Design And Implementation Of A Crypto-Stego Security System

Introduction

1.1 Background of Study

In the present world of communication, one of the necessary requirements to prevent data theft is securing the information. Security has become a critical feature for thriving networks and in military alike. Cryptography and Steganography are well known and widely used techniques that manipulate information (messages) in order to cipher or hide their existence. These techniques have many applications in computer science and other related fields: they are used to protect military messages, E-mails, credit card information, corporate data, personal files, etc. This protection is done or carried out by first generally encrypting the data, then hiding it so as to only be discovered for whom it is meant or intended for.

Before the modern era, cryptography was concerned solely with message confidentiality (.i.e., encryption — conversion of messages from a comprehensible form into an incomprehensible one, and back again at the other end), rendering it unreadable by interceptors or eavesdroppers without the secret knowledge which is the key needed for decrypting the message. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs, and secure computation, amongst others. Encryption attempts to ensure secrecy in communications, such as those of spies, military leaders, diplomats etc.

Steganography (— hiding the existence of a message so as to keep it confidential) was also first developed in ancient times. An early example, from Herodotus (- a Greek historian), concealed a message – a tattoo on a slave’s shaved head – under the regrown hair. In modern terms, Steganography is usually implemented computationally, where cover works such as text files, images, audio files, and video files are altered in such a way that a secret message can be embedded within them. Although Steganography techniques are very similar to that of digital watermarking, one big distinction must be highlighted between the two. In digital watermarking, the focus is on ensuring that nobody can remove or alter the content of the watermarked data, even though it might be plainly obvious that it exists. Steganography on the other hand, focuses on making it extremely difficult to tell that a secret message exists at all. If an unauthorized third party is able to say with high confidence that a file contains a secret message, then steganography has failed.

With the description of the two different techniques for data security, a better and higher technique for data security can be achieved by the combination of this two kinds of data security techniques (i.e. cryptography and steganography), which can be referred to as CRYPTO-STEGO.

1.2 Statement of Problems

Increase in the number of attacks recorded during electronic exchange of information or data between the source and intended destination in data communication has indeed called for a more robust method for securing data transfer. CRYPTO-STEGO (- a combination of cryptography and steganography) can serve as the robust method to minimize the attacks during electronic exchange of data and information, and hence render the services of protecting the confidentiality, integrity, and availability of information from unauthorized access.

1.3 Objective of Study

The objective of this study is to implement a working CRYPTO-STEGO system that will:

Hide message carried by stego-media, and the stego-media should not be sensible to human beings.

Avoid drawing suspicion to the existence of a hidden and encrypted information in a stego-media.

Encrypt data before hiding it in a stego-media, so that even when the stego-media is detected, the information that will be found will be encrypted, unintelligible, and meaningless, and thus cannot be easily accessed.

1.4 Significance of Study

Study of information security(InfoSec), and specifically in these area (CRYPTO_STEGO) that combines the finest of data security techniques (i.e. cryptography and steganography) cannot be over emphasized as it will help save a lot of situation as it concerns information confidentiality, integrity, and it’s availability for only the intended person(s), and further help save informations from attackers who may want to use the information to archieve some malicious intent, for probably selfish interests.

1.5 Scope of Study

The scope of this project is to limit unauthorized access and provide better data security. To meet the requirements, simple and basic approach of CRYPTO-STEGO (- the combination of Steganography and cryptography) is used. First, the data or secret message to be secured is converted into forms that are not easily or cannot be understood by eavesdroppers, and then, the converted text is embedded in an image referred to as stego-image/ stego-carrier, thus making it relatively very very difficult to be tampered with by an unauthorized person. In this project, the proposed approach finds the suitable algorithm for encrypting information, and embedding the information in an image using steganography which provides the better security pattern for information security.

1.6 Limitation of Study

Technology Constraint:

The problem encountered here is searching information about computer security through Data Encryption and Key Hash Algorithm

Time Constraint:

The time given for the submission of this project work was not really enough for the researcher to extensively carry out more research on this work.

Financial Constraint:

There was not enough money to extensively carry out this work.

1.7 Definition of Terms

AES:

Advanced Encryption System

ALGORITM:

This is a sequential way of solving a problem.

CRYPTO-STEGO:

A combination of steganographic and cryptogaphic techniques.

Cryptography:

This is used to hide data from public view and to ensure that the integrity and privacy of any data sent across a network has not been compromised.

Decryption:

The reverse, moving from unintelligible cipher text to plain text.

DES:

Data Encryption Standard

Encryption:

The process of converting ordinary information (plaintext) into unintelligible gibberish (that is, cipher text).

GUI:

Graphical User Interface

Information Security (INFOSEC):

The practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.

JPEG:

Joint Photographic Experts Group

PIL:

Python Imaging Library

PNG:

Portable Network Graphics

Steganography:

Involves transforming the data so as to make its meaning obscure to malicious people who intercept it.

System:

An organized unit which composed of two or more inter related parts that functions together to achieve a particular goal.