ISSN: 2277 – 9043                           International Journal of Advanced Research in Computer Science and Electronics...
ISSN: 2277 – 9043                         International Journal of Advanced Research in Computer Science and Electronics E...
ISSN: 2277 – 9043                          International Journal of Advanced Research in Computer Science and Electronics ...
ISSN: 2277 – 9043                              International Journal of Advanced Research in Computer Science and Electron...
ISSN: 2277 – 9043                             International Journal of Advanced Research in Computer Science and Electroni...
ISSN: 2277 – 9043                           International Journal of Advanced Research in Computer Science and Electronics...
ISSN: 2277 – 9043                         International Journal of Advanced Research in Computer Science and Electronics E...
Upcoming SlideShare
Loading in …5

114 120


Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

114 120

  1. 1. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012 Data Security and Authentication using Steganography and STS protocol 1 2 3 Shaik Riyaz J. Rajakala M RamaKrishnaAbstract: Steganography differs from cryptography in the For many years Information Hiding has captured thesense that where cryptography focuses on keeping the contents imagination of researchers. Digital watermarking andof a message secret, steganography focuses on keeping the steganography techniques are used to address digital rightsexistence of a message secret. Steganography and management, protect information, and conceal secrets.cryptography are both ways to protect information from Information hiding techniques provide an interestingunwanted parties but neither technology alone is perfect and challenge for digital forensic investigations. Informationcan be compromised. Once the presence of hidden informationis revealed or even suspected, the purpose of steganography is can easily traverse through firewalls undetected.partly defeated. The strength of steganography can thus beamplified by combining it with cryptography. This paper proposes a new approach to public-key In this paper, we design a system, which uses features of steganography based on matching method to hide the secretboth cryptography as well as steganography. We proposed a information inside 24-bit image file. In the proposedmethod which describes two stages for sending the method, the stego-key is generated by applying a publicinformation securely by using the Steganography based on key exchange protocol which is based on STS protocol.matching method and to perform key exchange using STSprotocol which guarantees authentication. This is done in Diffie-Hellman session key agreement is the first keyfollowing steps: exchange protocol, proposed by Diffie and Hellman. 1.Encrypt the message using any one of the popular Public- Diffie-Hellman key exchange by itself achieves perfectKey Encryption Algorithms, so that only authorized partiescan only be able to read the message. forward secrecy because no long-term keying material 2. Find and share stego-key between the two exists at the end of the session to be disclosed. However, itcommunication parties over insecure networks by applying does not provide authentication of the communicatingStation To Station(STS) Protocol. parties; hence it is vulnerable to a man-in-the-middle 3. Sender uses the secret stego-key to select pixels that it attack.will be used to hide the message obtained in first step. Eachselected pixel used to hide 8 bits of information. In order to fix the security flaw in the Diffie-Hellman protocol, the Station-To-Station (STS) protocol wasKeywords: Public-Key Cryptography, Steganography, Stego- proposed in [12]. To add authentication, the STS protocolkey, STS protocol. requires both the parties to have a pair of public keys for signature generation and verification, and to know a 1. INTRODUCTION publicly released symmetric key encryption. In contrast, note that the Diffie-Hellman protocol does not have these Steganography is the science of hiding selected assumptions. These assumptions can be included into theinformation from a third party. Therefore, steganography in protocol by sending public key certificates if the keys arecontrast with cryptography, where the existence of the not known in advance. In the STS protocol, STS protocolmessage is clear, but the meaning is obscured. uses signatures to authenticate the communicating parties.Steganography applications conceal information in other, It encrypts the signatures with the session keyseemingly innocent media. Steganographic results may subsequently to show the knowledge of this session key.masquerade as other file for data types, be concealed within However, signatures and certificates cause the messages tovarious media, or even hidden in network traffic or disk increase considerably in There are many ways in which information and datacan be exploited to conceal additional information. The goal of an authentication protocol is to provide the communicating parties with some assurance that they know Manuscript received July 20, 2012. each other’s true identities. In an authenticated key Shaik Riyaz M.Tech Student in CSE dept, A.S.R college of exchange, there is the additional goal that the two partiesEngineering,,Tetali,Tanuku,West Godavari end up sharing a common key known only to them. This(DT),Andhra Pradesh, India. J.Rajakala, Asst Prof in CSE dept, A.S.R college of Engineering secret key can then be used for some time thereafter, Tetali, Tanuku, West Godavari (DT),Andhra provide privacy, data integrity, or both. In this paper, wePradesh, India discuss the security of public-key based authentication M.Ramakrishna, M.Tech Student in CSE dept, Sana engineering protocols, with and without an associated key, kodad, Nalgonda(dt),AndhraPradesh,India We restrict our attention to two-party mutual 114 All Rights Reserved © 2012 IJARCSEE
  2. 2. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012authentication, rather than multi-party and one-way Diffie–Hellman key exchange is the most widely usedauthentication protocols. We assume that individual public key distribution system. Diffie–Hellman keyunderlying cryptographic mechanisms are not vulnerable, exchange is a specific method of exchanging cryptographicand restrict our attention to attacks on protocols themselves. keys. It is one of the earliest practical examples of keyAn enemy (attacker, intruder, adversary) can see all exchange implemented within the field of cryptography.exchanged messages, can delete, alter, inject, and redirect The Diffie–Hellman key exchange method allows twomessages, can initiate communications with another party, parties that have no prior knowledge of each other to jointlyand can reuse messages from past communications. establish a shared secret key over an insecure communications channel. This key can then be used to We are concerned with both authentication and key encrypt subsequent communications using a symmetric keyexchange. It is now well accepted that these topics should considered jointly rather than separately [Baus89]. Aprotocol providing authentication without key exchange is Diffie-Hellman key agreement is not based onsusceptible to an enemy who waits until the authentication encryption and decryption, but instead relies onis complete and then takes over one end of the mathematical functions that enable two parties to generate acommunications line. Such an attack is not precluded by a shared secret key for exchanging information confidentiallykey exchange that is independent of authentication. Key online. Essentially, each party agrees on a public value gexchange should be linked to authentication so that a party and a large prime number p . Next, one party chooses ahas assurances that an exchanged key (which might be used secret value x and the other party chooses a secret value y .to facilitate privacy or integrity and thus keep authenticity Both parties use their secret values to derive public values,alive) is in fact shared with the authenticated party, and not g x mod p and g y mod p, and they exchange the publican impostor. For these reasons, it is essential to keep key values. Each party then uses the other partys public valueexchange in mind in the design and analysis of to calculate the shared secret key that is used by bothauthentication protocols. parties for confidential communications. A third party cannot derive the shared secret key because they do not know either of the secret values, x or y . 2. RELATED WORK2.1 Public-key cryptography: For example, Alice chooses secret value x and sends the public value gx mod p to Bob. Bob chooses secret value y Public-key cryptography refers to a cryptographic system and sends the public value g y mod p to Alice. Alice usesrequiring two separate keys, one of which is secret and one the value g xy mod p as her secret key for confidentialof which is public. Although different, the two parts of the communications with Bob. Bob uses the value g yx mod pkey pair are mathematically linked. One key locks or as his secret key. Because g xy mod p equals g yx mod p ,encrypts the plaintext, and the other unlocks or decrypts the Alice and Bob can use their secret keys with a symmetriccyphertext. Neither key can perform both functions. One of key algorithm to conduct confidential onlinethese keys is published or public and the other is kept communications. The use of the modulo function ensuresprivate. that both parties can calculate the same secret key value, but an eavesdropper cannot. An eavesdropper can intercept Public key cryptography uses asymmetric key algorithms the values of g and p , but because of the extremelybe referred to by the more generic name of "asymmetric difficult mathematical problem created by the use of a largekey cryptography." The algorithms used for public key prime number in mod p, the eavesdropper cannot feasiblycryptography are based on mathematical relationships (the calculate either secret value x or secret value y . The secretmost notable ones being the integer factorization and key is known only to each party and is never visible on thediscrete logarithm problems) that have no efficient solution. network.Although it is computationally easy for the intendedrecipient to generate the public and private keys, to decryptthe message using the private key, and easy for the senderto encrypt the message using the public key, it is extremelydifficult for anyone to derive the private key based on theirknowledge of the public key. This is why, unlike symmetrickey algorithms, a public key algorithm does not require asecure initial exchange of one, or more, secret keys betweenthe sender and receiver. In contrast, symmetric-key algorithms, variations ofwhich have been used for thousands of years, use a singlesecret key — which must be shared and kept private byboth sender and receiver — for both encryption anddecryption. To use a symmetric encryption scheme, thesender and receiver must securely share a key in advance. Figure 1 Diffie–Hellman key exchange Algorithm 115 All Rights Reserved © 2012 IJARCSEE
  3. 3. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012 the exponential gy. The main problem with Diffie–Hellman exchange is that, 3) Bob computes the shared secret key K = (gx) does not provide authentication of the communicating 4) Bob concatenates the exponentials (gy, gx) (order isparties and is thus vulnerable to a man-in-the-middle attack. important), signs them using his asymmetric key B,A person in the middle may establish two distinct Diffie– and then encrypts them with K. He sends the cipherHellman key exchanges, one with Alice and the other with text along with his own exponential gy to Alice.Bob, effectively masquerading as Alice to Bob, and vice 5) Alice computes the shared secret key K = (gy)x.versa, allowing the attacker to decrypt (and read or store) 6) Alice decrypts and verifies Bobs signature.then re-encrypt the messages passed between them. The 7) Alice concatenates the exponentials (gx, gy) (orderman-in-the-middle attack in cryptography and computer is important), signs them using her asymmetric keysecurity is a form of active eavesdropping in which the A, and then encrypts them with K. She sends theattacker makes independent connections with the victims cipher text to Bob.and relays messages between them, making them believe 8) Bob decrypts and verifies Alices signature.that they are talking directly to each other over a privateconnection, when in fact the entire conversation is Alice and Bob are now mutually authenticated and havecontrolled by the attacker. a shared secret. This secret, K, can then be used to encrypt further communication. The basic form of the protocol is A key exchange protocol enables two parties to share a formalized in the following three steps:common key for encrypting a large amount of data.Authentication is an essential requirement prior to the key (1) Alice → Bob : gxexchange process in order to prevent man-in-the-middle (2) Alice ← Bob : gy, EK(SB(gy, gx))attack. The goal of an authentication protocol is to provide (3) Alice → Bob : EK(SA(gx, gy))the communicating parties with some assurance that theyknow each other’s true identities. In an authenticated key Full STS setup data can also be incorporated into theexchange, there is the additional goal that the two parties protocol itself. Public key certificates may be sent in stepsend up sharing a common key known only to them. This 2 and 3 if the keys are not known in advance.secret key can then be used for some time thereafter toprovide privacy, data integrity, or both. (1) Alice → Bob : gx (2) Alice ← Bob : gy, CertB, EK(SB(gy, gx)) A method to authenticate the communicating parties to (3) Alice → Bob : CertA, EK(SA(gx, gy))each other is generally needed to prevent this type of attack.Variants of Diffie-Hellman, such as STS, may be used If system-wide key establishment parameters are notinstead to avoid these types of attacks. used, the initiator and responder may create and send their own parameters. In this case, parameters should be sent2.2 STS protocol: with the exponential. 1) Alice → Bob : g, p, gx The STS protocol consists of Diffie-Hellman key They must also be verified by Bob to prevent an activeestablishment [Diff76], followed by an exchange of attacker from inserting weak parameters (and thus a weakauthentication signatures. In public-key cryptography, the key K). Diffie, van Oorschot & Wiener (1992) recommendStation-to-Station (STS) protocol is a cryptographic key against special checks to prevent this and instead suggestagreement scheme based on classic Diffie-Hellman that including the group parameters in Alices certificate. Inprovides mutual key and entity authentication. STS protocol, for just authentication is as follows. The basic idea of STS protocol is as follows. Prior to 1. Alice generates a random number x sends it to Bob.execution of the protocol, the two parties Alice and Bob 2. Bob generates a random number y.each obtain a public/private key pair and a certificate for the 3. Bob concatenates the random numbers (y, x) (order ispublic key. During the protocol, Alice computes a signature important) and signs them using his asymmetric key B.on certain messages, covering the public value ga mod p. He sends the signature along with his own randomBob proceeds in a similar way. Even though Carol is still number to to intercept messages between Alice and Bob, she 4. Alice verifies Bobs signature.cannot forge signatures without Alices private key and 5. Alice concatenates the random numbers (x, y) (order isBobs private key. Hence, the enhanced protocol defeats the important) and signs them using her asymmetric keyman-in-the-middle attack. A. She sends the signature to Bob. 6. Bob verifies Alices signature. Supposing all setup data has been shared, the STS Formally:protocol proceeds as follows. If a step cannot be completed, (1) Alice → Bob : xthe protocol immediately stops. All exponentials are in the (2) Alice ← Bob : y, SB(y, x)group specified by p. (3) Alice → Bob : SA(x, y) 1) Alice generates a random number x and computes and sends the exponential gx to Bob. 2 .3 Steganography: 2) Bob generates a random number y and computes 116 All Rights Reserved © 2012 IJARCSEE
  4. 4. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012 Steganography is the art and science of hiding files. If an 8-bit image is viewed as a grid and the grid isinformation into covert channels so as to conceal the made up of cells, these cells are called pixels. Each pixelinformation and prevent the detection of the hidden consists of an 8-bit binary number (or a single byte), andmessage (refer to figure2). The goal of steganography is to each 8-bit binary number refers to the color palette (a set ofavoid drawing attention to the transmission of a hidden colors defined within the image). All color variations formessage. If suspicion is raised, then this goal is defeated. the pixels are derived from three primary colors: red, green,Today, steganography refers to hiding information in digital and blue. Each primary color is represented by 1 byte (= 8picture files and audio files. Modern steganography refers bits).to hiding information in digital picture files and audio files.It works by replacing bits of unused data in regular digitalfiles with bits of invisible information. To embed hiddeninformation into an image requires two files - the coverimage file that will hold the hidden data and the secretmessage file. A message may be plain text, cypher text (oranother image). When combined, the cover image and thehidden message makes a stego image. A stego-key orpassword may be used to hide and decode the message.Special software is needed for steganography. In thistutorial we will look at two programs that hide text withinimages(refer to figure 3). Figure 4:A Graphical Version of the Steganographic System There are many ways to hide information in digital images. We look at the following approaches : 1. least significant bit insertion 2. masking and filtering 3. algorithms and transformations Least significant bit insertion: Many stego tools make use of least significant bit (LSB). For example, 11111111 is an 8-bit binary number. TheFigure 2: Inaccessible information using steganography rightmost bit is called the LSB because changing it has the least effect on the value of the number. The idea is that the LSB of every byte can be replaced with little change to the overall file. The binary data of the secret message is broken up and then inserted into the LSB of each pixel in the image file. Hiding the data Using the Red, Green, Blue (RGB) model a stegno tool makes a copy of an image palette, say, an 8-bit image. The copy is rearranged so that colors near each other in the RGB model are near each other in the palette. The LSB of each pixels 8-bit binary number is replaced with one bitFigure 3: A Steganographic system from the hidden message. A new RGB color in the copied palette is found. A new 8-bit binary number of the new RGB color in the original palette is found. The pixel is Steganographic messages may first be encrypted and changed to the 8-bit binary number of the new RGB color.then a cover message is modified to contain the encryptedmessage, resulting in stegno text. Only those who know the Recovering the data can be done by using stegno tool,technique used can recover the message and, if required, stegno tool finds the 8-bit binary number of each pixelsdecrypt it. The message may be a few thousand bits (often RGB color. The LSB of each pixels 8-bit binary number isat 7 or 8 bits per text character) embedded in millions of one bit of the hidden data file. Each LSB is then written toother bits. Probably the most typical use is digital images. an output file.Digital images are commonly stored in either 24-bit or 8-bit A simplified example with an 8-bit image 117 All Rights Reserved © 2012 IJARCSEE
  5. 5. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012pixel: Secret data (00 01 10 11) white red green blue Public key encryptionInsert(0011) (00 00 11 11) Cipher text Image file message white white blue blue Convert Ascii Pixels to binary As can be seen from the example, with an 8-bit image, to binarythe cover image must be carefully selected since LSBmanipulation is not as forgiving because of the colorlimitations. To hide information in the LSBs of each byte ofa 24-bit image, it is possible to store 3 bits in each pixel.A simplified example with a 24-bit image Encoding using Matching method andpixel: stegno key (00100111 11101001 11001000) Binary form to pixelInsert(101) (00100111 11101000 11001001) Stegno image file, sent to the receiver red green blue LSB insertion works well with gray-scale images as well.It is possible to hide data in the least and second least Figure 5. Proposed steganography mechanism for sendersignificant bits and the human eye would still not be able todiscern it. B. Receiver Side After reception of Stego image the receiver at the start 3. PROPOSED METHOD converts the pixels into the binary values. The decoder using Matching method and stegno key then removing the3.1 Public Steganography in various selected regions of encrypted data from image pixel values. The encrypted dataan image: is decrypted using decryption algorithms. This is how, theA. Sender Side plain text is recovered from image. Fig. 6 shows the whole process at the receiver side. The proposed scheme uses any public key encryptionalgorithm to encrypt secret information, encrypted ASCII Stegno image filevalue is converted in binary form. The pixels in the image at the same time are also Pixels to binaryconverted into binary form. The same image is now used asa cover to embed the encrypted information. The processstarts as a Encoder using Matching method and stegno keywhich replaces the three least significant bits of pixel values Decoding usingwith the encrypted information bits. The modified picture is Matching method andnow termed as Stego image. The whole process is stegno keyexplained in Fig. 5. As shown below, STS protocol is used to exchangesecret stegno key between two communication parties. Convert binary Binary to pixels to ASCII Sender Cipher text Cover Image message file STS Protocol Secret message Receiver Figure 6. Proposed steganography mechanism for receiver 118 All Rights Reserved © 2012 IJARCSEE
  6. 6. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012 The proposed method describes two steps for hiding the steganography, our aim is to improve it by removing one ofsecret information by using the public steganography based its problems that is: the ease of extraction. We dont wanton matching method in different regions of an image. that a malicious attacker is able to read everything we are sending. The First step is converting the Plain text message intocipher text using Public-key Encryption algorithm. We can use the following techniques to achieve our goal: The next step is to find the shared stego-key between thetwo communication parties (SENDER & RECIPIENT) over  Encryption of the message, so that who extractsinsecure networks by applying STS protocol (as explained it must also decrypt it before it makes sense.above). At the end the protocol, each side recovers his/her  Randomizing the placement of the bits using areceived public key to reach the shared values between cryptographical random function (scattering), sothem, that’s mean SENDER & RECIPIENT have arrived that its almost impossible to rebuild the messagesame sego-key value. without knowing the seed for the random function. Next the sender uses the secret stego-key to select pixelsthat it will be used to hide. Each selected pixel is then used In this way, the message is protected by two differentto hide 8 bits binary information depending on the matching keys, acquiring much more confidentiality than before.method which is summarized in four cases as shown by This approach protects also the integrity of the message,Table 2. Since the 8 bits data will be compared with the being much more difficult (we could say at leastselected pixels bytes, red, green & blue values respectively computationally infeasible) to counterfeit the produce an array of binary values as 00, 01, 10, and 11. SENDERs side, starts comparing to search the equality, Second, there is a problem with the file size that involveswhere, he takes data value and compare it with the value of the choice of the format. Unusually big files exchangedthe red color (± 7 – decimal value). As shown by Table 2, between two peers, in fact, are likely to arise no. 1, if they are equal, then the value zero (00 – Since we need to have small image file sizes, we shouldbinary value) is set to the array. Table 2, case no. 2, if the resort in using 24-bit images, because their size is moredata value and the red value are not equivalent then the likely to be considered as normal.value will be compared with the green color, if they areequals (± 7 – decimal value) then the array is set to be one(01 - binary value). Table 2, case no. 3, if the data value andthe green value are not equivalent then the value will becompared with the blue color, if they are equals (± 7 –decimal value) then the value two (10 – binary value) is setto the array. Finally (refer to Table 2, case no. 4), If in casethe secret data didn’t equal any of the previous threeconditions then the LSBs method is used to embed the datainside the selected pixel, and the value three (11 – binaryvalue) is set to the array. In this case, the data value will bedistributed as follows: FIGURE 4: THE RESULT OF EMBEDDING THE TEXT WITH S-TOOLS1. The first three bits of the data are replaced by the three least significant bits of the red byte. 4. RESULTS AND DISCUSSION2. The second three data bits are replaced by the three least We implemented the public-key steganography based on significant bits of the green byte. matching method in different selected regions of an image to show the performance of the proposed method.3. The last two data bits are replaced by the two least significant bits of the blue byte. In our implementation, we used 600×400 bitmap image file to hide 5 KB text data. As discussed earlier, both of the If 8 bit data ≈ Red Then Red value = two communication parties should find the secret key Case 1 00 (8 bit ) 8 bit data (stegokey) first by applying STS protocol to perform high If 8 bit data ≈ Then Green value level of security. Case 2 01 As in Table 2, the 8 bits data will be hidden inside 1 Green (8 bit ) = 8 bit data pixel, hence the 600x400, 24 bit image file can accept If 8 bit data ≈ Blue Then Blue value = Case 3 10 approximately 240000 bytes of data. This is compared with (8 bit ) 8 bit data well known stego method such as LSBs (Johnson et al., Case 4 Otherwise Use LSBs Method 11 1998) which needs 3 pixels to hide 1 byte of data. We can also adjust the bit-rate at which we can hide the data in the TABLE 2: THE FOUR MAIN CASES IN THE PROPOSED PUBLIC-KEY STEGO selected region. Nevertheless, the proposed steganographic protocol is more efficient than LSBs, since the algorithm3.2 Problems and Possible solutions used the matching method to get identical pixels bytes. As we have seen LSB insertion is good for 119 All Rights Reserved © 2012 IJARCSEE
  7. 7. ISSN: 2277 – 9043 International Journal of Advanced Research in Computer Science and Electronics Engineering Volume 1, Issue 5, July 2012 However, the proposed method resorts to the LSBs ACKNOWLEDGMENTSmethod to distribute the secret data in case if the 8 bit ofdata is not matched with any of the previous three bytes I thank all the staff members of A.S.R college of(red, green, and blue). engineering for their support. I would also like to thank my family and friends who encouraged me in doing this CONCLUSION work. In the present world, the data transfers using internet is REFERENCESrapidly growing because it is so easier as well as faster to [1] Johnson, N.F. & Jajodia, S., ―Exploring Steganography: Seeing thetransfer the data to destination. So, many individuals and Unseen‖, Computer Journal, February 1998business people use to transfer business documents, [2] Ramakrishna Mathe et al, / (IJCSIT) International Journal of Computer Science and Information Technologies, Vol. 3 (3) ,important information using internet. Security and 2012,4251 – 4255.authentication are an important issue while transferring the [3] Cryptography and Network Security Principles and Practices, 4thdata using internet because any unauthorized individual edition by William Stallings.can hack the data and make it useless or obtain information [4] Diffie, W., Van Oorschot, P.C., Wiener, M.J. 1992. Authentication and authenticated key exchanges. Des. Codes Cryptography 2(2),un-intended to him. The proposed approach in this paper 107-125.uses a steganographic approach called image [5] Razieh Mokhtarnameh, Nithiapidary Muthuvelu, Ian Chai , Sin Bansteganography which provides security and STS protocol Hothat provides authentication. In International Journal of Computer Applications (0975 – 8887) , pages(5-11) Volume 7– No.5, September 2010. 120 All Rights Reserved © 2012 IJARCSEE