CHAPTER ONE

GENERAL INTRODUCTION
1.1 INTRODUCTION

In modern communication technology, people exchange information by using an open

network (the internet). Through the connection, hackers attempt to spy on the secret information
(Martin and Barmawi, 2015). In order to prevent them from detecting secret information, it needs
to provide high security for data (Bukhari et al., 2017). Steganography and cryptography are two
techniques which are used to provide a high level of data security (Manjula and Danti, 2015). In
cryptography, confidential messages have changed into an encrypted form and transported
through the networks. Whereas, in steganography, the secret information is hidden inside a cover
medium like text, image, audio, or video (Chang et al., 2014).

Steganography is a method for hiding information, which hides secret information such
as text, image, audio or video inside a cover medium such as text, image, audio or video in a way
that cannot be detected by the Human Visual System (HVS). This makes people unaware of the
existing a secret message (except for the sender and receiver). Steganography is a Greek word
that means covered writing; the word “stegano” means covered or concealed and the word
“graphy” means writing (Muhammad et al., 2015). The image is an excellent medium for
steganography because of having redundancy in its representation (Khalind, 2015).

There are two domains by using the image as a cover medium for concealing a secret
message: Spatial domain and frequency domain (Amirtharajan and Rayappan, 2012). In the
spatial domain, intensity values of the cover image are used to hide a secret message (Vigila and
Muneeswaran, 2015). In the frequency domain, the image is converted to frequency coefficients
then the secret message is hidden inside these coefficients (Wahballa et al., 2016). One of the
simple and fast-hiding techniques in the spatial domain is the Least Significant Bit (LSB)
technique (Sarreshtedari and Akhaee, 2013). It substitutes the least significant bits of the pixels
in the cover image with bits of the secret message; the result is a stego image that looks like the
cover image.

The recent technique in (Al-Shatnawi, 2012) conceals the secret message inside a cover
image depending on the looking for the identical bits between them. This will increase the
security level compared to the conventional LSB technique. The random choice of pixels for
hiding the secret message gives better security than sequential selection in the conventional LSB
technique.

Chaos theory has been founded since the 1970s by many different research fields such as
engineering, science, physics, mathematics and biology (Behnia et al., 2008). Chaos is a
dynamical system that is very sensitive to initial conditions. A small difference in the starting
values will lead to a great difference in the output. It is a deterministic nonlinear system that has
semi-random behavior (Tayel et al., 2012). Because of the random behavior of chaos, it can be
used to ensure a high level of security in steganography (Habib et al., 2015). Chaos has
applications in the security of the physical layer as (Lau and Hussain, 2005; Lau et al., 2005;
Linh-Trung et al., 2008). This work uses chaos theory as additional security dimension in
steganography by incorporating it to the LSB technique and technique in (Al-Shatnawi, 2012) (it
is called here Identical-Bits Steganography), where the new address can be extracted chaotically.

1.2 STATEMENT OF THE PROBLEM

Steganography become more important as more people join the cyberspace revolution.
Steganography is the art of concealing information in ways that prevent the detection of hidden
messages. Steganography include an array of secret communication methods that hide the
message from being seen or discovered. The goal of steganography is to avoid drawing suspicion
to the existence of a hidden message. This approach of information hiding technique has recently
become important in a number of application areas. Digital audio, video, and pictures are
increasingly furnished with distinguishing but imperceptible marks, which may contain a hiddin
copyright notice or serial number or even help to prevent unauthorized copying directly.

1.3 AIM AND OBJECTIVES

The aim of this project work is to design an information hiding system using image
steganography. The following objectives are to achieve:
1. To produce security tool based on steganography techniques.
2. To explore techniques of hiding data using steganography.

1.4 SIGNIFICANCE OF THE STUDY

Recent developments in information hiding technology the practice of concealing a file,

message, image, or video within another file, message, image, or video. A treatise on
cryptography and steganography, disguised as a book on magic. Generally, the hidden
messages appear to be (or to be part of) something else: images, articles, shopping lists,
or some other cover text. For example, the hidden message may be in invisible ink
between the visible lines of a private letter. Some implementations of steganography that
lack a shared secret are forms of security through obscurity, and key-dependent
stenographic

1.5 SCOPE OF THE STUDY

 In this study, Implementation of steganographic tools for hiding information includes text
and image files. Three different approaches being explored which are least significant bit,
masking and filtering and algorithms and transformation.
1.6 ORGANIZATION OF THE PROJECT

Chapter one consist of the introduction, Statement of the problem, aims and objectives,
significance of the study, scope and limitation of the study, organization of the report, and
definition of technical terms.

Chapter two consists of Literature review and the historical background of the case
study.

Chapter three is all about the method of data collection, analysis of data and existing
system, problems of the existing system, description of proposed system and the advantages of the
proposed system.

Chapter four consists of the design of the system, output design, input design,
database design, and procedure design. It also contains the implementation and techniques
used with reasons, hardware and software support and documentation of the system
while,

Chapter five contains the summary of the project, experience gained, recommendation and
the conclusion.

1.7 DEFINITION OF TECHNICAL TERMS

I. Security: The set of accesses controls and permission that are used to determine if a
server can grant a request for a service or resource from a client.
II. Password: An identity that defines an authorized user of a computer in order to
access to the system.
III. Software: A collection of computer programs that runs as a group to accomplish a set
of objectives which could be referred to as job.
IV. System: An organized unit which composed of two or more inter related parts that
functions together to achieve a particular goal.
 V. Encryption: The process of converting ordinary information (plaintext) into
unintelligible gibberish (that is, cipher text).
VI. Decryption: The reverse, moving from unintelligible cipher text to plain text.
VII. Algorithm: This is a sequential way of solving a problem.
VIII. Cryptography: This is used to hide data from public view and to ensure that the
integrity and privacy of any data sent across a network has not been compromised.
IX. Advance Encryption Standard (AES): also known by its original name Rijndael,
is a specification for the encryption of electronic data established by the U.S.
National Institute of Standards and Technology (NIST).

CHAPTER TWO
LITERATURE REVIEW
2.1 REVIEW OF RELATED PAST WORK
According to Karim et al. (2011) have suggested an improved-LSB technique for color
images to enhance the security level of the secret message by using a secret key. The
methodology is to divide the cover image into three matrices (Red, Green and Blue). The secret
key is converted into ASCII value then to binary (1D array of bits). The secret key and Red
matrix are used only for decision making regarding where to place hidden information: Either in
Green matrix or in Blue matrix. Each bit of secret key is XORed with LSB bits of Red matrix.
The resulting XOR value decides where the bits of secret information will be placed: Either in
LSB of Green matrix (if XOR bit = 1) or in LSB of Blue matrix (if the XOR bit is 0). The same
process will be continued until the secret information is finished.
According to Viswanatham and Manikonda (2010) have suggested an effective and
secure technique of LSB insertion mechanism. The technique involves the generation of random
numbers and also selecting a region of interest in which the required message is to be embedded
in the random pixels whose addresses are previously generated. The technique also involves a
secret key (password to decode the message) which has to be provided by the recipient for
decoding the message from the image.
According to Al-Shatnawi (2012) has suggested a technique that embeds the secret message
based on searching about the identical bits between the secret message and bits of the cover
image pixel. This technique was compared with the 2-LSB technique which conceals the secret
message immediately.
According to Luo et al. (2010) have suggested expanding the LSB matching image
steganography and proposed an edge-adaptive scheme which can select the embedding regions
according to the size of the secret message as well as the difference between two consecutive
pixels in the cover image. For lower embedding rates only sharper edge regions are used, while
keeping the other smoother regions as they are. When the embedding rate increases, more edge
regions can be released adaptively for data hiding by adjusting just a few parameters.
A related term is wizard. A wizard is an interactive computer program that helps a user
solves a problem. Originally the term wizard was used for programs that construct a database
search query based on criteria supplied by the user. However, some rule-based expert systems
are also called wizards. Other "Wizards" are a sequence of online forms that guide users through
a series of choices, such as the ones which manage the installation of new software on
computers, and these are not expert systems. Nissanoff, Daniel (2006).

2.2 REVIEW OF GENERAL TEXT

The word steganography comes from the Greek Steganos, which mean covered or secret and
graphy mean writing or drawing. Therefore, steganography means, literally, covered writing.
Steganography is the art and science of hiding information such that its presence cannot be
detected and a communication is happening. A secret information is encoding in a manner such
that the very existence of the information is concealed. Paired with existing communication
methods, steganography can be used to carry out hidden exchanges.

The main goal of steganography is to communicate securely in a completely undetectable

manner and to avoid drawing suspicion to the transmission of a hidden data. It is not to keep
others from knowing the hidden information, but it is to keep others from thinking that the
information even exists. If a steganography method causes someone to suspect the carrier
medium, then the method has failed. Until recently, information hiding techniques received very
much less attention from the research community and from industry than cryptography. This
situation is, however, changing rapidly and the first academic conference on this topic was
organized in 1996. There has been a rapid growth of interest in steganography for two main
reasons:

i. The publishing and broadcasting industries have become interested in techniques for
hiding encrypted copyright marks and serial numbers in digital films, audio
recordings, books and multimedia products.

ii. Moves by various governments to restrict the availability of encryption services have
motivated people to study methods by which private messages can be embedded in
seemingly innocuous cover messages.

KEY DERIVATION
 As briefly mentioned above, the key derivation on Android is based on thePIN/passcode
of the user. For the encryption and decryption process, the password of the user is combined with
a salt value that is stored in the encryption footer of the file system. The resulting value is then
used as input for thePBKDF2 function, which basically applies SHA1 repeatedly. The result
represents a 128 bit AES key, which is used to decrypt the 128 bit AES master key for file-
system encryption and for the protection of KeyChain entries.

Since Android does not include a secure element, the user's PIN/passcode isthe only
unknown in the key-derivation process. Thus, the key-derivation processis not bound to the
mobile device and can also be out-sourced to external morepowerful entities. This significantly
facilitates the accomplishment of brute-force attacks on the user's PIN/passcode and potentially
decreases the securityof Android's key-derivation method.

ENCRYPTION ALGORITHMS

A. DES: DES (Data Encryption Standard) was designed by IBM in 1977.The algorithm
encrypts a 64 bits plaintext block using 56 bit key and 16 cycle of each 48 bit sub keys
are formed by permuting 56 bit key. Since that time, many attacks and methods recorded
the weaknesses of DES, which made it an insecure block cipher.
B. 3DES: 3DESis a modified version of the DES algorithm that improves the security power
of the DES by applying the algorithm three times in succession with three different keys.
Encryption method is same as original DES but applied 3 time to increase the encryption
level so the process was too slow than other methods.
C. Blowfish: Blowfish uses 64-bits block size, and a variable key size ranges from 32-bits to
448-bits.It is a 16 round fiestel cipher that uses the large key size. Since the key size is
larger it is complex to break the code in the blowfish algorithm. Moreover it is vulnerable
to all the attacks except the weak key class attack
D. RSA: RSA is widely used Public-Key algorithm. RSA firstly described in 1977. The
RSA Algorithm is public key cryptography and it ensures that whilst an encryption key is
publicly revealed, it does not reveal the corresponding decryption key.
E. AES: AES was developed by two scientists Joan and VincentRijmen in 2000. It is fast,
compact, and has a very simple mathematical structure.AES is a symmetric block cipher
with a block size of 128 bits. Key lengths can be 128 bits, 192 bits, or 256 bits; called
 AES-128, AES-192, and AES-256, respectively. AES-128 uses 10 rounds, AES-192 uses
12 rounds, and AES-256 uses 14 rounds. AES performs the following functions: 1.
SubBytes () 2. ShiftRows () 3. MixColumns () 4. AddRoundKey ().
1. Substitute bytes – The sub byte step replace each state data byte with an entry in fix
lookup table.
2. Shift rows – The shift rows step rotates the four bytes of state data in each row in state
data matrix.
3. Mix column – The mix columns step performs a transformation on the four bytes of
state data in each column in state data matrix.
4. Add round key – The add round key step is a transformation that combines the current
state data block and the round key corresponding to specific round using XORed
function.

TREND IN MOBILE TECHNOLOGY

Mobile phones are very handy devices and are widely used by people around us for day-to-day
functionalities, (Sreenarayan, 2011). Mobile phones have become an integral part of the modern
world, providing human connectivity in a way never before possible (Jeff B., Bill S., and
Vetter .R, 2007). A recent United Nations report estimated that the total number of mobile phone
subscribers in the world now exceeds 2.68 billion. It is estimated that around 80% of the world‘s
population has mobile phone coverage, with 90% coverage forecast by 2015(Njenga,
2009).Other Studies have also shown that ‗people are becoming more and more dependent on
mobile phones for performing critical functionalities like bank transactions (Omwansa T., 2009).
Needless to say, when people depend more on phones, for faster processing, a lot of sensitive
data are stored in the phone and a considerable amount is also transmitted to the server. Other
studies informs us that the technological trend is drastically moving from large personal
computers to digitized mobile handsets (Nysveen, H., Pedersen, P.E., & Thorbjornsen, H. 2005).
With the emergence of mobile technology, various business models and security architectures
have been developed to ensure secure communication as in the case of mobile banking
(Herzberg, 2003).

Newer versions of security protocols have been developed to make the system resilient to attacks
such as fraud. Some of the technology that have been deployed in this channel include; the WAP
(Wireless Application Protocol) over GPRS (General Packet Radio Service) and SMS (Short
Message Service) using the WIG (Wireless Internet Gateway), (Herzberg, 2003)

The ever growing number of mobile phone users has provided a wide platform for both corporate
organizations and government institutions to provide services to their clients (Njenga, 2010). The
report presented by GSM demonstrated that one feature that users have begun to fully exploit in
recent years is the short message service or text messaging for GSM in 2007.

MOBILE MALWARE AND VULNERABILITIES

Information security has long been thought to be inclusive of only personal computers and
networks. However, with the technological trend shifting from computers to mobile devices,
malicious attackers are now targeting mobile devices and their users as observed by Andrew,
(Andrew, 2011). Studies like the one carried out by PC world, show that smart phones and to a
larger extent mobile devices are more vulnerable to attacks because consumers of these devices
are oblivious of the eminent threats that faces them.

According to Mocana Group, Mobile devices have become critical business, military and
industrial production tools, carrying valuable data well worth destroying, corrupting and, most
importantly, stealing (Mocana, 2009). It is incontrovertible that mobile phone have become very
instrumental in our day to day lives. Most of our personal information is stored in the phone
memory and messages. We, for example, have technically moved from traditional banking to
mobile banking and a lot of our personal information is stored up on our mobile devices. It is for
these reasons that various mobile malware have emerged to ruin us. Studies have shown that
most martial lawsuits that occur in the United States are as a result of phone spying using these
malware by Macfee in 2012. Reports such as State of Mobile Security report have also
demonstrated that that SMS fraud has steadily grown since July 2011. SMS hacking tool such as
juju are known to have the abilities to spy on text messages, intercept send messages and replay
the same short message to several recipients without the knowledge of the owner of the phone.
One of the most common Trojan to attack Java enabled mobile devices is the Trojan.
Redbrowser. This application sends premium-rate SMS message and ‗attempts to trick users into
believing it is a legitimate application that allows users to visit WAP sites without using a WAP
connection (Mocana, 2009).
The volume of malware designed for mobile devices is a direct response to the speed at which
the technology is being adopted, according to Eset's report. “If the market grows and technology
is enhanced, then as long as users who use these devices to store an increasing amount of
sensitive information do not adopt the necessary measures, it is logical to expect cybercriminals
to create computer threats to profit from this situation”(Erastus, 2011).

However, it is expedient to note that mobile malware is still evolving as compared to PC

malware. As the business of mobile malware evolves, a significant number of criminals have
settled on apps that secretly bill victims for premium text services, a new study shows.

Security and anti-malware firm Trend Micro indicated in its third quarter 2012 report that mobile
malware on the Android OS had swelled approximately sixfold from April to September, when
the number of attacks rose from 11,000 to more than 175,000. These include spambots and
spyware; tollware that surreptitiously send text messages to services that charge a fee; and apps
that secretly record phone calls and intercept texts used to authenticate financial transactions.
Although a lot of research is still being carried on to improve on transmission of the text
messages, for now, text messages are sent in plain texts and even an amateur can retrieve and
intercept them. As demonstrated by Wang, "Many organizations don't have even basic security
such as encryption and DLP [data loss prevention] in place. They also don't spend adequate time
educating employees about risks." There is therefore a need for secure encryption applications
for mobile SMS services.

Wireless transactions, for example mobile banking which falls under cellular communication is
very important in today‘s business and will not enjoy the maximum benefits unless it is taken a
step further in terms of security (Chepken K., 2004).