Innovation Project Design (MCA 215)

Data Security using Extended ECS

Section 1: Administrative Details:

Batch : 2018-21

Mentor’s Name : Mr.Deepak Garg

Mentor’s Affilition : Assistant Professor National Institute of Technology Kurukshetra

Students Details :

S.NO. Name Roll No.

1 Shishupal Sidar 51810020
2 Gourav Chandel 51810088

Broad Subject Area: Data Security Using Extended ECS (Encryption, Compression, Steganography).

Signature of Supervisor

1. Abstract:-
In today’s scenario where everything is internet
based, data security is on high demand. Data is
considered as a crucial asset and is required to be
protected. Data Security includes
confidentiality, integrity, authenticity and much
more. Despite of several approaches to data
security such as encryption, compression,
steganography, data is still prone to potential
security threats. The major reason identified is the
shortcomings of these individual techniques when
certain factors are taken into account.
Cryptography ensures security but it comes at cost
in terms of time and space. Compression
techniques encrypts data and saves disk space but
these compressed files can easily be uncompressed
by attackers. Steganography a technique which
hides data instead of encrypting it with its merits
and demerits. In this report, approaches for data
security (Encryption, Compression,
Steganography) and their potential advantages and
disadvantages are studied in detail. A comparison
of these approaches have been surveyed. And
Proposal is given to use these 3 approaches
collectively as ECS Data Security System with
taking good features of approaches, Evaluating
ECS and extending ECS.
2. Keywords:-
Data Security, Compression,
Cryptography, Decryption,
Encryption, Steganography.
3. Introduction (Motivation):
Data security is the act of protecting data from
uncertified access. Any type of information
data transferred over the internet has a possibility of
being misused. Hence various techniques such
as cryptography, compression, steganography
is used to safeguard data from threat while
sharing it over Internet. Cryptography is a
technique that make use of mathematics for
data security. It works by jumbling plaintext
into cipher text, then back again. To encrypt
data, two keys either symmetric (encryption
and decryption is done using same key) and
asymmetric (encryption and decryption is done
using public and private key respectively) key
algorithms Steganography is a method that
conceals the message in a way it cannot be
seen by a unauthorized person. It hides the fact
that a secret message is being transmitted
Compression is a method that reduces the
number of bits occupied. It works by
eliminating redundancy in data. It ensures
lesser storage, minimum cost and requires less
amount of time to transfer a file over network.
Cryptography provides number of security goals to
ensure of privacy of data, on-alteration of data and
so on. The idea of encryption and encryption
algorithm by which we can encode our data in
secret code and not to be able readable by hackers
or unauthorized person even it is hacked. The main
reason for not using encryption in email
communications is that current email encryption
solutions and hard key management.
Different encryption techniques for promoting the
information security. The evolution of encryption
is moving towards a future of endless form of
possibilities. As it is impossible to stop hacking,
we can secure our sensitive data even it is hacked
using encryption techniques and which protecting
the information security. In this report we present a
survey on cryptographic techniques based on some
algorithm and which is suitable for many
applications where security is main concern.
Steganography are used to send secret messages.
Steganography is an art of writing hidden messages
in such a way that no-one apart from the sender
and intended recipient even realizes that there is a
hidden message. This is a distinguish advantage
between steganography and other methods. For an
example, in the case of encryption, eavesdropper is
aware of the existence of secret message by
observing the encrypted message.
web applications, as well as the availability of
servers, cloud resources, data storage devices, and
other networking components. F5 is headquartered
in Seattle, Washington, with additional
development, manufacturing, and sales/marketing
offices worldwide.
Dynamic application security testing: (DAST)
tool is a program which communicates with a web
application through the web front-end in order to
identify potential security vulnerabilities in the web
application and architectural weaknesses. It
performs a black-box test. Unlike static application
security testing tools, DAST tools do not have
access to the source code and therefore detect
vulnerabilities by actually performing attacks.

Applications security tools for speed, ease-of-

4. Application:-
use, accuracy, and scalability:- Instant feedback
and ease of use are critical. Aspect tools need to be
Web application security:The branch of
usable by people in development and operations
information security deals specifically with
without any security experience. Any inaccuracy
security of websites and web services. At a high
will require an expert to resolve, and experts don’t
level, web application security draws on the
scale.
principles of application security but applies them
specifically to internet and web systems.
Protect against attacks:- Application attack
protection isn’t just for defense against known
Mobile security: Mobile security more
attacks, it provides a fast and flexible way to block
specifically mobile device security, has become
novel attacks that emerge. Legacy web application
increasingly important in mobile computing. Of
firewalls (WAF) create network architecture
particular concern is the security of personal and
complexity and aren’t very accurate. Fortunately,
business information now stored on smartphones.
runtime application self-protection (RASP) is
gaining wide adoption for its flexible deployment
F5 Networks: Global company that specializes in
and impressive accuracy.
application services and application delivery
networking (ADN). F5 technologies focus on the
delivery, security, performance, and availability of
 5. Benefits
1. Theoretically more secure
2. Overriding individual demerits
3. Faster approaches.
6. Challenges Involved
Big data security challenged involved that
should be considered:
1. Distributed frameworks: Most big
data implementations actually distribute
huge processing jobs across many systems
for faster analysis. Hadoop is a well-
known instance of open source tech
involved in this, and originally had no
security of any sort. Distributed processing
may mean less data processed by any one
system, but it means a lot more systems
where security issues can crop up.
2. Non-relational data stores: Think
NoSQL databases, which by themselves
usually lack security (which is instead
provided, sort of, via middleware).
3. Storage: In big data architecture, the
data is usually stored on multiple tiers,
depending on business needs
performance vs. cost. For instance, high-
priority “hot” data will usually be stored
on flash media. So locking down storage
will mean creating a tier-conscious
strategy.
4. Endpoints: Security solutions
draw logs from endpoints will need to
validate the authenticity of
endpoints, or the analysis isn’t going to do
much good.
5. Real-time security/compliance tools:
These generate a tremendous amount of
information; the key is finding a way to
ignore the false positives, so human talent
can be focused on the true breaches.
6. Data mining solutions: These are the
heart of many big data environments; they
find the patterns that suggest business
strategies. For that very reason, it’s
particularly important to ensure they’re
secured against not just external threats,
but insiders who abuse network privileges
to obtain sensitive information – adding
yet another layer of big data security
issues.
7.Parameters:-
1 key length :tells the key size used in
different algorithm that may be fixed or
variable.
2 Encryption type : tells whether the
algorithm is using same key from
encryption and decryption or not i.e. it is
symmetric or asymmetric encryption.
for 3 Security rate : determines which
algorithm amongst the four(aes, rsa,
elliptic curve, aes) studied is the most
secure.
4 Execution time : determines the
encryption time.
that 8.Current Status and development
Completed the encryption and decryption of
those a file using Play fair encryption technique,
RSA asymmetric encryption technique,
compression using RLE compression
techniques.
 Table2: RSA vs ECC vs ELGAMAL

9.Comparative Analysis Hashing functions & Comparison:

Table 1: Symmetric V/S Asymmetric key Features RSA ECC ELGAMA

ciphers L
Security Based on Based on based on
difficult theory of difficulty of
y of elliptic computing
factoring functions discrete
large logarithms.
Features Symmetric key Asymmetric key integers
Numbers of a single key is a pair of public Base Large Elliptic Logarithmic
keys required to be keys and a Prime Function functions
shared private key is Number s
used Encryptio 37 7098 8242
Security Same key is shared Eliminates the n (ms)
hence is prone to need of key keysize-
data threat sharing due to 256
the concept of
public private Decryptio 37 37 3932
keys n (ms)
Time It takes less time for Use of separate keysize-
complexity execution as only keys for 256
single key is used operations makes Key 1957 895 6451
it a time- generation
consuming time for
process. key-size
Lack of both the operations canSince
be carried
both out
the pretty 256
delay in quickly due to its simplistic
operations
natureare
Execution done by two
separate keys, it
makes it a slow
procedure.
Need of keys here, we have n (n − for n users, we
1) /2 keys. This is O have 2(n) keys,
(n2) keys. which is
O(n) keys.
Specific key 1 randomly 1 have special
features generated k-bit structure (e.g.,
strings are large primes)
2 Simple to generate 2 are expensive
3 have no special to generate.
properties.
Length of Execution is faster Key length can
key due to small length be up to 1024
of key bits hence
process of
encryption-
decryption is
slower

Comparisons:
 Table 4: Comparison & Conclusion on
Cryptography Features MD5 SHA 1
Output 128 bits 160 bits
length
Featur Hashing Symmetric Asymmetr
Required 264 operations (4 280 operations (4
es function ic
attempts rounds * 16 steps) rounds * 20
Requir 0 1 2 to try steps)
ed No. and find
of keys two
Approv 256 bits 128 bits 2048 bits messages
ed key providin
length g the
by same
NIST output
Often SHA AES RSA value
used
Key N/A Pose Secured Required 2128 operations 2160 operations
sharin problems and easy attempts
g to try
Effect N/A Sender and Loss is and find
of key receiver only for original
compro both bears owner of message
mise lose asymmetri correspo
c key nding to
Speed Fast Fast Slow output
Compl Medium Medium High Speed Faster Slower
exity Chain 4 (a-d) 5 (a-e)
Examp Sha 224, AES, DES RSA, variables
les Sha 256, Elgamal, Mathem a = b + ((a + Process a= (e + Process
ECC atical p (b, c, d) +M[i] P +S5 (a) + W
expressio +T[k]) <<<s), b=b, [t] + K[t]), b= a,
n in each c=c c= s 30 (b), d=c,
round d=d e= d
Attacks Collision attack SHAttered
attack 

Table 3: MD5 vs SHA1

12 Limitations of existing works: computer and communication system from
unapproved revelation and change, dependable
None of the current projects implemented
compression along with cryptography and non-intercept able means for information storage
steganography. Our project can take advantages of and transmission must be adapted.
all such approach and improve performance in
In the most recent couple of years we have
more security and speed.
seen imposing advances in computerized and
versatile communication innovations, for example,
13 Problem Statement:- cordless and cell phones, individual
communication system, Internet association
To design a hybrid system using encryption,
compression and steganography that is able to development, and so on. The huge majority of
secure the data at the client side without taking advanced data used in all application is properly
demerits of individual approach evaluate and
stored and furthermore processed inside a
extend performed.
computer system, and afterward exchanged
Goal between PCs by means of fibre optic, satellite, as
To maintain the confidentiality, integrity and well as Internet. In every one of those new
availability of data in this ECS system. situations, secure data transmission and capacity
Objectives has a fundamental significance in the global data
framework, particularly, to support electronic
1. To develop ECS security system that can
safeguard the data. business and other security related administrations.
Under such a dynamic situation, the absolute most
2. Evaluate Performance Parameters of ECS
famous applications in the space of data security
and Extended its performance to be fast and
more secure. incorporate.

In our Information Age, the requirement for

• Secure email
ensuring data is more articulated than any time in
• Virtual Private Networks
recent memory. Secure communication for the
• Client-Server exchanges
delicate data isn't compelling for military or
• Electronic Financial exchanges
government organization but in addition for the
• E-money
business division and private people. The trading
• World Wide Web
of delicate data over wired and additionally remote
• Grid Computing
Internet, for example, bank exchanges, credit card
Numerous multinational firms now offer security
numbers furthermore, media transmission
items utilizing cryptographic calculations. Those
administrations are as of now normal practices. As
items are being used by military or government
the world turns out to be more associated, the
associations what's more, they assume an essential
reliance on electronic administrations has moved
part in secure interchanges between people, little
toward becoming more articulated. With a specific
what's more, substantial business parties. In this
end goal to ensure significant information in
manner, present day encryption is constantly brittle
in some sense. Mainly, we can continue guessing
keys until the point when we get an intelligible
message out of it. Since keys are ordinarily
significantly small than the plain text they are
utilized to encode; for data theoretic reasons just a
single possible key we may pick will be intelligible
with high chances. This is the reason because of
which security in current cryptography is estimated
in the measure of calculation it would take to
translate the message. Shockingly, software
engineering is terrible at demonstrating how much
calculation is required to take care of issues. There
isn't a solitary encryption calculation that has been
demonstrated to take huge calculation to break.
Infact, having the capacity to demonstrate this
would be a noteworthy leap forward for software
engineering/arithmetic.
So there we have it, present day cryptography is
constantly weak with enough calculation and we
have no verifications that any encryption method
even take much calculation to break.
14 TECHNIQUES
1 Techniques
1. Play Fair Symmetric Encryption
2. RSA asymmetric Encryption
3. RLE Compression
4 Image Steganography
2 Language
JAVA
15 Design of Proposed Solution
Block Diagram
Cyptography
(RSA/
Playfair/Columnar)
Steganography
(Image)
Compression
(RLE/LZW)
Figure 5 Proposed Extended ECS (Extended
Compression Steganography)
16 Timeline
Semester 3: during the course of third semester,
we will build a theoretical model of the project.
Gather required knowledge , information
resources, and other necessary information related
to the project.
Semester 4: in the time line of fourth semester, we
will build a rough working model of the idea.
Further, we will take suggestions our metor for
improvements and betterment of the project.
Semester 5: in the last semester, we will please
and implement the final working version of the
application with all the improvement and fixes.
References
[1] Izhar S., Enhancement in Data Security
using Cryptography and Compression. In:
International Conference on Communication
Systems and Network Technologies, pp 212-
215(2017)
[2] Menon, N., A Survey on Image
Steganography IEEE International Conference
on Technological Advancements in Power and
Energy (TAP Energy) (2017).
[3] Rajani.T., Importance of Cryptography in
Network Security. In International Conference
on Communication Systems and Network
Technologies, pp 462-467(2013).
[4] Agoyi, M: Sms Security: An Asymmetric
Encryption Approach. In Sixth International
Conference on Wireless and Mobile
Communications, pp 448-452(2010)
[5] Gaba, J., Sharma, M.k.: A Review Based
Study of Hybrid Security Schemes Based on
Compression, Encryption and Steganography.
In: International Journal of Engineering Trends
and Technology, vol. 4(7), pp. 3243-3246
(2013)
[6] Ibrahim, A.M.A., Mustafa, M.E. :
Comparison Between (RLE And Huffman)
Algorithmsfor Lossless Data Compression. In:
International Journal of Innovative Technology
and Research, vol. 3(1), pp. 1808-1812(2015)
[7] Maan, A.J. :Analysis and Comparison of
Algorithms for Lossless Data Compression. In:
International Journal of Information and
Computation Technology, vol. 3(3), pp. 139-
146(2013)
[8] SearchStorage. (2019). What is data
compression? - Definition from WhatIs.com.
[online] Available at:
https://searchstorage.techtarget.com/definition/
compression [Accessed 25 Mar. 2019].
[9]Anon,(2019).
[online]Available_at:https://www.researchgate.
net/publication/273011398_A_Secure_Data_C
ommunication_System_Using_Cryptogaphy_A
nd_Steganography [Accessed 24 Mar. 2019].
[10]En.wikipedia.org.(2019). Decoding_metho
ds.
[online]Available_at:https://en.wikipedia.org/w
iki/Decoding_methods [Accessed 25 Mar.
2019].
[11]En.wikipedia.org.(2019). Steganography.
[online] Available at:
https://en.wikipedia.org/wiki/Steganography
[Accessed 25 Mar. 2019].
[12] Workshops, C., Hiding, I., Pfitzmann, A.,
Information Hiding, P., Science, L.,
Mittelholzer, T., Watermarking., A., Shin, N.,
Steganography., O., Franz, E., Pfitzmann, A.,
Cover-Stego-Attacks., S., Fridrich, J., Du, R.,
Images., S., Westfeld, A., Pfitzmann, A.,
Systems., A., Smith, J., Dodge, C.,
Steganography., D., Furon, T., Duhamel, P.,
Technique., A., Craver, S., Detection., Z.,
Adelsbach, A., Pfitzmann, B., Sadeghi, A.,
Content., P., Guth, H., Pfitzmann, B. and Data.,
E. (2019). dblp: 3. Information Hiding 1999:
Dresden, Germany. [online] Dblp.uni-trier.de.
Available at: https://dblp.uni-
trier.de/db/conf/ih/ih99 [Accessed 25 Mar.
2019].
[13] En.wikibooks.org.
(2019). Steganography/Covers - Wikibooks,
open books for an open world. [online]
Available at:
https://en.wikibooks.org/wiki/Steganography/C
overs#Audio [Accessed 25 Mar. 2019].
[14] En.wikibooks.org.
(2019). Steganography/Covers - Wikibooks,
open books for an open world. [online]
Available at:
https://en.wikibooks.org/wiki/Steganography/C
overs#Photos [Accessed 25 Mar. 2019].
[15] En.wikibooks.org.
(2019). Steganography/Covers - Wikibooks,
open books for an open world. [online]
Available at:
https://en.wikibooks.org/wiki/Steganography/C
overs#Text [Accessed 25 Mar. 2019].