25-08-2014, 03:18 PM
STEGANOGRAPHY
STEGANOGRAPHY.docx (Size: 65.02 KB / Downloads: 15)
ABSTRACT
Steganography is the process of hiding a secret message within a larger one in such a way that someone can not know the presence or contents of the hidden message. The purpose of Steganography is to maintain secret communication between two parties. This paper will show how Steganography is used in a modern context while providing a practical understanding of what Steganography is and how to accomplish it
CHAPTER 1 INDRODACTION
INTRODUCTION
Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to Cryptography, where the existence of the message itself is not disguised, but the meaning is obscured. "Steganography" is a Greek word and means ‘covered or hidden writing’. Its origins can be traced back to 440 BC. Steganography has been widely used in historical times, especially before crypto graphical systems were developed. Examples of historical usage include:
Hidden messages in Wax tablets: In ancient Greece, people wrote messages on the wood, then covered it with wax so that it looked like an ordinary, unused,tablet.
Hidden messages on messenger's body: Also in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head, covered by hair regrowth, and exposed by reshaping. The message, if the story is true, carried a warning to Greece about Persian invasion plane.
Hidden messages on paper written in secure inks under other messages or on the blank parts of other messages.
During and after World War II, Espionage agents used microdots to send information back and forth. Since the dots were typically extremely small – the size of a period produced by a Typewriter (perhaps in a font with 10 or 12 characters per inch) or even smaller -- the stegotext was whatever the dot was hidden within. If a letter or an address, it was some alphabetic characters. If under a postage stamp, it was the presence of the stamp.
STEGANOGRAPHY OVERVIEW
Steganography is by no means a modern practice. Literally meaning ‘covered writing’. It is the practice of hiding messages within other messages in order to conceal the existence of the original message. However, the digital medial formats in use for data exchange and communication today provide abundant hosts for Steganographic communication. Hence the interest in this practice has increased.
Coupling this fact with the multitude of the freely available easy to Use steganographic tools available on the internet, the ability to Exchange secret information without detection is available to anyone Who wants to do so.
For the security professional this means data we pay to protect could be
Leaving our control without our knowledge. Conversely, one of the
emerging uses of steganographic technique Digital Watermarking,Which
provides an organization with a way to ensure the integrity of Data they
wish to disseminate embedding copyright or other informatio In a digital
file.
OBJECTIVES
To produce security tool based on steganographic techniques.
To explore techniques of hiding data using steganography.
To extract techniques of getting data secret data decryption.
To explore techniques of hiding data using encryption module of this project.
CHAPTER 2 ANALAYSIS OF REQUIREMENT
FEASIBILITY STUDIES
Feasibility studies are used as a basis for deciding whether to proceed with, postpone or cancel the project. The purpose of feasibility study is to determine whether the requested project is successfully realizable. The process followed in making this determination is called a feasibility study. This type of study determines if a project can and should be taken. Once it has been determined that a project is feasible. The project is then progressed further. Different types of feasibility study are carried out to get the most optimum system. Among them these are:-
Technical feasibility.
Operational feasibility.
Economic feasibility.
Behavioral feasibility
Technical Feasibility:
In examining technical feasibility, configuration of the system is given more important than the actual make of hardware. The configuration should give the complete picture about the system’s requirements. How many workstations are required? How these units are interconnected so that they could operate and communicate smoothly.
There are a number of technical issues that are generally raised during the feasibility stage of the investigation.
Is it technically possible to develop the system?
Does the proposed system have the technical capacity to hold the data required?
How far the proposed system gives technical guarantees of accuracy, reliability, ease of access and data security?
Can the system be upgraded?
The scope of the system goes far beyond the expectations because as the organization grows and the functions grow respectively. Module upgrade is possible as and when the functioning of any department changes.
Operational Feasibility:
Proposed Systems are beneficial only if they can be termed into information systems that will meet the operating requirements of the organization. This test of feasibility asks if the system will work when it is developed and installed. It is mainly related to human organizational and political aspects. The points to be considered are:
Aspects of changes due to the system.
Changes in the organizational structure.
Training required implementing the system.
Economic Feasibility:
It is the most frequently used technique for evaluating the effectiveness of a proposed system and is also known as cost benefit analysis. This is an ongoing effort that improves in accuracy at each phase of the system life cycle. A system that can be developed technically and that will be used if installed must be cost effective for the organization .At the end of the day the system is proposed for financial benefits to the organization. Here we estimate the following:-
The cost to conduct a full systems investigation.
The cost of hardware and software for the application.
The cost if nothing changes (i.e. the proposed system is not developed)
The costs involved in traveling to the site, paper work, food during the system investigation were very nominal, the cost of hardware and the software required to develop this application is economical for the organization and the financial benefits will equal or exceed the cost involved in the development of this proposed system.
Behavioral Feasibility:
People are inherently resistant to change and computers have been known to facilitate change. An estimate should be made of how strong a reaction the user staff is likely to have towards the development of a computerized system.
In this case there was very less resistance from the user as it benefited to them in many ways.
Steps in Feasible Analysis:
Feasibility analysis involves mainly eight steps:
1. Form a project team and appoint a leader.
2. Prepare system Flow charts.
3. Enumerate potential candidate system.
4. Describe and identify characteristics of candidate systems.
5. Determine and evaluate performance and cost effectiveness of each candidate system.
6. Weight system performance and cost data.
7. Select the best candidate system.
8. Prepare and report final directive to management.
CHAPTER 3 SYSTEM DESIGN
DFD (DATA FOLLOW DIAGRAM)
INTRODUCTION
The DFD also known as the Bubble Chart is a simple graphical formalism that can be used to represent a system in terms of the input data to the system. Various processing carried out on these data, and the output data generated by the system. The main reason why the DFD technique is so popular is probably because of the fact that DFD is a very simple formalism-it is simple to understand and use. A DFD uses a very limited number of primitive symbols to represent the functions performed by a system and the data flow among these functions. Starting with a set of high-level functions that a system performs, a DFD model hierarchically represents various sub functions. The five different types of primitive symbols used for constructing DFDs are:
• SYMBOLS USED
PROCESS
A function is represented using a circle. This symbol is called a process or a bubble. Bubbles are annotated with the names of the corresponding functions.
EXTERNAL ENTITY
An external entity such as a librarian, a library member, etc. is represented by a rectangle. The external entities are essentially those physical entities external to the software system that interact with the system by inputting data to the system or by consuming the data produced by the system. In addition to the human users, the external entity symbols can be used to represent external hardware and software such as application software.
DATA FLOW
A directed arc or an arrow is used as a data flow symbol. A data flow symbol represents the data flow occurring between two processes, or between an external entity and a process, in the direction of the data flow arrow. Data flow symbols are usually annotated with the corresponding data names.
DATA STORE
A logical file can represent either a data store symbol, which can represent either a data structure, or a physical file on disk. Each data store is connected to a process by means of a data flow symbol. The direction of the data flow arrow shows whether data is being read from or written into a data store. A arrow flowing in or out of a data store implicitly represents the entire data of the data store and hence connecting to a data store need not be annotated with the name of the corresponding data items.
OUTPUT SYMBOL
The output symbol is used when a hard copy is produced and the user of the copies cannot be clearly specified or there are several users of the output.
CONTEXT DIAGRAM
The context diagram is the most abstract data flow representation of a system. It represents the entire system as a single bubble. This bubble is labeled according to the main function of the system. The various external entities with which the system interacts and the data flows occurring between the system and the external entities are also represented
CHAPTER 4
CODING
CHAPTER 5
SYSTEM TESTING
INTRODUCTION TO TESTING
Unit Testing
Unit Testing is done on individual modules as they are completed and become executable. It is confined only to the designer's requirements.
Each module can be tested using the following two strategies:
Black Box Testing
In this strategy some test cases are generated as input conditions that fully execute all functional requirements for the program. This testing has been uses to find errors in the following categories:
a) Incorrect or missing functions
b) Interface errors
c) Errors in data structure or external database access
d) Performance errors
e) Initialization and termination errors.
In this testing only the output is checked for correctness. The logical flow of the data is not checked.
WHITE TESTING
In this the test cases are generated on the logic of each module by drawing flow graphs of that module and logical decisions are tested on all the cases.
It has been uses to generate the test cases in the following cases:
a) Guarantee that all independent paths have been executed.
b) Execute all logical decisions on their true and false sides.
c) Execute all loops at their boundaries and within their operational bounds.
d) Execute internal data structures to ensure their validity.
Integrating Testing
Integration testing ensures that software and subsystems work together as a whole. It tests the interface of all the modules to make sure that the modules behave properly when integrated together.
System Testing
Involves in-house testing of the entire system before delivery to the user. Its aim is to satisfy the user the system meets all requirements of the client's specifications.
Acceptance Testing
It is a pre-delivery testing in which entire system is tested at client's site on real world data to find error.
MAINTENANCE
Maintenance is necessary to the eliminate errors in the working system during its working life and to tune the system to any variations in its working environment. Often small system deficiencies are found as a system is brought and changes are made to resource availability to carry out these maintenance functions. The importance of maintenance is to bring the standards. The maintenance of existing software can account for over 60 percent of all effort expended by a development organization. Change is in editable when computer based systems are built; therefore, we must develop mechanisms for evaluating, controlling and making modifications.
Four types of changes are encountered during the maintenance phase:-
Correction
Adaptation
Enhancement
Prevention
We may define Maintenance by describing four activities that are undertaken after a program is released for use:
1. Corrective maintenance:-
This pertains to the changes the software to correct defects.
2. Adaptive maintenance:-
Overtime, the original environment for which the web application was developed is likely to change. This maintenance results in modification to the software to accommodate changes to its external environment.
3. Perfective Maintenance or Enhancement:-
As software is used, the customer/user will recognize additional functions that will provide benefit. Perfective maintenance extends the software beyond its original functional requirements.
4. Preventive Maintenance or Re-engineering:-
Computer software deteriorates due to change, and because of this, preventive maintenance, often called software re0engineering, must be conducted to enable the software to serve the needs of its end users. In essence, preventive maintenance makes changes to computer programs so that they can be easily corrected, adapted, and enhanced. SCM activities are developed to:
Identify changes
Control changes
Ensure that change is being properly implemented
Report change to others that may have an interest
EVALUATION:
Evaluation of the system is performed to identify its strengths and weaknesses.
The actual evaluation can occur along any of the following dimensions:-
1. Operation Evaluation :-
Assessment of the manner in which the system function , including ease of use, response time, overall reliability and level of utillization.
2. Organizational impact :-
Identification and measurement of benefits to the organization in areas such as financial concerns , operational efficiency , and competitive impact.
3. User Manager Assessment :-
Evaluation of the attiudes of senior and user manager within the organization , as well as end-users.
4. Development Performance:-
Evaluation of the development process in accordance with development time and effort , conformance to the budgets and standards criteria.