A STEGANOGRAPHY APPLICATION FOR SECURE DATA COMMUNICATION Muhammet BAYKARA1 and Resul DAŞ2 Software Engineering Department, Fırat University Elazığ/Turkey 1
[email protected] 2
[email protected] can be hidden in the file is an important variable. As a result of these two criterions, different methods are developed to be used in steganography. The most widely used method in steganography is the adding data to the most insignificant bit or bits (LSB). In this method, the last bit, which is the most insignificant bit of each byte of each pixel that make up the image, is changed. Instead of that bit, bits of the data which you want to hide respectively are placed from its beginning. The hidden information is obtained by comparing the image, in which the original image information is hidden, and its pixels. The disadvantage of adding to the last bit method is that the length of message or document to be sent depends on the size of the image [4]. In this study, steganography method is applied to a mail application for the privacy of the personal information transmission. Moreover, an alternative to other ways of steganography is proposed. In this application, insignificant three bits of each byte of the pixels that make up the image are used for the sake of hiding more information. Besides, the change on the original image caused by the method used in application on the original image and the maximum amount of data which can be hide into the image are analyzed. In this study, the steganography technique is applied on the image files and therefore the desired data is hidden.
ABSTRACT Information security is the process of protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Nowadays, apart from the military and institutional information security, individual information security is very important. If individual information security is ignored, it can cause intangible damage and monetary loss. In this study, a steganography application was developed to increase personal information security. This application is intended to provide a more secure way of communication for emails which play an important role in personal data transfer. Thus, Steganography, which is one of the communication hiding techniques, is used. And also existing steganography methods are examined and a new application has been developed to be used for personal information security. Finally, this application was applied to an electronic mail communication. Index Terms— Computer security, Information hiding, Information security, LSB, Steganography 1. INTRODUCTION Serious problems can occur while transferring the information in the electronic environment from their source to target environment. For instance, there is always the possibility that data shared via e-mail in the internet environment can reach to third persons. As a result of the development in the cyber world, many studies are carried out to overcome these problems [1]. In addition to these precautions, steganography method is used. Steganography means “hidden writing” in ancient Greek and it is the name for the science of hiding information [2]. Steganography has one superior aspect to cryptology. In cryptology encoded hidden information arouse curiosity, in steganography the presence of the information cannot be known since information is secret. Today, thanks to the steganography science, desired data can be hidden into the audio, video, image files, disks and communication channels [3]. In steganography method, one of the most important points is that the hidden data can have as little change as possible on the file where it is hidden. Besides, data size that
978-1-4799-3343-3/13/$31.00 ©2013 IEEE
2. STEGANOGRAPHY AND CRYPTOGRAPHY IN TERMS OF INFORMATION SECURITY SYSTEMS Information has always been one of the most valuable entities for both people and societies from past to the present. Presence of information glorifies the societies, its absence led to the end of many civilizations. Besides information’s value, providing its security has also been a huge problem. As a result of the increase in the use of the computer technologies day by day in personal and institutional spaces, it is necessary using the information security systems efficiently. Therefore, a lot of academic research is made for protecting information and its security [5]. Information security is the process of protection from unauthorized access to information, its use, revelation, destruction, change or harm. Information privacy, its
309
ICECCO 2013
difficult to realize the difference in the image by using high resolution image and the steganography method used will be safer since the only the sender and the receiver have the original image. Taking all these criterions into consideration, information privacy is achieved by using the least significant 3 bits of the color values which make up the pixels for the RGB color space and high resolution images. For each pixel, 9 bit data at most can be hidden by using least significant 3 bit of the colors that constitute the pixels for the images in RGB space. Thus, the data which will be hidden into the image must be turned into a set of integers consisting of 9 bit values. But the characters and the files that make up the message in the form of 8 bit byte sets. For this reason, a function, which turns 8 bit byte sets into sets of 9 byte integers without loss, is used. This function constitutes a new set of integer by taking value from 8 bit value that comes after it most significant bits until it completes itself to 9 bit. The newly formed set of integer must be divided into 3 parts so that 9 bit elements of it can be hidden into the image. The maximum integer value which is expressed with 9 bit equals to value 511 in decimal system. The values gained from here are divided into their orders and then 2 values are gained. But since these values are in decimal system, they cannot be expressed with 3 bit in case that its values are bigger than 7 when they are divided into their orders. In order to prevent this, the elements in the 9 bit integer set are converted to octal system. The maximum digit in octal system which can be expressed with 9 bit (if we express 511 in octal system, the value 777 is found) will be 777. When the 9 bit values in octal system are divided into their orders, the maximum digit is 7 and the digit 7 can be expressed with 3 bit. Three 3 bit value gained are XORed with the color values of the pixels that make up the image. In this way, data privacy phase of the steganography method that will be used in the application is completed. This phase is shown in Fig. 1 (A) with examples. The original image is needed for the proper reading of the data hidden in the image. It will make the method safer since it will function as the locker. By applying the reverse functions that are used in the privacy phase, the information is regained. Thus, the original image and the image where the information are hidden, are taken from the user. A set of integer by XORing the color values that constitute the pixels of both images are obtained. The digit that is acquired by XORing each color value constitutes the orders of the set elements. All the elements of the acquired set of integer are converted from octal to decimal system. In order to regain the information, set of integer must be turned into set of byte. Thus, each element gives value from its least significant bit to the element that comes after him until it reaches 8 bit. Data loss is prevented by adding this value to the most significant bit of the element that comes after it. At the end of these operations, a set of byte is acquired. Acquired set of bytes again turned into information and is
integrity, accessibility, are the main elements on which information security is based. Information privacy is the access to hidden information by the desired persons or groups. Information integrity is the data access to the target without being altered. Accessibility is the privacy of private information and is only available to the receiver when he wants to access to the information [5]. There are many methods of hiding the information safely. One of these is steganography. Steganography is the hiding of the information with methods by which people cannot know its presence except for the information sender and the receiver. Many methods of steganography have been developed to be used today. These methods can vary in terms of such criterions as the maximum amount of data that can be hidden into the image and deterioration rate in the original image. The most used steganography method is LSB (least significant bit) method. In this method, the least significant bits of the colors which make up the pixels of the image is altered and the data is hidden into the image. In LSB method, 3 bit data can be hidden in each pixel for RGB image content. This method is insufficient when a file wanted to be sent in the attachment with the message that will be sent via email. On the other hand, LSB method will have hidden the image by making a slight difference in the original image. While the difference in the low resolution image can be realized with the eye, it is difficult to realize the difference in the high resolution image. This method can be optimized for the high resolution images that will be used and more data can be hidden for each pixel. The data, which will be hidden by means of steganography method for providing information security, can be made safer by encoding. Cryptologic methods are consulted for encoding. The data encoded by cryptology is hidden into the image by means of steganography. Thus, even though the data is accessed with steganalysis techniques, the information cannot be accessed since it is encoded using the cryptologic methods. 3. MATERIAL AND METHOD Personal information security has become an important phenomenon when the increasing amount of cyber-attacks are taken into consideration. In this study, a mail application is developed by using the steganography method, which is developed with the aim of increasing the personal information security. While sending an email, there may be a file as well as a message to be sent. In this case, the size of email to be sent also increases. Therefore, data amount, which can be hidden for each pixel, of the steganography method that will be used in the application needs to be great as much as possible and the difference it makes in the image needs to be slight so as not to be realized with the human eye. In sending email, high resolution, RGB content images which are not shared in the internet environment but are present in the receiver, should be used. In this way, it will be
310
presented to user. Therefore, steganography method’s process of revealing the hidden data, which will be used in the application, is completed. This process is exemplified and shown in Fig. 1 (B).
Fig. 1 (A) Data hiding algorithm diagram of the steganography method used in the application. (B) Steganography method’s finding the hidden data.
311
Application is developed by using C# language in the Microsoft Visual Studio environment. Application runs when the user chooses the process that user wants to do from the login interface. In this interface, there are two options compose and inbox. Depending on the user’s choice, the relevant interface opens. Login interface is shown in Fig. 2, Use case diagram of the application is shown in Fig. 3. Fig. 4 E-mail composing GUI of the application
The data cannot be hidden into these pixels. Therefore, the maximum data amount that 3 pixel can hide is subtracted from the acquired value and amount of exact data size that can be hidden into image is found. The user can add both text and file as attachment to his email. In order to attach a file to the email, the button ‘attach from the file’ is used. For each character and file the user adds the remaining amount of maximum data size that can be hidden into the image is recalculated. And it is shown in the remaining data part. The user enters his own email address, passwords and the email address of the receiver in the relevant fields. The user pushes the send button and the text he wants to send via email is turned into a set of bytes by means of serialization. If the user cannot enter a value, the set will take null as its value. If there is a file that the user chooses, it is turned into a set of bytes by means of movement. Afterwards, sets of byte are hidden into the image by using the steganography method described in Fig. 1 (A) and (B). Color components of some pixels of the image are marked on their alpha value so that sets of byte that are hidden into the image can be reread properly. Alpha value’s least significant bit is altered and it is made clear that it is passed form set of text to set of file or to the information of file extension. Thus steganography method used and the set of byte are hidden into the image. Alpha value of the pixel after the last pixel that is used in the hiding process’ least significant bit is altered, and it signifies that the text that is hidden into the image is finished and the file data has begun. Similarly, the steganography method used in the set of byte acquired from the file, Text data’s finish marked pixel, and it is hidden from the latter pixel onwards. It signifies that the file data that is hidden into image is finished and the file extension’s information has begun by altering the alpha values’ least significant second bit of the pixel that is used for hiding the file data after the last pixel used. Following the pixel that signifies the file data is finished, file’s extension information is hidden. The least third significant bit of alpha value of the pixel after the last pixel used for signifying that all the data hiding process is finished, is modified. Thus, process of hiding data is completed. The user is given a warning if the data that the user wants to hide into the image is bigger than the amount of maximum data size that can be hidden into the image. The Newly acquired image is attached to the email. Email address and password of the user are checked. Relevant
Fig. 2 Graphical user interface
Fig. 3 Use case diagram of the application
In the composing part of the application, email composing interface in Fig. 4 opens and login interface is hidden. In the email composing interface, the user primarily is asked to choose the image in which the data will be hidden. The resolution of the chosen image is multiplied by coefficient 9 since the steganography method used can hide 9 bit for each pixel and the maximum data size that can be hidden into the image is calculated. Afterwards, 3 pixel will be used for marking.
312
settings are made according to the email account provider and a message with BCC is written so that the email can easily be set apart. If the email address and the password that the user enters are correct, email is sent to the receiver by means of SMTP protocol and the user is informed. If the email address and the password that the user enters are incorrect, the user is given a warning.
4. CONCLUSION In today’s digital age, the importance of information security systems is increasing day by day. Hiding of the information safely, its dissemination, its protection against attackers and various malwares are only possible if the serious security precautions are taken. In this study, an email application that can be used personally or institutionally has been carried out. The application has reached its aim and increased the personal information security. The steganography method used in the application offered safe and efficient opportunity for hiding data for the high resolution images. With application developed, in data communication not only the text but also any file can be sent and delivered safely to the target via email by hiding it in the determined image. With functions used in the application, steganography method is made safer. Application can make performance more efficient by using image processing libraries such as OpenCv and parallel programming. Steganography methods used can be made safer by using bijective and surjective function instead of linear function which is used while hiding the data into the pixels of the image in the image’s range resolution and by changing the color values of the pixels which are not used for hiding data with least significant 3 bites randomly.
Fig. 5 E-mail receiving GUI of the application
In the inbox part of the application mail receiving interface in Fig. 5 opens and the login interface is hidden. The user primarily pushes the button ‘receive email’ by entering his email address and password. If the user’s email address and password is incorrect, he is given a warning, if it is right, the most recent email in the inbox with BCC is read by means of POP3 protocol. The image attached in the email is shown to the user. In this case, the user needs to add the original image with the add image button. In case the user chooses the right image, the hidden data is regained by comparing two images and applying the reverse functions used in hiding process. If the user chooses a different image, meaningless characters, files will appear and the data privacy will be protected. If the user pushes the button receive email for a second time, the image attached in the previous email with the BCC is shown. When the end of the inbox is reached, the user is given a warning. By comparing two images, alpha values of pixels’ colors are compared. The data text acquired until the first difference in the alpha values gives the information of the text, the data acquired until the second difference gives the information of file, the data acquired until the third difference gives the information of the file extension. According to this, 3 different data with the steganography method used are turned into set of byte again. Sets of byte acquired are checked whether they are null or not. Set of byte that includes the text data are turned into set of character by means of deserialization and the message is displayed on the spot. If the set of byte including the file data is not null, the user is given a warning that there is a message in the inbox and is asked on which folder he wants the file to be written. On the folder the user chosen, the file is written by means of movement. At the end of this process, file extension information is turned into string type and the file extension is determined.
5. REFERENCES [1] F.A.P. Petitcolas, R.J. Anderson M.G. Kuhn, Information Hiding–A Survey, Proceedings of the IEEE, Special Issue on Protection of Multimedia Content, 87(7), pp:1062-1078, 1999. [2] Internet: Steganography, http://tr.wikipedia.org, [Access Date:18.06.2013]. [3] Johnson, N. F., Duric Z. ve Jajodia S., 2001. Information Hiding : Steganography and Watermarking - Attacks and Countermeasures, Boston. [4] Andaç Ş., Ercan B., Tolga S., “Gri Seviye Resimler Üzerinde Rasgele Lsb Yöntemini ve Sayı Teorisini Kullanarak Bilgi Gizleme ve Steganaliz”, http://ab.org.tr/ab06/bildiri/100.pdf. [5] Baykara, M., Daş, R., Karadogan, İ., “Bilgi Güvenliği Sistemlerinde Kullanılan Araçların İncelenmesi”, 1st International Symposium on Digital Forensics and Security , 231-239, 20-21 Mayıs 2013, Elazığ. [6] Kumar, R.P.; Hemanth, V.; Shareef, M., "Securing Information Using Sterganoraphy," Circuits, Power and Computing Technologies (ICCPCT), International Conference on , vol., no., pp.1197,1200, 20-21 March 2013. [7] Jose, J.A.; Titus, G., "Data hiding using motion histogram," Computer Communication and Informatics (ICCCI), 2013 International Conference on , vol., no., pp.1,4, 4-6 Jan. 2013. [8] Reddy, H.S.M.; Sathisha, N.; Kumari, A.; Raja, K.B., "Secure steganography using hybrid domain technique," Computing Communication & Networking Technologies (ICCCNT), 2012 Third International Conference on , vol., no., pp.1,11, 26-28 July 2012. [9] Linjie Guo; Jiangqun Ni; Yun Qing Shi, "An efficient JPEG steganographic scheme using uniform embedding," Information Forensics and Security (WIFS), 2012 IEEE International Workshop on vol., no., pp.169,174, 2-5 Dec. 2012. [10] Anbarasi, L.J.; Kannan, S., "Secured secret color image sharing with steganography," Recent Trends In Information Technology (ICRTIT), 2012 International Conference on , vol., no., pp.44,48, 19-21 April 2012.
313
