1. Introduction:
In the present scenario, security is the one of the major constraint for the web content. Providing security over the network is essential task to
Data security means protect the data from unauthorised users and at the same time allowing authorised users to access the data. Before the widespread of data processing usage, the data security felt to be valuable and was provided by physical and administrative means. On the other hand, with the introduction of distributed systems and the use of network communication system facilitates the data transmission over the different system over the network. Network security is a raised by the distributed environment during the transmission.
For sending information from one network to other network or with in the same network efficiently and securely, one has to provide data security techniques. So an attempt is made to provide such a data security technique which provides better results for a given configuration of the network. Data is set of information, where the data is needed for processing, sharing, and reading. Generally data security is essential, when the data is being transferred among the different terminals. A third party can able to alter the data, if there is no such a efficient data security mechanism.
1.1Problem statement:
The conversion of data into a secret code for transmission over a public networks is called cryptographic analysis. Today, most cryptography is digital, and the original text ("plaintext") is turned into a coded equivalent called "cipher text" via an encryption algorithm. The cipher text is decrypted at the receiving end and turned back into plaintext.
This is the process in cryptography. The cipher text, which is in the form of hidden. This message is being transmitted over the network. Here there is lot of chance to decrypt the cipher text by using different techniques that are used by the unauthorised parties or attackers.
My aim is to come up with a technique of hiding the message in the audio file in such a way, that there would be no perceivable changes in the audio file after the message insertion. At the same time, if the message that is to be hidden were encrypted, the level of security would be raised to quite a satisfactory level. Now, even if the hidden message were to be discovered the person trying to get the message would only be able to lay his hands on the encrypted message with no way of being able to decrypt it.
1.2Objectives of the Study:
In this project, we are mainly focused on the data security issues. Objectives of the project are:
Defining the various terminologies that we are going to use in this project and details about the each terminology.
Overview of cryptography and stegnography. Literature review about the encryption techniques and algorithms that are used for encryption.
Study of Data flow in various levels of encryption and decryption.
Designing structure of data flow in different levels of encryption.
Data transitions with the proposed method. Then identifying the security levels in terms of metrics.
1.3Research method:
In this project, we are proposing audio file transmission in order to provide greater security than the existing. With advent of audio file, no one can able to modify the data though it can be readable. So, we are proposing a technique of hiding the message in the audio file in such a way, that there would be no perceivable changes in the audio file after the message insertion. At the same time, if the message that is to be hidden were encrypted, the level of security would be raised to quite a satisfactory level. Now, even if the hidden message were to be discovered the person trying to get the message would only be able to lay his hands on the encrypted message with no way of being able to decrypt it.
To provide the security for the data transmission by hiding the data in the form of audio file
Applying the audio steganography techniques along with cryptography to the data
Implementing triple DES algorithm
Achieving secure data transmission between two parties.
1.4Scope and limitations:
The Scope of this project is mainly to meet the requirements of our data security issues with the greater efficiency.
Standardized Technology is used to develop this Project to meet the objectives. The Project Specification is suitable and is easily adaptable to the Business Strategies and real domains.
In this project, we are proposing data transmission in terms of audio file. So it is the one of the efficient way of providing security to data over the network.
1.5A general thesis organization is as follows:
Chapter 1: Introduction: presents background and overview of the project, research methods and objectives of the study
CHAPTER 2: LITERATURE REVIEW: Review of the system by implementing object oriented programming concepts and defines system models and functionalities
Chapter -3 : Design Framework: Analyze the requirements of the project by distinguishing the functional, technical, user, non functional requirements and design a project framework and implement OOAD by constructing UML diagrams and ER diagrams
Chapter -4 : Project Implementation: Develop a project by using java language , enhance the system features and functions by implementing OOP's principle and design a coding according to the system modules
Chapter -5: Testing and final project report: Design testing methods, evaluate test cases and implement test suits, prepare error reports
Chapter -6: Conclusion and future work: Final conclusion of the project and demonstrate future enhancement of the system
CHAPTER-2
2. Literature review on cryptography:
In general security is "the quality or state of being secure- to be free from danger". [1] Security can be classified as
Physical security
Personal security
Operation security
Communication security
Network security
Information security
Physical security - to protect the physical entities, objects or area of organization from the unauthorized persons.
Personal security - protection of individual and group of individuals who are authorized and protects from unauthorized parties.
Operation security - protection on particular operation or sequence of operations.
Communication security - protection of an organization communication media and techniques.
Network security - which protects the networking components, connections and connects.
Information security - it is the protection of information and the system and hardware that use, store and transmit that information.
In this project we are mainly focused on the network and information security issues to transmit the data over the network by providing the greater security. In order to achieve the security, we must know about the characteristics of security. They are listed below:
Confidentiality
Integrity
Availability
Accuracy
Authenticity
Confidentiality:
It is the characteristic, where we can define the authorized persons. It makes the security level high. This ensures that only those who have privileges to access the information set can access, where as others are restricted and prevented in various levels.
Integrity:
The integrity is the state of being, complete and uncorrupt [1]. It is threatened when the information is exposed to corrupt, damage, destruction.
Availability:
Enables the users who need to access the data from the sources without interference and it should be received in the original format. It is achieved by allowing the authorized persons accessible and restricts the unauthorized parties.
Accuracy:
Information accuracy is achieved by making the system as free from mistakes and problems. It should be desirable and information should be provided by the user need.
Authenticity:
Information is authentic where the data that we are getting is original. I.e. it should not be altered by anyone. It should be originally created, placed and transferred
2.1 security attacks:
Data security is provided mainly to defend the attacks over the data. It may be in neither system nor network. Generally, data flows in computers are from the source to destination terminals, which are called normal flow of data.[2]
Source info destination info
Normal data flow
An unauthorized person may interrupt this normal flow by using the different illegal activities over the data and network in following ways. They are:
Interruption
Interception
Modification
Fabrication
Interruption:
It is an attack, which makes un availability of information to the destination end. It just stops the data before reaches its destination. Examples are like destroying the communication line.
Source info destination info
Interruption data flow
Interception:
It is an attack, where the information is grabbed by unauthorized person and make effected on the confidentiality factor. Here attacker could be a person or a program. Here the data can not alter, but confidentiality over the data is inconsistent.
Source info destination info
Interception
Modification:
In this, third party can halt the information and modified then forward it to the correspondence destination which the data need to be sent. In this type of attack, attacker not only made access but also tampers the information. This attack mainly affected on integrity as well as confidentiality.
Source info destination info
Modification
Fabrication:
In this type, a third party can directly insert information without interaction of source code. It sends malicious information to the destination with the authorized source name. It is the attack on authenticity.
Source info destination info
Fabrication
In order to defend this type of attacks, cryptography came into the picture.
2.2 Cryptography:
"The word cryptography extracted from the GREEK word "crypto" (hidden or secret) and graphy (writing). Hence cryptography is the combination of both art and science of secret writing".[2] In this process sender data converted into the intermediate level of data where intruder can gain no information from the intercepted data. Of course, the receiver end must be able to get the original data.
Cryptography is the study of secure communication dealing with the designing and processing of algorithms for encryption and decryption. These algorithms are provided with greater security on data with the secrecy and authenticity of messages. Cryptography follows the symmetric model, which consists the following steps.[1]
Plain text
Cipher text
Encryption
Decryption
Key
Plain text:
This refers to any type of data in its original and unencrypted form.
Ex: text document, image…..
Cipher text:
Data in the form of encrypted, unreadable form. It can be formed by different techniques and algorithm.
Encryption:
The process of converting the plain text into its equivalent cipher text is called encryption. This process may include different algorithms
Decryption:
The process of converting cipher text to plain text is called decryption. This is the reverse of encryption process.
Key:
Random piece of data that is used for encryption and decryption is called key. This key associates with the both the encryption and decryption.
Cryptographic system is characterized in three independent dimensions as follows:
Types of operations that are involved in transferring plain text to cipher text. In the conventional method of encryption techniques are classified based on two principles.
Substitution: each element in the text replaced or mapped by other element.
Transposition: element in the text are re arranged or disorder of elements.
Study of these techniques enables us to know about the present scenario of symmetric encryption. In substitution method, plain text bits are replaced by some other elements or symbols. If the plain text is continuous bit pattern then it is replaced by continuous cipher text patterns.
Ex: caeser cipher is the earliest technique of substitution method, where we can replace the plain text element or letter with the letter stand three places forwarded to that particular letter. [1][2]
Plain text: a b c d e f g h…………….
Cipher text: D E F G H I J.......................
In the transposition technique, plain text remains same but order of text becomes shuffled.
Ex: plain text: good after noon
Cipher text: g o a t r o n
o d f e n o
encrypted message :goatronodfeno.
the no of keys used:
If both sender and receiver use the same key then it called as symmetric or secret key or conventional encryption. If the sender and the receiver use different keys, the system is called asymmetric, public key encryption.
Based on the no of keys used for encryption, these phenomena can be classified as two types.
Symmetric encryption
Asymmetric encryption
Symmetric encryption:
Symmetric encryption indicates that both the encryption and decryption can be made off single key. It is the simple and efficient way of encrypt or decrypt the message. But the key should be transmitted over the medium or network which is not secure. Because hackers can easily grab data and misleads the data using that key.
Figure2 symmetric encryption [4]
In the symmetric encryption model, a cryptography phenomenon is performed using the same key. For that, we are using the following symmetric key algorithms
Data encryption standard (DES)
International data encryption algorithm (IDEA)
Triple DES (3 DES)
Data encryption standard (DES):
It is the most widely used encryption scheme. By using this algorithm, data can be consider as 64-bit data block and encrypted by using 56-bit key. The algorithm produces 64-bit cipher text for the given block of data.
Figure3 DES algorithm process [8].
The conversion of plain text into cipher text can be made of three phases.
64-bit input data passes through initial permutation phase that rearrange the bits to produce the intermediate code generation.
Next 16 rounds of processing is followed by the initial phase where permutations and substitutions functions involved. The last round generates 64 bit data. Here data can be obtains two 32 bit blocks. These out blocks are swapped to produce the preoutput.
Finally, preoutput is passed through a inverse permutation (IP'), which is inverse of the initial permutation to produce the 64 bit cipher text.
DES decryption uses the exact algorithm as encryption except that sub keys is reversed.
Strengths of DES:
Use of 56-bit key: DES uses 56-bit key. So there are 2 ^56 possible keys are generated which is approximately 7.2 * 10^6 keys.. so it defends brute force attacks with the greater efficiency. It makes impractical from such attacks.
Nature of DES algorithm: there are no of stages and substitutions tables and s-boxes are involved in this algorithm. By using the well known cryptanalysis it makes easy to find out the weakness of phase, functionalities and s-boxes. But no one can properly succeed in discovering fatal errors in s-boxes.
Timing attack: "a timing attack exploits the fact that an encryption and decryption algorithm often takes slightly different amounts of time on different inputs." There should be possibility for attack, but DES appears to be fairly resistant to a successful timing attack.
There are advancement of encryption techniques adopted based on the DES encryption, such as DES and 3DES.[2]
Asymmetric encryption:
Asymmetric encryption is also known as public key encryption, where as the symmetric key encryption deals with single key for both encryption and decryption. Here, two different keys are used for encryption and decryption.
Ex: if a sender key A is used to encrypt the message, key B only can decrypt it. If key B is used to encrypt the message, then key A only can decrypt.
i.e. every user had two keys. Public key available for all the work stations which is in the global registry service. If any one was to send a message to particular user, it can be encrypted by using its public key and send. Then after receiving this message receiver can decrypt the message by using its own private key. There is no need of transmission of keys over the network. The most popular asymmetric algorithm is RSA.
Figure4 Asymmetric encryption diagram [5]
RSA ALGORITHM:
The Riviest- Shamiar- Adleman (RSA) algorithm is popular public key cryptographic algorithm. RSA scheme is for block ciphers; here the plain text and cipher text are integer's ranges from 0 to (n-1). Maximum size for n is 1024 bits 0r 309 decimal digits.
In the RSA method, a binary plain text can be divided into sequence of blocks and each block is represented by an integer between 0 to (n-1).
Encryption:
"The encryption key is a pair (e, n), where e is a positive integer. A message block M is encrypted by raising it to the eth power modulo n. that s cipher text C corresponding to a message M is given by
C=M^e mod n"[7].
ENCRYPTION PHASE [9].
Decryption:
"The decryption key is a pair (d, n) where d is a positive integer. A cipher text block C is decrypted by raising it to dth power modulo n that is plain text corresponding to a cipher text M=C^d mod n."[7].
DECRYPTION [9].
A user 'A' gets an encryption key (Ea, n] and decryption key [Da, n], where encryption key is available in public domain, But decryption key known only to user 'A'. When ever user 'B' wants to send a message to user 'A', he must use A's encryption key.
Determination of encryption and decryption keys:
Let we consider public key Ku={e,n} and a private key of Kr={d,n}.
In order to calculate the values of e, d, n.
M^ed = M mod n.
As per EULER'S theory M^kp(n)+1 = m mod n.
ed = kp(n)+1
ed =1 mod p(n)
d=e-1modp(n).
As from the above equation, we can observe e, d are multiplicative inverse modp (n). According to the modular arithmetic's, it can be positive when d, p (n) are relatively prime and GCD (p(n),d)=1.
Key generation process:
Select p, q where p and q both prime, p! =q.
Calculate n=p*q.
Calculate @(n)= (p-1) (q-1)
Select integer e, GCD(@(n),e)=1
Calculate d, d=e`1 mod@(n)
Public key Ku={e,n}
Private key Kr={d,n}
Encryption:
Plain text: M
Cipher text: C= M^e mod n.
Decryption:
Cipher text: C
Plain text: M=C^d mod n
RSA key generation process [9].
2.3 Stegnography:
The process of hiding the information that we need to transfer over the network is called stegnography.
Ex: message can be hidden in the form of digital encoding of picture or graphical format.
Hidden data message [10].
In general stegnography is applied in various ways; some of them are the following:
Character making:
Selected character or portion of words can be written in hidden format by using some pencil methods. This message is not visible completely unless until the paper is held at some angle to the light.
Invisible ink:
Data can be writing by using some type of ink, which may not able to read until heat or chemical is applied to that paper.
Pin punctures:
Small pin punctures on selected letters may not visible until light is applied on it.
Type writer correction ribbon:
It is typed between the lines of black ribbon; the resulted content may not obtain until the strong light applied on it.
In symmetric key encryption same key is used for both encryption and decryption. It is also called as "private" or "secret" key encryption. It is the simple process of encryption. But the problem is sender and receiver must know the key. So, the key can be transmitted over the network by using stegnography techniques. But here the problem may a raise with the attackers. Because stegnography has number of drawbacks when compared with the crypto graphic system. It is easy to grasp the technique to reveal the hidden information if once attacker gets the logic of stegnography technique. It becomes virtually worthless. This problem can overcome by binding the both cryptography and stegnography. First the message or key information can be encrypted, then hiding the encrypted message by using stegnography methods.
Stegnography process [10].
"Crypto systems are designed to provide the confidential data authentication of sender identity, transmission integrity and non repudiation services between a sender and receiver."[1].
Stegnography and cryptography are both techniques that have capable to allow secret message communication between the sender and receiver. The main goal of stegnography is to hide the existence of secret message. Stegnography does not use any algorithms and any key exchange policies, instead that it goes for generating hidden messages by using the techniques such as invisible ink, character arrangement, water marking, microdots and etc.
Modern stegnography techniques allow messages to be hidden by the advancement technologies such as computer graphics, image patterns, and sound files generations and placed on unused space sectors like floppy drive or hard disk.
