Вы находитесь на странице: 1из 40

CHAPTER ONE

INTRODUCTION
1.0 Background to the Study

The internet is an integral part of our daily lives, and the proportion of the

people who are expected to be able to manage their bank account anywhere, anytime

is constantly growing. As such, internet mobile banking has come of age as a crucial

component of any financial institutions multichannel strategy. Internet mobile

banking uses mobile phone with internet facility as the delivery channel to conduct

banking activities like transferring funds, paying bills, viewing account statements,

paying mortgages and purchasing financial certificates of deposits etc. Many

organization or financial institutions are now incorporating internet mobile banking as

a key component of their growth strategy, and use of the mobile phone to conduct

banking and financial services tasks continues to rise among early adopters. (Barnes,

S.J., and Corbitt, B. Mobile Banking: Concept and Potential, International Journal of

Mobile Communications, 1 (3), pp. 273-288, 2003).

Cryptography and steganography are well known and widely used techniques

that manipulate information (messages) in order to cipher or hide their existence.

These techniques have many applications in computer science and other related fields:

they are used to protect e-mail messages, credit card information, corporate data, and

other valuable information.

More specifically, steganography is the art and science of communicating in a

way which hides the existence of the communication (Johnson and Jajodia, 1998). A

steganographic system thus embeds hidden content in unremarkable cover media so as

not to arouse an eavesdroppers suspicion (Provos and Honeyman, 2003). As an

example, it is possible to embed a text inside an image or an audio file.


On the other hand, cryptography is the study of mathematical techniques

related to aspects of information security such as confidentiality, data integrity, entity

authentication, and data origin authentication (Menezes, A., Van Oorschot, P., and

Vanstone, S. 1996).

Crystography is the combination of Cryptography and Steganography for

ensuring security of information whether in store or in transit (Gabriel J.A 2015).

Many different carrier file formats can be used, but digital images are the most

popular because of their frequency on the internet. For hiding secret information in

images, there exists a large variety of Steganography techniques some are more

complex than others and all of them have respective strong and weak points.

Cryptography was used to assure only secrecy, signatures, and other physical

mechanisms were typically used to assure integrity of the media and authenticity of

the sender.

With the advent of electronic funds transfer, the applications of steganography

for integrity began to surpass its use for secrecy. In the information age,

steganography has become one of the major methods for protection in all applications.

1.1 Statement of the Problem

Over the years, internet banking in Nigeria has played the role of the intermediate

body in banking sector to ensure the smooth running of the economy and coordination

involved in the circular flow of income in Nigeria economy but however, Growth in

internet mobile banking bas been reduced due to lack of security in internet banking

which leads to financial crime. Frauds have had adverse impact on development of our

financial system and hacking is starting to become a major issue and this is the reason

that user cannot easily trust the information on the internet


1.2 Motivation

The amount of transactions through internet mobile banking has led to attract criminal

attention, serious operational risks and potential liabilities are associated with security

breaches in accessing of bank accounts over the internet. Meanwhile this has to be

controlled.

1.4. Objectives of the Project

The objectives of the study may be stated as follows:

i. To gain insight into the current status of internet banking security challenge

and to identify security threats and goals in internet mobile banking system.
ii. To create a system that will bridge internet mobile banking security between

big banks and small banks.


iii. To study and compare the level of security and privacy issues and regulatory

environment of internet mobile banking.


iv. To ensure that internet mobile banking is properly secured and protected from

breaches and leakages to unauthorised persons through enhance techniques by

hiding information through steganography.


v. To develop a well secured model and software that will give a high level

of security for the financial transactions in internet mobile banking.

1.5 Scope of Study


This project is centered in developing a security measure in internet mobile banking to

aid mutual authentication and to provide adequate protection against internet banking

fraud using steganography.

1.6 Research Methodology

The techniques methodologies that will be embarked in carrying out this research

work are:

i. Analysis of customers perception about security and privacy issues in

banks.
ii. Comparison of selected online portals.
iii. Java will be used for implementation
iv. System testing will be performed to know how effective the security is.

1.7 Contribution to Knowledge

At the end of this research work internet mobile banking will be secured to

handle banking operations which require high level of security. Every year many users

face problem related to security of their account and causing loss of valuable

information and money too. The Improved internet banking security that will be done

in this research work will help both user and bank to keep their data safe.
CHAPTER TWO

LITERATURE REVIEW

2.0 Model for Network Security

A message is to be transferred from one terminal to another across some sort of

Internet service. The two terminals, that are the principals in this transaction, must

cooperate for the exchange to take place. A logical information channel is established

by defining a route through the Internet from the source to the destination and by the

cooperative use of communication protocols (e.g., TCP/IP) by the two principals.

Security aspects come into play when it is necessary or desirable to protect the

information transmission from an opponent who may present a threat to

confidentiality, authenticity, and so on. All the techniques for providing security have

two components:

Figure 2.1: Model for Network Security (Source: William Stallings, 2006)

A security-related transformation on the information to be sent. Examples include the

encryption of the message, which scrambles the message so that it is unreadable by the
opponent, and the addition of a code based on the contents of the message, which can

be used to verify the identity of the sender

2.1 Network Security

Some secret information shared by the two principals and, it is hoped, unknown

to the opponent. An example is an encryption key used in conjunction with the

transformation to scramble the message before transmission and unscramble it on

reception.

A trusted third party may be needed to achieve secure transmission. For

example, a third party may be responsible for distributing the secret information to the

two principals while keeping it from any opponent. Or a third party may be needed to

arbitrate disputes between the two principals concerning the authenticity of a message

transmission (William Stallings, 2006).

This general model shows that there are four basic tasks in designing a particular

security service:

1. Design an algorithm for performing the security-related transformation.

The algorithm should be such that an opponent cannot defeat its purpose.

2. Generate the secret information to be used with the algorithm.

3. Develop methods for the distribution and sharing of the secret

information.

4. Specify a protocol to be used by the two principals that makes use of the

security algorithm and the secret information to achieve a particular security

service.

2.2 Encryption Techniques

Symmetric Encryption

Symmetric encryption, also referred to as conventional encryption or single-key


encryption, was the only type of encryption in use prior to the development of public-

key encryption in the 1970s. It remains by far the most widely used of the two types of

encryption.

An original message is known as the plaintext, while the coded message is

called the ciphertext. The process of converting from plaintext to cipher-text is known

as enciphering or encryption; restoring the plaintext from the cipher-text is

deciphering or decryption.

The many schemes used for encryption constitute the area of study known as

cryptography. Such a scheme is known as a cryptographic system or a cipher.

Techniques used for deciphering a message without any knowledge of the enciphering

details fall into the area of cryptanalysis. Cryptanalysis is what the layperson calls

breaking the code.

The areas of cryptography and cryptanalysis together are called cryptology (William

Stallings, 2006).

2.3 Symmetric Cipher

A symmetric encryption scheme has five ingredients:

i. Plaintext: This is the original intelligible message or data that is fed into the

algorithm as input.

ii. Encryption algorithm: The encryption algorithm performs various substitutions

and transformations on the plaintext.

iii. Secret key: The secret key is also input to the encryption algorithm. The key is

a value independent of the plaintext and of the algorithm. The algorithm will

produce a different output depending on the specific key being used at the time.

The exact substitutions and transformations performed by the algorithm depend

on the key.
iv. Cipher-text: This is the scrambled message produced as output. It depends on

the plaintext and the secret key. For a given message, two different keys will

produce two different cipher-texts. The cipher-text is an apparently random

stream of data and, as it stands, is unintelligible.

v. Decryption algorithm: This is essentially the encryption algorithm run in

reverse. It takes the cipher-text and the secret key and produces the original

plaintext.

2.4 Information Hiding

Information hiding is the ability to prevent certain aspects of a class or software

component from being accessible to its clients, using either programming language

features (like private variables) or an explicit exporting policy implementation (Scott,

Michael L, 2009).

The term encapsulation is often used interchangeably with information hiding.

Not all agree on the distinctions between the two though; one may think of

information hiding as being the principle and encapsulation being the technique. A

software module hides information by encapsulating the information into a module or

other construct which presents an interface.

A common use of information hiding is to hide the physical storage layout for

data so that if it is changed, the change is restricted to a small subset of the total

program. For example, if a three-dimensional point (x,y,z) is represented in a program

with three floating point scalar variables and later, the representation is changed to a

single array variable of size three, a module designed with information hiding in mind

would protect the remainder of the program from such a change (Parnas, December

1972).

In object-oriented programming, information hiding (by way of nesting of


types) reduces software development risk by shifting the code's dependency on an

uncertain implementation (design decision) onto a well-defined interface. Clients of

the interface perform operations purely through it so if the implementation changes,

the clients do not have to change.

Steganography and Security

As mentioned previously, steganography is an effective means of hiding data,

thereby protecting the data from unauthorized or unwanted viewing. But stego is

simply one of many ways to protect the confidentiality of data. It is probably best used

in conjunction with another data-hiding method. When used in combination, these

methods can all be a part of a layered security approach. Some good complementary

methods include:

Encryption - Encryption is the process of passing data or plaintext through a

series of mathematical operations that generate an alternate form of the original data

known as cipher text. The encrypted data can only be read by parties who have been

given the necessary key to decrypt the cipher text back into its original plaintext form.

Encryption doesn't hide data, but it does make it hard to read.

2.5 Steganography

A plaintext message may be hidden in one of two ways. The methods of

Steganography conceal the existence of the message, whereas the methods of

cryptography render the message unintelligible to outsiders by various transformations

of the text. A simple form of steganography, but one that is time-consuming to

construct, is one in which an arrangement of words or letters within an apparently

innocuous text spells out the real message. Various other techniques have been used

historically; some examples are the following:


a. Character marking: Selected letters of printed or typewritten text are

overwritten in pencil. The marks are ordinarily not visible unless the paper is

held at an angle to bright light.

b. Invisible ink: A number of substances can be used for writing but leave no

visible trace until heat or some chemical is applied to the paper.

c. Pin punctures: Small pin punctures on selected letters are ordinarily not visible

unless the paper is held up in front of a light.

d. Typewriter correction ribbon: Used between lines typed with a black ribbon,

the results of typing with the correction tape are visible only under a strong light.

Steganography is also the art of hiding the fact that communication is taking place, by

hiding information in other information. It is the art of concealing a message in a

cover without leaving a remarkable track on the original message.

It Pronounced "ste-g&-'n-gr&-fE and Derived from Greek

roots Steganos = covere Graphie = writing

Its ancient origins can be traced back to 440 BC. In Histories the Greek historian

Herodotus writes of a nobleman, Histaeus, who used steganography first time.

The goal of Steganography is to mask the very presence of communication making the

true message not discernible to the observer. As steganography has very close to

cryptography and its applications, we can with advantage highlight the main

differences. Cryptography is about concealing the content of the message. At the same

time encrypted data package is itself evidence of the existence of valuable

information. Steganography goes a step further and makes the cipher-text invisible to

unauthorized users.

The goal of Steganography is to mask the very presence of communication

making the true message not discernible to the observer. As steganography is very
close to cryptography and its applications, we can with advantage highlight the main

differences. Cryptography is about concealing the content of the message. At the same

time encrypted data package is itself evidence of the existence of valuable

information. Steganography goes a step further and makes the cipher-text invisible to

unauthorized users. Two other technologies that are closely related to steganography

are watermarking and fingerprinting. These technologies are mainly concerned with

the protection of intellectual property. But steganography is concern with the hiding of

text in information like image, text, audio, and video.

Type of steganography: There are 4 different types of steganography:

a. Image

b. Audio

c. Video

d. Protocol

2.6 A Brief History of Steganography

The first recorded use of the term was in 1499 by Johannes Trithemiusin his

Steganographia, a treatise on cryptography and steganography, disguised as a book on

magic. Generally, the hidden messages appear to be (or be part of) something else:

images, articles, shopping lists, or some other cover text. For example, the hidden

message may be in invisible ink between the visible lines of a private letter. Some

implementations of steganography that lack a sharedsecretare forms of security

through obscurity, whereas key-dependent steganographic schemes adhere to

Kerckhoffs's principle. (Fridrich et.al 2004)

The advantage of steganography over cryptography alone is that the intended

secret message does not attract attention to itself as an object of scrutiny. Plainly

visible encrypted messages no matter how unbreakablearouse interest, and may in


themselves be incriminating in countries where encryption is illegal (Pahati 2001).

Thus, whereas cryptography is the practice of protecting the contents of a message

alone, steganography is concerned with concealing the fact that a secret message is

being sent, as well as concealing the contents of the message.

Steganography includes the concealment of information within computer files.

In digital steganography, electronic communications may include steganographic

coding inside of a transport layer, such as a document file, image file, program or

protocol. Media files are ideal for steganographic transmission because of their large

size. For example, a sender might start with an innocuous image file and adjust the

color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle

that someone not specifically looking for it is unlikely to notice it.

2.7 Information Hiding Using Steganography

Due to advances in ICT (Inverse Cryptography technology), most of information is

kept electronically. Consequently, the security of information has become a

fundamental issue. Besides cryptography, steganography can be employed to secure

information. Steganography is a technique of hiding information in digital media. In

contrast to cryptography, the message or encrypted message is embedded in a digital

host before passing it through the network, thus the existence of the message is

unknown. Besides hiding data for confidentiality, this approach of information hiding

can be extended to copyright protection for digital media: audio, video, and images

(Artz, 2001).

The growing possibilities of modern communications need the special means of

security especially on computer network. The network security is becoming more

important as the number of data being exchanged on the Internet increases. Therefore,

the confidentiality and data integrity are requires to protect against unauthorized
access and use. This has resulted in an explosive growth of the field of information

hiding.

In addition, the rapid growth of publishing and broadcasting technology also

require an alternative solution in hiding information. The copyright such as audio,

video and other source available in digital form may lead to large-scale unauthorized

copying. This is because the digital formats make possible to provide high image

quality even under multi-copying. Therefore, the special part of invisible information

is fixed in every image that could not be easily extracted without specialized technique

saving Image quality simultaneously. All this is of great concern to the music, film,

book and software publishing industries.

Information hiding is an emerging research area, which encompasses applications

such as copyright protection for digital media, watermarking, fingerprinting, and

steganography. All these applications of information hiding are quite diverse (Cachin,

1998).

(i) In watermarking applications, the message contains information such as owner

identification and a digital time stamp, which usually applied for copyright

protection.

(ii) Fingerprint, the owner of the data set embeds a serial number that uniquely

identifies the user of the data set. This adds to copyright information to makes

it possible to trace any unauthorized use of the data set back to the user.

(iii) Steganography hide the secret message within the host data set and

presence imperceptible. In those applications, information is hidden within a

host data set and is to be reliably communicated to a receiver. The host data set

is purposely corrupted, but in a covert way, designed to be invisible to an

informal analysis. However, this paper will only focus on information hiding
using steganography approach.

The basic model of steganography consists of Carrier, Message and Password. Carrier

is also known as cover-object, which the message is embedded and serves to hide the

presence of the message.

2.8 Basic Steganography Model

Basically message is the data that the sender wishes to remain it confidential. It can be

plain text, cipher text, other image, or anything that can be embedded in a bit stream

such as a copyright mark, a covert communication, or a serial number. Password is

known as stego-key, which ensures that only recipient who know the corresponding

decoding key will be able to extract the message from a cover-object. The cover-

object with the secretly embedded message is then called the stego-object.

Recovering message from a stego-object requires the cover-object itself and a

corresponding decoding key if a stego-key was used during the encoding process. The

Original image may or may not be required in most applications to extract the

message.

2.9 Steganography versus Cryptography

The purpose of cryptography and steganography is to provide secret

communication. However, steganography is not the same as cryptography.

Cryptography hides the contents of a secret message from a malicious people, whereas

steganography even conceals the existence of the message. Steganography must not be

confused with cryptography, where we transform the message so as to make it

meaning obscure to a malicious people who intercept it. Therefore, the definition of

breaking the system is different. In cryptography, the system is broken when the

attacker can read the secret message. Breaking a steganographic system need the

attacker to detect that steganography has been used and he is able to read the
embedded message.

In cryptography, the structure of a message is scrambled to make it meaningless

and unintelligible unless the decryption key is available. It makes no attempt to

disguise or hide the encoded message. Basically, cryptography offers the ability of

transmitting information between persons in a way that prevents a third party from

reading it. Cryptography can also provide authentication for verifying the identity of

someone or something.

In contrast, steganography does not alter the structure of the secret message,

but hides it inside a cover-image so it cannot be seen. A message in cipher text, for

instance, might arouse suspicion on the part of the recipient while an invisible

message created with steganographic methods will not. In other word, steganography

prevents an unintended recipient from suspecting that the data exists. In addition, the

security of classical steganography system relies on secrecy of the data encoding

system. Once the encoding system is known, the steganography system is defeated.

It is possible to combine the techniques by encrypting message using

cryptography and then hiding the encrypted message using steganography. The

resulting stego-image can be transmitted without revealing that secret information is

being exchanged. Furthermore, even if an attacker were to defeat the steganographic

technique and detect the message from the stego-object, he would still require the

cryptographic decoding key to decipher the encrypted message

2.10 Steganography Techniques

Over the past few years, numerous steganography techniques that embed hidden

messages in multimedia objects have been proposed. There have been many

techniques for hiding information or messages in images in such a manner that the

alterations made to the image are perceptually indiscernible. Common approaches are
include:

Least significant bit insertion (LSB)

(i) Masking and filtering

(ii) Transform techniques

a. Least significant bits (LSB) insertion is a simple approach to embedding

information in image file. The simplest steganography techniques embed the

bits of the message directly into least significant bit plane of the cover-image in

a deterministic sequence. Modulating the least significant bit does not result in

human-perceptible difference because the amplitude of the change is small.

b. Masking and filtering techniques, usually restricted to 24 bits and gray scale

images, hide information by marking an image, in a manner similar to paper

watermarks. The techniques performs analysis of the image, thus embed the

information in significant areas so that the hidden message is more integral to

the cover image than just hiding it in the noise level.

c. Transform techniques embed the message by modulating coefficients in a

transform domain, such as the Discrete Cosine Transform (DCT) used in JPEG

compression, Discrete Fourier Transform, or Wavelet Transform. These

methods hide messages in significant areas of the cover-image, which make

them more robust to attack. Transformations can be applied over the entire

image, to block throughout the image, or other variants.

2.11 ORGANISATION REPUTATION

All the adoption model [like TAM, Theory of Planned Behavior [TPB], and the

Theory of Reasoned Action [TRA] were developed for studying technology adoption

in developed countries, however, technology adoption in developed countries might be


different from those of developing countries as the challenges are different in various

contexts [Molla and Licker, 2005]. Considering Technology-Organization-

Environment [T-O-E] framework by Tornatzky and Fleischer, [1990]; three factors are

important for any technology or innovation adoption diffusion process; technology

context, organizational context and environmental context. Technology context

includes both internal and external technologies applicable for the firm.

Organizational context includes resources [capital and human], organizational scope

and size. Environment context includes both the direct and indirect roles of

competitors, industry associations, and the governments. Following this, Tan and Teo,

[2000] adopted organization reputation as one of the factors for determining adoption

of internet banking in Singapore. Their investigation found that organization

reputation of the bank is most important in choosing an Internet banking service in

Singapore. The variety of services offered and familiarity with the bank are also

important criteria. The size of the bank is another consideration.

2.11.1 Central Bank of Nigeria Guidelines on Internet Banking in Nigeria

The CBN recognizes that electronic banking and payments services are still at

the early stages of development in Nigeria. Arising from the three major roles of the

CBN in the areas of monetary policy, financial system stability and payments system

oversight, the CBN Technical Committee on Online-Banking has produced a report,

which anticipates the likely impact of the movement towards electronic banking and

payments on the achievement of CBNs core objectives. Following from the findings

and recommendations of the Committee, four categories of guidelines have been

developed as follows:

i. Information and Communications Technology (ICT) standards, to address

issues relating to technology solutions deployed, and ensure that they meet
the needs of consumers, the economy and international best practice in the

areas of communication, hardware, software and security. These will include

guideline on Technology and Security Standards, Standards for Computer

Networks and Internet, Standards on Protocols, Standards on Application and

System Softwares, Standards on Delivery channels (like Mobile Telephony,

Automated Teller Machines, Internet Banking, Point of Sales Devices,

International Card Schemes, Switches, Internet Service Providers, Electronic

Transfer Funds), Standards on Security and Privacy, Vendors and

Outsourcing.

ii. Monetary Policy, to address issues relating to how increased usage of Internet

banking and electronic payments delivery channels would affect the

achievement of CBNs monetary policy objectives.

iii. Legal guidelines to address issues on banking regulations and consumer rights

protection.

iv. Regulatory and Supervisory, to address issues that, though peculiar to

payments system in general, may be amplified by the use of electronic media.

The Guidelines are expected to inform the future conduct of financial institutions in e-

banking and electronic payments delivery. A detailed report of the Technical

Committee on e-Banking, which resulted in these Guidelines, is available separately.


CHAPTER THREE

SYSTEM ANALYSIS AND DESIGN

3.1 Introduction

After analyzing the requirements of the task to be performed, the next step is to

analyze the problem and understand its context. The first activity in the phase is

studying the existing system and other is to understand the requirements and domain

of the new system. Both the activities are equally important but the first activity serves

as a basis of giving the functional specifications and then successful design of the

proposed system. Understanding the properties and requirements of a new system is

more difficult and requires creative thinking as well as understanding of existing

system is also difficult.

Improper understanding of present system can lead diversion from solution.

3.1.1 Analysis Model

The model that is basically being followed is WATER FALL Model which

states that the phases are organized in a linear order. First of all, the feasibility study is

done. Once that part is over, the requirement analysis and project planning begins. If

system exists as a whole but modification and addition of new module is needed,

analysis of present system can be used as basic model.

The design starts after the requirement analysis is complete and the coding

begins after the design is complete. Once the programming is completed, the testing is

done. In this model the sequence of activities performed in a software development

project are:

i. Requirement Analysis
ii. Project Planning
iii. System Design
iv. Detail Design
v. Coding
vi. Unit Testing
vii. System Integration & Testing

Here the linear ordering of these activities is critical. At the end of the phase,

the output of one phase is the input to other phase. The output of each phase should be

consistent with the overall requirement of the system. Some of the qualities of spiral

model are also incorporated like after the people concerned with the project review

completion of each of the phase the work done.

WATER FALL Model has been chosen because all requirements were known

before and the objective of our software development is the

computerization/automation of an already existing manual working system.


3.1.2 Study of the system

3.1.2.1 GUIS

For flexibility, the User Interface has been developed with a graphics concept in mind,

associated through a browser interface. The GUIS at the top level have been

categorized as:

i. Administrative User Interface.


ii. The Operational/Generic User Interface.

The Administrative User Interface concentrates on the consistent information

that is practically, part of the organizational activities and which needs proper

authentication for the data collection. This interface helps the administration with all

the transactional states like Data Insertion, Data Deletion and Data Updation along

with the extensive Data Search capabilities.

The Operational/Generic User Interface helps the users upon the system in

transactions through the existing data and required services. The Operational User

Interface also helps the ordinary users in managing their own information in a

customized manner as per the assisted flexibilities.

3.2 Existing System

In the existing system of the project we had just e-banking that is usage through

computers, here users can bank through the internet from a personal computer located

at a particular point of place or through a mobile which uses WML (Web Markup

Language); it downloads the contents from the internet.


3.3 Disadvantages of Existing System

As mentioned above we can use both personal computer and the mobile for

banking but the problem here is when we use a personal computer it is required that

the person has to be compulsorily at a place which requires time, he cant carry his

computer with him where ever he go it is a drawback, to overcome with this usage of

internet banking through mobile has been introduced here we can do banking from

any place but the problem here is it completely uses WML for the purpose. When

WML is used it repeatedly has to download every bit of data from the internet which

takes a lot of time, for which mobile E banking by using J2ME has been introduced.

Here we perform e-banking, by this we dont have security.

i. Time constraint is there.


ii. Phishing can be done.
iii. There is no security for the data
iv. Low bandwidth & latency issues
v. High communication costs
vi. Low functionality and fewer capabilities in the mobile devices Security

concerns.

3.4 Proposed System

As the above disadvantages cant be solved with, in this application has been

proposed and also the security will be much improved than the existing system as we

are implementing the special method called Steganography, here we develop a jar file

by using J2ME for banking, a customer here will get a unique ID & Password, once

he dumps the application in to the mobile and after installing he gets the page to get

started with. Here after he enters the ID & Password he gets logged in and he will

have an easily understandable interface where he can have two options i.e. account
details and money transfer. In this process the applications gets interacted not to an

internet server but to the administrator server which makes easy processing and takes

no time.

i. We are using Mobile to perform Transactions. Importance of mobile channel

for E-banking
ii. Proactive and simple alerting services reduces branch/ call center costs
iii. M-banking is expected to account for an increasingly high proportion of

transactions.
iv. Mobile device can be an ideal POS device allowing transactions to be

authorized in many more places than ever before


v. Mobile services are expected to generate access to new business opportunities

& new alliances across business sectors


vi. High market penetration (up to 80% in some countries) and still growing.

Mobile Banking Today

i. Fast data services (GPRS)


ii. Low data transfer costs (e.g. flat rates)
iii. More functionality possible (new devices with better displays and browser

functionality)
iv. Higher Security mechanisms
v. Applications capitalize on the mobile aspects and diversify from existing web

based solutions

3.5 System Design

3.5.1 Symmetric Algorithms

Symmetric algorithms encrypt and decrypt a message using the same key. If you hold

a key, you can exchange messages with anybody else holding the same key. It is a

shared secret. But be careful who you give the key to. Once it gets in the wrong hands,

there is no getting it back. That person can read all of your past messages, and create

new messages that are indistinguishable from valid data.


Several symmetric algorithms have been used in the past. These include:

a. Blowfish

b. DES

c. 3DES (Triple DES)

d. AES

3.5.2 Asymmetric Algorithms

Asymmetric algorithms use a different key to encrypt than they do to decrypt.

The encrypting key is called the public key and the decrypting key is the private key. If

you hold the private key, I can send you a message that only you can read.

These keys will also work in the opposite direction. That is, anything you

encrypt with your private key, I can decrypt with your public key. You can use this to

digitally sign a document. Encrypt it with your private key, and I'll be able to verify

your signature by decrypting with your public key. I have confidence that the message

came from you, because only someone who holds your private key could have

produced a working signature.

There are three asymmetric algorithms in use today:

(i) Diffie-Hellman

(ii) RSA

(iii) Elliptic Curve

Diffie-Hellman is not quite suitable for establishing identity as describe above, but the

other two are. RSA is the most common today, but Elliptic Curve appears to be on its

way to becoming the next standard.

3.5.3 Hash Functions

An asymmetric algorithm is limited in the size of message that it can encrypt


and decrypt. It can't be run over a large message the way that a symmetric algorithm

can. So if I want to use an asymmetric algorithm to sign a message, I have to first

compute a digest, a smaller number based on the larger message. The way I do that is

to run a hash function.

Some hash functions were invented for error detection during transmission. These

hash functions are not suitable for digital signature because they are easily reversible.

Instead, we have devised cryptographically secure hash functions, which produce

hashes that are hard to reverse. In other words, given a hash, it's hard to make up a

document that computes that hash. These hash functions include:

a. MD5

b. SHA 1

c. The SHA 2 family (SHA-128, SHA-192, and SHA-256)

d. The SHA 3 family

MD5 has been found to contain weaknesses, and is therefore no longer recommended

for use. SHA 1 is somewhat stronger, but should still be phased out at this time. SHA

2 is secure, but was invented by the NSA. SHA 3 is secure, and was invented using an

open selection process.

3.6 Image Based Steganographic Systems

The majority of todays steganographic systems uses images as cover media

because people often transmit digital pictures over email and other Internet

communication (e.g., eBay). Moreover, after digitalization, images contain the so-

called quantization noise which provides space to embed data (Westfeld and

Pfitzmann, 1999).

The modern formulation of steganography is often given in terms of the

prisoners problem
(Simmons, 1984; Kharrazi et al., 2004) where Alice and Bob are two inmates who

wish to communicate in order to hatch an escape plan. However, all communication

between them is examined by the warden, Wendy, who will put them in solitary

confinement at the slightest suspicion of covert communication.

Specifically, in the general model for steganography, Alice (the sender) wishing

to send a secret message M to Bob (the receiver): in order to do this, Alice chooses a

cover image C.

The steganographic algorithm identifies Cs redundant bits (i.e., those that can be

modified without arising Wendys suspicion), then the embedding process creates a

stego-image S by replacing these redundant bits with data from M.


Figure 3.1: Steganographic Model.

S is transmitted over a public channel (monitored by Wendy) and is received by Bob only

ifWendy has no suspicion on it. Once Bob recovers S, he can get M through the extracting

process.

The embedding process represents the critical task for a steganographic system since S

must be as similar as possible to C for avoiding Wendys intervention (Wendy acts for the

eavesdropper).

Least significant bit (LSB) insertion is a common and simple approach to embed

information in a cover file: it overwrites the LSB of a pixel with an Ms bit. If we choose

a 24-bit image as cover, we can store 3 bits in each pixel. To the human eye, the resulting

stego-image will look identical to the cover image (Johnson and Jajodia, 1998).

Unfortunately, modifying the cover image changes its statistical properties, so

eavesdroppers can detect the distortions in the resulting stego-images statistical


properties. In fact, the embedding of high-entropy data (often due to encryption) changes

the histogram of colour frequencies in a predictable way (Provos and Honeyman, 2003;

Westfeld and Pfitzmann, 1999)Since standard steganographic systems do not provide

strong message encryption, recommend to encrypt M before embedding. Because of this,

there are two-steps protocol: first must cipher

M (obtaining M) and then embed M in C.

In the next chapter a new method able to perform steganography providing strong

encryption with the use of Pythagorean Triple Algorithm.

3.7 Software Requirement Specification

Purpose: The main purpose for preparing this document is to give a general insight into

the analysis and requirements of the existing system or situation and for determining the

operating characteristics of the system.

Scope: This Document plays a vital role in the development life cycle (SDLC) and it

describes the complete requirement of the system. It is meant for use by the developers

and will be the basic during testing phase. Any changes made to the requirements in the

future will have to go through formal change approval process.

The developer is responsible for:

i. Developing the system, which meets the SRS and solving all the requirements of

the system?
ii. Demonstrating the system and installing the system at client's location after the

acceptance testing is successful.


iii. Submitting the required user manual describing the system interfaces to work on it

and also the documents of the system.


iv. Conducting any user training that might be needed for using the system.
v. Maintaining the system for a period of one year after installation.

3.8 User Requirements

User name and Password for the website for the purpose of banking issued by the

administrator.

A mobile phone with GPRS access.

Sim card from any network which supports WAP.

3.9Software Requirements

i. Language: JAVA
ii. Front End: J2ME
iii. Back End: My SQL
iv. Web Server: Apache Tomcat
v. Build Tools: Apache ANT
vi. Testing Tool: J2ME unit test
CHAPTER FOUR

SYSTEM IMPLEMENTATION AND PERFORMANCE EVALUATION

4.1 SYSTEM IMPLEMENTATION

This section explains the activities carried out in the implementation stage. The

end product of this project at this stage was a first aid system fully supported on web and

mobile SMS platform to provide information to the public. This phase also involved the

construction of the new system and the delivery of that system into production.

The system implementation phase of a software system entails all procedures that are

carried out to put the computerized system into use. It is the process of describing

component, service and technology of the solution from the perspective of developments

required. There are different ways by which system implementation may be carried out.

It could be a total changeover or parallel implementation. The method adopted is

determined by the nature of the system, the cost that will be involved in changeover, time

required, Quality of new system, using the modern architecture to solve the searching

problem.

System implementation phase include the following procedures;

i. Mobile information store in the database

ii. Searching ability and security facility using cryptography

iii. System testing


The user interface is the link between the human user and the computer system. It

includes screens, reports and documentation. Simply, the user interface in any part of the

system the user comes in contact with. The solution must be attractive and user friendly.

4.2.1 THE USERS OF THE SYSTEM

The users of this system are the End-user and the Administrator.

4.3 REPORT DESIGN

The report generated from this system design are: The report on mobile data,

Security mobile detection system.

4.4 SCREEN DESIGN

The screen design of this system has been putting into consideration all design

techniques and programming application. The screen is restful to at without dramatic

color combination or large number of flashing signals. The screen design is consistent and

contains only relevant information; it is self-sufficient and self-explanatory as a result of

the graphical user interface technology. It is complemented with error-handling

mechanisms which handles errors perfectly. The screen layout is made up of menus to

facilitate easy usage of the application and to access the command and tool contained in

the application, control, from, image and icons.


4.5 INTERACTION STYLE

The interaction style used in this new application in user-friendly involves direct

manipulation where the correspond tasks to be carried out.

4.6 HARDWARE REQUIREMENT

The Hardware requirement for the system include the following

1. Phone Memory: memory storage with 66mtz or higher, 2gb RAM required.

2. Memory: 16MB of RAM from windows 200 or later (at least 32MB recommended)

information.

3. Display: VGA or higher resolution monitor, super VGS recommended

4. Internal Storage: At least 2 GB hard required.

4.7 SOFTWARE REQUIREMENT

i. Windows 7 operating system

ii. Internet explorers or any other browser

iii. The system must be configured to send report via email to specified location. They

can be sent monthly or at the end of the year.

iv. MS Access database: the back end functionality of the proposed system.

v. Conductivity to the database must be through SQLite (Structural Query

Language).
vi. Java Programming Language required to develop and run the application.

4.8 SECURITY REQUIREMENTS

i. The database must be acceptable by unauthorized individuals

ii. All password and fingerprints template stored in the database must be hashed.

iii. Only the administrator or the end-user can view the most important aspect of this

application.

4.9 USER GUIDE

The required use components are:

i. User manual

ii. Online help

iii. Online tutorials

The user interface of the system is a web user interface. A proficient user of the internet

will find the user interface self-explanatory.

4.10 TRAINING

The development software application has been done using design principle of

software development. It is design a consistent manner and users if the system can

easily identify with the functionalities of the system.


4.11 REVIEW AND MAINTENANCE

Operational software will need to be constantly reviewed and in maintained in

order to ensure that the software still meet its initial objectives.

The system would also need to be reviewed and maintained periodically for the

following reason:

1. To ascertain that the system is able to cope with changing requirement of the system

as well as the user

2. To ensure that the requirements are met and to ensure that there is enough capacity

to modify the existing requirement

3. To deal with problem that many arise in operations.

Maintenance activities of a software system would be divided into:

i. Corrective Maintenance

ii. Adaptive Maintenance

iii. Perfective Maintenance

The corrective Maintenance for the project would require running the codes and

locating errors that may result well as correcting the errors. Adaptive maintenance would

ensure that the developed system can be easily adjusted and up graded into newer

environment as well as accommodate changes in software and hardware requirement. The


system developed would run on any windows operating hardware platform with the

software requirements stated above.

The preventive maintenance on this system includes proper documentation of all

stages involved as well as the component. The documentation includes the comments in

the program codes as the user guide. Other forms of maintenance are handling of the

system component which include the power supply, memory, hard drive and input

devices.

In addition, newer version of application software should prompt the upgrade of

the system. A backup of the database should be carried out by the database administrator.
CHAPTER FIVE

CONCLUSION AND RECOMMENDATIONS


5.0 Conclusion

This project is a short introduction to the world of mobile internet banking security

using Steganography. It shows how the simplest methods work and how they can be

explored. It uses symmetric encryption algorithm to provide more security. Research in

this field has already begun. Next to Steganography, one of the most active fields of

research is mass detection tools for hidden contents. This research project has exposed a

lot, especially about bit operations and different encryption technique. This project is

interesting from the start and only got more interesting as it went on developing. It

became more interested in the subject the more we researched it. It learnt that while

implementing Image Steganography is important, thinking of how to detect and attack it

and the methods to do so are far more complex than actually doing the Steganography

itself. There is a lot of research that is beginning to discover new ways to detect

Steganography, most of which involves some variation of statistical analysis. It is

interesting to see what other methods will be developed and how accurate they will be at

detecting Steganography.
5.1 Recommendations

In todays world, we often listen to a popular term Hacking. Hacking is nothing but an

unauthorized access of data which can be collected at the time of data transmission. With

respect to Steganography, Steganography may be some of the future solution for this

above mentioned problem. In the near future, the most important use of Stenographic

techniques will probably be lying in the field of digital watermarking. Content providers

are eager to protect their copyrighted works against illegal distribution and digital

watermarks provide a way of tracking the owners of these materials. Although it will not

prevent the distribution itself, it will enable the content provider to start legal actions

against the violators of the copyrights, as they can now be tracked down.

We hope to add support to hide all file formats. This allows for a much broader

spectrum of uses: one would be able to encode .exe, .doc, .pdf, .mp3, etc. The program

would be more versatile because often hiding text just isnt enough.

We also would like to implement batch image processing and statistical analysis so

that we can run the program through a dataset of images and detect Steganography and

perhaps crawl through Google Image Search to see how prevalent Steganography is. We

eventually plan to port the program to use java other programming language so that we

may take advantage of bit-fields in C and learn to code in C# as well.


REFERENCE
Artz .C (2001). Digital Steganography: Hiding Data within Data, IEEE Internet
Computing, pp.75-80
Cachin .C (1998). An Information - Theoretic Model for Steganography, in proceeding
2nd
Information Hiding Workshop, vol. 1525, pp. 306-318
Cohen, F (1990). A short history of cryptography. Retrieved May 4, 2009,
from http://www.all.net/books/ip/Chap2-1.html
Chaum - Editor Advances in Cryptology, Aug, 1983, 117-156, 359-392, Plenum Press.
Advances in Cryptology, Aug, 1984, and Advances in Cryptology, Aug,
1985.Cryptography. Retrieved July 4, 2015, from
http://www.newworldencyclopedia.org/entry/Cryptography
DomenicoBloisi and Luca Iocchi (2013). Image Based Steganography and
Cryptography, Dipartimento di Informatica e SistemisticaSapienza University
of Rome, Italy
Fridrich, J., Goljan, M., and Hogea, D. (2002). Steganalysis of jpeg images: Breaking
the f5 algorithm. In Proc. Of In 5th International Workshop on Information
Hiding.
Fridrich, Jessica, Goljan .M, and Soukal .D (2004). "Searching for the Stego Key".
Proc.SPIE,Electronic Imaging, Security, Steganography, and Watermarking of
Multimedia Contents VI 5306: 7082. Retrieved 23 January 2014.
Gabriel J.A, (2015). A Multivariate Polynomial-Based Post Quantum Crystographic
System for Security of Information over Enterprise Network pp 70-72
Gabriel J.A., Alese B.K., Adetunmbi A.O. and Adewale O.S. (2013). PostQuantum
Crystography: A combination of Post-Quantum Cryptography and steganography.
In proceedings of the 8th International Conference for Internet Technology and
Secured Transaction (ICITST-2013), technically Co-sponsored by IEEE UK/RR
computer Chapter, 9th 12th December 2013, London, UK, pp 454-457.
Grady Booch, Object-Oriented Analysis and Design with Applications, .Addison-
Wesley, 2007, ISBN 0-201-89551-X, p. 51-52
Highland .H, (December, 1986) Bits and Bytes, IFIP-TC11, Computers and Security
Johnson, N. F. and Jajodia, S. (1998). Exploring steganography: Seeing the unseen.
Computer, 31(2): p2634.
Jonge and Chaum, Attacks on Some RSA Signatures, Advances in Cryptology -
proceedings of Crypto-85, pp18-27, 1985, Springer-Verlag, New York, N.Y.
Kerckhoffs, A. (1883). La cryptographiemilitaire. Journal des Sciences Militaries,
9th series(IX):538.
Kharrazi, M., Sencar, H. T., and Memon, N. (2004). Image steganography: Concepts
and practice. In WSPC Lecture Notes Series.
Menezes, A., van Oorschot, P., and Vanstone, S. (1996). Handbook of Applied
Cryptography. CRC Press.
New World Encyclopedia (2007).
Pahati, OJ (2001-11-29). "Confounding Carnivore: How to Protect Your Online
Privacy".AlterNet. Archived from the original on 2007-07-16. Retrieved 2008-
09-02.
Parnas D.L.(December1972)."On the Criteria to Be Used in Decomposing
Systems intoModules"
Pawlan, M. (1998, February). Cryptography: the ancient art of secret messages. Retrieved
May 4, 2009, from http://www.pawlan.com/Monica/crypto
Provos, N. and Honeyman, P. (2003). Hide and seek: An introduction to steganography.
IEEESECURITY & PRIVACY.
Rubin, J. (2008). Vigenere Cipher. Retrieved May 4, 2009, from
http://www.juliantrubin.com/encyclopedia/mathematics/vigenere_cipher.html
Scott, Michael L. (2009). Programming Language Pragmatics(Third Ed.). Morgan
Kaufmann Publishers. ISBN 978-0-12-374514-9.
Shannon, C. E. (1949). Communication theory of secrecy system. Bell Syst. Tech. J.,
28: 656715.
Simmons, G. J. (1984). The prisoners problem and the subliminal channel. In
Advances in Cryptology: Proceedings of Crypto 83, pages 5167. Plenum
Press.
Taylor, K. (2002, July 31). Number theory 1. Retrieved May 4, 2009, from
http://math.usask.ca/encryption/lessons/lesson00/page1.html
William Stallings (2006). Cryptography and Network Security Principles and practice
Fifth edition, 2006 Pearson Education, Inc., publishing as Prentice Hall. ISBN 10:
0-13-609704-9, ISBN 13: 978-0-13-609704-4. Page 7 57.
Westfeld, A. and Pfitzmann, A. (1999). Attacks on steganographic systems. In
Proc.Information Hiding 3rd Intl Workshop, pages 6176.
Westfeld, A. (2001). F5-a steganographic algorithm: High capacity despite better
steganalysis. In Proc. 4th IntlWorkshop Information Hiding, pages 289302.
Whitman, M. &Mattord, H. (2005). Principles of information security. [University of
Phoenix Custom Edition e-text]. Canada, Thomson Learning, Inc. Retrieved May 4,
2009, from University of Phoenix, resource, CMGT/432