Вы находитесь на странице: 1из 30

INTRODUCTION

1) Objective & Scope of the Project


In today’s dynamic and information rich environment, information systems have become
vital for any organization to survive. With the increase in the dependence of the organization
on the information system, there exists an opportunity for the competitive organizations and
disruptive forces to gain access to other organizations information system. This hostile
environment makes information systems security issues critical to an organization. Current
information security literature either focuses on unreliable information by describing the
information security attacks taking place in the world or it comprises of the technical
literature describing the types of security threats and the possible security systems.
2) Abbreviations-
Steganography-
It is the process where data needs to be hidden from the third party via encrypting or
embedding data in an image, video or audio. In image stegenography encrypt the data
in image of specified format.
Encryption-
Encryption is the process of transforming information (referred to as plaintext) using
an algorithm (called cipher) to make it unreadable to anyone except those possessing
special knowledge, usually referred to as a key. The result of the process is encrypted
information
Decryption-
The process of disguising information as “cipher text,” or data unintelligible to an
unauthorized person. Conversely, decryption, or decipherment, is the process of
converting cipher text back into its original format. Manual encryption has been used
since Roman times, but the term has become associated with the disguising of
information via electronic computers.

3) Theoretical Background
Steganography is not actually a method of encrypting messages, but hiding them within
something else to enable them to pass undetected. Traditionally this was achieved with
invisible ink, microfilm or taking the first letter from each word of a message. This is now
achieved by hiding the message within an Image, Graphics or Sound file. For instance in a

1
256- Greyscale image, if the Least Significant Bit(LSB) of each byte is replaced with a bit
from the message then the result will be indistinguishable to the human eye. An
Eavesdropper will not even realize a message is being sent. This is not Cryptography
however, and although it would fool a human, a computer would be able to detect this very
quickly and reproduce the original message. In the case of using this technique of hiding the
data with an image file, the visibility of the image, resolution or clarity is not being affected.
The hidden data can be of length in size. To the Hacker, only the image is make going to be
visible when previewed and not a trace of the hidden data.
The word Steganography literally means covered writing as derived from Greek and includes
a vast array of methods of secret communications that conceal the very existence of the
message. THE `PERCEPTION MANAGERS' and their `patriotic' paparazzi of the West
seem to have shifted gears from singing paeans of technology to sowing suspicions about its
possible misuse by the Al Queada, Tailbone and their ilk! The word `Steganography' should
Henceforth be bandied about more for its sinister implications on the security of the civilized
world. In June this year, USA Today reported that the encrypted blueprints of the next
terrorist attack on the U.S. and its allies may lie hidden behind the X-rated pictures on several
pornographic web sites and the posted comments on sports chat rooms.

4) Definition of Problem
With Steganography `Stego Analysis' is the natural offshoot. Stego Analysis provides means
to detect and destroy steganographic messages. Any image can be manipulated with the intent
of destroying some hidden information whether an embedded message exists or not.
However, they suggest that detection should precede destruction to target such hidden
messages, which are not just innocuous copyright or ownership related info (known as
`digital watermarks'). Detection may also save wasted effort Steganography and
cryptography.
Steganography is different from cryptography. Cryptography uses encryption to change the
contents of digitized files using some known algorithm into something totally different. The
same algorithm can be used to restore it to its original form. Steganography does not alter the
message in any way. It simply hides it. To make detection almost impossible, encrypted
messages can be hidden using Steganography.
Example: Dead drops

2
`Dead drop' is a Cold War-era slang connoting a place where spies left information. Cops and
security experts feel that the Internet provides virtually limitless supply of `dead drops'.
Officials and experts say the messages scrambled using free encryption programs set up by
groups that advocate privacy on the Internet are hidden in an existing images on selected web
sites. The e-mails and images can only be decrypted using a `private key' or code, selected by
the recipient. Thus you very well could have a photograph and image with the time and
information of an attack, say on an International airport, sitting on your computer, and you
would never know it! Unlike the good old `dead drop' the Internet, is proving to be a much
more secure way to conduct clandestine warfare.

3
REQUIRMENT ANALYSIS

1) User Requirements
1) User friendly GUI.
2) A key must be used to encrypt the data with image.
3) The key must be user defined.
4) Image distortion should be minimum.
5) Efficient algorithm should be used that is fast enough and use minimum resources.
6) Login must be placed at the starting.

2) Use- Case Diagrams


Sender

Select File

Sender
Embed File

Login

Figure 1

4
Receiver

Login

Reciever De-Embed File

Save the File

Figure 2

5
3) Use Case Description

Use case 1
i) Use Case Name : Embedded
ii) Actor : Sender
iii) Flow of Event : The user-selected image file will be
embedding with inserted message.
iv) Entry Condition : User must select the one image file and
one message for embedding
v) Exit Condition : Successful or Un Successful Embedding
process
vi) Quality Requirements :` Display proper error messages while

Use case 2
i) Use Case Name : De-embedded
ii) Actor : Receiver
iii) Flow of Event : The user-selected Image file will be de-
embedding to image file.
iv) Entry Condition : User must select the Image file for de-
embedding.
v) Exit Condition : Successful or Un Successful De-
embedding of file.
vi) Quality Requirement : Display proper error messages while De-
embedding.

6
System Requirements Specifications

1) Methodology adopted- Architecture Diagram

Figure 3

2) Details of Hardware
1) Processor : Pentium IV with 800 MHz Clock Speed
2) RAM : 256MB
3) Hard Disk : 20GB
3) Software used
1) Operating System : Windows XP
2) Front Hand : Java JDK 4.6, Swings
3) Back Hand : Oracle 10g
4) IDE : Netbeans 6.5
5) Designing : Rational Rose Enterprise Edition

7
System Design
1) Class Diagram

Figure 4

8
2) Sequence Diagram
Sender

Login : Login Encryption :


Sender : Sender
Encrytion
Login( )

Requeststatus()

ValidUser()

SelectImage()

EnterKey()

encrypt()

SaveFile()

Figure 5
Receiver

Login Decrpyt
Reciever : Reciever
Login()

RequestStatus()

ValidUser()

SelectImage()

EnterKey()

Decrypt()

save file()

Figure 6

9
3) Activity Diagram
Sender

Sender

Select File

Enter Key

Encrypt

Save File

Figure 7

10
Receiver

Receiver

Enter Key

Decrypt File

Save File

Figure 8

11
Implantation
1) Data Structure Used

A) BigInteger: - Immutable arbitrary-precision integers. All operations behave as if


BigIntegers were represented in two's-complement notation (like Java's primitive
integer types). BigInteger provides analogues to all of Java's primitive integer
operators, and all relevant methods from java.lang.Math. Additionally, BigInteger
provides operations for modular arithmetic, GCD calculation, primarily testing, prime
generation, bit manipulation, and a few other miscellaneous operations.
B) Byte: - The Byte class wraps a value of primitive type byte in an object. An object of
type Byte contains a single field whose type is byte.

In addition, this class provides several methods for converting a byte to a String and a
String to a byte, as well as other constants and methods useful when dealing with a
byte.

12
2) Algorithm Used
a) The length of the message is stored as a 4 byte number, or 32 bits, thus the message
starts after 32 bytes of image.
b) Since the first 32 bytes contain 1 bit each of our length, we must loop all 32 bytes to
retrieve the length.
c) We shift the bits of length left by 1, then OR it with a result of the least significant bit
of the image byte. (& 1) will clear all bits, except the last bit, which will be left as is.
Thus as bits are added, they are moved along and placed into the newly empty least
significant slot of length.
d) Now that we have a length and have created a byte array to hold the bits, we loop
through that many image bytes.
e) Again we must loop through the 8 bits of a byte to be collected.
f) The resulting array of bytes is made up of the least significant bit of each sequential
byte. This is retrieved in the same way as we retrieved the length, now that the loops
are properly setup.

13
3) Sample Coding
package stegno;
import java.awt.event.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.*;
import java.awt.*;
import java.sql.*;
import java.io.Serializable;
public class Login extends JFrame implements ActionListener, Serializable
{
JLabel label1;
JLabel label2;
JTextField textfield1;
JPasswordField passwordfield2;
JButton button1;
JLabel label3;

public Login() {
LoginLayout customLayout = new LoginLayout();
getContentPane().setFont(new Font("Tahoma", Font.PLAIN, 12));
getContentPane().setLayout(customLayout);
label1 = new JLabel("Login Name");
getContentPane().add(label1);
label1.setFont(new Font("Bookman Old Style", Font.BOLD, 20));
label2 = new JLabel("Password");
getContentPane().add(label2);
label2.setFont(new Font("Bookman Old Style", Font.BOLD, 20));
textfield1 = new JTextField();
getContentPane().add(textfield1);
textfield1.setFont(new Font("RockWell", Font.PLAIN, 18));
passwordfield2 = new JPasswordField();
getContentPane().add(passwordfield2);

14
passwordfield2.setEchoChar('^');
passwordfield2.setFont(new Font("SansSerif", Font.BOLD, 20));
button1 = new JButton("LOGIN");
getContentPane().add(button1);
button1.addActionListener(this);
button1.setFont(new Font("Engravers MT", Font.BOLD, 20));
setSize(getPreferredSize());
addWindowListener(new WindowAdapter() {
@Override
public void windowClosing(WindowEvent e) {
System.exit(0);
}
});
}

public static void main(String args[]) {


Login window = new Login();
window.setTitle("Stegnography Implementation");
window.pack();
window.show();
JFrame.setDefaultLookAndFeelDecorated(true);
JDialog.setDefaultLookAndFeelDecorated(true);
try
{
UIManager.setLookAndFeel("com.sun.java.swing.plaf.windows.WindowsLookAndFeel");
} catch (Exception ex) {
System.out.println("Failed loading L&F: ");
System.out.println(ex);
}
}
public void actionPerformed(ActionEvent e) {
String cmd;
cmd = e.getActionCommand();
if (cmd.equals("LOGIN")) {

15
String user = textfield1.getText().trim().toLowerCase();
String password = passwordfield2.getText().trim().toLowerCase();
try {
String driver = "sun.jdbc.odbc.JdbcOdbcDriver";
String url = "jdbc:odbc:mydb";
String DBusername = "SYSTEM";
String DBpassword = "1";
try {
try {
Class.forName(driver).newInstance();
} catch (InstantiationException ex) {
Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex);
} catch (IllegalAccessException ex) {
Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (ClassNotFoundException cnfe) {
return;
}
Connection connection =
DriverManager.getConnection(url,DBusername,DBpassword);
Statement statement = connection.createStatement();
String query = "SELECT * FROM mytable WHERE login='" + user + "' AND
pass='" + password + "'";
ResultSet rs = statement.executeQuery(query);
boolean recordfound = rs.next();
if (recordfound) {
dispose();
Stegno s = new Stegno();
s.pack();
s.show();
s.setTitle("Steganography Implementation - Main Menu");
} else {
JOptionPane.showMessageDialog(null, "!!! ***Username and password do not
match*** !!!", "Error", JOptionPane.INFORMATION_MESSAGE);

16
textfield1.setText("");
passwordfield2.setText("");
}
rs.close();
} catch (SQLException sqle) {
}
}
}
class LoginLayout implements LayoutManager {
public LoginLayout() {
}
public void addLayoutComponent(String name, Component comp) {
}
public void removeLayoutComponent(Component comp) {
}
public Dimension preferredLayoutSize(Container parent) {
Dimension dim = new Dimension(0, 0);
Insets insets = parent.getInsets();
dim.width = 650 + insets.left + insets.right;
dim.height = 400 + insets.top + insets.bottom;
return dim;
}
public Dimension minimumLayoutSize(Container parent) {
Dimension dim = new Dimension(0, 0);
return dim;
}
public void layoutContainer(Container parent) {
Insets insets = parent.getInsets();
Component c;
c = parent.getComponent(0);
if (c.isVisible()) {
c.setBounds(insets.left + 150, insets.top + 100, 136, 32);
}
c = parent.getComponent(1);

17
if (c.isVisible()) {
c.setBounds(insets.left + 150, insets.top + 150, 136, 32);
}
c = parent.getComponent(2);
if (c.isVisible()) {
c.setBounds(insets.left + 280, insets.top + 100, 154, 35);
}
c = parent.getComponent(3);
if (c.isVisible()) {
c.setBounds(insets.left + 280, insets.top + 150, 154, 35);
}
c = parent.getComponent(4);
if (c.isVisible()) {
c.setBounds(insets.left + 276, insets.top + 216, 160, 48);
}
}
}
}

18
4) Interface

a) Login Window

Figure 9

b) Key Window

Figure 10

19
c) Message Dialogue Box

Figure 11

d) Stegno Menu

Figure 12

20
e) Encryption Window

Figure 13

f) Decryption window

Figure 14

21
Testing Methodology
a) Testing Methodologies
1) Black Box Testing
2) White Box Testing

b) STLC
a) Test Planning.
b) Test Development.
c) Test Execution.
d) Result Analysis.
e) Bug-Tracing.
f) Reporting.

c) TCD (Test Case Documentation)


Testing

1) The process of executing a system with the intent of finding an error.


2) Testing is defined as the process in which defects are identified, isolated, subjected
for rectification and ensured that product is defect free in order to produce the quality
product and hence customer satisfaction.
3) Quality is defined as justification of the requirements
4) Defect is nothing but deviation from the requirements
5) Defect is nothing but bug.
6) Testing --- The presence of bugs
7) Testing can demonstrate the presence of bugs, but not their absence
8) Debugging and Testing are not the same thing!
9) Testing is a systematic attempt to break a program or the AUT
10) Debugging is the art or method of uncovering why the script/program did not execute
properly.

22
a) Testing Methodologies:
1) Black box Testing: is the testing process in which tester can perform testing on an
application without having any internal structural knowledge of application. Usually
Test Engineers are involved in the black box testing.
2) White box Testing: is the testing process in which tester can perform testing on an
application with having internal structural knowledge. Usually The Developers are
involved in white box testing.

Case Generation Report:


Test Type Case Expected Result
Operational / Login Successful/unsuccessful
Unit / login
Functional Test
-do- Encryption Receive the file to be
encrypted and
encrypt according to the key
and save
-do- Decryption Receive the file to be
decrypted and
decrypt with same key and
save
-do- Exit Ends the current login
session
Table 1

Test Report:
Test Type Case Observed Result
Functional test Login Successful login
-do- Encryption Successfully encrypted and
saved
-do- Decryption Path failure
Table 2

23
Test Case Analysis:
Test Type Expected Result Observed Result Remark
Functional Decrypted Path failure Address of the
Test data, decrypt & file is corrected
save
Table 3

b) STLC
I. Test Planning:
1) Test Plan is defined as a strategic document which describes the procedure how to
perform various testing on the total application in the most efficient way.
2) This document involves the scope of testing,
3) Objective of testing,
4) Areas that need to be tested,
5) Areas that should not be tested,
6) Scheduling Resource Planning,
7) Areas to be automated, various testing tools

II. Result Analysis:


1) Expected Value: is nothing but expected behaviour of application.
2) Actual value: is nothing but actual behaviour of Application

III. Bug Tracing:


Collect all the failed cases, prepare documents.

IV. Reporting:
Prepare document (status of the application)

24
TCD (Test Case Document):
Test Case Document Contains
I. Test Scope (or) Test objective
II. Test Scenario
III. Test Procedure
IV. Test case

This is the sample test case document for the Case Investigate details of Client project:
I. Test scope:
1) Test coverage is provided for the screen “ Login check” form of administration
module of Forensic Manager application
2) Areas of the application to be tested

II. Test Scenario:


1) When the office personals use this screen for the data entry, adding sections, courts,
grades and Case Registration information on s basis and quit the form.

III. Test Procedure:


1) The procedure for testing this screen is planned in such a way that the data entry,
status calculation functionality, saving and quitting operations are tested in terms of
GUI testing, Positive testing, Negative testing using the corresponding GUI test cases,
Positive test cases, Negative test cases respectively
T.C. No. Description Exp Act Result

Table 4

IV. Test Cases:


Template for Test Case
Guidelines for Test Cases:
1) GUI Test Cases:

25
a. Total no of features that need to be check
b. Look & Feel
c. Look for Default values if at all any (date & Time, if at all any require)
d. Look for spell check

Example for GUI Test cases:


T C. No. Description Expected Actual Result Result
Value
1 Check for all The screen
the must
features in the contain all the
screen features
2 Check for the The alignment
alignment of should be in
the proper way
objects as per
the
validations
Table 5

1) Positive Test Cases:

a) The positive flow of the functionality must be considered


b) Valid inputs must be used for testing
c) Must have the positive perception to verify whether the requirements are
justified.
Example for Positive T

est cases:
T. C. No. Description Expected Value Actual Result Result

26
1 Input Username Redirect to Redirect to Redirect to
and Homepage Home Page Home Page
Password
Table 6

Negative Test Cases:


1) Must have negative perception.
2) Invalid inputs must be used for test.

Example for Negative Test cases:


T. C. No. Description Expected Value Actual Result Result
1 Input username Login Page Login Page Login Page
and password

Table 7

27
Conclusion
1) Summary
The challenge of cryptography is developing a system in which it is impossible to determine
the key. This is accomplished the use of a one-way function. With a one-way function, it is
relatively easy to compute a result given some input values. To encrypt data, enter the data
“plain text” and an encryption to the encryption portion of the algorithm. To decrypt the
“cipher text” a proper decryption key is used at the decryption portion of the algorithm. The
project work done herewith has given a lot of insight into the working of the Networking
programming environment. The program written for encryption and decryption using Tiny
Encryption Algorithm is tested on several textual files and results are observed. The
program could achieve a better secure transferring of files between the server and various
clients.
2) Limitation
a) We can’t send image on network.
b) The software can’t hide date more than 20 characters.
c) We have to take care that when we are saving image the extension of image
should be .jpg.
d) The key to encrypt the image not to start with ZERO (0).
3) Future enhancement
It is not possible to develop a system that makes all the requirements of the user. User
requirements keep changing as the system is being used.
Some of the future enhancements that can be done to this system are:
1) As the technology emerges, it is possible to upgrade the system and can be adaptable
to desired environment.
2) Because it is based on object-oriented design, any further changes can be easily
adaptable.
3) Based on the future security issues, security can be improved using emerging
technologies.
4) Case Registration module can be added

28
References

1) Java Complete Reference By Herbert Shield


2) Dat abase Programming with JDBC and Java By George Reese
3) Java and XML By Brett McLaughlin
4) Wikipedia, URL: http://www.wikipedia.org.
5) Answers.com, Online Dictionary, Encyclopaedia and much more,
6) URL: http://www.answers.com
7) Google, URL: http://www.google.co.in
8) Project Management URL: http://www.startwright.com/project.htm
9) http://www.dreamincode.net/forums/topic/27950-steganography/

29
Manual
1) Open .jar file of the software.
2) After that a Login Window appear in which user ID and Password is given that
a. If the password is correct, then move forward.
b. Otherwise again ask for password and ID.
3) After that a menu pop out in which 3 radio buttons are shown :-
a. Encryption
b. Decryption
c. Send an image
Encryption: - When encrypt button is select then a window appears
1) In this window BROWSE button is pressed then a file chooser dialogue
box appear in which image file has to select.
2) A text field is shown in this window in which we type our message to hide.
3) Then click on button NEXT then a dialogue box appears in which a 4 digit
key has to enter to encrypt the image.
4) Then we click on button SAVE to save the image which contain the
message.
Decryption: - When decrypt button is selected, then
1) In this window BROWSE button is pressed then a file chooser dialogue
box appear in which image file has to select.
2) After that we click on NEXT button then a dialogue box appeared.
3) In this dialogue we give the key which was give at the time to encrypt.
4) After that the message is displayed at the text field.

30