CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the...
Transcript of CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the...
![Page 1: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/1.jpg)
9
CCHHAAPPTTEERR 22
LITERATURE REVIEW
2.1 Steganography and Information Hiding
Steganography is the art of hiding and transmitting data through
apparently innocuous carriers in an effort to conceal the existence of the data, the
word Steganography literally means covered or hiding writing as derived from
Greek.Steganography has its place in security.It is not intended to replace
cryptography but supplement it. Hiding a message with Steganography methods
reduces the chance of a message being detected.If the message is also encrypted
then it provides another layer of protection (Johnson, 2006).
Therefore, some Steganographic methods combine traditional
Cryptography with Steganography; the sender encrypts the secret message prior
to the overall communication process, as it is more difficult for an attacker to
detect embedded cipher text in a cover (Sellar, 2003).
In the field of Steganography, some terminology has developed. The
adjectives 'cover', 'embedded', and 'stego' were defined at the information hiding
workshop held in Cambridge, England. The term "cover" refers to description of
the original, innocent massage, data, audio, video, and so on. Steganography is
not a new science; it dates back to ancient times. It has been used through the
ages by ordinary people, spies, rulers, government, and armies (Sellars, 2002).
![Page 2: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/2.jpg)
10
There are many stories about Steganography. For example ancient Greece
used methods for hiding messages such as hiding it in the belly of a hare (a kind
of rabbits), using invisible ink and pigeons. Another ingenious method was to
shave the head of a messenger and tattoo a message or image on the messenger
head. After allowing his hair to grow, the message would be undetected until the
head was shaved again.While the Egyptian used illustrations to conceal message
(Davern, 2002).
Hidden information in the cover data is known as the "embedded" data and
information hiding is a general term encompassing many sub disciplines, is a
term around a wide range of problems beyond that of embedding message in
content. The term hiding here can refer to either making the information
undetectable or keeping the existence of the information secret. Information
hiding is a technique of hiding secret using redundant cover data such as images,
audios, movies, documents, etc. This technique has recently become important in
a number of application areas. For example, digital video, audio, and images are
increasingly embedded with imperceptible marks, which may contain hidden
signatures or watermarks that help to prevent unauthorized copy (Ingemar, 2007).
It is a performance that inserts secret messages into a cover file, so that
the existence of the messages is not apparent. Research in information hiding has
tremendous increased during the past decade with commercial interests driving
the field (Lee, 2001).
![Page 3: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/3.jpg)
11
2.2 Methods for Hiding Information.
Described below are some examples (Inoue, 2006; Noel, 2005) of those methods:
2.2.1 Hiding in Text
Most of the methods for hiding information into text process text as image
essentially, text document images, however, are quite special types of images,
which have large blank areas, structured frequency spectra, and small meaningful
subunits (words and letters). A variety of methods are available for hiding
information in text by introducing variations in letters, words, and line spacing.
2.2.2 Hiding in Disk Space
Another way to hide information relies on hiding unused space that is not
readily apparent to an observer. Taking advantage of an unused or reserved space
to hold covert information provides a mean of hiding information without
perceptually degrading the carrier. The way operating system stores files
typically results in an unused space that appears to be allocated to files. Another
method of hiding information in file system is to create hidden partitions. These
partitions are not seen if the system is started normally.
2.2.3 Hiding in Network Packets
With the rapid development of Internet technologies, the number of data
packets sent and received electronically is increasing greatly. As the technology
of transmitting information on network in secure, the importance of information
hiding as a field of information security comes to be recognized widely.Any of
these packets can provide a covert communication channel.For example, TCP/IP
packets are used to transport information over the internet.The pocket headers
have unused space or other features that can be manipulated to hide information.
![Page 4: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/4.jpg)
12
2.2.4 Hiding in Software and Circuitry
Data can also be hidden based on the physical arrangement of carrier.The
arrangement itself may be an embedded signature that is unique to the creator.An
example is in the layout of code distribution in a program or the layout of
electronic circuits on a board.This type of ‘marking’ can be used to uniquely
identify the design origin and can not be removed without significant change to
the work.
2.2.5 Hiding in Image and Audio
Many different methods enable hiding information in audio and image.
These methods may include hiding information in unused space in file headers to
hold ‘extra’ information. Embedding techniques can range from the placement of
information in imperceptible level (noise), manipulation of compression
algorithms, and the modification of carrier properties. In audio, small echoes or
slight delays can be added or subtle signals can be masked by sound of higher
amplitude. Information (data) can be hidden in different ways in image.To hide
information; straight message insertion may encode every bit of information in
the image or selectively embed the message in busy areas where it would be less
perceptible. A message may also be scattered randomly or repeated several times
throughout the image.
![Page 5: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/5.jpg)
13
Table 2.1:
Weaknesses of Method for Hiding Information.
From the table above, it is clear that the main weaknesses of those methods
are the size of the hidden data depends on the size of the cover file and any
changes made are easily detected by anti virus software. Thus, through this
reseaech, these weaknesses will be solved through the used of exe.file.
2.3 Portable Executable File (PE-File)
The planned system uses a portable executable file as a cover to embed an
executable program as an example for the planned system.This section is divided
into four parts (Johnson, 2005):
• Characteristics of executable files
• Executable files types.
![Page 6: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/6.jpg)
14
• Advantage of PE-file.
2.3.1 Characteristics of Executable Files
The characteristics of the Executable file does not have a standard size,
like other files, for example the image file (BMP) the size of this file is between
(2-10 MB), Other example is the text file (TXT) the size often is less than 2
MB.Through our study the characteristics of files have been used as a cover, it
found that lacks sufficient size to serve as a cover for information to be hidden.
For these features of the Executable file, it has unspecified size; it can be 650 MB
like window setup File or 12 MB such as installation file of multi-media players.
Taking advantage of this feature (disparity size) make it a suitable environment
for concealing information without detect the file from attacker and discover
hidden information in this file.
2.3.2 Executable File Types
The number of different executable file types is as many and varied as the
number of different image and sound file formats. Every operating system seems
to have several executable file types unique to it. These types are (Mega, 2004):
a) EXE (DOS"MZ")
DOS-MZ was introduced with MS-DOS (not DOS v1 though) as a
companion to the simplified DOS COM file format. DOS-MZ was designed to be
run in real mode and having a relocation table of SEGMENT: OFFSET pairing. A
very simple format that can be run at any offset, it does not distinguish between
TEXT, DATA and BSS.The maximum file size of (code + data + bss) is one-
mega bytes in size. Operating systems that use are: DOS, Win*, Linux DOS.
![Page 7: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/7.jpg)
15
b) EXE (win 3.xx "NE"):
The WIN-NE executable formatted designed for windows 3.x is the "NE"
new-executable. Again, a 16-bit format, it alleviates the maximum size
restrictions that the DOZ-MZ has. Operating system that uses it is: windows 3.xx.
c) EXE (OS/2 "LE"):
The "LE" linear executable format was designed for IBM's OS/2 operating
system by Microsoft supporting both 16 and 32-bit segments operating systems
that are used in: OS/2, DOS.
d) EXE (win 9x/NT "PE"):
With windows 95/NT a new executable file type is required, thus was born
the "PE" portable executable. Unlike its predecessors, the WIN-PE is a true 32-
bit file format, supporting releasable code. It does distinguish between TEXT,
DATA, and BSS. It is in fact, a bastardized version of the common object file
format (COFF) format. Operating systems that use it are: windows
95/98/NT/2000/ME/CE/XP.
e) ELF:
The ELF, Executable Linkable Format was designed by SUN for use in
their UNIX clone. A very versatile file format, it was later picked up by many
other operating systems for use as both executable files and as shared library
files. It does distinguish between TEXT, DATA and BSS.
TEXT: the actual executable code area.
DATA: "initialized" data, (Global Variables).
![Page 8: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/8.jpg)
16
BSS : "un- initialized" data, (Local Variables).
2.3.3 Advantage of PE-File
The addition of the Microsoft® windows NT™ operating system to the
family of windows™ operating systems brought many changes to the
development environment and more than a few changes to applications
themselves. One of the more significant changes is the introduction of the
Portable Executable (PE) file format. The name "Portable Executable" refers to
the fact that the format is not architecture specific (Johannes, 2003).
In other words, the term "Portable Executable" was chosen because the
intent was to have a common file format for all flavors of windows, on all
supported CPUs (Martin, 2007).
The PE files formats drawn primarily from the Common Object File
Format (COFF) specification that is common to UNIX® operating systems. Yet,
to remain compatible with previous versions of the MS-DOS® and windows
operating systems, the PE file format also retains the old familiar MZ header
from MS-DOS (Johannes, 2003).
The PE file format for Windows NT introduced a completely new structure
to developers familiar with the windows and MS-DOS environments. Yet
developers familiar with the UNIX environment will find that the PE file format
is similar to, if not based on, the COFF specification .The entire format consists
of an MS-DOS MZ header, followed by a real-mode stub program, the PE file
signature, the PE file header, the PE optional header, all of the section headers,
and finally, all of the section bodies (Johannes, 2003).
![Page 9: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/9.jpg)
17
2.4 Cryptography and Steganography.
Since the advent of computers there has been a vast dissemination of
information, some of which needs to be kept private, some of which doesn't. The
information may be hidden in two basic ways (Cryptography and
Steganography).The methods of Cryptography does not conceal the presence of
secret information but render it unintelligible to outsider by various
transformations of the information that is to be put into secret form, while
methods of Steganography conceal the very existence of the secret information.
The following table has shown the comparison between Cryptography and
Steganography (Al-Dieimy, 2002; Dorothy, 2000).
Table 2.2:
Comparison between Cryptography and Steganography
![Page 10: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/10.jpg)
18
2.4.1 Cryptography with Block Cipher
In Cryptography, a block cipher is a symmetric key cipher which operates
on fixed-length groups of bits, termed blocks, with an unvarying transformation.
When encrypting, a block cipher might take a (for example) 128-bit block of
plaintext as input, and outputs a corresponding 128-bit block of cipher text. The
exact transformation is controlled using a second input — the secret key.
Decryption is similar: the decryption algorithm takes, in this example, a 128-bit
block of cipher text together with the secret key, and yields the original 128-bit
block of plaintext. To encrypt messages longer than the block size (128 bits in
the above example), a mode of operation is used.Block ciphers can be contrasted
with stream ciphers; a stream cipher operates on individual digits one at a time
and the transformation varies during the encryption. The distinction between the
two types is not always clear-cut: a block cipher, when used in certain modes of
operation, acts effectively as a stream cipher as shown in Figure 2.1 (Johnson,
2005).
Figure 2.1: Encryption and Decryption.
Block Cipher
Encryption
Cipher text
Plaintext
Key
Encryption
Block Cipher
Decryption
Ciphertex
t
Plaintext
Key
Decryptio
n
![Page 11: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/11.jpg)
19
An early and highly influential block cipher design is the Data Encryption
Standard (DES). The (DES) is a cipher (a method for encrypting information)
Selected as an official Federal Information Processing Standard (FIPS) for the
United States in 1976, and which has subsequently enjoyed widespread use
internationally. The algorithm was initially controversial, with classified design
elements, a relatively short key length, and suspicions about a National Security
Agency (NSA) backdoor. DES consequently came under intense academic
scrutiny, and motivated the modern understanding of block ciphers and their
cryptanalysis. DES is now considered to be insecure for many applications. This
is chiefly due to the 56-bit key size being too small; DES keys have been broken
in less than 24 hours. There are also some analytical results which demonstrate
theoretical weaknesses in the cipher, although they are infeasible to mount in
practice. The algorithm is believed to be practically secure in the form of Triple
DES, although there are theoretical attacks. In recent years, the cipher has been
superseded by the Advanced Encryption Standard (Wikipedia, 2007).
2.4.1.1 Comparison between AES, 3DES and DES.
Advance Encryption Standard (AES) and Triple DES (TDES or 3DES) are
commonly used block ciphers. Whether you choose AES or 3DES depend on
your needs. In this section it would like to highlight their differences in terms of
security and performance (Seleborg, 2004).Since 3DES is based on DES
algorithm, it will talk about DES first. DES was developed in 1977 and it was
carefully designed to work better in hardware than software. DES performs lots
of bit manipulation in substitution and permutation boxes in each of 16
rounds. For example, switching bit 30 with 16 is much simpler in hardware than
software. DES encrypts data in 64 bit block size and uses effectively a 56 bit
![Page 12: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/12.jpg)
20
key. 56 bit key space amounts to approximately 72 quadrillion
possibilities. Even though it seems large but according to today’s computing
power it is not sufficient and vulnerable to brute force attack. Therefore, DES
could not keep up with advancement in technology and it is no longer appropriate
for security. Because DES was widely used at that time, the quick solution was to
introduce 3DES which is secure enough for most purposes today.3DES is a
construction of applying DES three times in sequence. 3DES with three different
keys (K1, K2 and K3) has effective key length is 168 bits (The use of three
distinct key is recommended of 3DES.). Another variation is called two-key (K1
and K3 is same) 3DES reduces the effective key size to 112 bits which is less
secure. Two-key 3DES is widely used in electronic payments industry. 3DES
takes three times as much CPU power than compare with its predecessor which is
significant performance hit. AES outperforms 3DES both in software and in
hardware (Jafer, 2006). The Rijndael algorithm has been selected as the Advance
Encryption Standard (AES) to replace 3DES. AES is modified version of
Rijndael algorithm.Advance Encryption Standard evaluation criteria among
others was (Seleborg, 2004):
• Security
• Software & Hardware performance
• Suitability in restricted-space environments
• Resistance to power analysis and other implementation attacks.
Rijndael was submitted by Joan Daemen and Vincent Rijmen.When
considered together Rijndael’s combination of security, performance, efficiency,
implementability, and flexibility made it an appropriate selection for the AES.By
design AES is faster in software and works efficiently in hardware. It works fast
![Page 13: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/13.jpg)
21
even on small devices such as smart phones; smart cards etc.AES provides more
security due to larger block size and longer keys.AES uses 128 bit fixed block
size and works with 128, 192 and 256 bit keys.Rigndael algorithm in general is
flexible enough to work with key and block size of any multiple of 32 bit with
minimum of128 bits and maximum of 256 bits.AES is replacement for 3DES
according to NIST both ciphers will coexist until the year2030 allowing for
gradual transition to AES.Even though AES has theoretical advantage over 3DES
for speed and efficiency in some hardware implementation 3DES may be faster
where support for 3DES is mature (Seleborg, 2004).
Table 2.3:
Comparison between DES and AES and 3DES.
![Page 14: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/14.jpg)
22
2.4.1.2 Advanced Encryption Standard (AES) / Rijndael
In the late 1990s, the U.S. National Institute of Standards and Technology
(NIST) conducted a competition to develop a replacement for DES. The winner,
announced in 2001, is the Rijndael (pronounced "rhine-doll") algorithm, destined
to become the new Advanced Encryption Standard. Rijndael mixes up the SPN
model by including Galios field operations in each round. Somewhat similar to
RSA modulo arithmetic operations, the Galios field operations produce apparent
gibberish, but can be mathematically inverted.AES have Security is not an
absolute; it’s a relation between time and cost. Any question about the security of
encryption should be posed in terms of how long time, and how high cost will it
take an attacker to find a key?
Currently, there are speculations that military intelligence services possibly
have the technical and economic means to attack keys equivalent to about 90 bits,
although no civilian researcher has actually seen or reported of such a capability.
Actual and demonstrated systems today, within the bounds of a commercial
budget of about 1 million dollars can handle key lengths of about 70 bits. An
aggressive estimate on the rate of technological progress is to assume that
technologies will double the speed of computing devices every year at an
unchanged cost. If correct, 128-bit keys would be in theory be in range of a
military budget within 30-40 years. An illustration of the current status for AES
is given by the following example, where we assume an attacker with the
capability to build or purchase a system that tries keys at the rate of one billion
keys per second. This is at least 1 000 times faster than the fastest personal
computer in 2004. Under this assumption, the attacker will need about 10 000
![Page 15: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/15.jpg)
23
000 000 000 000 000 000 years to try all possible keys for the weakest version,
AES-128.The key length should thus be chosen after deciding for how long
security is required, and what the cost must be to brute force a secret key. In
some military circumstances a few hours or days security is sufficient – after that
the war or the mission is completed and the information uninteresting and
without value. In other cases a lifetime may not be long enough. There is
currently no evidence that AES has any weaknesses making any attack other than
exhaustive search, i.e. brute force, possible. Even AES-128 offers a sufficiently
large number of possible keys, making an exhaustive search impractical for many
decades, provided no technological breakthrough causes the computational power
available to increase dramatically and that theoretical research does not find a
short cut to bypass the need for exhaustive search.There are many pitfalls to
avoid when encryption is implemented, and keys are generated. It is necessary to
ensure each and every implementations security, but hard since it requires careful
examination by experts. An important aspect of an evaluation of any specific
implementation is to determine that such an examination has been made, or can
be conducted (Seleborg, 2004).
a) Strong keys.
Encryption with AES is based on a secret key with 128, 192 or 256 bits.
But if the key is easy to guess it doesn’t matter if AES is secure, so it is as
critically vital to use good and strong keys as it is to apply AES properly.
Creating good and strong keys is a surprisingly difficult problem and requires
careful design when done with a computer. The challenge is that computers are
notoriously deterministic, but what is required of a good and strong key is the
opposite – unpredictability and randomness (Johannes, 2003).
![Page 16: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/16.jpg)
24
Keys derived into a fixed length suitable for the encryption algorithm from
passwords or pass phrases typed by a human will seldom correspond to 128 bits
much less 256. To even approach 128- bit equivalence in a pass phrase, at least
10 typical passwords of the kind frequently used in day-to-day work are needed.
Weak keys can be somewhat strengthened by special techniques by adding
computationally intensive steps which increase the amount of computation
necessary to break it (Johannes, 2003).
The risks of incorrect usage, implementation and weak keys are in no way
unique for AES; these are shared by all encryption algorithms. Provided that the
implementation is correct, the security provided reduces to a relatively simple
question about how many bits the chosen key, password or pass phrase really
corresponds to. Unfortunately this estimate is somewhat difficult to calculate,
when the key is not generated by a true random generator (Johannes, 2003).
2.4.1.2.1 The Round Transformations
There are four transformations (Seleborg, 2004):
a) Add Round Key
Add Round Key is an XOR between the state and the round key. This
transformation is its own inverse.
b) Sub Bytes
Sub Bytes is a substitution of each byte in the block independent of the
position in the state. This is an S-box. It is bisection on all possible byte values
and therefore invertible (the inverse S-box can easily be constructed from the S-
![Page 17: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/17.jpg)
25
box). This is the non-linear transformation. The S-box used is proved to be
optimal with regards to non-linearity. The S-box is based on arithmetic in GF
(2^8).
c) Shift Rows
Shift Rows is a cyclic shift of the bytes in the rows in the state and is
clearly invertible (by a shift in the opposite direction by the same amount).
d) Mix Columns
Each column in the state is considered a polynomial with the byte values as
coefficients. The columns are transformed independently by multiplication with a
special polynomial c(x). c(x) has an inverse d(x) that is used to reverse the
multiplication by c (x) (Seleborg, 2004).
e) The Rounds
A round transformation is composed of four different transformations.
Figure 2.2: Four Different Transformations.
The final round is like a regular round, but without the mix columns
transformation:
Figure 2.3: Final Round.
![Page 18: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/18.jpg)
26
2.4.1.2.2 The Round Key
The Round keys are made by expanding the encryption key into an array
holding the Round Keys one after another. The expansion works on words of four
bytes. Nk is a constant defined as the number of four bytes words in the key
(Johannes, 2003).The encryption key is filled into the first Nk words and the rest
of the key material is defined recursively from preceding words. The word in
position i, W[i], except the first word of a Round Key, is defined as the XOR
between the preceding word, W[i-1], and W[i-Nk]. The first word of each Round
Key, W[i] (where i mod Nk == 0), is defined as the XOR of a transformation on
the preceding word, T (W [i - 1]) and W [i - Nk]. The transformation T on a
word, w, is w rotated to the left by one byte, XOR’ed by a round constant and
with each byte substituted by the S-box (Seleborg, 2004).
.
2.5 General Steganography Systems
A general Steganography system is shown in Figure 2.4. It is assumed that
the sender wishes to send via Steganographic transmission, a message to a
receiver. The sender starts with a cover message, which is an input to the stego-
system, in which the embedded message will be hidden. The hidden message is
called the embedded message. A Steganographic algorithm combines the cover
massage with the embedded message, which is something to be hidden in the
cover (Nspw, 2006).The algorithm may, or may not, use a Steganographic key
(stego key), which is additional secret data that may be needed in the hidden
process. The same key (or related one) is usually needed to extract the embedded
massage again. The output of the Steganographic algorithm is the stego message.
The cover massage and stego message must be of the same data type, but the
![Page 19: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/19.jpg)
27
embedded message may be of another data type. The receiver reverses the
embedding process to extract the embedded message (Avedissian, 2005).
Figure 2.4: General Steganography System.
2.6 Characterization of Steganography Systems
Steganographic techniques embed a message inside a cover. Various
features characterize the strength and weaknesses of the methods. The relative
importance of each feature depends on the application (Brigit, 1996).
2.6.1 Capacity
The notion of capacity in data hiding indicates the total number of bits
hidden and successfully recovered by the Stego system (Ross, 2005).
2.6.2 Robustness
Robustness refers to the ability of the embedded data to remain intact if the
stego-system undergoes transformation, such as linear and non-linear filtering;
addition of random noise; and scaling, rotation, and loose compression (Brigit,
1996).
![Page 20: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/20.jpg)
28
2.6.3 Undetectable
The embedded algorithm is undetectable if the image with the embedded
message is consistent with a model of the source from which images are drawn.
For example, if a Steganography method uses the noise component of digital
images to embed a secret message, it should do so while not making statistical
changes to the noise in the carrier.Undetectability is directly affected by the size
of the secret message and the format of the content of the cover image (Ross,
2005).
2.6.4 Invisibility (Perceptual Transparency)
This concept is based on the properties of the human visual system or the
human audio system. The embedded information is imperceptible if an average
human subject is unable to distinguish between carriers that do contain hidden
information and those that do not. (Ross, 2005) It is important that the
embedding occurs without a significant degradation or loss of perceptual quality
of the cover (Brigit, 1996).
2.6.5 Security
It is said that the embedded algorithm is secure if the embedded
information is not subject to removal after being discovered by the attacker and it
depends on the total information about the embedded algorithm and secret key
(Lin, 2005).
2.7 Classification of Steganography Techniques
There are several approaches in classifying Steganographic systems. One
could categorize them according to the type of covers used for secret
![Page 21: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/21.jpg)
29
communication or according to the cover modifications applied in the embedding
process. The second approach will be followed in this section, and the
Steganographic methods are grouped in six categories, although in some cases an
exact classification is not possible. Figure 2.5 presents the Steganography
classification (Katzenbisser, 2000).
Figure 2.5: Steganography Classification (Sellars, 2002).
2.7.1 Substitution Systems
Basic substitution systems try to encode secret information by substituting
insignificant parts of the cover by secret message bits. The receiver can extract
the information if he has knowledge of the positions where secret information has
been embedded. Since only minor modifications are made in the embedding
process, the sender assumes that they will not be noticed by an attacker. It
consists of several techniques that will be discussed in more detail, in the
following subsection (Lin, 2005):
2.7.1.1 Least Significant Bit Substitution (LSB)
The embedding process consists of choosing a subset {j1… jl (m)} of cover
elements and performing the substitution operation cji ↔ mi on them, which
![Page 22: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/22.jpg)
30
exchange the LSB of cji by mi (mi can be either 1 or 0).In the extraction process,
the LSB of the selected cover-element is extracted and lined up to reconstruct the
secret message (Ross, 2005).
2.7.1.2 Pseudorandom Permutation
If all cover bits are accessed in the embedding process, the cover is a
random access cover, and the secret message bits can be distributed randomly
over the whole cover. This technique further increases the complexity for the
attacker, since it is not guaranteed that the subsequent message bits are embedded
in the same order (Ross, 2005).
2.7.1.3 Image Downgrading and Cover Channels
Image downgrading is a special case of a substitution system in which
image acts both as a secret message and a cover. Given cover-image and secret
image of equal dimensions, the sender exchanges the four least significant bits of
the cover grayscale (or color) values with the four most significant bits of the
secret image. The receiver extracts the four least significant bits out of the stego-
image, thereby gaining access to the most significant bits of the stego-image.
Whereas the degradation of the cover is not visually noticeable in many cases,
four bits are sufficient to transmit a rough approximation of the secret image
(Katzenbisser, 2005).
2.7.1.4 Cover Regions and Parity Bits
Any nonempty subset of {c1,…….., cI(c)} is called a cover-region. By
dividing the cover into several disjoint regions, it is possible to store one bit of
![Page 23: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/23.jpg)
31
information in a whole cover-region rather than in a single element (Al-Hamami,
2006).A parity bit of a region I can be calculated by:
B (I) ==∑LSB (cj) mod2
2.7.1.5 Palette-Based Image
There are two ways to encode information in a palette-based image; either
the palette or the image data can be manipulated. The LSB of the color vectors
could be used for information transfer, just like the substitution methods
presented. Alternatively, since the palette does not need to be sorted in any way,
information can be encoded in the way the colors are stored in the palette. For N
colors since there are N! Different ways to sort the palette, there is enough
capacity to encode a small message. However, all methods which use the order of
a palette to store information are not robust, since an attacker can simply sort the
entries in a different way and destroy the secret message (Lin, 2005).
2.7.1.6 Quantization and Dithering
Dithering and quantization to digital image can be used for embedding
secret information. Some Steganographic systems operate on quantized images.
The difference ei between adjacent pixels xi and xi +1 is calculated and fed into a
quantize φ which outputs a discrete approximation ∆I of the different signal (xi -
xi +1). Thus in each quantization step a quantization error is introduced (Sellars,
2002).In order to store the ith message bit in the cover-signal, the quantized
difference signal ∆I is computed. If according to the secret table ∆I does not
match the secret bit to be encoded, ∆I is replaced by the nearest ∆I where the
associated bit equals the secret message bit. The resulting value ∆I is those fed
J€I
![Page 24: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/24.jpg)
32
into the entropy coder. At the receiver side, the message is decoded according to
the difference signal ∆I and the stego-key (Katzenbisser, 2005).
2.7.1.7 Information Hiding in Binary Image
Binary image contains redundancies in the way black and white pixels are
distributed. Although the implementation of a simple substitution scheme is
possible, these systems are highly susceptible to transmission errors and
therefore are not robust (Lin, 2005).
2.7.1.8 Unused or Reversed Space in Computer Systems
Taking advantage of an unused or reversal space to hold covert information
provides a means of hiding information without perceptually degrading the
carrier. For example, the way operation systems store files typically results in an
unused space that appears to be allocated to a file. Another method of hiding
information in file system is to create hidden partitions. These partitions are not
seen if the system is started normally (Sellars, 2002).
2.7.2 Transform Domain Techniques
It has been seen that the substitution and modification techniques are easy
ways to embed information, but they are highly vulnerable to even small
modification. An attacker can simply apply signal processing techniques in order
to destroy the secret information. In many cases even the small changes resulting
out of loose compression systems yield total information loss. It has been noted
in the development of Steganographic systems that embedding information in the
frequency domain of a signal can be much more robust than embedding rules
operating in the time domain. Most robust Steganographic systems known today
![Page 25: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/25.jpg)
33
actually operate in some sort of transform domain.Transformation domain
methods hide message in a significant area of the cover image which makes them
more robust to attack, such as adding noise, compression, cropping some image
processing. However, whereas they are more robust to various kinds of signal
processing, they remain imperceptible to the human sensory system. Many
transform domain variations exist. One method is to use the Discrete Cosine
Transformation (DCT) as a vehicle to embed information in image. Another
method would be the use of wavelet transforms (Katzenbisser, 2000).Transforms
embedding embeds a message by modification (selected) transform (e.g.,
frequency) coefficient of the cover message.Ideally, transform embedding has an
effect on the spatial domain to apportion the hidden information through different
order bits in a manner that is robust, but yet hard to detect. Since an attack, such
as image processing, usually affects a certain band of transform coefficient, the
remaining coefficient would remain largely intact.Hence, transform embedding
is, in general, more robust than other embedding methods (Katzenbisser, 2000).
2.7.3 Spread Spectrum (SS) Techniques
Spread spectrum techniques are defined as "Means of transmission in
which the signal occupies a bandwidth in excess of the minimum necessary to
send the information". The band spread is accomplished by means of a code
which is independent of the data, and a synchronized reception with the code at
the receiver is used for dispreading and subsequent data recovery. Although the
power of the signal to be transmitted can be large, the signal–to–noise ratio in
every frequency band will be small, even if parts of the signal could be removed
in several frequency bands, enough information should be present in the other
bands to recover the signal. This situation is very similar to a Steganography
![Page 26: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/26.jpg)
34
system which tries to spread a secret message over a cover in order to make it
impossible to perceive.Since spread signals tend to be difficult to remove,
embedding methods based on SS should provide a considerable level of
robustness (Sellars, 2002).In information hiding, two special variants of spread
spectrum techniques are generally used: direct sequence, and frequency–hopping
scheme. In direct-sequence scheme, the secret signal is spread by a constant
called ship rate, modulated with a pseudorandom signal and added to the cover.
On the other hand, in the frequency–hopping schemes the frequency of the carrier
signal is altered in a way that it hops rapidly from one frequency to another. SS
are widely used in the context of watermarking (Al_Mayyahee, 2005).
2.7.4 Distortion Techniques
In contrast to substitution systems, distortion requires the knowledge of the
original cover in the decoding process.The sender applies a sequence of
modifications to the cover in order to get a stego-system.A sequence of
modification is chosen in such a way that it corresponds to a specific secret
message to be transmitted.The receiver measures the difference in the original
cover in order to reconstruct the sequence of modification applied by the sender,
which corresponds to the secret message.An early approach to hiding information
is in text.Most text-based hiding methods are of distortion type (i.e,the
arrangment of words or the layout of a docement may reveal information). One
technique is by modulating the positions of line and words, which will be
detailed in the next subsection.Adding spaces and “invisible” characters to text
provides a method to pass hidden information HTML files are good candidates
for including extra spaces, tabs, and linebreaks.Web browsers ignore these
![Page 27: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/27.jpg)
35
“extra”spaces and lines and they go unnoticed until the sourse of the web pag is
revealed (Sellar, 2003).
2.7.5 Cover Generation Techniques
In contrast to all embedding methods presented above, when secret
information is added to a specific cover by applying an embedding algorithm,
some Steganographic applications generate a digital object only for the purpose
of being a cover for secret communication (Katzenbisser, 2000).
Table 2.4:
Weaknesses of Steganography Techniques
![Page 28: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/28.jpg)
36
From the above table, most of the techniques are very complex and not
suitable to be used with exe.file. In order to use exe.file, a simple technique
needs to be applied so that changes made to the file will not be detected by anti
virus software. Thus, we choose to apply statistical technique because it is not
complex and suitable to be implemented with the structure and characteristic of
the exe.file.
2.7.6 Statistical Steganography
Statistical Steganography techniques utilize the existence of "1-bits"
Steganography schemes, which embed one bit of information in a digital carrier.
This is done by modifying the cover in such a way that some statistical
characteristics change significantly if a "1" is transmitted. Otherwise, the cover is
left UN changed. So the receiver must be able to distinguish unmodified covers
from modified ones.A cover is divided into l (m) disjoint blocks B1...B l (m). A
secret bit, mi is inserted into the ith block by placing "1" in to Bi if
mi=1.Otherwise, the block is not changed in the embedding process
(Katzenbisser, 2000).
2.8 Steganography Advantages and Disadvantages
Steganography is the art of hiding information inside another media; this is
basically done by using unnecessary bits in an innocent file to store the secret
data. The techniques used make it impossible to detect that there is anything
inside the innocent file, but the intended recipient can get the hidden data.
Steganography has its place in security, but not instead of Cryptography, it
supplements it.Hiding a message with Steganography methods reduces the chance
of detecting the message (Jafer, 2006).
![Page 29: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/29.jpg)
37
It can and will be used for two purposes, good and evil. Both government
and private industries need to worry about the use of Steganography inside of
their respective buildings (Katzenbisser, 2000; Jafer, 2006).The main advantages
of Steganography are:
• It can be used for secretly transmitting message without being discovered.
• It does not allow the enemy to detect that there is secret information inside
the cover file.
• It can be used by anyone using internet.
However, Steganography has a number of disadvantages.They are:
• It generally requires a lot of overhead to hide a relatively few bit of
information. However, there are ways around this.
Once a Steganography system is discovered, it is rendered useless. This
problem, too, can be overcome if the hidden data depends on some sort of key for
its insertion and extraction.
2.9 Literature Survey
Most of the published articles are concerned with the description of some
software tools designed and built to perform Steganography on some text, image,
and audio cover media. The publication about the scheme of the stego system is
very primitive, and mostly does not offer a key solution for some weak aspects
which may face the discussed (proposed) system. Among the large number of
published articles, the following table shows the current researches being done,
in comparison with this research:
![Page 30: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/30.jpg)
38
Table 2.5:
Shows Current Research being done
![Page 31: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/31.jpg)
39
![Page 32: CHAPTER 2 LITERATURE REVIEW - University of …repository.um.edu.my/401/5/Chapter_2_.pdfshave the head of a messenger and tattoo a message or image on the messenger head. After allowing](https://reader031.fdocuments.us/reader031/viewer/2022021617/5b4ecc227f8b9afb4f8b4598/html5/thumbnails/32.jpg)
40
2.10 Conclusion
The hurried development of multimedia and internet allows wide
distribution of digital media data. It becomes much easier to edit, modify and
duplicate digital information. In additional, digital document is also easy to copy
and distribute, therefore it may face many threats. It became necessary to find an
appropriate protection due to the significance, accuracy and sensitivity of the
information. Nowadays, protection system can be classified into more specific as
hiding information (Steganography) or encryption information (Cryptography) or
a combination between them. Cryptography is the practice of ‘scrambling’
messages so that even if detected, they are very difficult to decipher. The purpose
of Steganography is to conceal the message such that the very existence of the
hidden is ‘camouflaged’.However, the two techniques are not mutually exclusive.
Steganography and Cryptography are in fact complementary techniques. No
matter how strong algorithm, if an encrypted message is discovered, it will be
subject to cryptanalysis. Likewise, no matter how well concealed a message is, it
is always possible that it will be discovered.By combining Steganography with
Cryptography we can conceal the existence of an encrypted message. In doing
this, we make it far less likely that an encrypted message will be found. Also, if
a message concealed through Steganography is discovered, the discoverer is still
faced with the formidable task of deciphering it. Also the strength of the
combination between hiding and encryption science is due to the non-existence
of standard algorithms to be used in (hiding and encryption) secret messages.
Also there is randomness in hiding methods such as combining several media
(covers) with different methods to pass a secret message. Furthermore, there is no
formal method to be followed to discover a hidden data.