Encryption & steganography in i pv6 source address


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Encryption & steganography in i pv6 source address

  1. 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME315ENCRYPTION & STEGANOGRAPHY IN IPv6 SOURCE ADDRESSMustafa Alaa Qasim1, Dipak Pawar21(Research Scholar, Department of Computer Engineering, VIT College, University of Pune,Pune, India)2(Asst. Prof., Department of Computer Engineering, VIT College, University of Pune, Pune,India)ABSTRACTSteganography is the process of hiding a secret message in covert channel that isdifficult to detect the existence of secret message. Covert channel is a secret communicationchannel used for transmitting information. Steganography within the source address fields ofInternet Protocol Version 6 (IPv6) packets create a covert channel in which secret messagesare passed from one side to another. Cryptography is the conversion of data into a secret codefor transmission over a public network. The feature of Steganography over cryptography isthat messages which not attract attention to themselves, whereas cryptography protects thecontents of a message. Steganography can protect both messages and communicating parties.keywords: Covert Channel, Steganography, Cryptography.I. INTRODUCTIONSteganography is very old art of embedding private messages in seemingly innocuousmessages in a way that prevents the detection of the secret messages by a third party.Similarly, Steganography means establishing covert channels. A covert channel is a secretcommunication channel used for transmitting information [1]. Steganographic methodsoperate in two steps: First, a cover object is analyzed to determine to what extent it can bemodified so that the medications will not be easily observable, second: the message bits areinserted into the cover object by making changes replaced by the message bits to create analtered cover object [2]. TCP/IP header fields such as type of service, IP Identification field,fragment offset, option etc. may be used to embed steganographic data and use assteganographic carriers [3,4]. Internet protocol version 6 (IPv6) is the “next generation”internet protocol which is set slowly, merge and ultimately replace IPv4. If the worldINTERNATIONAL JOURNAL OF COMPUTER ENGINEERING& TECHNOLOGY (IJCET)ISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online)Volume 4, Issue 2, March – April (2013), pp. 315-324© IAEME: www.iaeme.com/ijcet.aspJournal Impact Factor (2013): 6.1302 (Calculated by GISI)www.jifactor.comIJCET© I A E M E
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME316continues at its current rate of adding 170 million IP addresses per year for new hosts whichconnect the Internet, people will exhaust the current address space available for IPv4 in 7.5years. This is the main driving force behind the push to switch to IPv6 [5]. An IPv6 packetheader consists of the fields shown below in Figure 1.Version( 4 Bit )Traffic class( 8 Bit )Flow Label ( 20 Bit )Payload Length( 16 Bit )Next Header( 8 Bit )Hop Limit( 8 Bit )Source Address( 128 Bit )Destination Address( 128 Bit )Fig.1 IPv6 HeaderMany covert channels can be selected in IPv6 header such as traffic class, flow label,payload length, next header, hop limit and source address [6]. The IPv6 specifications [7]along with the privacy extensions for the stateless address auto configuration featureintroduces the possibility of embedding a significant amount of secret data into the sourceaddress field. The packet header will likely be undetectable to an uninformed observer. Thesource address is a 128-bit field, which is intended to contain the universally unique internetaddress of the originator of the packet. The privacy extensions proposed for IPv6 rely on therandom generation of a 64-bit portion of the 128-bit source address, the expectation that thebuilt-in randomness will create a shield of entropy, which should effectively hide anyenclosed message [5]. Cryptography can be defined as secret writing. The basic service thatcryptography offers is the ability of transmitting information among people in a way thatprevents a third party from reading it. Cryptographic systems usually involves both analgorithm and secret key. The reason for having a secret key is keeping the algorithm secretin a very difficult way to view [1].II. RELATED WORKOne of the most common ways of sending messages in modern times, is through theuse of the internet [5]. The TCP/IP header can be used as a carrier for a steganographic covertchannel. The Steganographic covert channels depend on modification of network protocolheader values. In TCP Header, there are many possible hidden channels such as PAD(padding bits) with bandwidth 31 bits/packet, usage of chosen ISN (initial sequence number)with 32 bits per connection, usage of urgent pointer when URG=0-16 bits/packet, usage ofreserved bits with 6 bits/packet, and existence of data whenRST=1and Port numbers as analphabet (→) [3,4].
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME317Source PortDestination PortSequence NumberAcknowledgment NumberHeaderLengthReservedCodebits WindowChecksumUrgent PointerChecksumPaddingFig.2 TCP HeaderIn IPv6 header, there are many possible hidden channels such as traffic class (set afalse traffic class), flow Label (set a false flow label), payload Length (increase value toinsert extra data), next header (set a valid value to add an extra extension header), hop limit(increasing or decreasing value of hop limit) and source address (set a false source address)[6]. IPv6 address is 128 bits consist of two parts: network prefix 64 bit and interface identifier64 bit which is host ID part.Fig.3 IPv6 Source addressNetwork prefix has two parts : global routing prefix 48 bit and subnet ID 16 bit.Fig.4 IPv6 Source AddressIPv6 source address is used as a covert channel by two methods: first, encodingmessages through MAC address (Passive Injection) and this is subdivided into long MACencoding and short MAC encoding, second is encoding messages through packet creation(Active Injection). The packets spoofed source address contains the secret message created
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME318by the program which is injected into the network solely for sending the secret message. Allthese methods use 64 bit interface identifier in IPv6 source address only to hide the secretmessages [5]. Therefore; if we select source IPv6 address then we can hide 8 bytes of data ina IPv6 packet. This kind of message hiding, is difficult to detect; but if it is detected, then themessage can be easily extracted because cryptography is not applied.III. PROPOSED METHOD: AES STEGANOGRAPHYIn this Method, encryption is used to encode the text (which is now encryptedmessage), it will be injected into source address covert channel of IPv6 packet.The Advanced Encryption Standard (AES) algorithm is a symmetric block cipher that canprocess data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits,will be used in this method. The key size used for an AES cipher specifies the number ofrepetitions of transformation rounds that convert the input called the plaintext into the finaloutput, which is called the cipher text [8]. The number of cycles of repetition are as follow:• 128-bit keys: 10 cycles of repetition.• 192-bit keys: 12 cycles of repetition.• 256-bit keys: 14 cycles of repetition.Each round consists of several processing steps, including one that depends on theencryption key itself. A set of reverse rounds are applied to transform ciphertext back into theoriginal plaintext by using the same encryption key.Message " Vishwakarma Institute of Technology affiliated to the University of Pune " isa plain text, it will be encrypted by using AES algorithm. The cipher text will be:"gYKVPmH2C6/jgUvBXHN6PaOAe7swxbmMFOgnfU3Sx0tBkWAbqwnKig/t1nfR+JoG2j2hL7dzM7xlBdUqeCwQbJRxptuV2UmJQ41mL2VFDIU="After that, this Cipher text will be converted to hexadecimal in order to match IPv6 sourceaddress format. It is shown below:67594b56506d4832764258484e36506178626d4d464f676e74426b5741627177316e66522b4a6f47647a4d37786c0d0a7751624a527870745134316d4c325646The message will be divided into four parts each part Contains 64 bits (16 Character):Part 1 : 6759:4b56:506d:4832Part 2: 7642:5848:4e36:5061Part 3: 7862:6d4d:464f:676ePart 4: 7442:6b57:4162:7177Part 5: 316e:6652:2b4a:6f47Part 6: 647a:4d37:786c:0d0aPart 7: 7751:624a:5278:7074Part 8: 5134:316d:4c32:5646
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME319Each part will be injected into interface identifier (64 bit)of IPv6 packet. When usingIPv6 source address steganography, the sender will not know whether the packet delivered todestination or not, because the three way handshake will not be completed due to fake sourceaddress, so the acknowledgement from receiver will not reach the real source address(Sender). The network prefix (64 bit) contains four places, the last place is for the subnet IDwhich will be used as a sequence number for the message by assigning a number to each partstarting from 0 to 7 and also count of total number of packets sent by sender. Proposedmethod includes sequence number which is useful on receiver side to track the packets sentby sender. The receiver will receive the packets with sequence number. In case of any loss inany packet, destination can inform the sender about missing part of the message to re-transmit.This method is used with two types of IPv6 address :Site Local: (FEC0:0000:0000:1111: 200:5aee:feaa:20a2) and Global. IPv6 Internetaddresses (2001:4860:b002:1820: 200:5aee:feaa:20a2)Both Sites Local and Global subnet ID are used, so we can use this part for sequence packet.N.W Prefix Interface IdentifierSubnet IDPart 1: feca:0000:0000:7a8:6759:4b56:506d:4832Part 2: feca:0000:0000:6a8:7642:5848:4e36:5061Part 3: feca:0000:0000:5a8:7862:6d4d:464f:676ePart 4: feca:0000:0000:4a8:7442:6b57:4162:7177Part 5: feca:0000:0000:3a8:316e:6652:2b4a:6f47Part 6: feca:0000:0000:2a8:647a:4d37:786c:0d0aPart 7: feca:0000:0000:1a8:7751:624a:5278:7074Part 8: feca:0000:0000:0a8:5134:316d:4c32:5646IV. PROGRAMMERS DESIGNExisting system performs communication between two parties by using IPv6 sourceaddress as covert channel. If third party extracts data, the message will be directly exposed tointruder. Hence, more level of security is required. That can be achieved by usingcryptography. Therefore; steganography is followed by cryptography approach for bettersecurity. A cryptography techniques are shown in this table:Algorithm Type SecurityRC4 Private MediumBlowfish Private MediumAES Private HighRSA Public HighTable 1 Cryptography Algorithm
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME320AES algorithm with private key, is suitable due to design and strength of all keylengths of the AES algorithm (i.e., 128, 192 and 256). These are sufficient to protectclassified information up to the secret level. Top secret information will require the use ofboth the 192 or 256 key lengths. The implementation of AES in products intends to protectnational security systems and/or information.Input at Sender Side– Cover medium(C): IPv6 packet (IPv6 Source Address field)– Private Key for AES encryption– Secret Message(M)Output at Receiver End– Cover Medium(C): IPv6 packet (IPv6 Source Address field)– Private Key for AES decryption– Secret Message(M)Sender Site Algorithm1. Accepting the message from the user(Plaintext).2. Applying AES encryption algorithm with Private Key on plaintext to produce ciphertext.3. Converting the Ciphertext to Hex to match IPv6 Source Address formatting.4. Calculating the number of IPv6 packets.5. Creating IPv6 packet(s) and assign a sequence number to each packet.6. Hiding the hex in covert channel IPv6 source address.7. Sending all packets to receiver.Receiver Site Algorithm2. Receiving packets; and collecting them according to the sequence number.3. Analyzing packet one by one. Fetching data of IPv6 source address.4. Collecting all these encrypted data to form ciphertext.5. Applying AES decryption algorithm using same Private key by sender on the ciphertext toproduce plaintext.6. Arrange plaintext data according to packet sequence to form a secret messageV. ARCHITECTURE DESIGNWe are showing secure model of AES Steganography.Crypto, AES system input Consist of:1. Secret message.2. Private Key.Output: AES Crypto message Ct.AES Steganography input:1. IPv6 Packet.2. Crypto message Ct.Output: AES-Steganography packets.
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME321Fig.5 Architecture designVI. RESULTS AND DISCUSSIONThis project is implemented in JAVA.JAVA open source library i.e. jpcap is used tocapture and send IPv6 packets. This project is performed on Windows 7 platform. Wiresharkprotocol analyzer software is used to monitor the traffic generated from project. For securityon secret data cryptography by using AES algorithm is also applied. To run this project atfirst receiver opens the communication device as shown in figure 6. Then sender will acceptsecret message from user and perform Steganography and cryptography and send themessage as shown in figure 7. Then receiver accepts packets, arrange them according tosequence number then apply decryption and display secret message to receiver as shown infigure 8.Fig.6 Receiver Site(Open communication device)
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 09766367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, MarchComputer Engineering and Technology (IJCET), ISSN 09766375(Online) Volume 4, Issue 2, March – April (2013), © IAEME322Fig.7 Sender SiteFig.8 Receiver SiteComputer Engineering and Technology (IJCET), ISSN 0976-April (2013), © IAEME
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME323VI.I MATHEMATICAL MODELLets assume Y = 0.7 is the probability of detecting the cover media IPv6 sourceaddress.Lets assume X = 0.9 is the probability of detecting the message for Active injectionSteganography [5]..S = X * YS = 0.9 * 0.7S = 0.63 …… probability of detecting the messageLets assume X = 0.6 is the probability of detecting the message for Short MACencoding Steganography [5].S = X * YS = 0.6 * 0.7S = 0.42 …… probability of detecting the messageLets assume X = 0.7 is the probability of detecting the message for Long MACencoding Steganography [5].S = X * YS = 0.7 * 0.7S = 0.49 …… probability of detecting the messageLets assume X = 0.3 is the probability of detecting the message for Proposed Method(i.e. Steganography and Cryptography). We are assuming low probability for proposedtechnique because earlier techniques only consider Steganography whereas we are proposingSteganography followed by cryptography.S = X * YS = 0.4 * 0.7S = 0.28 …… probability of detecting the messageWe have kept Y constant and we are varying X because X depends on Steganographytechnique applied. Proposed method outperform existing methods in terms of security asshown in figure 9.Fig.9 Comparision Graph00. MACEncodingLong MACEncodingActiveInjectionProposedMethodProbabilty of detecting messageSecurity Level
  10. 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME324VII. CONCLUSIONIPv6 source address is used as a covert channel with capability of storing 64 bit perpacket with assigning a sequence number to each packet which is useful for receiver to trackthe packets, providing high level of security by applying AES with private key. ApplyingSteganography and cryptography reduce the probability of piracy from detecting themessages on the network. The proposed method can be applied when high level of security isrequired for example: Confidential communication for secret data, Military, etc.VIII. ACKNOWLEDGEMENTSWe thank Prof. Sandeep Shinde & Mr. Muhammad Hussein Mayud for their valuableguidance in carrying out our research work.REFERENCES[1] Richard Popa, "An Analysis of Steganographic Techniques", The PolitehnicaUniversity of Timisoara,1998.[2] Zoran Duric, Michael Jacobs, Sushil Jajodia, "Information Hiding: Steganography andSteganalysis", George Mason University2005.[3] Murdoch, S.J., and Lewis, S. "Embedding covert channels into TCP/IP",Informatioding,2005.[4] Kamran Ahsan. "Covert channel analysis and data hiding in tcp/ip". Masters thesis,University of Toronto, 2002.[5] Barret Miller, "Steganography in IPv6", University of Arkansas, 2008.[6] Lewandowski, Grzegorz, "Network-aware Active Wardens in IPv6". Dissertations,Syracuse University (2011). http://surface.syr.edu/eecs_etd/306[7] S. Deering, R. Hinden, "Internet Protocol Version 6(IPv6) Specification", RFC 2460.[8] National Institute of Standards and Technology. Advanced Encryption Standard (AES).Federal Information Processing Standards Publications –FIPS 197.[9] "en.wikipedia.org/wiki/Advanced_Encryption_Standard"[10] Fahim A. Ahmed Ghanem and Vilas M. Thakare, “Optimization of Ipv6 Packet’sHeaders Over Ethernet Frame”, International journal of Electronics and CommunicationEngineering & Technology (IJECET), Volume 4, Issue 1, 2013, pp. 99 - 111, ISSNPrint: 0976- 6464, ISSN Online: 0976 –6472.[11] Shamim Ahmed Laskar and Kattamanchi Hemachandran, “Steganography Based onRandom Pixel Selection for Efficient Data Hiding”, International journal of ComputerEngineering & Technology (IJCET), Volume 4, Issue 2, 2013, pp. 31 - 44,ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.