CHAPTER 1
INTRODUCTION
1.1. BASIC CONCEPTS
Election enables every citizen of the country to participate in the process of
government formation. It has always been an arduous task for the election
commission to conduct free and fair polls in our country, the largest democracy in the
world. Crores of rupees have been spent on this to make sure that the elections are riot
free. The most important aspect of the democracy is the ability of the people to choose
their ruler by vote. Integrity of election process will determine the integrity of
democracy itself. So the election system must be secure against a variety of fraudulent
behaviors and should be transparent and comprehensible that voters can accept the
results of an election. But, nowadays it has become common for some forces to
indulge in rigging which may eventually lead to a result contrary to the actual verdict
given by the people. Furthermore, the traditional way of voting will take a long
process and time. So, the novel online voting will become the best solution for the
matters; besides provide easier way of voting.
1.2. ADVANTAGES OF ELECTRONIC VOTING
Compared to existing traditional paper-based voting system the electronic voting has
several advantages like:
(1) Increased participation in democratic governance as more citizens have access to
express their opinion.
(2)Reduced costs as the materials required for printing and
distributing ballots as well as the manpower required to govern poll
sites are considerably reduced.
(3)Flexible as it can be tailored to support multiple languages and
permit up-to-date minute ballot modifications.
(4)Greater speed and accuracy in placing and tallying votes as evoting step by step processes help minimize the number of miscast
and rejected votes.
Dept. of ECE,KMCT CE
Dept. of ECE,KMCT CE
their vote by distributing a receipt of their vote which can be used for verification
purpose from the overall tabulation of the collected votes. Yet on the other hand, this
receipt cannot be used as a proof in vote buying or vote coercion although all of the
receipts will be posted publicly in a secured append-only Bulletin Board once the
voter finished the voting process. Therefore, the E2E system would still protect the
voters privacy.
My aim is to present a new online voting system employing biometrics in
order to avoid rigging and to enhance the accuracy and speed of the process so that
one can cast his vote irrespective of his location on the basis of the principle
steganography .
1.4. MERITS OF STEGANOGRAPHY BASED ELECTRONIC VOTING
(1) Transparency
All of the data on the bulletin board should be accessible to the public. This includes
the encrypted votes, public encryption keys, and final tallies. The bulletin board does
not store secrets.
(2) Universal Verifiability
Any election result obtained by the system should be verifiable by any third party. By
inspecting the election transcript, it should be possible to perform a complete audit of
any procedure.
(3) Privacy
All voters in an election should be confident that their individual choices will remain
hidden. Only the total is made available to the public.
(4) Distributed Trust:
Each procedure is supervised by multiple authorities, and the final sum cannot be
revealed without the cooperation of a given number of authorities. Any attempt to
undermine the procedure will require the corruption of a large number of authorities.
Authorities and voters may overlap arbitrarily. Thus, it is possible for the voters
themselves to ensure trustworthiness (or have an active role in it).
(5) Greater performance.
Dept. of ECE,KMCT CE
(6) The model is proposed for secure remote electronic voting system with the view of
increasing participation, confidence and trustworthiness in electronic democracy,
protects voters against intimidation, provide sufficient evidence to convince the
electorate to vote, convince the losing candidate that he actually lost as a result of
conducted, free, fair, credible and genuine elections.
1.5. DEMERITS OF STEGANOGRAPHY BASED ELECTRONIC VOTING
As online voting is risky, it is difficult to come up with a system which is
perfect in all senses. Once we are sure that a voter is genuine, we can easily address
other issues like anonymity and tamper resistance.
Dept. of ECE,KMCT CE
CHAPTER 2
STEGANOGRAPHY
2.1 DEFINITION
Steganography is the arts and science of writing hidden messages in such a way that
no one, apart from the sender and intended recipient , suspects the existence of the
message, a form of security through obscurity.
The word steganography comes from the Greek Steganos, which mean
covered or secret and graphy mean writing or drawing. Therefore, steganography
means, literally, covered writing. Steganography is the art and science of hiding
information such that its presence cannot be detected and a communication is
happening. A secret information is encoding in a manner such that the very existence
of the information is concealed. Paired with existing communication methods,
steganography can be used to carry out hidden exchanges. The main goal of
steganography is to communicate securely in a completely undetectable manner and
to avoid drawing suspicion to the transmission of a hidden data. It is not to keep
others from knowing the hidden information, but it is to keep others from thinking
that the information even exists. If a steganography method causes someone to
suspect the carrier medium, then the method has failed. Until recently, information
hiding techniques received very much less attention from the research community and
from industry than cryptography. This situation is, however, changing rapidly and the
first academic conference on this topic was There has been a rapid growth of interest
in steganography for two main reasons:
(i) The publishing and broadcasting industries have become interested in techniques
for hiding encrypted copyright marks and serial numbers in digital films,
audio recordings, books and multimedia products.
(ii) Moves by various governments to restrict the availability of encryption services
have motivated people to study methods by which private messages can be
embedded in seemingly innocuous cover messages
Dept. of ECE,KMCT CE
COVER OBJECT
(C)
F
MESSAGE (M)
(C,M,K)
STEGO OBJECT
(Z)
STEGO-KEY (K)
Dept. of ECE,KMCT CE
In general, the information hiding process extracts redundant bits from coverobject. The process consists of two steps .
(i) Identification of redundant bits in a cover-object. Redundant bits are those bits
that can be modified without corrupting the quality or destroying the integrity
of the cover-object.
(ii) The embedding process then selects the subset of the redundant bits to be
replaced with data from a secret message. The stego-object is created by
replacing the selected redundant bits with message bits
2.2.DIFFERENT KINDS OF STEGANOGRAPHY
Almost all digital file formats can be used for steganography, but the formats that are
more suitable are those with a high degree of redundancy. Redundancy can be defined
as the bits of an object that provide accuracy far greater than necessary for the objects
use and display. The redundant bits of an object are those bits that can be altered
without the alteration being detected easily. Image and audio files especially comply
with this requirement, while research has also uncovered other file formats that can be
used for information hiding. Figure 2.2.shows the four main categories of file formats
that can be used for steganography.
STEGANOGRAPHY
TEXT
IMAGE
AUDIO/VIDEO
PROTOCOL
Dept. of ECE,KMCT CE
for specific applications. For these file formats, different steganographic algorithms
exist.
As the information technology evolves, more threats arise and a simple
encryption method is just not sufficient enough to protect the secrecy of data
anymore. An encrypted data could easily cause suspicion since it is clearly shown as
one. On the other hand, steganography offers a less suspicious way of hiding a secret.
Therefore, steganography is proposed to be used as a main tool in this paper to secure
the data communication in the election procedure, as its purpose is to maintain a
secret communication between two parties. This scheme could be applied to various
types of data such as text, images, audio, video and protocol file format. The methods
of steganography vary from invisible inks, microdots, character arrangement, digital
signatures, covert channels, to spread spectrum communications.
Fig.2.3. and Fig. 2.4. shows the comparison of an original and stego-image
with very unnoticeable difference. Fig. 2 is the original image and Fig. 3 has been
encoded with random encrypted words. Image steganography can be separated into
two types based on its compression method, image (spatial) domain and transform
(frequency) domain. For image domain, a message would directly be embedded into a
source image and then it would be compressed with lossy compression. Therefore, all
the embedded information would not be altered in the compression phase. On the
Dept. of ECE,KMCT CE
Dept. of ECE,KMCT CE
CHAPTER 3
PROPOSED METHODOLOGY
3.1. SYSTEM OVERVIEW
Using the proposed system, voting can be done through internet with the concept of
Steganography and biometrics. User PIN and the secret key are transmitted to the
server securely using Steganography. If a person views the digital object, he or she
will have no idea that there is any hidden information, and therefore the person will
not attempt to decrypt the information. The general model of Steganography says if
you want to send some secret message then choose a cover image, find its redundant
bits and replace these bits with data bits of the message. The message can be easily
extracted by doing some operations on the other end. Fingerprint images are chosen as
keys for encrypting the secret key. Fingerprint recognition is used for user
authentication because it is the most deployed biometric technique, both in civil and
criminal applications, because of its high maturity and cost-effective capture and
processing.
Some information about the voter should be collected to support such a
system. Firstly, each and every individual in the country should be provided with a
Personal Identification Number. This is needed for maintenance of voter accounts in
the database. Secondly, we need Thumb Impressions (fingerprint images) of all the
individuals. Thirdly, during the account creation every individual will be provided
with a system generated Secret key which he/she should not disclose to anybody. This
will be needed to cast the vote. The voter account creation process is shown in fig 3.1:
Dept. of ECE,KMCT CE
10
SECRET KEY
PIN
PIN &
SECRET
KEY
+
Fig 3.2.Stego image creation
Now this stego image will be sent securely to the server for voter
authentication. Fingerprint forgery may be restricted by using advanced fingerprint
readers which employ Ultrasonic and Capacitance.
At the server side, Optical Character Recognition technique will be used to
read the personal identification number represented on the image. After reading it, the
server will find out the details of that individual from the database. These details will
be his/her fingerprint image and secret key. Using these details, the image can be
decoded to find out the embedded message which should be the secret key of that
Dept. of ECE,KMCT CE
11
individual. Once authentication is complete, the voter will be allowed to vote. In this
next page, all the details regarding the voting boundaries of that individual will be
shown. Here voter can select the desired candidate and finalize the vote. After casting
the vote, the account will be closed and in the database the voted bit will be set to one
for that voter.
3.2. COVER IMAGE CREATION
Every voter should have a 16-digit personal identification number. This
number will be automatically written over a base image in predefined font style &
size. Let us use 256*256 pixels bitmap cover image. The base image should be clear
so that the text written over it is machine readable. This image will be finally
modified into a stego image and sent over insecure channel. The base image is a
default image for the system, same for all. Cover image is a simple inscription of
personal identification number over the base image. So, the cover image for each
voter is different which will reduce the chances of predicting the image by an attacker
during transmission.
3.3. SECRET KEY EXPANSION USING HASHING
The secret key plays very important role in the whole process. It should not be
compromised in any case. There is a limitation with the secret key here, as the system
is designed for general public which is quite negligent in these issues, we cant keep
the key too long. It should be short enough to be remembered by everybody. For
explanation purpose we are assuming it to be a 4-digit number, similar to ATM PIN.
This 4-digit PIN can easily be represented using 2 bytes.
But 2 byte data looks very much vulnerable in terms of length. As we have to
finally embed it into the image, which is quite big. The cover image is a 24-bit image
where every pixel is represented using three bytes. So, we have 3 2^16 byte data in
total. Now hiding only 2 bytes in this much space will not fully exploit the resources
in terms of cryptography. This is because the algorithm we are using provides both
cryptography and steganography at the same time. Steganography says its good as the
statistical properties of the cover image will remain intact due to under performed
modification. The eavesdroppers will never be able to deduce that some data is hidden
Dept. of ECE,KMCT CE
12
in the image. But if somehow they know that it is a stego image, they can easily
extract the PIN From the cryptography point of view, the key image under utilized as
well. As the fingerprint image is of the same dimension, we will be exploiting very
less features of the key image. So, to increase the complexity of analysis, the 2 byte
secret key is expanded to 32 byte key by applying MD5 hashing algorithm. Now these
160 bits will become a part of the actual secret message. When the secret message is
embedded in the cover image, its statistical properties will not remain same. The stego
image will remain more complex to be analyzed because more features of the key
image are utilized in this case. So, even if eavesdroppers know that this is a stego
image, it would be more difficult for them to predict the embedded data.
3.4. GENERATION OF THE SECRET MESSAGE
In this phase of the methodology, we will get a 288 bit secret message from a 16 bit
secret key. Firstly, the secret key is concatenated with the time-stamp value. The
timestamp is a 32 bit value which represents the current date. Now we will apply SHA
256 algorithm to get a 256 bit hash code for that key. Now the same time-stamp is
concatenated with this hash code to get the secret message. So, our secret message
will be of 288 bit length. As the actual secret key is never embedded in the stego
image, there will be no chance of predicting secret key from it. The mechanism is
shown in fig 3.3:
Dept. of ECE,KMCT CE
13
Dept. of ECE,KMCT CE
14
Dept. of ECE,KMCT CE
15
CHAPTER 4
STEGANOGRAPHIC ALGORITHMS
4.1.DESCRIPTION OF EMBEDDING ALGORITHM
The embedding algorithm makes use of a stegocryptographic model. The model easily
unifies cryptographic and steganographic models. It basically results as a
steganographic one with the addition of a new element as the key image. It finally
delivers cryptographic functionality while preserving its steganographic nature. The
output of this embedding process is a stego image S and the inputs are expanded
secret key concatenated with time-stamp, i.e. secret message, a cover image and the
key image.
4.1.1.LEAST SIGNIFICANT BIT INSERTION ALGORITHM
Usually 24-bit or 8-bit files are used to store digital images. The former one provides
more space for information hiding; however, it can be quite large. The colored
representations of the pixels are derived from three primary colors: red, green and
blue. 24-bit images use 3 bytes for each pixel, where each primary color is
represented by 1 byte. Using 24-bit images each pixel can represent 16,777,216 color
values. We can use the lower two bits of these color channels to hide data, then the
Dept. of ECE,KMCT CE
16
maximum color change in a pixel could be of 64-color values, but this causes so little
change that is undetectable for the human vision system.
This algorithm is only for embedding a character (8-bit). For embedding the entire
message, the steps in the algorithm are repeated. The output obtained as a result of
encryption performed in Module 3 is embedded in an image which is of Portable
Network Graphics format i.e. image with png extension. The process of embedding
consists of the following steps:
Step 1: The image is selected initially, in which data has to be embedded.
Step 2: The total number of pixels in the image is calculated by using the formula
width x height.
Step 3: The color intensities of each and every pixel is retrieved and stored in an array.
Each pixel constitutes of 3 bytes, where each byte represents one of the three primary
colors i.e. RGB.
Step 4: AND operation is performed on each byte of the pixel along with the binary
equivalent of 252. The result obtained is the byte value with the last two bits as 00.
Step 5: The cipher text is AND operated with the binary equivalent of 03 to retrieve
the last two bits of the message.
Step 6: The OR operation is performed with the output of step 4 and step 5.
Step 7: The output of step 6 becomes the new intensity of the Red color. For Green
and Blue color step 4 is repeated and before doing step 5 right bit shifting is
performed to the cipher text in the incremental order of 2 till all the 8 bits are
embedded.
To retrieve the cipher text from the image, the reverse steps of the algorithm
mentioned above is to be performed.
4.1.2. STEGO IMAGE CREATION ALGORITHM
The output of this algorithm is a stego image S and the inputs are expanded secret key
concatenated with time-stamp, i.e. secret message, a cover image and the core image.
In this embedding process we are going to modify the 256*256 pixels cover image
given by the array Cover[] of 3*216 of size. In terms of cryptography, performing
permutations on input data increases the level of confusion. More is the level of
Dept. of ECE,KMCT CE
17
confusion, more it will become unpredictable. In this phase we distribute the bits of
secret message throughout the image in a random manner.
As we need to embed 288 bits of secret message SM[] into cover image, we need to
determine the bytes of cover image which we are going to modify. These are
determined by random function with secret key as seed. Here, we have a Random
Number RN[] array of size 288 with values ranging from 1 to 3*2^16. We have a core
image array Core[] of 3*216 bytes. So, in order to yield stego image Stego[] we are
going to use the following algorithm.
Stego Image Creation Algorithm:
Input: Cover [], Core [], RN [], SM []
Output: Stego []
Begin
forevery bit of Secret Message SM [i] do
ifSM [i] = 1 then
ifCover[RN[i]] and Core[RN[i]] both odd then
Stego[RN[i]] = Cover[RN[i]] 1
else if Cover[RN[i]] and CI[RN[i]] both even then
Stego[RN[i]] = Cover[RN[i]] +1
end
else
Stego[RN[i]] = Cover[RN[i]]
end
else if SM[i] = 0 then
ifCover[RN[i]] and Core[RN[i]] both either even or odd
thenStego[RN[i]] = Cover[RN[i]]
else
Stego[RN[i]] = Cover[RN[i]] + 1
end
end
End
Dept. of ECE,KMCT CE
18
According to the algorithm, if secret message bit is one and both cover image
and key image byte values are odd we are making stego image byte value one less
than cover image byte value, else one more than that. If secret message bit is zero and
both cover image and key image byte values are even or odd we are keeping stego
image byte value same as cover image byte value, else one more than that. We should
notice that during extraction we have to apply the same random function with the
same seed.
4.1.3. DECRYPTION ALGORITHM FOR AUTHENTICATION
In the extraction process, firstly the personal identification number from the Stego
image is read using OCR. Now, from the matching entry in the voter database, we
read the core image and Secret key of that individual. The key to successful
comparison is the time-stamp value. The timestamp (e.g. Date) delivers the security
from replay attacks, so that the same stego image cannot be used again in future.
Using the secret key as seed we are generating the array RN[] of size 288. From the
stego image we are forming the array Stego[]. Also, we have array Core[] given by
key image. Using these we can extract the SM[] by applying the algorithm given
below.
Input: Stego [], Cover [], RN[], Secret Key
Output: Authentic Voter/ Not an Authentic Voter
Begin
[], [], , k = 0
fori=0 to 287 do
ifStego[RN[i]] and Core[RN[i]] both either even or odd then
SM[i]= 0
elseSM[i] = 1
end
end
fori = 256 to 287 do
Date [k++] =SM[i]
end
Dept. of ECE,KMCT CE
19
= (,)
if(M[], 256())
thenReturn: Authentic Voter
else
Return: Not an Authentic Voter
end
End
In the above algorithm, we are checking bytes of stego image and key image,
if both are odd or even we are taking the secret message as one otherwise zero. Using
the Date value contained in the secret message and Secret Key we can verify the
authenticity.
Dept. of ECE,KMCT CE
20
CHAPTER 5
ASSOCIATED SYSTEMS
5.1. AUTHENTICATION CENTRE (AC)
Authentication Centre is an entity within the GSM network. AC generates the
authentication
parameters
and
authenticates
the
mobile
equipment.
The
Dept. of ECE,KMCT CE
21
CHAPTER 6
VOTING PROCEDURE
6.1 REGISTRATION STAGE
This stage is also known as the preparation stage. In this phase all of the necessary
constraints for the election are prepared. Voters registration would be carried out to
respect the voters right by ensuring only eligible voters can vote. They would be
identified by using their respective organizations email address. As another layer of
security during login process, each of them would be prompted to insert few random
characters of a secret word that would then be used as authorization key in the next
stage.
6.2 AUTHENTICATION STAGE
In a remote electronic voting system, registered voters can authorize themselves by
logging into the system. They would be prompted to enter their self-defined username
and encrypted password for security purposes. Upon login, the user is required to
enter few random characters on their predefined authorization key as another layer of
authentication. It is proposed as in a remote electronic voting system, stronger
protection is required to convince the voters that a proper level of trust has been
established between the voter and the system. Once the user has been identified as an
eligible voter and successfully logged in to the system, they will see a welcome screen
which states their account status and a menu panel where they can navigate to cast
their vote.
6.3 VOTING STAGE
In a paper-based voting, this stage would be carried out by inserting the ballot
into a securely sealed box. Similarly in the electronic voting system, this stage is
carried out by sending the voters casted vote in an electronic ballot to the server
where all the ballots would be collected and stored. Once the voter submits their vote,
it would then be encoded in the ballot by implementing steganography. This ballot
Dept. of ECE,KMCT CE
22
will later on be sent over to the tally server as a stego-image. Basically, each voter
would be given one layer of the image as their receipt, while the other separated layer
of the vote would be kept or saved by the administrator for the purpose of votes
tally. Therefore, the voters would still be able to verify their votes to themselves and
have a better confidence in the system.
6.4 TALLYING STAGE
In this stage, all of the collected ballots would be initially decrypted by using the
other half of the vote share. In order to perform this decryption process, the private
key which has been divided and distributed to a few appointed personnel must be
merged together. This method is called the threshold decryption cryptosystem.
Threshold scheme would be implemented in the ballot decryption process to ensure
that only the authorized personnel can count the vote. However, all of the votes are
stored as cipher texts in the database. The votes would then be published for
verification purpose.
6.5 PUBLISHING AND VOTE VERIFICATION STAGE
In a paper-based voting, once the tally process is done, the authorized personnel will
announce the result of the election. However, the voter would not be able to verify
their own vote because the authorized personnel will only announce and publish the
total result of each candidate. On the other hand, in remote electronic voting system
the voters can verify their own votes because each voter receives a share of receipt
that would be published in the secured append-only bulletin board. Other than that,
the system would also be provided with a vote verification data to check their casted
vote. The feature is implemented by combining visual cryptography and secret ballot
receipts together. In this way, most of electronic voting systems requirements, such as
uncoercibility, receipt-freeness, universal-verifiability, etc. would be delivered as
neither the user nor the election officials (administrator) has access to identify the
collected ballots.
Dept. of ECE,KMCT CE
23
VOTER
PIN
COVER
IMAGE
CREATION
SECRET KEY
ENCRYPTION
FINGER
PRINT
STEGO
IMAGE
SERVER
PIN
EXTRACTION
U
P
D
A
T
E
DECRYPTION
DATA BASE
SECRET KEY
VERIFICATION
CASTE VOTE
Dept. of ECE,KMCT CE
24
CHAPTER 7
CONCLUSION
In this paper we have enforced a method for integrating Cryptography and
Steganography to present a highly secure Electronic Online Voting System for future
electronic democracy. The security level of our system is greatly improved by the new
idea of random cover image generation for each voter. The user authentication process
of the system is improved by adding both biometric and password security. The
Steganography portion of the system is secured by random distribution of message
bits into the cover image. This system will preclude the illegal practices like rigging.
Thus, the citizens can be sure that they alone can choose their leaders, thus exercising
their right in the democracy.
Dept. of ECE,KMCT CE
25
REFERENCE
(1)Lauretha Rura, Biju Issac and Manas Kumar Haldar , Secure Electronic Voting
System Based On Image Steganography Published in Open Systems (ICOS),2011
IEEE Conference on 25-28 Sept.2011, Malaysia.
(2)B. Swaminathan, J. Cross Datson Dinesh ,Highly Secure Online Voting System
with Multi Security using Biometric and Steganography
International Journal of Advanced Scientific Research and Technology issue 2,
volume 2 (april 2012) issn: 2249-9954
(3) Olaniyi, O.M, Arulogun O. T. and Omidiora E.O,
Towards an Improved Stegano-Cryptographic Modelfor Secured Electronic Voting
African Journal of Computing & ICT, Vol 5.No. 6. Dec 2012
(4) Shobhalokhande, Dipalisawant, NazneenSayyad, MamataYengul, E-Voting
through Biometrics and Cryptography- Steganography Technique with conjunction of
GSM Modem Emerging Trends in Computer Science and Information Technology
-2012(ETCSIT2012) Proceedings published in International Journal of Computer
Applications (IJCA)
(5)
Dr.K.Kuppusamy,
K.Kavitha,Secure
Electronic
Registration
&
Voting
Dept. of ECE,KMCT CE
26