M.

Tech Thesis
on
A novel algorithm and code development for message security using steganography submitted by

Roll No.:

under guidance of

2008

Certificate

Acknowledgment

List of Figures

Fig.No.

Content

Page No.

Figure 1: Figure2: Figure3: Figure4: Figure5: Figure6:

Types of steganography Process of embedding data into RGB pixels Generic process of encoding and decoding Palette gradients Original picture Image after embedding the data into it

16 21 24

28

43

44

Table of Contents
Sl.No 1. 2. 3. 4. 5. 6. 7. 8. 9. Abstract Literature Survey Chapter 1: Introduction Chapter 2: Case study Steganography Chapter 3: Problem Formulation, Simulation And Testing Chapter 4: Results And Discussions Conclusion References Appendix(C code) Content Page No 6 7-10 11-15 16-42 43-45

46-50 51-53 54-55 56-71

Abstract
Informally, steganography refers to the practice of hiding secret messages in communications over a public channel so that an eavesdropper (who listens to all communications) cannot even tell that a secret message is being sent. In contrast to the active literature proposing new concrete steganographic protocols and analyzing aws in existing protocols, there has been very little work on formalizing steganographic notions of security, and none giving complete, rigorous proofs of security in a satisfying model. The thesis initiates the study of steganography from a cryptographic point of view. We give a precise model of a communication channel and a rigorous definition of steganographic security, and prove that relative to a channel oracle, secure steganography exists if and only if one-way functions exist. We give tightly matching upper and lower bounds on the maximum rate of any secure stego system. We introduce the concept of steganographic key exchange and public-key steganography, and show that provably secure protocols for these objectives exist under a variety of standard number-theoretic assumptions. We consider several notions of active attacks against steganography; show how to achieve each under standard assumptions, and consider the relationships between these notions. Finally, we extend the concept of steganography as covert communication to include the more general concept of covert computation. Also in this work we have illustrated the fact that pseudo random method of steganography gives less chance for the hacker to hack the information in the network as compared to LSB method. As in this method the message is embedded in the picture randomly depending on the free space in the picture and also the message is scrambled while embedding it in the picture, making the retrieval of the message by an unknown user tough.

Literature Survey
1. Daniel L. Currie, III Fleet Information Warfare Center, Cynthia E. Irvine Computer Science Department, Surmounting the Effects of Lossy Compression on Steganography Abstract: - Steganographic techniques can be used to hide data within digital images with little or no visible change in the perceived appearance of the image and can be exploited to export sensitive information. Since images are frequently compressed for storage or transmission, effective steganography must employ coding techniques to counter the errors caused by lossy compression algorithms. The Joint Photographic Expert Group (JPEG) compression algorithm, while producing only a small amount of visual distortion, introduces a relatively large number of errors in the bitmap data. It is shown that, despite errors caused by compression, information can be stegano graphically encoded into pixel data so that it is recoverable after JPEG processing, though not with perfect accuracy.

2. Jonathan Cummins, Patrick Diskin, Samuel Lau and Robert Parlett, School of Computer Science, The University of Birmingham, Steganography and Digital watermarking Abstract: - Steganography is derived from the Greek for covered writing and essentially means, to hide in plain sight. As defined by Cachin steganography is the art and science of communicating in such a way that the presence of a message cannot be detected. Simple steganographic techniques have been in use for hundreds of years, but with the increasing use of files in an electronic format new techniques for information hiding have become possible. This document will examine some early examples of steganography and the general principles behind its usage. We will then look at why it has become such an important issue in recent years. There will then be a discussion of some specific techniques for hiding information in a variety of files and the attacks that may be used to bypass steganography.

3. White Paper on the contributions of cryptography & steganography to internet security. Abstract: - While in the past, cryptography and steganography were mainly used for military purposes, today they are increasingly being used within the private sector. Even home users are becoming aware of the importance of protecting sensitive data from prying eyes. Those who opt to protect their data can choose from several methods, some of which are more complicated than others. Overall, however, general awareness of data security, especially among private citizens, is still not widespread. Many computer and Internet users are still satisfied with the sheer basics of protection, for example the use of virus protection software. These same people prefer writing e-mail instead of postal letters, seemingly unaware of the fact that an unencrypted e-mail can be read just as easily as a postcard. Thus, many of the commercial solutions that have been developed to protect private as well as business data remain unused. 4. Francesco Queirolo, Steganography in images: Final communication report Abstract: - Steganography is a very old method of passing messages in secret. This method of message cloaking goes back to the time of the ancient Greeks. The historian Herodotus wrote about how an agent wrote a message warning of an invasion on the wood part of a wax tablet. Since messages were normally inscribed in the wax and not the wood, the tablet appeared blank to a common observer. There is also the story of a messenger during the Persian Wars who shaved his head and had a message tattooed on it. He waited until his hair grew back to make his journey. When he arrived at his destination, he shaved his head to reveal the message. During WWII spies on both sides used invisible inks. These inks were fluids such as milk, fruit juice, or urine that would darken when heated. They also sent messages with very small punctures above characters in a document that formed a message when combined. (McCullah, Feb 7, 2001). It is the hope of the author of this paper that judicious limits on cryptography and steganography will be implemented. As I believe that in our current position if terrorists used a good stego-tool and a solid encryption algorithm it would be very difficult to discover their 8

plans before they are executed. Of course, there will be some that argue encryption should not be mitigated as it is an academic pursuit and helps preserve privacy. Even so, I believe we must rely on our government (for they are accountable to the citizens of this country) to make the correct decisions in the matter because privacy is important but not to the point where people can use it as shield to kill people.

5. Niels Provo and Peter honeyman university of Michigan, Hide and seek An introduction to steganography Abstract: - Steganography is the art and science of hiding communication; a steganographic system thus embeds hidden content in unremarkable cover media so as not to arouse an eavesdroppers suspicion. In the past, people used hidden tattoos or invisible ink to convey steganographic content. Today, computer and network technologies provide easy-to-use communication channels for steganography. Essentially, the information-hiding process in a steganographic system starts by identifying a cover mediums redundant bits (those that can be modified without destroying that mediums integrity). The embedding process creates a stego medium by replacing these redundant bits with data from the hidden message. Modern steganographys goal is to keep its mere presence undetectable, but steganographic systems because of their invasive natureleave behind detectable traces in the cover medium. Even if secret content is not revealed, the existence of it is: modifying the cover medium changes its statistical properties, so eavesdroppers can detect the distortions in the resulting stego mediums statistical properties. The process of finding these distortions is called statistical steganalysis. This article discusses existing steganographic systems and presents recent research in detecting them via statistical steganalysis. Other surveys focus on the general usage of information hiding and watermarking or else provide an overview of detection algorithms. Here, we present recent research and discuss the practical application of detection algorithms and the mechanisms for getting around them.

6. Joshua R. Smith and Chris Dodge, Developments in Steganography Abstract: - This paper presents two main results. The first is a new approach to steganography in which data is encoded in correlations among the pixels in an image. Almost all previous steganographic methods encode data in correlations between the pixels and a known external reference signal. This method hints at the existence of public key watermarking techniques, which will be defined. The other result is a method for greatly increasing the capacity of a printed steganographic channel. Because it is specific to printed images, this method is useful for steganographic problems such as stealth bar coding, but not for digital watermarking. The two results are complementary in that higher noise levels are encountered in the intra-image correlation encoding method, but the second method works by eliminating image-induced noise. 7. Miss K.I. Munro University of the Witwatersrand, Steganography: is it becoming a double-edged sword in computer security? Abstract: - The growth of the Internet has stimulated the use and the misuse of steganography. At its simplest level, steganography the art of hiding secret messages, within the structure of another media. While legitimate and justifiable applications for steganography exist, criminally minded people or organizations can also use it for underground, illicit and deliberately secret communication. The objective, similar to cryptography is to make it impossible for those without the key to break the code; however Steganography operates at a more complex level as detection is dependent on recognizing the underlying hidden data. This paper introduces the topic of steganography and evaluates the applications, both positive and negative. This paper finds steganography to be both a helpful and a hindering force in the computing milieu. A more thorough investigation is needed to aid a variety of stakeholders: law policy makers, security professionals and the general internet populace.

10

Chapter 1: Introduction
This work focuses on the problem of steganography: how can two communicating entities send secret messages over a public channel so that a third party cannot detect the presence of the secret messages? Notice how the goal of steganography is different from classical encryption, which seeks to conceal the content of secret messages: steganography is about hiding the very existence of the secret messages. Steganographic \protocols" have a long and intriguing history that goes back to antiquity. There are stories of secret messages written in invisible ink or hidden in love letters (the first character of each sentence can be used to spell a secret, for instance). More recently, steganography was used by prisoners, spies and soldiers during World War II because mail was carefully inspected by both the Allied and Axis governments at the time. Postal censors crossed out anything that looked like sensitive information (e.g. long strings of digits), and they prosecuted individuals whose mail seemed suspicious. In many cases, censors even randomly deleted innocent-looking sentences or entire paragraphs in order to prevent secret messages from being delivered. More recently there has been a great deal of interest in digital steganography, that is, in hiding secret messages in communications between computers. The recent interest in digital steganography is fueled by the increased amount of communication which is mediated by computers and by the numerous potential commercial applications: hidden information could potentially be used to detect or limit the unauthorized propagation of the innocent-looking \carrier" data. Because of this, there have been numerous proposals for protocols to hide data in channels containing pictures, video, audio, and even typeset text. Many of these protocols are extremely clever and rely heavily on domain-specific properties of these channels. On the other hand, the literature on steganography also contains many clever attacks that detect the use of such protocols. The rigorous study of provably secure cryptography was initiated by Shannon, who introduced an information-theoretic definition of security: a cryptosystem is secure if an adversary who sees the cipher text - the scrambled message sent by a cryptosystem receives no additional information about the plaintext - the unscrambled content. Unfortunately, Shannon also proved that any cryptosystem which is perfectly secure 11

requires that if a sender wishes to transmit N bits of plaintext data, the sender and the receiver must share at least N bits of random, secret data - the key. This limitation means that only parties who already possess secure channels (for the exchange of secret keys) can have secure communications. To address these limitations, researchers introduced a theory of security against computationally limited adversaries: a cryptosystem is computationally secure if an adversary who sees the cipher text cannot compute (in, e.g. polynomial time) any additional information about the plaintext than he could without the cipher text. Potentially, a cryptosystem which could be proven secure in this way would allow two parties who initially share a very small number of secret bits (in the case of public key cryptography, zero) to subsequently transmit an essentially unbounded number of message bits securely. Proving that a system is secure in the computational sense has unfortunately proved to be an enormous challenge: doing so would resolve, in the negative, the open question of whether P = NP. Thus the cryptographic theory community has borrowed a tool from complexity theory: reductions. To prove a cryptosystem secure, one starts with a computational problem, which is presumed to be intractable, and a model of how an adversary may attack a cryptosystem, and proves via reduction that computing any additional information from a cipher text is equivalent to solving the computational problem. Since the computational problem is assumed to be intractable, a computationally limited adversary capable of breaking the cryptosystem would be a contradiction and thus should not exist. In general, computationally secure cryptosystems have been shown to exist if and only if \one-way functions," which are easy to compute but computationally hard to invert, exist. Furthermore, it has been shown that the difficulty of a wide number of well-investigated number-theoretic problems would imply the existence of one-way functions, for example the problem of computing the factors of a product of two large primes, or computing discrete logarithms in a finite field. Subsequent to these breakthrough ideas, cryptographers have investigated a wide variety of different ways in which an adversary may attack a cryptosystem. For example, he may be allowed to make up a plaintext message and ask to see its corresponding cipher text, (called a chosen-plaintext attack), or even to make up a cipher text and ask to see what the corresponding plaintext is (called a chosen cipher text attack). Or the

12

adversary may have a different goal entirely - for example, to modify a cipher text so that if it previously said \Attack" it now reads as \Retreat" and vice-versa. Previous work on theory of steganography: - The scientific study of steganography in the open literature began in 1983 when Simmons stated the problem in terms of communication in a prison. In his formulation, two inmates, Alice and Bob, are trying to hatch an escape plan. The only way they can communicate with each other is through a public channel, which is carefully monitored by the warden of the prison, Ward. IfWard detects any encrypted messages or codes; he will throw both Alice and Bob into solitary confinement. The problem of steganography is, then: how can Alice and Bob cook up an escape plan by communicating over the public channel in such a way that Ward doesn't suspect anything \unusual" is going on. Anderson and Petitcolas posed many of the open problems resolved in this thesis. The people in this field also pointed out that while it is easy to give a loose upper bound on the rate at which hidden bits can be embedded in innocent objects; there was no known lower bound. Since the paper of Anderson and Petitcolas, several works have addressed information-theoretic definitions of steganography. Cachin's work formulates the problem as that of designing an encoding function so that the relative entropy between stegotexts, which encode hidden information, and independent, identically distributed samples from some innocentlooking cover text probability distribution, is small. He gives a construction and concludes that it is computationally intractable; and another construction which is provably secure but relies critically on the assumption that all orderings of cover texts are equally likely. Cachin also points out several aws in other published information theoretic formulations of steganography. All information-theoretic formulations of steganography are severely limited, however, because it is easy to show that information-theoretically secure steganography implies information-theoretically secure encryption; thus any secure stego system with N bits of secret key can encode at most N hidden bits. In addition, techniques such as public-key steganography and robust steganography are information-theoretically impossible.

13

Symmetric Key Steganography: -A symmetric key stego system allows two parties with a shared secret to send hidden messages undetectably over a public channel. We give cryptographic definitions for symmetric-key stego systems and steganographic secrecy against a passive adversary in terms of indistinguishability from a probabilistic channel process. By giving a construction which provably satisfies these definitions, it is observed that the existence of a one-way function is sufficient for the existence of secure steganography relative to any channel. It is also shown that this condition is necessary by demonstrating a construction of a one-way function from any secure stego system. Public-Key Steganography :-Informally, a public-key steganography protocol allows two parties, who have never met or exchanged a secret, to send hidden messages over a public channel so that an adversary cannot even detect that these hidden messages are being sent. Unlike previous settings in which provable security has been applied to steganography, public-key steganography is information-theoretically impossible. We introduce computational security conditions for public-key steganography similar to those for the symmetric-key setting, and give the first protocols for public-key steganography and steganographic key exchange that are provably secure under standard cryptographic assumptions. Steganography with active adversaries: - We consider the security of a stego system against an adversary who actively attempts to subvert its operation by introducing new messages to the communication between Alice and Bob. We consider two classes of such adversaries: disrupting adversaries and distinguishing adversaries. Disrupting adversaries attempt to prevent Alice and Bob from communicating stegano graphically, subject to some set of publicly-known restrictions; we give a formal definition of robustness against such an attack and give the first construction of a provably robust stego system. Distinguishing adversaries introduce additional traffic between Alice and Bob in hopes of tricking them into revealing their use of steganography; we consider the security of symmetric- and public-key stego systems against active distinguishers and give constructions, which are secure against such adversaries. We also show that no stego system can be simultaneously secure against both disrupting and distinguishing active adversaries. 14

Bounds on steganographic rate: - The rate of a stego system is defined by the (expected) ratio of hidden text size to stego text size. Prior to this work there was no known lower bound on the achievable rate (since there were no provably secure stego systems), and only a trivial upper bound. We give an upper-bound MAX in terms of the number of samples from a probabilistic channel oracle and the minimum-entropy of the channel, and show that this upper bound is tight by giving a provably secure symmetric-key stego system with rate (1 - o(1))MAX. We also give an upper bound RMAX on the rate achievable by a robust stego system and exhibit a construction of a robust stego system with rate (1 e) RMAX for any _ > 0. Covert Computation: - We introduce the novel concept of covert two-party computation. Whereas ordinary secure two-party computation only guarantees that no more knowledge is leaked about the inputs of the individual parties than the result of the computation, covert two party computations employs steganography to yield the following additional guarantees: (A) No outside eavesdropper can determine whether the two parties are performing the computation or simply communicating as they normally do; (B) before learning f(xA; xB), neither party can tell whether the other is running the protocol; (C) after the protocol concludes, each party can only determine if the other ran the protocol insofar as they can distinguish f(xA; xB) from uniformly chosen random bits. Covert two-party computation thus allows the construction of protocols that return f(xA; xB) only when it equals a certain value of interest (such as \Yes, we are romantically interested in each other") but for which neither party can determine whether the other even ran the protocol whenever f(xA; xB) does not equal the value of interest.

15

Chapter 2: Steganography
Steganography is a very old method of passing messages in secret. This method of message cloaking goes back to the time of the ancient Greeks. The historian Herodotus wrote about how an agent wrote a message warning of an invasion on the wood part of a wax tablet. Since messages were normally inscribed in the wax and not the wood, the tablet appeared blank to a common observer. There is also the story of a messenger during the Persian Wars who shaved his head and had a message tattooed on it. He waited until his hair grew back to make his journey. When he arrived at his destination, he shaved his head to reveal the message. During World War II spies on both sides used invisible inks. These inks were fluids such as milk, fruit juice, or urine that would darken when heated. They also sent messages with very small punctures above characters in a document that formed a message when combined. Many people lump steganography with cryptography, and while they are in many cases means to the same ends (not letting unauthorized persons view data) they are not the same thing. Although, they are often sibling processes and first encrypting a message then using a stego-tool to hide it is more effective in hiding a secret message than either method by itself. According to Dictionary.com: Steganography is: Hiding a secret message within a larger one in such a way that others can not discern the presence or contents of the hidden message and Cryptography is The process or skill of communicating in, or deciphering secret writing or ciphers. Steganography can be used to cloak hidden messages in image, audio and even text files. It is to be mentioned that steganography is derived from the Greek for covered writing and essentially means to hide in plain sight. As defined by Cachin steganography is the art and science of communicating in such a way that the presence of a message cannot be detected. Simple steganographic techniques have been in use for hundreds of years, but with the increasing use of files in an electronic format new techniques for information hiding have become possible.

16

Figure 1 shows how information hiding can be broken down into different areas. Steganography can be used to hide a message intended for later retrieval by a specific individual or group. In this case the aim is to prevent the message being detected by any other party. The other major area of steganography is copyright marking, where the message to be inserted is used to assert copyright over a document

Figure 1: - Types of steganography

Steganography and encryption are both used to ensure data confidentiality. However the main difference between them is that with encryption anybody can see that both parties are communicating in secret. Steganography hides the existence of a secret message and in the best case nobody can see that both parties are communicating in secret. This makes steganography suitable for some tasks for which encryption arent, such as copyright marking. Adding encrypted copyright information to a file could be easy to remove but embedding it within the contents of the file itself can prevent it being easily identified and removed.

17

Figure 2 shows a comparison of different techniques for communicating in secret. Encryption allows secure communication requiring a key to read the information. An attacker cannot remove the encryption but it is relatively easy to modify the file, making it unreadable for the intended recipient. Digital signatures allow authorship of a document to be asserted. The signature can be removed easily but any changes made will invalidate the signature, therefore integrity is maintained. Steganography provides a means of secret communication, which cannot be removed without significantly altering the data in which it is embedded. The embedded data will be confidential unless an attacker can find a way to detect it.

History: How around 440 B.C. Histiaeus shaved the head of his most trusted slave and tattooed it with a message, which disappeared after the hair had regrown. The purpose of this message was to instigate a revolt against the Persians. Another slave could be used to send a reply. During the American Revolution, both the British and Americans to communicate secretly used invisible ink, which would glow over a flame. Steganography was also used in both World Wars. German spies hid text by using invisible ink to print small dots above or below letters and by changing the heights of letter-strokes in cover texts. In World War I, prisoners of war would hide Morse code messages in letters home by using the dots and dashes on i, j, t and f. Censors intercepting the messages were often alerted by the phrasing and could change them in order to alter the message. A message reading Father is dead was modified to read Father is deceased and when the reply Is Father dead or deceased? came back the censor was alerted to the hidden message. During World War II, the Germans would hide data as microdots. This involved photographing the message to be hidden and reducing the size so that that it could be used as a period within another document. FBI director J. Edgar Hoover described the use of microdots as the enemys masterpiece of espionage. A message sent by a German spy during World War II read: Apparently neutrals protest is thoroughly discounted and ignored. Isman hard hit. Blockade issue affects for pretext embargo on by-products, 18

ejecting suets and vegetable oils. By taking the second letter of every word the hidden message Pershing sails for NY June 1 can be retrieved. More recent cases of steganography include using special inks to write hidden messages on bank notes and also the entertainment industry using digital watermarking and fingerprinting of audio and video for copyright protection.

Technical Background of Steganography: Todays steganographic methods primarily use image or audio files to hide encrypted data, thus enhancing overall security. Encrypted data on its own can attract the attention of hackers through its mere existence; however, if it is embedded in seemingly innocuous image or audio files, no attempts will be made to break the code or to obtain the secret key. Using steganographic techniques, the information that needs to be concealed is dispersed within the least significant bits of a carrier file (e.g., image or audio file), which serves as a hiding place. It is important that the carrier files not lose their actual appearance during the embedding process. Most suitable are digital files with 24-bit color depth, which uses three bytes per dot. Since the secret information is distributed within the least significant bit of each dot, the human eye from the image containing the embedded data cannot distinguish the original image. The format of the image is also critical. Its important to ensure that the type of compression used doesnt cause a loss of data. GIF and BMP files can safely be used for steganography. While gray-scale images are readily usable, embedding information in 265-color images is only advisable if the colors are right next to each other in the palette. Otherwise, the appearance of the image will be noticeably changed. Certain steganographic programs, such as the Steganos Security Suite, enable users to create suitable image or audio files, or to search their computers for available files. In a computer, images are represented as arrays of values. These values represent the intensities of the three colors R(ed) G (reen) and B (lue), where a value for each of the three colors describes a pixel. Through varying the intensity of the RGB values, a finite set of colors spanning the full visible spectrum can be created. In an 8-bit gif image, there

19

can be 28 = 256 colors and in a 24-bit bitmap, there can be 224 = 16777216 colors. Large images are most desirable for steganography because they have the most space to hide data in. The best quality hidden image is normally produced using a 24-bit bitmap as a cover image. Each byte corresponding to one of the three colors and each three-byte value fully describes the color and luminance values of one pixel. The cons to large images are that they are cumbersome to both transfer and upload, while running a larger chance of drawing an attackers attention due to their uncommon size. As a result, compression is often used. There are two common compression techniques used to shrink the file size of a bitmap.

GIF The first is the GIF (Graphics Interchange Format) format, which will decrease the number of bits used to represent each pixel from 24 to 8. This is a lossless compression technique and the data hidden in the message can be recovered without a problem.

JPEG The JPEG (Joint Photographic Experts Group) is a form of lossy compression. It does a very nice job of decreasing the file size of the image and retaining a great deal of its quality. The JPEG transformation takes eight pixels by eight pixel blocks and performs a 64 bit DCT (Discrete Cosine Transformation) does not compute to exact values. With continuing transforms, the precision of the calculation is decreased and the amount of error increases. Two methods used to perform a DCT are the Fast Fourier and wavelet transforms. The downside to JPEG compression is that it may corrupt hidden data. Widespread use of digitized information in automated information systems has resulted in a renaissance for steganography. Information, which provides the ideal vehicle for steganography, is that which is stored with accuracy far greater than necessary for the datas use and display. Image, Postscript, and audio files are among those that fall into this category, while text, database, and executable code files do not. It has been demonstrated that a significant amount of information can be concealed in bitmapped image files with little or no visible degradation of the image. This process, called 20

steganography, is accomplished by replacing the least significant bits in the pixel bytes with the data to be hidden. Since the least significant pixel bits contribute very little to the overall appearance of the pixel, replacing these bits often has no perceptible effect on the image. To illustrate, consider a 24-bit pixel, which uses 8 bits for each of the red, green, and blue color channels. The pixel is capable of representing 224 or 16,777,216 color values. If we use the lower 2 bits of each color channel to hide data, the maximum change in any pixel would be 26 or 64 color values; a minute fraction of the whole color space. This small change is invisible to the human eye. To continue the example, an image of 735 by 485 pixels could hold 735*485 * 6 bits/pixel * 1byte/8 bits = 267,356 bytes of data. It is even possible to embed one image inside another. Further, they assert that visual inspection of an image prior to its being downgraded is insufficient to prevent unauthorized flow of data from one security level to a lower one. A number of different formats are widely used to store imagery including BMP, TIFF, GIF, etc. Several of these image file formats palletize images by taking advantage of the fact that the color veracity of the image is not significantly degraded to the human observer by drastically reducing the total number of colors available. Instead of over 16 million possible colors, the color range is reduced and stored in a table. Each pixel, instead of containing a precise 24-bit color, stores an 8-bit index into the color table. This reduces the size of the bitmap by 2/3. When a viewer such as xv processes the image for display, the indices stored at the location of each pixel are used to obtain the colors to be displayed from the color table. It has been demonstrated that steganography is ineffective when images are stored using the compression algorithm.

21

Figure2:- Process of embedding data into RGB pixels Despite the relative ease of employing steganography to covertly transport data in an uncompressed 24-bit image, lossy compression algorithms based on techniques from digital signal processing, which are very commonly employed in image handling systems, pose a severe threat to the embedded data. An excellent example of this is the ubiquitous Joint Photographic Experts Group (JPEG) compression algorithm, which is the principle compression technique for transmission and storage of images used by government organizations. It does a quite thorough job of destroying data hidden in the least significant bits of pixels.

The basics of embedding: Three different aspects in information-hiding systems contend with each other: capacity, security, and robustness. Capacity refers to the amount of information that can be hidden in the cover medium, security to an eavesdroppers inability to detect hidden information, and robustness to the amount of modification the stego medium can withstand before an adversary can destroy hidden information. Information hiding generally relates to both watermarking and steganography. A watermarking systems primary goal is to achieve a high level of robustnessthat is, it should be impossible to remove a watermark without degrading the data objects quality. Steganography, on the other hand, strives for high 22

security and capacity, which often entails that the hidden information is fragile. Even trivial modifications to the stego medium can destroy it. A classical steganographic systems security relies on the encoding systems secrecy. An example of this type of system is Roman general who shaved a slaves head and tattooed a message on it. After the hair grew back, the slave was sent to deliver the now-hidden message. Although such a system might work for a time, once it is known, it is simple enough to shave the heads of all the people passing by to check for hidden messagesultimately, such a steganographic system fails. Modern steganography attempts to be detectable only if secret information is knownnamely, a secret key. This is similar to Kerckhoffs Principle in cryptography, which holds that a cryptographic systems security should rely solely on the key material. For steganography to remain undetected, the unmodified cover medium must be kept secret, because if it is exposed, a comparison between the cover and stego media immediately reveals the changes. Information theory allows us to be even more specific on what it means for a system to be perfectly secure. Christian Cachin proposed an information-theoretic model for steganography that considers the security of steganographic systems against passive eavesdroppers. In this model, we assume that the adversary has complete knowledge of the encoding system but does not know the secret key. His or her task is to devise a model for the probability distribution PC of all possible cover media and PS of all possible stego media. The adversary can then use detection theory to decide between hypothesis C (that a message contains no hidden information) and hypothesis S (that a message carries hidden content). A system is perfectly secure if no decision rule exists that can perform better than random guessing. Essentially, steganographic communication senders and receivers agree on a steganographic system and a shared secret key that determines how a message is encode in the cover medium. To send a hidden message, for example, Alice creates a new image with a digital camera. Alice supplies the steganographic system with her shared secret and her message. The steganographic system uses the shared secret to determine how the hidden message should be encoded in the redundant bits. The result is a stego image that Alice sends to Bob. When Bob receives the image, he uses the shared secret and the agreed on steganographic system to retrieve the hidden message. Figure shows an overview of the encoding step; statistical analysis can reveal the presence of hidden content. 23

Requirements of hiding data digitally: There are many different protocols and embedding techniques that enable us to hide data in a given object. However, all of the protocols and techniques must satisfy a number of requirements so that steganography can be applied correctly. The following is a list of main requirements that steganography techniques must satisfy: The integrity of the hidden information after it has been embedded inside the stego object must be correct. The secret message must not change in any way, such as additional information being added, loss of information or changes to the secret information after it has been hidden. If secret information is changed during steganography, it would defeat the whole point of the process. The stego object must remain unchanged or almost unchanged to the naked eye. If the stego object changes significantly and can be noticed, a third party may see that information is being hidden and therefore could attempt to extract or to destroy it. In watermarking, changes in the stego object must have no effect on the watermark. Imagine if you had an illegal copy of an image that you would like to manipulate in various ways. These manipulations can be simple processes such as resizing, trimming or rotating the image. The watermark inside the image must survive these manipulations, otherwise the attackers can very easily remove the watermark and the point of steganography will be broken. Finally, we always assume that the attacker knows that there is hidden information inside the stego object. Figure shows a simple representation of the generic embedding and decoding process in steganography. In this example, a secret image is being embedded inside a cover image to produce the stego image.

24

The first step in embedding and hiding information is to pass both the secret message and the cover message into the encoder. Inside the encoder, one or several protocols will be implemented to embed the secret information into the cover message. The type of protocol will depend on what information you are trying to embed and what you are embedding it in. For example, an image protocol to embed information inside images is being used.

Figure3: - Generic process of encoding and decoding

A key is often needed in the embedding process. This can be in the form of a public or private key so you can encode the secret message with your private key and the recipient can decode it using your public key. In embedding the information this way, you can reduce the chance of a third party attacker getting hold of the stego object and decoding it to find out the secret information.

25

In general the embedding process inserts a mark, M, in an object, I. A key, K, usually produced by a random number generator is used in the embedding process and the resulting marked object, , is generated by the mapping: I x K x M .

Having passed through the encoder, a stego object will be produced. A stego object is the original cover object with the secret information embedded inside. This object should look almost identical to the cover object as otherwise a third party attacker can see embedded information. Having produced the stego object, it will then be sent off via some communications channel, such as email, to the intended recipient for decoding. The recipient must decode the stego object in order for them to view the secret information. The decoding process is simply the reverse of the encoding process. It is the extraction of secret data from a stego object. In the decoding process, the stego object is fed in to the system. The public or private key that can decode the original key that is used inside the encoding process is also needed so that the secret information can be decoded. Depending on the encoding technique, sometimes the original cover object is also needed in the decoding process. Otherwise, there may be no way of extracting the secret information from the stego object. After the decoding process is completed, the secret information embedded in the stego object can then be extracted and viewed. The generic decoding process again requires a key, K, this time along with a potentially marked object, . Also required is either the mark, M, which is being checked for or the original object, I, and the result will be either the retrieved mark from the object or indication of the likelihood of M being present in . Private Marking Systems: Private marking systems can be divided further into different types but all require the original image. Type I systems use I to help locate the mark in and output the mark. Type II systems also require M and simply give a yes or no answer to the question does contain the mark M? This can be seen as a mapping: x I x K x M and simply answer the same question through the mapping: x K x M 26 {0, 1}. Semi{0, 1}. private marking systems work like Type II except they dont require the original image

Private marking systems reveal little information and require the secret key in order to detect the mark. Many current systems fall into this category and they are often used to prove ownership of material in court. Public Marking Systems (Blind Marking): Public marking systems do not require either I or M but extract n bits from which represents the mark: x K M. Public marking systems have a wider range of applications and the algorithms can often be used in private systems. Asymmetric Marking Systems (Public Key Marking): Asymmetric marking systems allow any user to read the mark but prevent them from removing it Types of steganography: Steganography can be split into two types, these are Fragile and Robust. The following section describes the definition of these two different types of steganography. Fragile:Fragile steganography involves embedding information into a file which is destroyed if the file is modified. This method is unsuitable for recording the copyright holder of the file since it can be so easily removed, but is useful in situations where it is important to prove that the file has not been tampered with, such as using a file as evidence in a court of law, since any tampering would have removed the watermark. Fragile steganography techniques tend to be easier to implement than robust methods. Robust: Robust marking aims to embed information into a file, which cannot easily be destroyed. Although no mark is truly indestructible, a system can be considered robust if the amount of changes required to remove the mark would render the file useless. Therefore the mark should be hidden in a part of the file where its removal would be easily perceived. 27

There are two main types of robust marking. Fingerprinting involves hiding a unique identifier for the customer who originally acquired the file and therefore is allowed to use it. Should the file be found in the possession of somebody else, the copyright owner can use the fingerprint to identify the customer violating the license agreement by distributing a copy of the file. Unlike fingerprints, watermarks identify the copyright owner of the file, not the customer. Whereas fingerprints are used to identify people who violate the license agreement watermarks help with prosecuting those who have an illegal copy. Ideally fingerprinting should be used but for mass production of CDs, DVDs, etc it is not feasible to give each disk a separate fingerprint. Watermarks are typically hidden to prevent their detection and removal, they are said to be imperceptible watermarks. However this need not always is the case. Visible watermarks can be used and often take the form of a visual pattern overlaid on an image. The use of visible watermarks is similar to the use of watermarks in non-digital formats (such as the watermark on British money). The palette and composition of the image also contribute to how well the stegotool does its job. An image with gradual color gradients or in grayscale is the best for stenography because it is easier to insert small errors in. The changes also appear more gradually and as a result are less likely to be detected. Observe the different color palettes below and how the one on the left changes gradually and is more suitable for a cover image than the one on the right

28

Figure4: Palette gradients It is also important to use images that do not contain large blocks of a solid color, as the changed bits in the solid area are easier to detect. There are three main ways to conceal the secret message/image. The first way is straight insertion where you just put the message into the cover image. The next way requires some analysis to find the variations in color and it puts the message in those areas where it is less likely to be detected. The last way is to randomly insert the message into the image. Essentially, the information-hiding process in a steganographic system starts by identifying a cover mediums redundant bits (those that can be modified without destroying that mediums integrity).The embedding process creates a stego medium by replacing these redundant bits with data from the hidden message. Modern steganographys goal is to keep its mere presence undetectable, but steganographic systems because of their invasive natureleave behind detectable traces in the cover medium. Even if secret content is not revealed, the existence of it is: modifying the cover medium changes its statistical properties, so eavesdroppers can detect the distortions in the resulting stego mediums statistical properties. The process of finding these distortions is called statistical steganalysis. 29

LSB: First we will investigate least significant bit insertion, where you literally put the information in the least significant bits of an image. This is a simple technique but the down side is that the message is very susceptible to information loss when using lossy compression techniques. We will now go over an example that involves inserting an A into 3 pixels of a 24-bit image. Here is the original raster data: (00100111 11101001 11001000) (00100111 11001000 11101001) (11001000 00100111 11101001) The binary value of A is 10000011 and encoding A into the last bits of this 3 pixel sequence will change the above sequence to:

(00100111 11101000 11001000) (00100110 11001000 11101000) (11001000 00100111 11101001) Notice that only the underlined bits had to be changed in order to create the A. On the average only have of the bits would have to be changed in an LSB (Least Significant Bit) encoding scheme. With such a small variation in the colors it would be very difficult for the human eye to discern the difference. Next we will do least bit insertion with an 8 bit value. Since 8 bit values can only have a maximum of 256 colors the image must be chosen much more carefully. Consider a palette with four colors: white, red, blue, and green, which have the palette position entries of 0(00), 1(01), 2(10) and 3(11) respectively. The values of four adjacent pixels with colored white, white, blue, blue (00 00 10 10). We will try and hide the decimal number 10 represented in binary as 1010. The resulting raster is: 01 00 11 10, which corresponds to red, white, and green, blue. 30

These large changes in the image are very noticeable in a color image although an 8 bit grey scale image will produce relatively good results. There are multiple tools that implement LSB. One tool, EzStego can change around the palate to lessen the frequency of adjacent colors with too strong of a contrast. S-Tools tries to approximate the cover image by changing around the palette to make the difference between bits only one and sometimes causes very noticeable shifts in the palette. Masking and filtering techniques are mostly used on 24 bit and grey scale images. They hide info in a way similar to watermarks on actual paper and are sometimes used as digital watermarks. Masking images entails changing the luminance of the masked area. The smaller the luminance change, the less of a chance that it can be detected. Stego-images (images that have been manipulated by steganographic methods) that are masked will keep a higher fidelity than LSB through compression, cropping and some image processing. The reason that a stego image encoded with masking degrades less under JPEG compression is that the secret message is hid in the significant areas of the picture. There is a tool called JPEG J steg that takes advantage of the compression of JPEG while trying to keep high message fidelity. The program takes a secret message and a lossless cover image as input and outputs a stego image in JPEG format.

Even though stego-images can rarely be spotted by the naked eye, they usually leave behind some type of fingerprint or statistical hint that they have been modified. It is those discrepancies, which an analysis tool may be able to detect. Since some techniques and their effects are commonly known, a statistical analysis of an image can be performed to check for a hidden message(s) in it. The simplest technique is to measure the entropy of redundant data and check if its statistical properties have deviated from the data collected from the original image. Since we do not always have the unaltered cover image readily available a detection system can compare the amount of 1s and 0s to detect the presence of a stego-image. A similar method of analysis can be used for JPEGs but the coefficients of the DCT are looked at instead of individual bits. Yet another method is to 31

create a new color and sort the palette of the image and look for statistical anomalies that way. These simple methods do not conclusively prove that there is a secret message but is merely the first step. After a suspected image is found then a dictionary attack must be conducted to verify that there is a hidden message.

Discrete cosine transform:For each color component, the JPEG image format uses a discrete cosine transform (DCT) to transform successive 8 * 8 pixel blocks of the image into 64 DCT coefficients each. The DCT coefficients F(u, v) of an 8 * 8 block of image pixels f(x, y) are given by

Where C (x) = 1/ when x equal 0 and C (x) = 1 otherwise. Afterwards, the following operation quantizes the coefficients:

Where Q (u, v) is a 64-element quantization table.

32

As the above algorithm runs, it sequentially replaces the least-significant bit of discrete cosine transform (DCT) coefficients with message data. It does not require a shared secret. We can use the least-significant bits of the quantized DCT coefficients as redundant bits in which to embed the hidden message. The modification of a single DCT coefficient affects all 64-image pixels. In some image formats (such as GIF), an images visual structure exists to some degree in all the images bit layers. Steganographic systems that modify least-significant bits of these image formats are often susceptible to visual attacks. This is not true for JPEGs. The modifications are in the frequency domain instead of the spatial domain, so there are no visual attacks against the JPEG image format. The human eye cannot detect which image holds steganographic content. Sequential: Derek Uphams JSteg was the first publicly available steganographic system for JPEG images. Its embedding algorithm sequentially replaces the least-significant bit of DCT coefficients with the messages data. The algorithm does not require a shared secret; as a result, anyone who knows the steganographic system can retrieve the message hidden by JSteg. Andreas Westfeld and Andreas Pfitzmann noticed that steganographic systems that change least-significant bits sequentially cause distortions detectable by steganalysis. They observed that for a given image, the embedding of high-entropy data (often due to encryption) changed the histogram of color frequencies in a predictable way. In the simple case, the embedding step changes the least-significant bit of colors in an image. 33

The colors are addressed by their indices i in the color table; we refer to their respective frequencies before and after embedding as ni and ni *. Given uniformly distributed message bits, if n2i > n2i+1, then pixels with color 2i are changed more frequently to color 2i + 1 than pixels with color 2i + 1 are changed to color 2i. As a result, the following relation is likely to hold:

In other words, embedding uniformly distributed message bits reduces the frequency difference between adjacent colors. The same is true in the JPEG data format. Instead of measuring color frequencies, we observe differences in the DCT coefficients frequency.. We see a reduction in the frequency difference between coefficient 1 and its adjacent DCT coefficient 2. Westfeld and Pfitzmann used a 2-test to determine whether the observed frequency distribution yi in an image matches a distribution yi * that shows distortion from embedding hidden data. Although we do not know the cover image, we know that the sum of adjacent DCT coefficients remains invariant, which lets us compute the expected distribution yi * from the stego image. Letting ni be the DCT histogram, we compute the arithmetic mean to determine the expected distribution and compare it against the observed distribution.

. The 2 value for the difference between the distributions is given as:-

34

Where

are the degrees of freedomthat is, one less than the number of different

categories in the histogram. It might be necessary to sum adjacent values from the expected distribution and the observed distribution to ensure that each category has enough counts. Combining two adjacent categories reduces the degrees of freedom by one. The probability p that the two distributions are equal is given by the complement of the cumulative distribution function,

Where

is the Euler Gamma function.

The probability of embedding is determined by calculating p for a sample from the DCT coefficients. The samples start at the beginning of the image; for each measurement the sample size is increased.

Pseudo random: Outguess 0.1 (created by one of us, Niels Provos) is a steganographic system that improves the encoding step by using a pseudo-random number generator to select DCT coefficients at random. The least-significant bit of a selected DCT coefficient is replaced with encrypted message data. The 2-test for JSteg does not detect data that is randomly distributed across the redundant data and, for that reason, it cannot find steganographic content hidden by Outguess 0.1. However, it is possible to extend the 2- test to be more sensitive to local distortions in an image. Two identical distributions produce about the same 2 values in any part of the distribution. Instead of increasing the sample size and 35

applying the test at a constant position, we use a constant sample size but slide the position where the samples are taken over the images entire range. Using the extended test, we can detect pseudo-randomly distributed hidden data. Given a constant sample size, we take samples at the beginning of the image and increase the sample position by 1 percent for every 2 calculation. We then take the sum of the probability of embedding for all samples. If the sum is greater than the detection threshold, the test indicates that an image contains a hidden message. To find an appropriate sample size, we select an expected distribution for the extended 2-test that should cause a negative test result. Instead of calculating the arithmetic mean of coefficients and their adjacent ones, we take the arithmetic mean of two unrelated coefficients,

A binary search on the sample size helps find a value for which the extended 2-test does not show a correlation to the expected distribution derived from unrelated coefficients.

36

As the above algorithm runs, the algorithm replaces the least-significant bit of pseudorandomly selected discrete cosine transform (DCT) coefficients with message data.

Subtraction: Steganalysis successfully detects steganographic systems that replace the least-significant bits of DCT coefficients. Lets turn now to Andreas Westfields steganographic system, F5.Instead of replacing the least-significant bit of a DCT coefficient with message data, F5 decrements its absolute value in a process called matrix encoding. As a result, there is no coupling of any fixed pair of DCT coefficients, meaning the 2-test cannot detect F5. Matrix encoding computes an appropriate (1, (2k 1), k) Hamming code by calculating the message block size k from the message length and the number of nonzero non-DC coefficients. The Hamming code (1, 2k 1, k) encodes a k-bit message word m into an nbit code word with n = 2k 1. With matrix encoding, embedding any k-bit message into any n-bit code word changing it at most by one bit. In other words, we can find a suitable code word a for every code word a and every message word m so that m = f (a ) and d (a, a ) 1. First, the DCT coefficients are permuted by a keyed pseudo-random number generator (PRNG), and then arranged into groups of n while skipping zero and DC coefficients. The message is split into k-bit blocks. For every message block m, we get an n-bit code word a by concatenating the least significant bit of the current coefficients absolute value. If the coefficient becomes zero, shrinkage happens, and it is discarded from the coefficient group. The group is filled with the next nonzero coefficient and the process repeats until the message can be embedded.

Statistics-aware embedding: So far, we have presented embedding algorithms that overwrite image data without directly considering the distortions that the embedding caused. Lets look at a framework for an embedding algorithm that uses global image statistics to influence how coefficients should be changed. To embed a single bit, we can either increment or decrement a DCT coefficients value. This lets us change a DCT coefficients least-significant bit in two different ways. Additionally, we create groups of DCT coefficients and use the parity1 of

37

their least-significant bits as message bits to further increase the number of ways to embed a single bit. For every DCT block, we search the space of all possible changes to find a configuration that minimizes the change to image statistics. Currently, we search for solutions that maintain the blockiness, the block variance, and the coefficient histogram. Benefits of Steganography: Steganography offers many benefits to society with a large variety of virtuous applications - it enables communication with a high-level of privacy, provides a safe repository for business trade secrets, and scores of applications exist for its use on the internet (it is specifically used for watermarking copyright-protected data). Ho et al discuss the necessity of digital steganography in various ecommerce applications. Digital watermarking (used for copyright protection), digital signature authentication (for validation of electronic documents) and digital data storage and linkage (for binding digitized photographs with personal attribute information) are all legitimate and valuable uses of this technique.

Digital Watermarking: - The Internet is a tricky medium for making sure that intellectual property rights are not violated. One mechanism, which offers some sort of protection to the copyright holder, is digital watermarking. It enables one to embed either a text or image watermark (which identifies ownership) over the digitized data, and make it irremovable and if needs be, invisible. StegMark is one that is currently available on the market and used for such applications. Anderson and Petitcolas note that the publishing and broadcasting industries have seen the use of this technology as a boon to alleviate the fear of the ease of reproduction and digital distribution over the Internet. This process of steganography makes the concealment of copyright marks and serial numbers in digital films, audio recordings, 38

books and multimedia products possible. Bender et al explores the less common legitimate application of anticounterfeiting, made possible by the use of steganography, or to be more specific, digital watermarks. The massive advances in ink-jet printers and scanners have provided a perfect mechanism to reproduce high-quality colour copies of any original document. Criminally minded individuals use such technology to engage in the creation of counterfeit currency or other valuable documents which look like the real thing if not examined by a professional. By embedding a digital signature into a document or currency note, this can be detected by a printer (that is obviously programmed to detect such elements) that can then refuse to complete the print job and provide an appropriate warning to the perpetrator. It thus means that counterfeiters would be discouraged from engaging in this illegal activity.

Digital Signature Authentication: Steganography can be applied to prevent devious interference with private and confidential documents. Emails, letters or company memos are often embedded with a digital signature and a multimedia container password. If the document is tampered with, this will be detected, and the receiver will immediately be notified of the interference (Ho et al, 1999). StegSign is one registered brand of software, which provides such digital signature authentication. Digital Linkage and Storage: StegSafe provides a mechanism to link a digital image with attribute text information. Personal information such as medical history, law enforcement records and other details could be linked to digitized copies of ID photos. It is important that the integrity of the data is maintained, and thus vital to know if details have been modified by an intruder. Using steganography to link the image and this personal information allows the database administrator to be notified if any modifications have taken place (Ho et al, 1999).Many researchers believe the use of steganography has been invaluable in electronic commerce, and without such high-level encryption, many believe that electronic commerce would never have taken off like it has.

39

The threats of steganography:The use of the technique of steganography, however, presents certain worrying concerns. One major problem that comes to the fore is that criminals could possibly abuse this tool. In making this type of encryption technology available to the general public, it means that criminals too can plot, scheme and plan devious and malicious actions without anyone being aware. Despite attempts in the US at regulation, the fact, which always remains constant, is that technology is too pervasive and powerful for governments to simply ban only the criminals from using these types of computerized tools. Steganography is being used to aid criminal activities the world over. DeQuendre found that this type of mechanism is being used to an even greater degree in European countries, such as France, Germany and England, where encryption is significantly restricted for common use. Seargent Doyle of the Computer Investigations and Technology department of the New York Police said at a Computer Security Institute conference held in 1998 that steganography and cryptography are increasingly the methods being used by those with nefarious intentions (cited in DeQuendre, 1998). Cryptographic and Steganographic Applications: - Todays steganographic methods primarily use image or audio files to hide encrypted data, thus enhancing overall security. Encrypted data on its own can attract the attention of hackers through its mere existence; however, if it is embedded in seemingly innocuous image or audio files, no attempts will be made to break the code or to obtain the secret key. Using steganographic techniques, the information that needs to be concealed is dispersed within the least significant bits of a carrier file (e.g., image or audio file), which serves as a hiding place. It is important that the carrier files not lose their actual appearance during the embedding process. Most suitable are digital files with 24-bit color depth, which uses three bytes per dot. Since the secret information is distributed within the least significant bit of each dot, the human eye from the image containing the embedded data cannot distinguish the original image. The format of the image is also critical. Its important to ensure that the type of compression used doesnt cause a loss of data. GIF and BMP files can safely be used for steganography. While gray-scale images are readily usable, embedding information in 265-color images is only advisable if the colors are right next to each other in the palette 40

Otherwise, the appearance of the image will be noticeably changed. Certain steganographic programs, such as the Steganos Security Suite, enable users to create suitable image or audio files, or to search their computers for available files. The increasing use of the Internet has necessitated the development of user-friendly and highly secures forms of data protection for private users, as well as for companies. Potential dangers continue to be posed by hackers and virus attacks, which are politically, socially, technologically or financially motivated. While the encrypting of credit card numbers has become standard practice for the majority of online businesses, e-mail and file security is still a largely unaddressed issue. Basic encryption programs have enhanced data security at only a few large companies. Such programs also can also be of service to individual users who wants to make sure that their e-mail messages and personal or financial files stay private and secure. A related technique called watermarking is applicable to the field of copyrighting. With the help of steganographic techniques, image and audio files can be furnished with a watermark. The use of digital watermarks does not prevent unauthorized copying of data; however, it helps to answer the question of who the original author is.

Digital watermarks serve as an acceptable piece of evidence in court. As with many other tools, steganography and cryptography can be used for good, as well as for bad purposes. Encryption technologies can help prevent industrial espionage. On the other hand, steganography and cryptography can potentially be used for subversive activities. One good example is the terrorist, who allegedly used steganography in chat rooms, bulletin boards and on Web sites to disseminate maps and photographs of targets for terrorist attacks, as well as precise instructions to his followers. Several experts have since sought to disprove these allegations, however, based on a lack of definitive proof. While certain elements of the U.S. government and population have recently called for restrictions or an outright ban on encryption and steganography products, other groups argue that this would be counter-productive, undemocratic and not effectively enforceable. They also point out that criminals would continue to use the technology if it were outlawed. 41

While in the past, cryptography and steganography were mainly used for military purposes; today they are increasingly being used within the private sector. Even home users are becoming aware of the importance of protecting sensitive data from prying eyes. Those who opt to protect their data can choose from several methods, some of which are more complicated than others. Overall, however, general awareness of data security, especially among private citizens, is still not widespread. Many computer and Internet users are still satisfied with the sheer basics of protection, for example the use of virus protection software. These same people prefer writing e-mail instead of postal letters, seemingly unaware of the fact that an unencrypted e-mail can be read just as easily as a postcard. Thus, many of the commercial solutions that have been developed to protect private as well as business data remain unused.

42

Chapter 3: Problem Formulation, Simulation and Testing

Steganography is a high-level type of encryption, and its use results in a mechanism to implement two of the five key pillars of information security, namely confidentiality and integrity. The confidentiality of the hidden message is protected due to it being unrecognizable in its hidden and encrypted form both in the place of storage and during transmission. Any interceptor would not be aware of the secret message. Only authorized people would know of its existence and would be able to decrypt the secret message with the known password. The encrypting of the concealed message protects the integrity of the data. It must be stressed that the unique feature of steganography is largely to be attributed to the potential for use in IT security. Not only is the secret message encrypted, but it is also hidden behind an image, text or music file, making it invisible to ordinary interceptors. In this case the data is hidden in the picture in the places where there is non-availability of pixels (i.e. RGB values zero). In this method of steganography the data is embedded in the image randomly depending on the picture. It is more beneficial as compared to sequential type of steganography as in the former case the data is embedded sequentially in the picture, which increases the probability of hacking. In the pseudo random method the data is embedded randomly on the encryption side for transmission through the communication channel. Once the data is embedded on the picture, the picture carrying the data is sent through the channel so as to receive the same. Once the data get embedded in the picture, the picture is sent through the channel to the receiving end so as to retrieve the original data. On the encryption side the data (secret message is encrypted into the picture. On the decryption side the data is decrypted from the picture in order to get the original secret message.

43

Simulation and testing: Secret message: - INDIA is great~ In the developed code for the pseudo random encryption the secret message is to end with a tilde sign. (This may act as a key for the message transmission) Original picture: -

Figure5: - Original picture

Once the secret message is saved, and then the encryption executable file is run in order to randomly embed the data on the picture.

44

Figure6:- Image after embedding the data into it

This encoded data in the picture is then sent through the channel to the receiver end. Once the data is obtained at the receiving side the decryption algorithm retrieves the original information from the picture. Decoded Text: - INDIA is great

This is the whole procedure of sending message through communication channel using steganography. The message gets encrypted in the picture on the sending side and on the receiving side the same original message is decrypted using decryption algorithm.

45

Chapter 5: Results and Discussions

In this particular algorithm of steganography it is seen that the algorithm replaces the least-significant bit of pseudo-randomly selected discrete cosine transform (DCT) coefficients with message data. The concept of pseudo randomly results in the encryption of the data which does not detect data that is randomly distributed across the redundant data and, for that reason, it cannot find steganographic content hidden by OutGuess 0.1 (Pseudorandom). In case of sequential steganographic algorithm the embedding step changes the least-significant bit of colors in an image. The colors are addressed by their indices i in the color table; we refer to their respective frequencies before and after embedding as ni and ni *.In other words, embedding uniformly distributed message bits reduces the frequency difference between adjacent colors. The same is true in the JPEG data format. Instead of measuring color frequencies, we observe differences in the DCT coefficients frequency. It is shown that histogram before and after a hidden message is embedded in a JPEG image. We see a reduction in the frequency difference between coefficient 1 and its adjacent DCT coefficient 2.This reduction in the frequency results in vulnerability of the data in the picture i.e the probability of the information to get hacked increases.

Limitations:There are limitations on the use of steganography. As with encryption, if Alice wants to communicate secretly with Bob they must first agree on the method being used. Demeratus, a Greek at the Persian court, sent a warning to Sparta about an imminent invasion by Xerxes by removing the wax from a writing tablet, writing the message on the wood and then covering it in wax again. The tablet appeared to be blank and fooled the customs men but almost fooled the recipient too since he was unaware that the 46

message was being hidden. With encryption, Bob can be reasonably sure that he has received a secret message when a seemingly meaningless file arrives. It has either been corrupted or is encrypted. It is not so clear with hidden data; Bob simply receives an image, for example, and needs to know that there is a hidden message and how to locate it. Another limitation is due to the size of the medium being used to hide the data. In order for steganography to be useful the message should be hidden without any major changes to the object it is being embedded in. This leaves limited room to embed a message without noticeably changing the original object. This is most obvious in compressed files where many of the obvious candidates for embedding data are lost. What is left is likely to be the most perceptually significant portions of the file and although hiding data is still possible it may be difficult to avoid changing the file. Attacks: - Information hiding techniques still suffer from several limitations leaving them open to attack and robustness criteria vary between different techniques. Attacks can be broadly categorized although some attacks will fit into multiple categories.
Basic Attacks: Basic attacks take advantage of limitations in the design of the embedding

techniques. Simple spread spectrum techniques, for example, are able to survive amplitude distortion and noise addition but are vulnerable to timing errors. Synchronization of the chip signal is required in order for the technique to work so adjusting the synchronization can cause the embedded data to be lost. It is possible to alter the length of a piece of audio without changing the pitch and this can also be an effective attack on audio files.


Robustness Attacks: Robustness attacks attempt to diminish or remove the presence of a watermark. Although most techniques can survive a variety of transformations, compression, noise addition, etc they do not cope so easily with combinations of them or with random geometric distortions. If a series of minor distortions are applied the 47

watermark can be lost while the image remains largely unchanged. What changes have been made will likely be acceptable to pirates who do not usually require high quality copies. Since robustness attacks involve the use of common manipulations, they need not always be malicious but could just be the result of normal usage by licensed users. Protecting against these attacks can be done by anticipating which transformations pirates are likely to use. Embedding multiple copies of the mark using inverse transformations can increase the resistance to these attacks. However, trying to guess potential attacks is not ideal. The use of benchmarking for evaluating techniques could help to determine how robust the technique is. StirMark is a tool which applies minor geometric distortions, followed by a random low frequency deviation based around the centre of the image and finally a transfer function to introduce error into all sample values similar to the effects of a scanner. StirMark can serve as a benchmark for image watermarking. If the echo can be detected then it can be removed by inverting the formula used to add it. The difficult part is detecting the echo without any knowledge of the original or the echo parameters. This problem is known as blind echo cancellation. Finding the echo can be done using a technique called cepstrum analysis. Other attacks will attempt to identify the watermark and then remove it. This technique is particularly applicable if the marking process leaves clues that help the attacker gain information about the mark. For example an image with a low number of colors, such as a cartoon image, will have sharp peaks in the color histogram. Some marking algorithms split these and the twin peaks attack takes advantage of this to identify the marks which can then be removed

Presentation Attacks: Presentation attacks modify the content of the file in order to prevent the detection of the watermark. The mosaic attack takes advantage of size requirements for embedding a watermark. In order for the marked file to be the same size as the original the file must have some minimum size to accommodate the mark. By splitting the marked file into small sections the mark detection can be confused. Many web browsers will draw images together with no visible split enabling the full image to be effectively restored while hiding the mark. If the minimum size for embedding the mark is small enough the mosaic attack is not practical. This attack can defeat web 48

crawlers which download pictures from the Internet and check them for the presence of a clients watermark.

Implementation Attacks: As with other areas in computer security the implementation of a marking system can provide more opportunities for attack than the marking technique itself. If the mark detection software is vulnerable it may be possible for attackers to deceive it. Digimarc, one of the most widely used picture marking schemes was attacked using a weakness in the implementation. Users register an ID and password with the marking service. A debugger was used to break into the software which checks these passwords and disable the checking. The attacker can change the ID and this will change the mark of already marked images. The debugger also allowed bypassing of checks to see if a mark already existed and therefore allowed marks to be overwritten. There is a general attack on mark readers which explores an image on the boundary between no mark having been found and one being detected. An acceptable copy of the image can be iteratively generated which does not include the mark. Clearly the software used to implement steganographic techniques needs to be secure and ideas from other areas of computer security can be used to ensure this. When steganography is used to hide messages, a certain level of distortion and degradation may occur in the carrier; however, it might not be easily detected by the human eye. Comparing the distortion and degradation and space considerations to a normal image could make possible the detection of whether steganographic content exists or not. What makes steganalysis (the distinguishing and deciphering of messages with steganographic content) very difficult is not knowing which steganographic tool was used, and not knowing the stegokey (or encryption password). Despite the potential uses of steganography to aid criminals in their communication, it also has many useful applications which are necessary in the growing digitized and electronic world in which we operate. While some security professionals foresee doom and gloom with regards to steganography in the future, others see it as merely a phase of

49

technology. It is considered that the future of steganography will be a function of the evolution and limitations of imaging technology. It is argued that steganography wont evolve very much as it has reached its plateau. As steganography consumes images to the fullest, he believes that hiding minimal amounts of information is useless.

50

CONCLUSION & FUTURE SCOPE

CONCLUSION:As steganography becomes more widely used in computing there are issues that need to be resolved. There are a wide variety of different techniques with their own advantages and disadvantages. Many currently used LSB techniques are not robust enough to prevent detection and removal of embedded data. The use of benchmarking to evaluate techniques should become more common and a more standard definition of robustness is required to help overcome this. The pseudo random method should be employed in order to make the data more secure. Peticolas et al. propose a definition of robust similar to that being used by the music industry. For a system to be considered robust it should have the following properties: The quality of the media should not noticeably degrade upon addition of a mark. Marks should be undetectable without secret knowledge, typically the key. If multiple marks are present they should not interfere with each other. The marks should survive attacks that dont degrade the perceived quality of the work. As it is observed that in the simple case, the embedding step changes the least-significant bit of colors in an image. In other words, embedding uniformly distributed message bits reduces the frequency difference between adjacent colors. The probability of embedding is determined by calculating p for a sample from the DCT coefficients. The samples start at the beginning of the image; for each measurement the sample size is increased. The high probability at the beginning of the image reveals the presence of a hidden message; the point at which the probability drops indicates the end of the message. In case of pseudo random it basically improves the encoding step by using a pseudo-random 51

number generator to select DCT coefficients at random. The least-significant bit of a selected DCT coefficient is replaced with encrypted message data. We improve the detection rate by using a heuristic that eliminates coefficients likely to lead to false negatives. Since the pseudo random method improves the encoding step it results in a better encryption than the prevalent staganographic techniques. As attacks are found that work against existing techniques, it is likely that new techniques will be developed that overcome these deficiencies. The continuing use of digital media will drive development of new techniques and standards for watermarking are likely to be developed. Meanwhile the pseudo random techniques of steganography used to embed material will improve as they continue to try and prevent the misuse of steganography.

52

FUTURE SCOPE:The emerging mainstream view in IT is that steganography provides yet another mechanism of cryptography. Clearly the use of steganography is largely an American concern at present. It does however pose a potential international problem as the internet operates on a global level. The proliferation of freely available steganographic software and its detrimental applications do send warning signals in the uncertain and criminallyactive climate in which we operate today. It becomes clear that it is not a security mechanism to be ignored or avoided its use could result in serious ramifications and it desperately needs to be considered by all stakeholders from every angle. There seems to be
vast possibilities for the use of steganography in industrial espionage getting

information out of organizations without anyone being aware. Another aspect of this field is Steganalysis which is still in its infancy stages, although promises to be a reckoning force in the future. One can only hope that steganalysis research is successful, as criminals might then be reluctant to use this technological mechanism for fear of being discovered. For the transmitter, the cover image is not strictly speaking noise, because the transmitter has exact knowledge of the cover image; for the receiver, it is more accurate to call the cover image noise. Finally, finding examples of strong public key watermarking schemes, and another steganographic schemes based on pseudo random methods or proving the non-existence of such schemes, is the most significant open problem posed by this work.

53

References:[1] C. Cachin, An Information-Theoretic Model for Steganography, Proceedings of 2 Workshops on Information Hiding, MIT Laboratory for Computer Science, May 1998 [2] R. Popa, An Analysis of Steganographic Techniques, The "Politehnica" University of Timisoara, Faculty of Automatics and Computers, Department of Computer Science and Software, http://ad.informatik.uni-freiburg.de/mitarbeiter/will/dlib_bookmarks/digitalwatermarking/popa/popa.pdf, 1998 [3] Herodotus, The Hisories, and chap. 5 - The fifth book entitled Terpsichore, 7 - The seventh book entitled Polymnia, J. M. Dent & Sons, Ltd, 1992 [4] Second Lieutenant J. Caldwell, Steganography, United States Air Force, http://www.stsc.hill.af.mil/crosstalk/2003/06/caldwell.pdf, June 2003 [5] F. A. P. Petit colas, R. J. Anderson and M. G. Kuhn, Information Hiding - A Survey, Proceedings of the IEEE, vol. 87, no. 7, pp. 1062-1078, July 1999 [6] BBC News, Piracy blamed for CD sales slump, BBC,
nd

http://news.bbc.co.uk/1/hi/entertainment/new_media/1841768.stm, February 2002 [7] M. Kwan, The Snow Home Page, http://www.darkside.com.au/snow/index.html, March 2001 [8] Compris Intelligence, TextHide, Compris Intelligence,

http://www.compris.com/TextHide/en/ [9] P. Wayner, SpamMimic, http://www.spammimic.com, 2003

54

[10]R.

Hipschman,

The

Secret

Language,

Exploratory,

http://www.exploratorium.edu/ronh/secret/secret.html, 1995 [11] S. Inoue, K. Makino, I. Murase, O. Takizawa, T. Matsumoto and H. Nakagawa, A Proposal on Information Hiding Methods using XML, http://takizawa.gr.jp/lab/nlp_xml.pdf [12] M. D. Swanson, B. Zhu and A. H. Tewfik, Robust Data Hiding for Images, IEEE Digital Signal Processing Workshop, pp. 37-40, Department of Electrical Engineering, http://www.assuredigit.com/tech_doc/more/Swanson_dsp96_robust_datahiding.pdf, September 1996 [13] L.Leurs, JPEG, http://www.prepressure.com/techno/compressionjpeg.htm, 2001 [14] A. K. Chao and C.Chao, Robust Digital Watermarking & Data Hiding, Image Systems Engineering Program, Stanford University, http://ise.stanford.edu/class/ee368a_proj00/project7/index.html, May 2000 [15] J. Gailly, comp. Compression Frequently Asked Questions (part 2/3), Internet FAQ Archives, http://www.faqs.org/faqs/compression-faq/part2/, September 1999 [16] National Academy of Sciences, How do Wavelets work?, National Academy of Sciences, http://www.beyonddiscovery.org/content/view.page.asp?I=1956, 2003 [17] C. Shoemaker, Hidden Bits: A Survey of Techniques for Digital Watermarking, http://www.vu.union.edu/~shoemakc/watermarking/watermarking.html#watermark-object, Virtual Union, 2002 [18] J. Corinna, Steganography, Binary Universe, http://www.binary-

universe.de/articles/5/english/steganodotnet5.html, 2003 [19] J. Glatt, MIDI is the language of gods, http://www.borg.com/~jglatt/ 55

APPENDIX
using System; using System.Drawing; using System.Collections; using System.ComponentModel; using System.Windows.Forms; using System.Data; using System.Drawing.Imaging; namespace StegnoGraphyNewTech { /// <summary> /// Summary description for Form1. /// </summary> public class Form1 : System.Windows.Forms.Form { private System.Windows.Forms.GroupBox groupBox1; private System.Windows.Forms.Label label1; private System.Windows.Forms.PictureBox pictureBox2; private System.Windows.Forms.Label label2; private System.Windows.Forms.Button button1; private System.Windows.Forms.Button button2; private System.Windows.Forms.Button button3; private System.Windows.Forms.Button button4; private System.Windows.Forms.PictureBox p1; private Bitmap m_Bitmap; private System.Windows.Forms.TextBox t1; private System.Windows.Forms.TextBox t2; private System.Windows.Forms.Button button5; private System.Windows.Forms.Label l1; private AxACTIVEVOICEPROJECTLib.AxDirectSS tts; private AxHSRLib.AxVcommand VoiceCmd; private System.Windows.Forms.Label Detect; private int My_menu; private System.Windows.Forms.Timer Timer1; private System.ComponentModel.IContainer components; public Form1() { // // Required for Windows Form Designer support // InitializeComponent(); // 56

// TODO: Add any constructor code after InitializeComponent call } /// <summary> /// Clean up any resources being used. /// <summary> protected override void Dispose( bool disposing ) { if( disposing ) { if (components != null) { components.Dispose(); } } base.Dispose( disposing ); } #region Windows Form Designer generated code /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// <summary> private void InitializeComponent() { this.components = new System.ComponentModel.Container(); System.Resources.ResourceManager resources = new System.Resources.ResourceManager(typeof(Form1)); this.p1 = new System.Windows.Forms.PictureBox(); this.groupBox1 = new System.Windows.Forms.GroupBox(); this.button5 = new System.Windows.Forms.Button(); this.button2 = new System.Windows.Forms.Button(); this.button1 = new System.Windows.Forms.Button(); this.label2 = new System.Windows.Forms.Label(); this.t2 = new System.Windows.Forms.TextBox(); this.label1 = new System.Windows.Forms.Label(); this.t1 = new System.Windows.Forms.TextBox(); this.pictureBox2 = new System.Windows.Forms.PictureBox(); this.button3 = new System.Windows.Forms.Button(); this.button4 = new System.Windows.Forms.Button(); this.l1 = new System.Windows.Forms.Label(); this.tts = new AxACTIVEVOICEPROJECTLib.AxDirectSS(); this.VoiceCmd = new AxHSRLib.AxVcommand(); this.Detect = new System.Windows.Forms.Label(); this.Timer1 = new System.Windows.Forms.Timer(this.components); 57

this.groupBox1.SuspendLayout(); ((System.ComponentModel.ISupportInitialize)(this.tts)).BeginInit(); ((System.ComponentModel.ISupportInitialize)(this.VoiceCmd)).BeginInit(); this.SuspendLayout(); // // p1 // this.p1.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; this.p1.Location = new System.Drawing.Point(32, 32); this.p1.Name = "p1"; this.p1.Size = new System.Drawing.Size(288, 376); this.p1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.StretchImage; this.p1.TabIndex = 0; this.p1.TabStop = false; // // groupBox1 // this.groupBox1.Controls.Add(this.button5); this.groupBox1.Controls.Add(this.button2); this.groupBox1.Controls.Add(this.button1); this.groupBox1.Controls.Add(this.label2); this.groupBox1.Controls.Add(this.t2); this.groupBox1.Controls.Add(this.label1); this.groupBox1.Controls.Add(this.t1); this.groupBox1.Font = new System.Drawing.Font("Microsoft Sans Serif", 8.25F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.groupBox1.ForeColor = System.Drawing.Color.Red; this.groupBox1.Location = new System.Drawing.Point(352, 40); this.groupBox1.Name = "groupBox1"; this.groupBox1.Size = new System.Drawing.Size(400, 448); this.groupBox1.TabIndex = 3; this.groupBox1.TabStop = false; this.groupBox1.Text = "Hide the Text"; // // button5 // this.button5.Location = new System.Drawing.Point(168, 368); this.button5.Name = "button5"; this.button5.Size = new System.Drawing.Size(80, 23); this.button5.TabIndex = 9; this.button5.Text = "Clear"; 58

this.button5.Click += new System.EventHandler(this.button5_Click); // // button2 // this.button2.Location = new System.Drawing.Point(272, 368); this.button2.Name = "button2"; this.button2.Size = new System.Drawing.Size(80, 23); this.button2.TabIndex = 8; this.button2.Text = "Extract"; this.button2.Click += new System.EventHandler(this.button2_Click); // // button1 // this.button1.Location = new System.Drawing.Point(48, 368); this.button1.Name = "button1"; this.button1.Size = new System.Drawing.Size(80, 23); this.button1.TabIndex = 7; this.button1.Text = "Hide"; this.button1.Click += new System.EventHandler(this.button1_Click); // // label2 // this.label2.Location = new System.Drawing.Point(40, 104); this.label2.Name = "label2"; this.label2.Size = new System.Drawing.Size(104, 23); this.label2.TabIndex = 6; this.label2.Text = "Message"; this.label2.Click += new System.EventHandler(this.label2_Click); // // t2 // this.t2.Location = new System.Drawing.Point(40, 136); this.t2.Multiline = true; this.t2.Name = "t2"; this.t2.Size = new System.Drawing.Size(312, 216); this.t2.TabIndex = 5; this.t2.Text = ""; // // label1 // this.label1.Location = new System.Drawing.Point(40, 48); this.label1.Name = "label1"; this.label1.Size = new System.Drawing.Size(64, 23); 59

this.label1.TabIndex = 4; this.label1.Text = "Key"; this.label1.Click += new System.EventHandler(this.label1_Click); // // t1 // this.t1.Location = new System.Drawing.Point(136, 48); this.t1.Name = "t1"; this.t1.Size = new System.Drawing.Size(200, 20); this.t1.TabIndex = 3; this.t1.Text = ""; // // pictureBox2 // this.pictureBox2.BackColor = System.Drawing.Color.FromArgb(((System.Byte)(185)), ((System.Byte)(240)), ((System.Byte)(247))); this.pictureBox2.BorderStyle = System.Windows.Forms.BorderStyle.FixedSingle; this.pictureBox2.Location = new System.Drawing.Point(32, 32); this.pictureBox2.Name = "pictureBox2"; this.pictureBox2.Size = new System.Drawing.Size(288, 376); this.pictureBox2.TabIndex = 0; this.pictureBox2.TabStop = false; // // button3 // this.button3.Location = new System.Drawing.Point(240, 424); this.button3.Name = "button3"; this.button3.Size = new System.Drawing.Size(80, 23); this.button3.TabIndex = 8; this.button3.Text = "Load"; this.button3.Click += new System.EventHandler(this.button3_Click); // // button4 // this.button4.Location = new System.Drawing.Point(32, 424); this.button4.Name = "button4"; this.button4.Size = new System.Drawing.Size(80, 23); this.button4.TabIndex = 9; this.button4.Text = "Save"; this.button4.Click += new System.EventHandler(this.button4_Click); // // l1 60

// this.l1.Location = new System.Drawing.Point(32, 488); this.l1.Name = "l1"; this.l1.Size = new System.Drawing.Size(704, 48); this.l1.TabIndex = 10; this.l1.Visible = false; // // tts // this.tts.Enabled = true; this.tts.Location = new System.Drawing.Point(784, 48); this.tts.Name = "tts"; this.tts.OcxState = ((System.Windows.Forms.AxHost.State)(resources.GetObject("tts.OcxState"))); this.tts.Size = new System.Drawing.Size(152, 128); this.tts.TabIndex = 11; // // VoiceCmd // this.VoiceCmd.Enabled = true; this.VoiceCmd.Location = new System.Drawing.Point(840, 192); this.VoiceCmd.Name = "VoiceCmd"; this.VoiceCmd.OcxState = ((System.Windows.Forms.AxHost.State)(resources.GetObject("VoiceCmd.OcxState"))); this.VoiceCmd.Size = new System.Drawing.Size(32, 32); this.VoiceCmd.TabIndex = 14; this.VoiceCmd.Visible = false; this.VoiceCmd.ClickIn += new AxHSRLib._VcommandEvents_ClickInEventHandler(this.VoiceC md_ClickIn); this.VoiceCmd.CommandRecognize += new AxHSRLib._VcommandEvents_CommandRecognizeEventHandle r(this.VoiceCmd_CommandRecognize); this.VoiceCmd.CommandOther += new AxHSRLib._VcommandEvents_CommandOtherEventHandler(this .VoiceCmd_CommandOther); // // Detect // this.Detect.BackColor = System.Drawing.SystemColors.Control; this.Detect.Cursor = System.Windows.Forms.Cursors.Default; this.Detect.Font = new System.Drawing.Font("Arial", 8F, System.Drawing.FontStyle.Bold, System.Drawing.GraphicsUnit.Point, ((System.Byte)(0))); this.Detect.ForeColor = System.Drawing.Color.Red; this.Detect.Location = new System.Drawing.Point(368, 8); 61

this.Detect.Name = "Detect"; this.Detect.RightToLeft = System.Windows.Forms.RightToLeft.No; this.Detect.Size = new System.Drawing.Size(136, 17); this.Detect.TabIndex = 13; this.Detect.Text = "<Nothing>"; this.Detect.Click += new System.EventHandler(this.Detect_Click); // // Timer1 // this.Timer1.Tick += new System.EventHandler(this.Timer1_Tick); // // Form1 // this.AutoScaleBaseSize = new System.Drawing.Size(5, 13); this.BackColor = System.Drawing.Color.FromArgb(((System.Byte)(222)), ((System.Byte)(253)), ((System.Byte)(254))); this.ClientSize = new System.Drawing.Size(960, 470); this.Controls.Add(this.VoiceCmd); this.Controls.Add(this.Detect); this.Controls.Add(this.tts); this.Controls.Add(this.l1); this.Controls.Add(this.button4); this.Controls.Add(this.button3); this.Controls.Add(this.groupBox1); this.Controls.Add(this.p1); this.Controls.Add(this.pictureBox2); this.Name = "Form1"; this.Text = "Stegnography Encoder Decoder"; this.Load += new System.EventHandler(this.Form1_Load); this.groupBox1.ResumeLayout(false); ((System.ComponentModel.ISupportInitialize)(this.tts)).EndInit(); ((System.ComponentModel.ISupportInitialize)(this.VoiceCmd)).EndInit(); this.ResumeLayout(false); } #endregion /// <summary> /// The main entry point for the application. /// </summary> [STAThread] { Application.Run(new Form1()); 62

} private void Form1_Load(object sender, System.EventArgs e) { VoiceCmd.Initialized = 1; My_menu = VoiceCmd.get_MenuCreate("My Commands", "commands State", 4); VoiceCmd.CtlEnabled = 1; VoiceCmd.SuppressExceptions = 1; VoiceCmd.AddCommand(My_menu, 1, "hello ", "","voice", 0, ""); VoiceCmd.AddCommand(My_menu, 2, "this ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 3, "is ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 4, "test", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 5, "for ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 6, "a", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 7, "to", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 8, "apple ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 2, "he ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 3, "man ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 4, "girl ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 5, "boy ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 6, "jump ", "", "voice", 0, ""); VoiceCmd.AddCommand(My_menu, 7, "over ", "", "voice", 0, ""); VoiceCmd.Activate(My_menu); } public static bool StegnoGraphy(Bitmap b,string keys,string Msg) { int keyLength = keys.Length; int msgLength = Msg.Length ; BitmapData bmData = b.LockBits(new Rectangle(0, 0, b.Width, b.Height), ImageLockMode.ReadWrite, PixelFormat.Format24bppRgb); int stride = bmData.Stride; System.IntPtr Scan0 = bmData.Scan0; char[] ms= Msg.ToCharArray(); char[] key= keys.ToCharArray(); int r=0; int t=0; bool flg= false; 63

bool flg1 = false; unsafe { byte * p = (byte *)(void *)Scan0; int nOffset = stride - b.Width*3; int nWidth = b.Width * 3; for(int y=0;y<b.Height;++y) { for(int x=0; x < nWidth; ++x ) { try { int red =p[2]; int green = p[1]; int s=0; if(r<keyLength) { s = Convert.ToByte(key[r++]); p[0]=(byte)s; } else { if(flg==false) { p[0]=0; flg=true; } else { if(t<msgLength) { s = Convert.ToByte(Msg[t++]); p[0]=(byte)s; } else { if(flg1==false) { p[0]=0; flg1=true;

64

} } } } ++p; } catch(Exception) { } } p += nOffset; } } b.UnlockBits(bmData); return true; } private void button3_Click(object sender, System.EventArgs e) { open(); } private void open() { OpenFileDialog openFileDialog = new OpenFileDialog(); //openFileDialog.InitialDirectory = "c:\\" ; openFileDialog.Filter = "All Image Files (JPEG, GIF, BMP, EPS etc.)|*.jpg;*.jpeg;*.gif;*.bmp;*.tif;*.tiff; *.eps;*.png|JPEG files (*.jpg;*.jpeg)|*.jpg;*.jpeg|GIF Files (*.gif)|*.gif|BMP Files (*.bmp)|*.bmp|TIFF Files (*.tif;*.tiff)|*.tif;*.tiff|PNG Files (*.png)|*.png|EPS Files (*.eps)|*.eps "; openFileDialog.FilterIndex = 2 ; openFileDialog.RestoreDirectory = true ; if(DialogResult.OK == openFileDialog.ShowDialog()) { 65

m_Bitmap = (Bitmap)Bitmap.FromFile(openFileDialog.FileName, false); p1.Image =m_Bitmap; } } private void button4_Click(object sender, System.EventArgs e) { SaveFileDialog saveFileDialog = new SaveFileDialog(); saveFileDialog.InitialDirectory = "c:\\" ; saveFileDialog.Filter = "All Image Files (JPEG, GIF, BMP, etc.)|*.jpg;*.jpeg;*.gif;*.bmp;*.tif;*.tiff;*.png|JPEG files (*.jpg;*.jpeg)|*.jpg;*.jpeg|GIF Files (*.gif)|*.gif|BMP Files (*.bmp)|*.bmp|TIFF Files (*.tif;*.tiff)|*.tif;*.tiff|PNG Files (*.png)|*.png|EPS Files (*.eps)|*.eps "; saveFileDialog.FilterIndex = 1 ; saveFileDialog.RestoreDirectory = true ; if(DialogResult.OK == saveFileDialog.ShowDialog()) { m_Bitmap.Save(saveFileDialog.FileName,ImageFormat.Png); } } private void button1_Click(object sender, System.EventArgs e) { if(t1.Text.Length<1) { MessageBox.Show("Length of the key should not Less than 5"); return; } if(p1.Image==null) { MessageBox.Show("Load the image for Stegnography"); return; } StegnoGraphy(m_Bitmap,t1.Text,t2.Text); } private void button5_Click(object sender, System.EventArgs e) { t2.Text = ""; }

66

private void button2_Click(object sender, System.EventArgs e) { string key; string msg; if(p1.Image==null) { MessageBox.Show("Load the image for Extration"); return; } key = ReadToByte(); if(t1.Text == key) { t2.Text = l1.Text; tts.Speak(t2.Text); } else MessageBox.Show("Key is not matching"); } private string ReadToByte() { BitmapData bmData =m_Bitmap.LockBits(new Rectangle(0, 0, m_Bitmap.Width,m_Bitmap.Height), ImageLockMode.ReadWrite, PixelFormat.Format24bppRgb); int stride = bmData.Stride; int nOffset = stride - m_Bitmap.Width*3; int nWidth = m_Bitmap.Width * 3; string key =null; l1.Text =""; System.IntPtr Scan0 = bmData.Scan0; int v=0; int pix=0; key=null; bool fl=true; bool fl2 =true; bool chk=false;

67

int m=0; unsafe { byte *p = (byte *)(void *)Scan0; for(int y=0;y<m_Bitmap.Height;++y) { for(int x=0; x < nWidth; ++x ) { try { if(v<25) { if(p[0]==0) { fl=false; } if(fl==true) key = key + Convert.ToChar(p[0]) ; v++; } if(fl==false&&m<150) { if(fl2==true&&chk==true) { l1.Text = l1.Text + Convert.ToChar(p[0]); //t2.Text = t2.Text + p[0]; if(p[0]==0) fl2=false; } m++; chk=true; }

++p; } catch(Exception) { 68

} p += nOffset; }

} m_Bitmap.UnlockBits(bmData); return key; } private void ReadToByte1() { BitmapData bmData =m_Bitmap.LockBits(new Rectangle(0, 0, m_Bitmap.Width,m_Bitmap.Height), ImageLockMode.ReadWrite, PixelFormat.Format24bppRgb); int key=0; int stride = bmData.Stride; int nOffset = stride - m_Bitmap.Width*3; int nWidth = m_Bitmap.Width * 3; System.IntPtr Scan0 = bmData.Scan0; int v=0; int pix=0; unsafe { byte *p = (byte *)(void *)Scan0; for(int y=0;y<m_Bitmap.Height;++y) { for(int x=0; x < nWidth; ++x ) { try { if(v<8) { 69

t2.Text = t2.Text + Convert.ToChar(p[0]) ; v++; } ++p; } catch(Exception) { } } p += nOffset; } } m_Bitmap.UnlockBits(bmData); } private void VoiceCmd_ClickIn(object sender, AxHSRLib._VcommandEvents_ClickInEvent e) { } private void VoiceCmd_CommandOther(object sender, AxHSRLib._VcommandEvents_CommandOtherEvent e) { Detect.Text = e.command; t2.Text = t2.Text + e.command +" "; Timer1.Enabled =true; Timer1.Interval =1200; } private void VoiceCmd_CommandRecognize(object sender, AxHSRLib._VcommandEvents_CommandRecognizeEvent e) { Timer1.Enabled = false; Detect.Text = e.command; t2.Text = t2.Text + e.command +" ";

70

Timer1.Enabled =true; Timer1.Interval =1200; } private void Timer1_Tick(object sender, System.EventArgs e) { } private void Detect_Click(object sender, System.EventArgs e) { } private void label1_Click(object sender, System.EventArgs e) { } private void label2_Click(object sender, System.EventArgs e) { } } }

71