography System to Hide the Secret Data inside the Cover frames
taken from the video using the Stego-key. There are three Inputs:
a. Secret Data: this is a plaintext ,image or video which is going to be concealed in the byte
positions of the Cover frames taken from cover video. The size of the data to be hidden is
determined by the size of the Cover Video frames.
There are two ways to enter the secret message into the Steganography:
I. From File by browsing
II. From Text Area of direct input from user
video splitting
Audiostego-frames to be
extracted
secret
message
frames
cover Video
key
24. b. Cover Video: For many reasons discussed on the literature background the Video has to
be lossless. AVI format of video is used in our case.
c. Stego-Key: this has got size of 8 byte and it‘s used mainly to generate the Secret key
for the Cryptography and to generate the random numbers for LSB randomization.
3. The sender sends the Inputs to the Embedding phase for data embedding, in which the Secret
data embedded into the Image frames.
4. In embedding and encryption phase, the Secret data is embedded into random LSBs of
Cover Image frames randomized by a seed generated from the Stego-Key. The output of the
Embedding Phase will be the Stego-Image. Then Stego image and the audio forms the stego-video
5. The Stego-video will be used as an input into the Extracting phase at the receiver side.
6. In the Extracting and Decoding phase the Secret Data will be revealed from the Stego video
by splitting the video into frames and audio.
7. The Extracting and decoding phase extracts the original Secret Data from the Stego-video
frames using the randomized LSB technique and the key shared by with the sender.
The three phases mentioned in the above diagram will be discussed textually as follows:
1. The Splitting of video into image frames phase
2. Embedding phase
3. Extracting Phase
3.1.1 The splitting of Cover Video into Frames Phase
The extraction process is as discussed in flow chart figure 2. It is very important to split frames
from video because each frames will hide a binary image of image matrix. The flow chart starts
from the input video.
After insertion ofa video, total numberof frames will be counted by calling a function get().Get()
function has a syntax by which it gives the detail of total number of frames available in the video.
Now the challenge is if the total number of frames is less than or equal to the total number of
image matrix which get by the image to be hide, then steganography process cannot be done.
After the getting number of frames it will store in the variable named numberOfFrames. The
next step is to extract all frames present in the video. By applying a for loop and extract the
number of frames from video. The for loop will be start from 1 and end to numberOfFrame.
Inside the for loop, extract cdata of the video by calling function vidFrames ().After getting the
25. video frames cdata we are using imwrite () function to write the frames in the image format in
our current directory. In flow chart only steps are explained.
Fig: Flowchart of splitting frames from Video
3.1.2 The Embedding Phase
The LSB Technique
The least significant bit i.e. the eighth bit inside an imageis changed to a bit of the secret message.
When using a 24-bit image, one can store 3 bits in each pixel by changing a bit of each of the red,
green and blue colour components,since they are each represented by a byte. An 800×600 pixel
image, can thus store a total amount of 1,440,000 bits or 180,000 bytes of embedded data. As an
example, suppose that we have three adjacent pixels (9 bytes) with the RGB encoding.
10010101 00001101 11001001
10010110 00001111 11001011
10011111 00010000 11001011
When the number 300, can be which binary representation is 100101100 embedded into the least
significant bits of this part of the image frame. If we overlay these 9 bits over the LSB of the 9 bytes
above, we get the following (where bits in bold have been changed)
10010101 00001100 11001000
26. 10010111 00001110 11001011
10011111 00010000 11001010
Here the number 300 was embedded into the grid, only the 5 bits needed to be changed according
to the embedded message. On average, only half of the bits in an image will need to be modified to
hide a secret message using the maximum cover size. Since there are 256 possible intensities of
each primary colour, changing the LSB of a pixel results in small changes in the intensity of the
colours.
The embedding phase uses three types of Inputs for embedding purpose. One is the Secret
Data which is to be transmitted securely, the other is a Cover frames splitted from cover video
which is the carrier, and the Stego-key which is used for two purposes: to generate the Seed
and the Secret key.
In the Embedding phase the data is embedded into the Cover frames using randomized “Least
Significant Bit algorithm(LSB)” by which the least significant bits of the secret document are
arranged with the random bits of Cover Image, Such that the message will be merged with bits of
the image.
Here it is not only the Secret Data which is going to be hided in the Cover Image but also
additional information is going to be embedded such as:
I. Seed: generated from the Stego-Key for LSB randomization. It will be embedded in a fixed offset
on the Cover frames (which is the first 64 bits)
II. Secret key: used as a key for the encryption algorithm
embedding
27. stego-frame
Sample Cover Frame
3.1.3 Extracting Phase
The Extraction is reveres to the Embedding phase. The Stego-video will be taken as an input. Using
the Steganographic techniques the embedded Secret Data will be extracted.
The randomizing Seed which is embedded in the first 64 bit offset of the Stego-Video will
be extracted beforehand. And then the other information will be extracted using the
randomized LSB technique (the seed used to randomize the byte positions of the Stego-video
frames).
Activation Diagram
The sender sends the message to the receiver using three phases. Since we are using the
Steganographic approach for transferring the message to the destination, the sender sends Secret
Data, Stego-Key, and Cover Video to the primary phase i.e., to Embedding Phase. The
Secrete
Message
stego key
28. Embedding Phase uses the embedding algorithm by which the Stego Video is generated. The
Embedding Phase generates the Stego video as output. The Extraction Algorithm takes the Stego
Video to produce the original Secret data. Finally the Receiver receives the message sent from the
Sender.
Figure: Activity Diagram
3.2 Design of Cryptographic part
The application of cryptography is used in the project into ways , sharing of the key and
encryption/decryption using RSA algorithm.
In this project key sharing is done through secure channel. The secure channel can be through
mobile call/phone, or SMS text message. The sender generates a key for encryption and this is sent
to the receiver to be used for decryption.
3.2.1 The RSA Algorithm
29. The pioneeringpaperbyDiffie andHellman [DIFF76b]introducedanewapproach to cryptography
and, in effect, challenged cryptologists to come up with a cryptographic algorithm that met the
requirements for public-key systems. A number of algorithms have been proposed for public-key
cryptography. Some of these, though initially promising, turned out to be breakable.[8] One of the
first successful responses to the challenge was developed in 1977 by
Ron Rivest, Adi Shamir, and Len Adleman at MIT and first published in 1978[RIVE78].[9]
The Rivest-Shamir-Adleman (RSA) scheme has since that time reigned supreme asthe most widely
accepted and implemented general-purpose approach to public-key encryption. The RSA scheme
is a block cipher in which the plaintext and ciphertext are
integers between 0 and n-1 for some n. A typical size for nis 1024 bits, or 309 decimal digits. That
is, n is less than 21024 . Weexamine RSAin this sectionin some detail, beginning with an explanation
of the algorithm. Then we examine some of the computational and cryptanalytical implications of
RSA.
RSA makes useofan expressionwith exponentials. Plaintext is encryptedin blocks, with eachblock
having a binary value less than some number n. That is, the block size must be less than or equal to
log2(n)+1; in practice, the block size is i bits, where 2i <n≤2i+1. Encryption and decryption are of
the following form, for some plaintext block Mand ciphertext block C.
Both sender and receiver must know the value of n. The sender knows the
value of e, and only the receiver knows the value of d. Thus, this is a public-key
encryption algorithm with a public key of PU={e,n} and a private key of PR={d,n}.
Forthis algorithm to be satisfactory forpublic-key encryption, the following requirementsmust be
met.
1. It is possible to find values of e,d,n such that Med mod n=M for all M<n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M<n.
3. It is infeasible to determine d given e and n.
For now, we focus on the first requirement and consider the other questions later. We need to find
a relationship of the form Med mod n=M
30. The preceding relationship holds if e and d are multiplicative inverses modulo φ(n), where φ(n) is
the Euler totient function. For p, q prime,φ(pq) =(p-1)(q-1). The relationship between e and d can
be expressed as
ed mod φ(n)=1
That is equivalent to saying
ed =1 mod φ(n)
d=e-1 mod φ(n)
That is, e and d are multiplicative inverses mod f(n). Note that, according to the rules of modular
arithmetic, this is true only if d(and therefore e) is relatively prime to φ(n).
We are now ready to state the RSA scheme. The ingredients are the following:
The private key consists of {d, n} and the public key consists of {e, n}. Suppose that user A has
published its public key and that user B wishes to send the message M to A. Then B calculates C=Me
mod n and transmits C. On receipt of this cipher text, user A decrypts by calculating M=Cd mod n.
The Security of RSA
Four possible approaches to attacking the RSA algorithm are:
• Brute force: This involves trying all possible private keys.
• Mathematical attacks: There are several approaches, all equivalent in effort to factoring
the product of two primes.
• Timing attacks: These depend on the running time of the decryption algorithm.
• Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
The defense against the brute-force approach is the same for RSA as for other cryptosystems,
namely, to use a large key space. Thus, the larger the number of bits in d, the better. However,
because the calculations involved, both in key generation and in encryption/decryption, are
complex, the larger the size of the key, the slower the system will run.
31. Although the timing attack is a serious threat, there are simple countermeasures that can be used,
including the following.
• Constant exponentiation time:Ensure that all exponentiations take the same amount of time
before returning a result. This is a simple fix but does degrade performance.
• Random delay:Better performance could be achieved by adding a random delay to the
exponentiation algorithm to confuse the timing attack. Kocher points out that if defenders don’t
add enough noise, attackers could still succeed by collecting additional measurements to
compensate for the random delays.
• Blinding:Multiply the ciphertext by a random number before performing exponentiation. This
process prevents the attacker from knowing what ciphertext bits are being processed inside the
computer and therefore prevents the bit-by-bit analysis essential to the timing attack.
The counter measure for CCA attacks is optimal asymmetric encryption padding (OAEP)#stalling
book
3.3 Graphic User Interface (GUI)
The software named Video steganography for e-governance contains a java implemented graphic
user interfaces. At the sender
Browse for selecting and direct input Text area for secret file
Browse for selecting a cover video
Button for encrypting
key for sender to enter
At the Receiver
Browse for selecting stego-video
Button for decrypting
key for receiver to enter
Text area to show the decoded message
Chapter 4
4. Implementation
In this project the whole software design, implementation is done using Java programming
language. In this chapter pseudo codes and algorithms for LSB technique and RSA
Encryption/Decryption will be discussed.
32. The modules discussed in this project implementations are
1. Splitting video to frames
2. encryption and embedding of secret message lsb
3. decryption and extraction of secret message
4.1 Java Technology
Initially the language was called as “oak” but it was renamed as “Java” in 1995. The primary
motivation of this language was the need for a platform-independent (i.e., architecture neutral) language
that could be used to create software to be embedded in various consumer electronic devices.
Java is a programmer’s language.
Java is cohesive and consistent.
Except for those constraints imposed by the Internet environment, Java gives the programmer,
full control.
Finally, Java is to Internet programming where C was to system programming.
4.1.1 Importance of Java to the Internet
Java has had a profound effect on the Internet. This is because; Java expands the Universe of objects that
can move about freely in Cyberspace. In a network, two categories of objects are transmitted between
the Server and the Personal computer. They are: Passive information and Dynamic active programs. The
Dynamic, Self-executing programs cause serious problems in the areas of Security and probability. But,
Java addresses those concerns and by doing so, has opened the door to an exciting new form of program
called the Applet
Java AWT
Java programming language class library provides a user interface toolkit called the Abstract Windowing
Toolkit, or the AWT. The AWT is both powerful and flexible.
Because the Java programming language is platform-independent, the AWT must also be platform-
independent. The AWT was designed to provide a common set of tools for graphical user interface design
33. that work on a variety of platforms. The user interface elements provided by the AWT are implemented
using each platform's native GUI toolkit, thereby preserving the look and feel of each platform. This is
one of the AWT's strongest points.
RSA PSEUDOCODE
1. Generate two large prime numbers (P and Q).
2. Calculate N=PQ
. 3. Calculate M= phi(N) = (P-1) (Q-1).
4. Select any integer E, the rules to select E are:
a. E should be positive integer.
b. 0<E<m
c. GCD (M,E)=1
5. Calculate D (the mod inverse of E).
(E*D)= 1(mod M)
(E*D) mod M=1
A. Lsb Based Steganography
Pseudo code to embed text message:-
Step 1: Read the cover image and text message which is to be hidden in the cover image.
Step2: convert the color image into grey image.
Step 3: Convert text message in binary.
Step 4: Calculate LSB of each pixels of cover image.
Step 5: Replace LSB of cover image with each bit of secret message one by one.
Step 6: Write stego image
34. Algorithm to retrieve text message
Step 1: Read the stego image.
Step 2: Calculate LSB of each pixels of stego image.
Step 3: Retrieve bits and convert each 8 bit into character.
Step 3: The cover image is broken into 8×8 block of pixels.
Step 4: Working from left to right, top to bottom subtract 128 in each block of pixels.
Step 5: DCT is applied to each block.
Step 6: Each block is compressed through quantization table.
Step 7: Calculate LSB of each DC coefficient and replace with each bit of secret message.
Step 8: Write stego image.
Algorithm to retrieve text message:-
Step 1: Read stego image
Step 2: Stego image is broken into 8×8 block of pixels.
Step 3: Working from left to right, top to bottom subtract 128 in each block of pixels.
Step 4: DCT is applied to each block.
Step 5: Each block is compressed through quantization table.
Step 6: Calculate LSB of each DC coefficient
35. Chapter 5
Results Conclusion and Recommendation
5.1 Results
5.2 Conclusion
5.3 Recommendation
References
[1] BS ISO 27002: 2005
[2] http://support.microsoft.com/kb/24071
[3] Mercuri RT(2004) The many colours of multimedia security. community of ACM 47(22)
[4] Despende Neeta, Kamalur snchal,Daisy Jacobs: Implementation of LSB Steganography and
its Evaluation for various bits ,2001
[5] Kleinjung, et(2010-02-18) Factorization of 768 – Bit RSA algorithm
36. [6] Leo Lee ,LSB steganography: Information with in information science 256 section 2 Professor
Stamp April 5,2004
[10] https://en.wikipedia.org/wiki/Flash_Video