Cryptography and Steganography Techniques

Introduction

For decades, human beings had two intrinsic needs: (i) to interact and share views or information, and (ii) to interact particularly. Furthermore, these needs act as the foundation of the art of coding techniques. This technique involves coding the messages in such a manner that only the legitimate recipient can access and understand the actual context of the message. Illegitimate recipients are unable to extract the actual meaning/context of the messages even if the coded messages are available to them. There are numerous applications of security ranging from secure business, payment gateways, protecting confidential information such as banking information, healthcare data, etc. One of the vital facets of secure communications is cryptography, but cryptography is not self-sufficient in providing information security (Kahate, 2013; Esslinger, 2016).

The art of hiding useful information to bring privacy in information security is acknowledged as cryptography.

This chapter illustrates the basic terminologies and concepts of various existing cryptographic techniques.

History

Cryptography skills were invented along with writing skills. In the times when people recognized and systematized tribes and kingdoms, the idea of battles and politics evolved. With this idea further emerged the notion of sharing information securely with selected people, which acts as a key motivation behind further advancement in this field (NIST, 2001).

The Oldest Cryptographic Technique—Hieroglyphs

Approximately 4000 years ago, the first evidence of utilizing cryptography techniques, that is, "hieroglyphs," was found. "Hieroglyphs" were utilized by Egyptians for communication. "Hieroglyphs" is the coding language known to scribes who were responsible for sending messages as representatives of kings. Figure 6.1 represents one such example of a "hieroglyph."

Researchers discovered that from 600 to 500 BC other cryptographic techniques were utilized, that is, mono-alphabetic substitution. This substitution technique follows some rules defined in an algorithm in which the message symbols (alphabets) are substituted for other symbols (alphabets). The same algorithm acts as a key to recover the actual message from the coded message (refer Figure 6.2).

The cryptography technique utilized by the Romans is recognized as the Caesar Shift Cipher. This substitution technique follows some rules defined in an algorithm in which the message symbols (alphabets) shifted by a number (a shared choice by the communicating parties). The addressee of the message would then reverse shift the symbols (alphabets) by the same number to retrieve the actual message. See Figure 6.3 for an example of this.

FIGURE 6.1

"Hieroglyph" (Source: fnlmage: Egypt Hieroglyphe4.jpg)

FIGURE 6.2

Mono-alphabetic substitution.

FIGURE 6.3

Caesar Shift Cipher.

Steganography

Steganography is analogous to cryptography, but it has another dimension. Steganography is a Greek term that means concealed writing. It is the art of interacting in such a manner that no one can sense the existence of a hidden message (Cachin, 1998). This technique has been utilized over hundreds of years; due to advancements in the technology of information sharing (in electronic form) new steganography techniques have been invented. The notion of secrecy further enhanced the requirement for secure communication with particular people, which empowered the evolution of more robust and secure cryptography techniques. As aforementioned, there is evidence of usage of cryptography and steganography techniques initiated by the Egyptian and Roman civilizations (Blanco et al„ 1992; Popa, 1998).

The following are the numerous steganography techniques that have been utilized traditionally.

  • Character Marking: In print documents, selected symbols are overwritten with pencils. These marks are generally not visible until the document (paper) has been kept at a particular angle to the light.
  • Invisible Ink: A substance is used for writing a message that leaves no perceptible evidence until certain chemicals or heat are put on the paper.
  • Pin Puncher: Selected symbols are punctured by a small pin. Generally it is not observable until the document put in front of the light.
  • Typewriter Correction Ribbon: Utilizing the space available between the lines, a confidential message is typed using correction tape. As a result, the confidential message is not visible until strong, bright light is put on the paper (Kour et al., 2014).

Figure 6.4 depicts the various kinds of steganography. As illustrated above, steganography is used to send secret messages for a specific recipient. The aim is to protect the confidential messages against exposure to unauthorized persons. The other research area concerning steganography is copyright marking, which aims to declare exclusive rights over particular documents or messages. This is further segregated into two sub-categories, that is, fingerprinting and watermarking.

Encryption and steganography are used to warrant data confidentiality, though the aim of each of the concepts is different. In encryption, everyone recognizes who is communicating to whom in secret, while steganography hides the presence of a confidential message and no one recognizes who is communicating to whom in secret. Thus, these features make

FIGURE 6.4

Types of steganography.

TABLE 6.1

Comparative Study of Various Secure Communication Techniques

Parameters

Confidentiality

Integrity

Un-removability

Encryption

Yes

No

Yes

Digital signature

No

Yes

No

Steganography

Yes/No

Yes/No

Yes

steganography more suitable for some situations where encryption is not appropriate (Popa, 1998; Caldwell, 2003).

Table 6.1 illustrates the comparative study of various encoding techniques used for secure message transmission.

For preserving the data confidentiality using encryption techniques, a key is required to both encrypt and decrypt the same messages. However, attacks are still possible by modifying the coded message, making it unrecoverable for the recipient.

A digital signature enables the sender to embed the author of a message. Although this signature can be detached effortlessly, any modification in the message will invalidate the embedded signature, thus overall integrity is maintained (Ferguson et al., 2003).

As aforementioned, steganography secretly transmits the message which is impossible to remove until the container/holder (in which secret message is embedded) is altered. The embedded message remains confidential unless an attacker finds a way to discover it (Ferguson et al., 2015).

  • 6.3.1 Different Techniques of Steganography
  • 6.3.1.1 Text Steganography

Text-based steganography uses a technique of hiding the data in any text file. This data can further be transmitted over an insecure channel. A few examples of this are mentioned below:

  • • Source Information Sent: Since Alice can race, encoding text in natural surroundings is deliberately effective.
  • • Source Information: Since Alice Can Encode source information that he/she wishes to send to the receiver.
  • • Confidential Message: Confidential information inside.
  • 6.3.1.2 Auditory Steganography

Auditory-based steganography deals with the method of hiding data inside any audio signal media, as illustrated in Figure 6.5. In general, it contains two audio files: the first one acts as a cover file and the other one is the secret message encoded in the cover files.

6.3.1.3 Cinematic Steganography

As shown in Figure 6.6, the secret message, under this methodology, is hidden behind another video file. The benefit of using this method is that one can easily embed a large

FIGURE 6.5

Audio steganography.

FIGURE 6.6

Cinematic steganography.

amount of data in the cover file, with the sender and receiver using a stego key to encode and decode the secret information.

6.3.1.4 Visual Steganography

Visual or image-based steganography uses images as the cover file to hide the data. Under this process, the secret data can be in any format, that is, textual or image. After the embedding is done by the sender, the stego-image (image with secret information), as illustrated in Figure 6.7, is ready to transfer over an insecure medium of transmission.

FIGURE 6.7

Image steganography (Source: Vijayakumar, 2016).

Although steganography techniques help in the transmission of secret messages over the unsecured channel, various types of attacks still occur and these are discussed below:

  • 1. Steganography-Only-Attack: While this steganographic medium is available for investigation, this attack is effective.
  • 2. Known-Carrier-Attack: Under this attack, it is operational when both steganography media and cover are available for the analysis.
  • 3. Chosen-Steganography-Attack: In this scenario, the attacker is known or knows the message carrier and the steganography tools.
  • 4. Known-Message-Attack: This type of attack happens when the analyst is aware of the secret message(s).
  • 5. Chosen-Message-Attack: In this case, the attacker is aware of both the message and the algorithms used to hide the message. It becomes easier for the analyst to decode the secret message.
  • 6.3.2 Applications of Steganography
  • • To establish secure communication over an insecure channel.
  • • To protect data from the modification attack.
  • • To examine the data traffic between the users.
  • • To offer access to digital information.
  • • Generally used for video and audio synchronization, broadcasting, etc.

Cryptography Concepts

Cryptology is the research on techniques that ensure the authenticity and secrecy of information. Furthermore, cryptology is categorized into two sub-categories, that is, cryptanalysis and cryptography (see Figure 6.8).

Cryptography is the research of building such techniques, whereas cryptanalysis is the art of breaching the secrecy of such techniques (Spillman, 2005).

The prime focus of designing and using cryptography techniques is to address the fundamental services of information security (see Figure 6.9 and Table 6.2).

FIGURE 6.8

Cryptology and its types.

FIGURE 6.9

Fundamental services of information security.

TABLE 6.2

Terminologies

Terminologies

Description

Plain text

The actual message that the sender wishes to send to the selected recipient.

Ciphertext

Coded message or message which is hard to interpret.

Encryption

It is the process of hiding the actual content of the message in such a manner that no one can understand and interpret (unreadable format).

Decryption

It is the process of transforming or recovering the actual message from the coded or ciphertext.

Authentication: This service focuses on ensuring that authentic messages are transmitted between the communicating parties. Let us consider a case where the recipient receives a single informational message from any source. This kind of scenario authentication assures the recipient that the messages come from the authentic source and have not been altered by a third party in between.

Confidentiality: The prime focus of this service is to protect the data transmission between two parties from passive attacks. It ensures the communicating parties that the transmitted data remains confidential and no attackers can analyze the traffic flow.

Access Control: This service focuses on ensuring that only the legitimate person can access the assigned facility. Let us consider a case where the individual wants to gain access to any facility. This service first authenticates the individual and then only provides the right access control to the person.

Data Integrity: The prime focus of this service to assure the recipient that the received message is not altered, inserted, duplicated, replayed or rearranged. Thus this service protects the communication from denial of service and modification attacks.

Non-Repudiation: The prime focus of this service is to protect the sender/receiver from repudiation of sent messages.

Types of Cryptography

There are numerous ways to classify cryptography techniques (Stallings, 2006). In this context, based on encryption and decryption techniques employed, cryptography is further classified into two sub-categories.

  • • Symmetric cryptography.
  • • Asymmetric cryptography.
  • 6.4.1.1 Symmetric Cryptography

Symmetric cryptography is a traditional encryption or secret key encoding technique. In this encoding system, the sender/receiver utilizes the identical key to encrypt/decrypt the message. Here, the secrecy of the message depends upon the secrecy of the key. Before communication is initiated, both parties must agree on using an identical key (Stallings, 2006; Kahate, 2013).

Figure 6.10 clearly states that the secret key for encrypting/decrypting the information is known to all the receivers. Thus, the message cannot be easily decrypted by knowing the encryption algorithm and ciphertext (Table 6.3).

6.4.1.1.1 Issues in Traditional Cryptography Techniques

An asymmetric cryptosystem is a fast and simple technique. The major issue in this encryption technique is the management of the secret key. As illustrated above, overall secrecy is based on a secret key irrespective of the ciphertext and encryption algorithm being known by the attacker. Here, the major issue is secure exchange of secret keys by the communicating parties. If the secret key is compromised, the whole coding system is in endanger (Stallings, 2006; Kahate, 2013).

6.4.1.1.2 Asymmetric Cryptography

Asymmetric cryptography is termed as public key cryptography. It involves the usage of two dissimilar keys: the private and public keys. The public key is recognized by everyone, while the private key is recognized by the subject itself. Figure 6.11 illustrates that the sender uses the receiver public key to encode the confidential message and the receiver uses its private key to decode the same message (see Table 6.4).

FIGURE 6.10

Traditional encryption technique—symmetric cryptography.

TABLE 6.3

Symmetric Cryptography—Examples

Symmetric

Cryptography—Examples

Number of Keys

Description

Data Encryption Standards (DES)

56 bits

DES was invented by US Bureau of Standards in 1977. DES considers a 64-bit block size of plain text as input and produces a ciphertext of 64 bits using a 56-bit secret key.

Triple Data Encryption Standards (Triple DES)

3 x 56 = 168 bits

Triple DES overcame the limitations of the DES. This algorithm follows the same algorithm defined in DES, thus it is easy to implement. Although it adds greater security by using large key length, it is susceptible to man in the middle attacks.

Advanced Encryption Standards (AES)

128,192 and 256 bits

AES overcame the limitations of DES and triple DES. It is built on the principle of permutation and combination. AES accomplishes operations in bytes. It takes 16 bytes of data as input and produces 128 bits of ciphertext.

IDEA

128-bit key

IDEA was established in the year 1991. It takes 64-bit size plain text as input and produces 64-bit size ciphertext using a 128-bit secret key length.

FIGURE 6.11

Asymmetric cryptography technique.

TABLE 6.4

Asymmetric Cryptography—Examples

Asymmetric

Cryptography—Examples

Description

Digital Signature Standards (DSS)

DSS utilizes a digital signature algorithm (DSA) established by the National Security Agency (NSA). DSA is used to embed the digital signature in the message sent by the source. The digital signature ensures that this message is sent by the source. It brings authentication and data integrity services.

RSA

RSA is a secure symmetric or public key cryptography technique, developed by the scientists Rivest, Shamir and Adleman. This algorithm incorporates encryption and signing features. RSA is extensively used in commerce protocols and ensures security with long key length.

Elgamal

Elgamal incorporates encryption and signing features. It utilizes discrete logarithm algorithms and is widely used in various applications.

FIGURE 6.12

Process involved in asymmetric cryptography technique.

TABLE 6.5

Comparative Study of Cryptosystems

Symmetric Cryptography

Asymmetric Cryptography

Keys

Single key

Two keys, that is, public and private

Encryption key

Secret key

Public key

Decryption key

Secret key

Private key

Figure 6.12 illustrates the process accomplished in asymmetric cryptography. In step 1, the sender retrieves the recipient public key from the repository. In steps 2 and 3, the sender takes the recipient's public key, encodes the plain text and produces ciphertext, and sends it to the recipient via the secure medium. In step 4, the recipient makes use of its own private key to decode the ciphertext and retrieve the plain text sent by the sender.

A comparative study of cryptosystems is illustrated in Table 6.5.

Benefits of a Hybrid Approach: Steganography and Cryptography

It has been found that while using steganography and cryptography techniques, individually, the attackers found it easier to decode the secret information. Hence, a hybrid approach, that is, merging both the methodologies, allows a more reliable, strong and highly secure system to be designed (Shukla et al., 2014). Moreover, combining these techniques will also give additional benefits like high security, less use of memory, and robustness of confidential information transmission across the channel. This will enable individuals to communicate with each other without any interference from the third party. Thus it is a more powerful technique for communication on a digital platform (Abdulzahra et al., 2014).

Recent Trends

Over the digital platform, there has been a continuous rise in information security threats over the past decades and this has become a major bottleneck for security professionals. Steganography and cryptography are considered as best practices to abolish this hazard. In a recent scenario, researchers are coming up with various blended techniques, by hybridization of both techniques. The hybridization of techniques enhances the level of security. In the cryptographic process, data is encrypted by a process known as SCMACS and symmetric key methodology, with both the source and the recipient sharing the identical key in the process of encoding/decoding. On the other hand, the popular and preferred LSB technique has been used for steganography (Dhamija and Dhaka, 2015). Another researcher proposed an extremely secure steganographic technique that combines Hyperelliptic Curve cryptography with a DNA sequence. It provides the advantages of steganography and DNA cryptography and affords an extreme level of secure interaction (Vijayakumar, 2016).

Further research highlights the approach in which a multilevel secret data hiding technique is used. This method uses two kinds of encryption techniques that include visual steganography and cryptography. In the first phase, the half-toning method is used which reduces the pixels and simplifies the process. In the next step, visual cryptography is applied to generate shares and offer the first level of security. Then the steganography LSB technique is applied to hide the shares in various modes of media like images, audio and videos (Patil and Goud, 2016). One of the research articles presented a method that claims to be stronger and more difficult to decode the confidential information. It uses both encryption and steganography techniques to make safe and secure communication. For encryption, the AES encoding technique of 128-bit key size is used to encrypt the information in UTF-8 format and further transform it into a base-64 format and make it appropriate for further processing. The further coded message is again twisted to attain the extreme level of security. Then, finally, the twisted coded messages are inserted in an appropriate cover image. This image is then transmitted securely over a network and carries confidential information. Hence, security is exhibited at four levels and, as a result, a confidential message is sent over an insecure channel (Karthikeyan et al., 2016).

In another approach, the authors used image-based steganography and DES algorithm techniques to send the secret information. In this method, 16 rounds with each block size about 64 bits are used along with the К-means clustering technique to cluster the images. Further, the data is embedded in every segment. In an image, information is available in the form of pixels. Every pixel is made up of three components, that is, RGB. Image segmentation uses these pixels to form a cluster (Pillai et al., 2016).

In another experiment for secure data transmission, the hybrid approach is used. In this method, the TwoFish algorithm is applied for encrypting the data and Adaptive B45 steganography methodology is used for hiding the information. The amalgamation of techniques makes it impossible for others to breach secrecy and to access confidential data

(Hingmire et al., 2016). With recent advancements in digital communication techniques, the authors extend the high-security capability of an encryption algorithm by using Pixel Value Differencing through the steganography AES cryptographic system (Joseph et al., 2015).

A survey on performance analysis of various encryption algorithms is performed, in which analysis is done between RSA, AES, DES, blended with the LSB technique. This helps to draw an implication based on their performances and it has been deduced that the AES technique works well and is incomparable with other methods in terms of time and space utilization (Padmavathi et al., 2013; Almuhammadi et al., 2017). A new encryption strategy is developed by the author in Mishra et al. (2014) in which they used the RSA encryption algorithm (128-byte key size) for coding the confidential message before implanting it into the cover image. This implanting of the confidential message is performed using the F5 steganographic algorithm. The author claims that the proposed algorithm is highly secured against analytical and observed attacks and that it gives high steganographic capacity and faster speed. Another simulation shows the secret information transmission using a combined approach by using the AES and LSB algorithms. A stego-image is generated by using the AES algorithm for encrypting the message and the LSB technique to hide the confidential messages inside an image. The authors claim that this encoding technique is more effective to establish secure and secret communication and attains a strong level of security (Sridevi et al., 2013).

Conclusion

This chapter describes the need for the secure transmission of confidential information across networks. It is designed to cover the concepts of cryptographic and steganographic techniques from its evolution to the recent trends.

References

Abdulzahra, H. et al. "Combining cryptography and steganography for data hiding in images." Applied Computational Science, 128-135, 2014.

Almuhammadi, S. et al. "A survey on recent approaches combining cryptography and steganography." Computer Science Information Technology, 7(3): 63-74,2017.

Blanco, W. et al. Herodotus, The Histories. Trans, by Walter Blanco. New York: Norton, 1992.

Cachin, C. "An information-theoretic model for steganography." In International Workshop on Info Hiding, Portland, OR, pp. 306-318,1998.

Caldwell,}., Second Lieutenant, "Steganography, US Air Force," 2003.

Dhamija, A. and Dhaka, V. "A novel cryptographic and steganographic approach for secure cloud data migration." In ICGCIoT, Greater Noida, India, pp. 346-351. IEEE, 2015.

Esslinger, B.. "CrypTool-ein E-Learning-Projekt fur Kryptographie und Kryptoanalyse." 25th Crypto-Day, 2016.

Ferguson, N. et al. Practical Cn/ptography (Vol. 141). New York: Wiley, 2003.

Ferguson, N. et al. "Generating randomness." In Cryptography Engineering: Design Principles and Practical Applications, pp. 135-161. Indianapolis, IN: Wiley, 2015.

Hingmire, A. et al. "Image steganography using adaptive b45 algorithm combined with pre-processing by twofish encryption." 1ESRJ, 2(4). 2016.

Joseph, F. et al. "Advanced security enhancement of data before distribution." 2015.

Kahate, A. Cryptography and Network Security. Tata McGraw Hill Education, 2013.

Karthikeyan, B. et al. "Enhanced security in steganography using encryption and quick response code." In 2016 International Conference on WiSPNET, Chennai, India, pp. 2308-2312. IEEE, 2016.

Kour, J. et al. "Steganography techniques—A review paper." IJERMT, 3(5): 132-135, 2014.

Mishra, M. et al. "Secret communication using public key steganography." ICRAIE-2014, Jaipur, India, pp. 1-5. IEEE, 2014.

National Institute of Standards and Technology (NIST). "Security requirements for cryptographic modules." Federal Information Processing Standards Publication (FIPS PUB 140-2), 2001.

Padmavathi, B. et al. "A survey on performance analysis of DES, AES and RSA algorithm along with LSB substitution." IJSR, 2(4): 170-174,2013.

Patil, S. S. and Goud, S. "Enhanced multi-level secret data hiding." International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), 2(2): 846-850,2016.

Pillai, B. et al. "Image steganography method using к-means clustering and encryption techniques." In ICACCI2016, Jaipur, India, pp. 1206-1211. IEEE, 2016.

Popa, R. "An analysis of steganographic techniques." Faculty of Automatics and Computers, Computer Science and Software Engineering, University of Timisoara, Timis, Romania, 1998.

Shukla, С. P. et al. "Enhance security in steganography with cryptography." IJARCCE, 3(3): 5696- 5699. 2014.

Stallings, W. Cryptography and Network Security, 4th edn. New Delhi, India: Pearson Education India, 2006.

Spillman, R. Classical and Contemporary Cryptology. Upper Saddle River, NJ: Pearson Education, 2005, pp. 144-212.

Sridevi, R. et al. "Image steganography combined with cryptography." International Journal of Computers & Technology, 9(1): 976-984,2013.

Vijayakumar, P, "An improved level of security for dna steganography using hyperelliptic curve cryptography." Wireless Personal Communications, 89(4): 1221-1242,2016.

 
Source
< Prev   CONTENTS   Source   Next >