steganography full report
STEGANOGRAPHY.doc (Size: 881.5 KB / Downloads: 2485)
ANJU.P ALIAS RESHMI JOSY SARITHA.K.C VIDYA RADHAKRISHNAN
Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the content is obscured. The advantage of steganography over cryptography alone is that messages do not attract attention to themselves, to messengers, or to recipients.
Steganographic messages are often first encrypted by some traditional means, and then a covertext is modified in some way to contain the encrypted message, resulting in stegotext. For example, the letter size, spacing, typeface, or other characteristics of a covertext can be manipulated to carry the hidden message; only the recipient (who must know the technique used) can recover the message and then decrypt it. Steganography uses in electronic communication include steganographic coding inside of a transport layer, such as an MP3 file, or a protocol, such as UDP.
The project 'Steganography' provides means for secure data transmission and secure data storage network. Hereby, important files carrying confidential information can be stored in the server in an encrypted form. Access to these files is limited to certain authorized people only. Transmission also takes place in an encrypted form so that no intruder can get any useful information from the original file during transit. Further, before trying to access important files, the user has to login to the system using a valid username and password, which is allotted to him by the system administrator.
Encryption is the process of encoding a message in such a way as to hide its contents. Modern Cryptography includes several secure algorithms for encrypting and decrypting messages. They are all based on the use of secrets called keys. A cryptographic key is a parameter used in an encryption algorithm in such a way that the encryption cannot be reversed without the knowledge of the key.
Fig 1.1 The Original Image 1.2 The modified image
The larger the cover message is (in data content terms â€ number of bits) relative to the hidden message, the easier it is to hide the latter. For this reason, digital pictures (which contain large amounts of data) are used to hide messages on the Internet and on other communication media. It is not clear how commonly this is actually done. For example: a 24-bit bitmap will have 8 bits representing each of the three color values (red, green, and blue) at each pixel. If we consider just the blue there will be 28 different values of blue. The difference between say 11111111 and 11111110 in the value for blue intensity is likely to be undetectable by the human eye. Therefore, the least significant bit can be used (more or less undetectably) for something else other than color information. If we do it with the green and the red as well we can get one letter of ASCII text for every three pixels.
Stated somewhat more formally, the objective for making steganographic encoding difficult to detect is to ensure that the changes to the carrier (the original signal) due to the inject the payload (the signal to covertly embed) are visually (and ideally, statistically) negligible; that is to say, the changes are indistinguishable from the noise floor of the carrier.
1.2 STEGANOGRAPHY TERMS
Carrier File - A file which has hidden information inside of it. Steganalysis - The process of detecting hidden information inside of a file. Stego-Medium - The medium in which the information is hidden.
Redundant Bits - Pieces of information inside a file which can be overwritten or altered
with out damaging the file.
Payload - The information which is the be concealed.
1.3 PROCESS DESCRIPTION
The following formula provides a very generic description of the pieces of the steganographic process:
covermedium + hiddendata + stegokey = stegomedium
In this context, the covermedium is the file in which we will hide the hiddendata, which may also be encrypted using the stegokey. The resultant file is the stegomedium (which will, of course. be the same type of file as the covermedium). The covermedium (and, thus, the stegomedium) are typically image or audio files.
CHAPTER 2 OBJECTIVES
The project has the following objectives:
1. To create a tool that can be used to hide data inside a 24 bit color image.
2. The tool should be easy to use, and should use a graphical user interface.
3. The tool should work cross-platform.
4. The tool should effectively hide a message using an image degradation approach, and should be able to retrieve this message afterwards.
5. The tool should take into account the original content, to theoretically more effectively hide the message.
6. The tool should be able to provide some information as to the effectiveness of the hiding i.e. it should be able to evaluate the degradation of an image. The analysis used will consist of existing watermarking measures, re- implemented for this tool.
7. The technique should fall under the category of Secret Key Steganography -where without the key the hidden message cannot be retrieved.
8. The tool should be able to encrypt the message before embedding it.
CHAPTER 3 STEGANOGRAPHY MERITS
3.1 SUCCESS SO FAR
Up until now, this has proven to be a successful steganographic technique for use in distributing spam and getting around my spam filtering software. At this point in time, spam filtering software is incapable of detecting the hidden content and categorizing the message as spam on the basis of that content. This success will probably be short lived, however
3.2 STEGANOGRAPHY VERSUS CRYPTOGRAPHY
As mentioned above, cryptography is often used in situations where the existence of the message is clear, but the meaning of the message is obscured. In particular, the sender transforms the message into a form that (hopefully) only the intended recipient of the message can decrypt and read.Steganography is often used in situations where the actual existence of the message needs to be obscured.
3.3 STEGANOGRAPHY AND CRYPTOGRAPHY CAN BE COMBINED
The message can also be encrypted before it is hidden inside a cover message. This provides a double layer of protection. To begin with, encryption may make the existence of the message even more difficult to detect, due to the fact that some encryption techniques cause the patterns of the characters in the encrypted version to be more random than in the original version. In addition, even if the existence of the encrypted message is detected, it is unlikely that an eavesdropper will be able to read the message.
3.4 HIDING THE MESSAGE
1. This program hides the message in the image by doing the following:
2. Reducing the message to the 64-character set beginning with the space character in the ASCII table. Each character can then be represented by six bits.
3. Decomposing each six-bit character into three groups of two bits each.
4. Replacing the two least-significant bits (LSB) in the red, green, and blue values for a given pixel by the three groups of two bits. Thus, each pixel can carry one six-bit character
CHAPTER 4 SYSTEM REQUIREMENTS
Processor : Pentium III
Minimum : 64MB
Recommended : 128MB
Minimum : 10.2GB
Recommended : 40GB
Clock Speed : 866 MHz
Virtual Memory : 32Bits
Cache memory : 512KB
Floppy disk drive : 1.44MB
Platform Used Tool used
: Java1.5 : NetBeans5.5
CHAPTER 5 TECHNIQUE USED
5.1 TECHNIQUE USED
Steganographic Techniques used is oncealing data within encrypted data. The data to be concealed is first encrypted before being used to overwrite part of a much larger block of encrypted data. This technique works most effectively where the decrypted version of data being overwritten has no special meaning or use. Each pixel typically has three numbers associated with it, one each for red, green, and blue intensities, and these values often range from 0-255. Each number is stored as eight bits (zeros and ones), with a one worth 128 in the most significant bit (on the left), then 64, 32, 16, 8, 4, 2, and a one in the least significant bit (on the right) worth just 1.
5.2 HOW STEGANOGRAPHY WORKS
Steganography strips less important information from digital content and injects hidden data in its place. This is done over the spectrum of the entire image. Here's one way it could be implemented:
The following sequence of 24 bits represents a single pixel in an image. Its 3 bytes of color information provide a total of 256 different values for each color (red, green and blue) and thus can represent a total of 16.7 million colors. This particular value displays as a dark green:
Table 5.1 Bytewise insertion of data
Byte 1 - Red Bytc2-Grcci Byte 3 - Blue
ODODOnn o onnnnonn o o onnnno
Now, let's take 11 of these pixels that represent, say, part of a solid-color background. In the following sequence, the least significant (rightmost) bit of each 8-bit byte has been co-opted to hide a text messageâ€the four characters Aha!â€in ASCII binary:
The hidden message occupies 32 of those 264 bits (about 12%) and contains four 8-bit bytes. In the diagram, each maroon or gold box represents a bit that had to be changed to include the hidden message. Notice that only 15 of 264 bits (less than 6%) had to be changed and only eight of the 11 pixels were altered.
The two figures below represent the 11 colored pixels we've been manipulating. The figure on the left is the original, unaltered version. The one on the right has been modified.
5.3 ALGORITHM USED
The DES (Data Encryption Standard) algorithm is the most widely used encryption algorithm in the world. For many years, and among many people, "secret code making" and DES have been synonymous. DES works on bits, or binary numbers--the 0s and 1s common to digital computers. Each group of four bits makes up a hexadecimal, or base 16, number. DES works by encrypting groups of 64 message bits, which is the same as 16 hexadecimal numbers. To do the encryption, DES uses "keys" where are also apparently 16 hexadecimal numbers long, or apparently 64 bits long. However, every 8th key bit is ignored in the DES algorithm, so that the effective key size is 56 bits. But, in any case, 64 bits (16 hexadecimal digits) is the round number upon which DES is organized.
CHAPTER 6 MODULES
The project consists of mainly four modules encryption, hide message, retrieve message and decryption. Encryption and hide message form the modules at the sender side. retrieve message and decryption form the modules at the receiver side
6.1 SENDER SIDE
Encryption includes a message or a file encrypting. Encryption involves converting the message to be hidden into a cipher text. Encryption can be done by passing a secret key.Secret key can be used for encryption of the message to be hidden.It provides security by converting it into a cipher text,which will be difficult for hackers to decrypt. Moreover if the message is password protected,then while retrieving message,the retriever has to enter the correct password for viewing the message.
6.1.2 Hide Message
Hiding message is the most important module of steganography.It involves embedding the message into the cover text. Each pixel typically has three numbers associated with it, one each for red, green, and blue intensities, and these values often range from 0-255.In order to hide the message,data is first converted into byte format and stored in a byte array.The message is then encrypted and then embed each bits into the LSB position of each pixel position. The least significant (rightmost) bit of each 8-bit byte has been co-opted to hide a text message.
6.2 RECEIVER SIDE
6.2.1 Retrieve Message
It involves retrieving the embed message from the file independent of the file format. Once the message has been retrieved it has to be converted into original message or file.
This can be done by reading the embedded data from the master file. The read data will be in the bytes format. This message has to be converted into the suitable output file format.
Decryption includes a message or a file decrypting. Decryption involves converting the cipher text into decrypted format. Decryption can be done by passing a secret key. Secret key can be used for decryption of the message that is hidden. It provides security by converting the cipher text, into the original data message or file . Moreover if the message is password protected, then while retrieving message, the retriever has to enter the correct password for viewing the message.
CHAPTER 7 JAVA
Java was developed at Sun Microsystems. Work on Java initially began with the goal of creating a platform-independent language and OS for consumer electronics. The original intent was to use C++, but as work progressed in this direction, developers identified that creating their own language would serve them better. The effort towards consumer electronics led the Java team, then known as First Person Inc., towards developing h/w and s/w for the delivery of video-on-demand with Time Warner.
Fig 7.1 Java 2 Platform,Standard Edition v 1.5
Unfortunately (or fortunately for us) Time Warner selected Silicon Graphics as the vendor for video-on-demand project. This set back left the First Person team with an
interesting piece of s/w (Java) and no market to place it. Eventually, the natural synergies of the Java language and the www were noticed, and Java found a market.
Today Java is both a programming language and an environment for executing programs written in Java Language. Unlike traditional compilers, which convert source code into machine level instructions, the Java compiler translates java source code into instructions that are interpreted by the runtime Java Virtual Machine. So unlike languages like C and C++, on which Java is based, Java is an interpreted language.
Java is the first programming language designed from ground up with network programming in mind. The core API for Java includes classes and interfaces that provide uniform access to a diverse set of network protocols. As the Internet and network programming have evolved, Java has maintained its cadence. New APIs and toolkits have expanded the available options for the Java network programmer.
7.1 FEATURES OF JAVA
In one of their early papers about the language, Sun described Java as follows: Java: A simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic language. Sun acknowledges that this is quite a string of buzzwords, but the fact is that, for the most part, they aptly describe the language. In order to understand why Java is so interesting, let's take a look at the language features behind the buzzwords.
Java is an object-oriented programming language. As a programmer, this means that you focus on the data in your application and methods that manipulate that data, rather than thinking strictly in terms of procedures. If you're accustomed to procedure-based programming in C, you may find that you need to change how you design your programs when you use Java. Once you see how powerful this new paradigm is, however, you'll quickly adjust to it. In an object-oriented system, a class is a collection of data and methods that operate on that data. Taken together, the data and methods describe the state and behavior of an object. Classes are arranged in a hierarchy, so that a subclass can inherit behavior from its super class. A class hierarchy always has a root class; this is a class with very general behavior. Java comes with an extensive set of classes, arranged in packages that you can use in your programs. For example, Java provides classes that create graphical user interface components (the java.awt package), classes that handle input and output (the java.io package), and classes that support networking functionality
(the java.net package). The Object class (in the java.lang package) serves as the root of the Java class hierarchy. Unlike C++, Java was designed to be object-oriented from the ground up. Most things in Java are objects; the primitive numeric, character, and Boolean types are the only exceptions. Strings are represented by objects in Java, as are other important language constructs like threads. A class is the basic unit of compilation and of execution in Java; all Java programs are classes. While Java is designed to look like C++, you'll find that Java removes many of the complexities of that language. If you are a C++ programmer, you'll want to study the object-oriented constructs in Java carefully. Although the syntax is often similar to C++, the behavior is not nearly so analogous. For a complete description of the object-oriented features of Java, The object oriented language used to create executable contents such as applications and applets.
Java is an interpreted language: the Java compiler generates byte-codes for the Java Virtual Machine (JVM), rather than native machine code. To actually run a Java program, you use the Java interpreter to execute the compiled byte-codes. Because Java byte-codes are platform-independent, Java programs can run on any platform that the JVM (the interpreter and run-time system) has been ported to. In an interpreted environment, the standard "link" phase of program development pretty much vanishes. If Java has a link phase at all, it is only the process of loading new classes into the environment, which is an incremental, lightweight process that occurs at run-time. This is in contrast with the slower and more cumbersome compile-link-run cycle of languages
like C and C++.
Ã‚Â¦ Architecture Neutral and Portable
Because Java programs are compiled to an architecture neutral byte-code format, a Java application can run on any system, as long as that system implements the Java Virtual Machine. This is a particularly important for applications distributed over the Internet or other heterogeneous networks. But the architecture neutral approach is useful beyond the scope of network-based applications. As an application developer in today's software market, you probably want to develop versions of your application that can run on PCs, Macs, and UNIX workstations. With multiple flavors of UNIX, Windows 95, and Windows NT on the PC, and the new PowerPC Macintosh, it is becoming increasingly difficult to produce software for all of the possible platforms. If you write your application in Java, however, it can run on all platforms. The fact that Java is interpreted and defines a standard, architecture neutral, byte-code format is one big part of being portable. But Java goes even further, by making sure that there are no "implementation-dependent" aspects of the language specification. For example, Java explicitly specifies the size of each of the primitive data types, as well as its arithmetic behavior. This differs from C, for example, in which an int type can be 16, 32, or 64 bits long depending on the platform. While it is technically possible to write non-portable programs in Java, it is relatively easy to avoid the few platform-dependencies that are exposed by the Java API and write truly portable or "pure" Java programs. Sun's new "100% Pure Java" program helps developers ensure (and certify) that their code is portable. Programmers need only to make simple efforts to avoid non-portable pitfalls in order to live up to Sun's trademarked motto "Write Once, Run Anywhere."
Ã‚Â¦ Dynamic and Distributed
Java is a dynamic language. Any Java class can be loaded into a running Java interpreter at any time. These dynamically loaded classes can then be dynamically instantiated. Native code libraries can also be dynamically loaded. Classes in Java are represented by the Class class; you can dynamically obtain information about a class at run-time. This is especially true in Java 1.1, with the addition of the Reflection API. Java is also called a distributed language. This means, simply, that it provides a lot of high-level support for networking. For example, the URL class and Oar elated classes in the java.net package make it almost as easy to read a remote file or resource as it is to read a local file. Similarly, in Java 1.1, the Remote Method Invocation (RMI) API allows a Java program to invoke methods of remote Java objects, as if they were local objects. (Java also provides traditional lower-level networking support, including datagram's and stream-based connections through sockets.) The distributed nature of Java really shines when combined with its dynamic class loading capabilities. Together, these features make it possible for a Java interpreter to download and run code from across the Internet. (As we'll see below, Java implements strong security measures to be sure that this can be done safely.) This is what happens when a Web browser downloads and runs a Java applet, for example. Scenarios can be more complicated than this, however. Imagine a multi-media word processor written in Java. When this program is asked to display some type of data that it has never encountered before, it might dynamically download a class from the network that can parse the data, and then dynamically download another class (probably a Java "bean") that can display the data within a compound document. A program like this uses distributed resources on the network to dynamically grow and adapt to the needs of its user.
Java is a simple language. The Java designers were trying to create a language that a programmer could learn quickly, so the number of language constructs has been kept relatively small. Another design goal was to make the language look familiar to a majority of programmers, for ease of migration. If you are a C or C++ programmer, you'll find that Java uses many of the same language constructs as C and C++. In order to keep the language both small and familiar, the Java designers removed a number of features available in C and C++. These features are mostly ones that led to poor programming practices or were rarely used. For example, Java does not support the goto statement; instead, it provides labeled break and continue statements and exception handling. Java does not use header files and it eliminates the C preprocessor. Because Java is object-oriented, C constructs like struct and union have been removed. Java also eliminates the operator overloading and multiple inheritance features of C++. Perhaps the most important simplification, however, is that Java does not use pointers. Pointers are one of the most bug-prone aspects of C and C++ programming. Since Java does not have structures, and arrays and strings are objects, there's no need for pointers. Java automatically handles the referencing and dereferencing of objects for you. Java also implements automatic garbage collection, so you don't have to worry about memory management issues. All of this frees you from having to worry about dangling pointers, invalid pointer references, and memory leaks, so you can spend your time developing the functionality of your programs. If it sounds like Java has gutted C and C++, leaving only a shell of a programming language, hold off on that judgment for a bit, Java is actually a full-featured and very elegant language.
Java has been designed for writing highly reliable or robust software. Java certainly doesn't eliminate the need for software quality assurance; it's still quite possible to write buggy software in Java. However, Java does eliminate certain types of programming errors, which makes it considerably easier to write reliable software. Java is a strongly typed language, which allows for extensive compile-time checking for potential type-mismatch problems. Java is more strongly typed than C++, which inherits a number of compile-time laxities from C, especially in the area of function declarations. Java requires explicit method declarations; it does not support C-style implicit declarations. These stringent requirements ensure that the compiler can catch method invocation errors, which leads to more reliable programs. One of the things that makes Java simple is its lack of pointers and pointer arithmetic. This feature also increases the robustness of Java programs by abolishing an entire class of pointer-related bugs. Similarly, all accesses to arrays and strings are checked at run-time to ensure that they are in bounds, eliminating the possibility of overwriting memory and corrupting data. Casts of objects from one type to another are also checked at run-time to ensure that they are legal. Finally, and very importantly, Java's automatic garbage collection prevents memory leaks and other pernicious bugs related to memory allocation and deallocation. Exception handling is another feature in Java that makes for more robust programs. An exception is a signal that some sort of exceptional condition, such as a "file not found" error, has occurred. Using the try/catch/finally statement, you can group all of your error handling code in one place, which greatly simplifies the task of error handling and recovery.
One of the most highly touted aspects of Java is that it's a secure language. This is especially important because of the distributed nature of Java. Without an assurance of security, you certainly wouldn't want to download code from a random site on the Internet and let it run on your computer. Yet this is exactly what people do with Java applets every day. Java was designed with security in mind, and provides several layers of security controls that protect against malicious code, and allow users to comfortably run untrusted programs such as applets. At the lowest level, security goes hand-in-hand with robustness. As we've already seen, Java programs cannot forge pointers to memory, or overflow arrays, or read memory outside of the bounds of an array or string. These features are one of Java's main defenses against malicious code. By totally disallowing any direct access to memory, an entire huge, messy class of security attacks is ruled out.
The second line of defense against malicious code is the byte-code verification process that the Java interpreter performs on any untrusted code it loads. These verification steps ensure that the code is well-formed--that it doesn't overflow or underflow the stack or contain illegal byte-codes, for example. If the byte-code verification step was skipped, inadvertently corrupted or maliciously crafted byte-codes might be able to take advantage of implementation weaknesses in a Java interpreter. Another layer of security protection is commonly referred to as the "sandbox model": untrusted code is placed in a "sandbox," where it can play safely, without doing any damage to the "real world," or full Java environment. When an applet, or other untrusted code, is running in the sandbox, there are a number of restrictions on what it can do. The most obvious of these restrictions is that it has no access whatsoever to the local file system. There are a number of other restrictions in the sandbox as well. These restrictions are enforced by a Security Manager class. The model works because the entire core Java classes that perform sensitive operations, such as file system access, first ask permission of the currently installed Security Manager. If the call is being made, directly or indirectly, by untrusted code, the security manager throws an exception, and the operation is not permitted. Finally, in Java 1.1, there is another possible solution to the problem of security. By attaching a digital signature to Java code, the origin of that code can be established in a cryptographically secure and unforgettable way. If you have specified that you trust a person or organization, then code that bears the digital signature of that trusted entity is trusted, even when loaded over the network, and may be run without the restrictions of the sandbox model. Of course, security isn't a black-and-white thing. Just as a program can never be guaranteed to be 100% bug-free, no language or environment can be guaranteed 100% secure. With that said, however, Java does seem to offer a practical level of security for most applications. It anticipates and defends against most of the techniques that have historically been used to trick software into misbehaving, and it has been intensely scrutinized by security experts and hackers alike. Some security holes were found in early versions of Java, but these flaws were fixed almost as soon as they were found, and it seems reasonable to expect that any future holes will be fixed just as quickly.
Java is an interpreted language, so it is never going to be as fast as a compiled language like C. Java 1.0 was said to be about 20 times slower than C. Java 1.1 is nearly twice as fast as Java 1.0, however, so it might be reasonable to say that compiled C code runs ten times as fast as interpreted Java byte-codes. But before you throw up your arms in disgust, be aware that this speed is more than adequate to run interactive, GUI and network-based applications, where the application is often idle, waiting for the user to do something, or waiting for data from the network. Furthermore, the speed-critical sections of the Java run-time environment, that do things like string concatenation and comparison, are implemented with efficient native code. As a further performance boost, many Java interpreters now include "just in time" compilers that can translate Java byte-codes into machine code for a particular CPU at run-time. The Java byte-code format was designed with these "just in time" compilers in mind, so the process of generating machine code is fairly efficient and it produces reasonably good code. In fact, Sun claims that the performance of byte-codes converted to machine code is nearly as good as native C or C++. If you are willing to sacrifice code portability to gain speed, you can also write portions of your program in C or C++ and use Java native methods to interface with this native code. When you are considering performance, it's important to remember where Java falls in the spectrum of available programming languages. At one end of the spectrum, there are high-level, fully-interpreted scripting languages such as Tcl and the UNIX shells. These languages are great for prototyping and they are highly portable, but they are also very slow. At the other end of the spectrum, you have low-level compiled languages like C and C++. These languages offer high performance, but they suffer in terms of reliability and portability. Java falls in the middle of the spectrum. The performance of Java's interpreted byte-codes is much better than the high-level scripting languages (even Perl), but it still offers the simplicity and portability of those languages.
In a GUI-based network application such as a Web browser, it's easy to imagine multiple things going on at the same time. A user could be listening to an audio clip while she is scrolling a page, and in the background the browser is downloading an image. Java is a multithreaded language; it provides support for multiple threads of execution (sometimes called lightweight processes) that can handle different tasks. An important benefit of multithreading is that it improves the interactive performance of graphical applications for the user. If you have tried working with threads in C or C++, you know that it can be quite difficult. Java makes programming with threads much easier, by providing built-in language support for threads. The java.lang package provides a Thread class that supports methods to start and stop threads and set thread priorities, among other things. The Java language syntax also supports threads directly with the synchronized keyword. This keyword makes it extremely easy to mark sections of code or entire methods that should only be run by a single thread at a time. While threads are "wizard-level" stuff in C and C++, their use is commonplace in Java. Because Java makes threads so easy to use, the Java class libraries require their use in a number of places. For example, any applet that performs animation does so with a thread. Similarly, Java does not support asynchronous, non-blocking I/O with notification through signals or interrupts--you must instead create a thread that blocks on every I/O channel you are interested in.
Ã‚Â¦ Java Runtime Environment
The runtime environment used to execute the code. It is made up of the java language and java virtual machine. It is portable and it is platform neutral.
Ã‚Â¦ Java tools
It is used by the developers to create java code. They include java compiler, java interpreter, classes, libraries and applet viewer.
Ã‚Â¦ Java Application
Applications are programs written in java to carry out certain tasks on stand alone local computer. Execution of a stand alone program involves two steps.
Compiling the source code into byte code using javac.
Executing byte code program using java interpreter.
Ã‚Â¦ Java Applets
Java applets are pieces of java code that are embedded in HTML document using the applet tag. When the browser encounters such code it automatically download it and execute it.
Ã‚Â¦ Java Virtual Machine
It is a specification to which java codes must be written. All java code is to be compiled to be used in this nonexistent virtual machine. Writing the code which compiles in JVM ensures platform independence.
7.2 ADVANTAGES OF JAVA
Â¢ Java is Robust
Robust programs are those reliable programs which are unlikely to fail even under the most unlikely conditions. Many languages like C do not have this feature because they are relaxed in terms of type checking in terms of programming errors. Java is strict about type declarations and does not allow automatic typecasting. Also it uses a pointer model that does not overwrite memory or corrupt data.
Â¢ Java is secure
Java allows creation of virus-free, tamper free systems to be created. It ensures security in the following ways.
Pointers and memory allocations are removed during compile time.
All byte codes are verified by the interpreter before executing.
All Java applets are treated as untrusted code executing in trusted environment.
Because Java was written to support distributed applications over the computer networks, it can be used with a variety of CPU and operating system architectures. To achieve this goal a compiler was created that produces architecture-neutral object files from Java code.
Â¢ Java is portable
Java byte code will be executed on any computer that has Java run time environment. The portability is achieved in the following ways.
Java primitive data types and the behavior of arithmetic operations on these data types are explicitly specified.
The Java libraries include portable interfaces for each platform on which the run time environment is available.
The entire Java system itself is portable.
Â¢ Java is small
Because java was designed to run on small computers, java system is relatively small for a programming language. It can run efficiently on PCs with 4 MB RAM or more. The java interpreter takes up only a few hundred kilo bytes.
Â¢ Java is garbage collected
Java programs don't have to worry about memory management. The Java system has a built in program called the garbage collector, which scans the memory and automatically frees the memory chunks that are not in use.
Â¢ Java is dynamic
Fundamentally distributed computer environments must be dynamic. Java is capable of dynamically linking new libraries, methods and instance variables as it goes without breaking and without concern.
7.3 JAVA PACKAGES USED IN THE PROJECT > Swings (JFC)
A Java toolkit for developing graphical user interfaces (GUIs). It includes elements such as menus, toolbars and dialog boxes. Swing is written in Java and is thus platform independent, unlike the Java Abstract Window Toolkit (AWT), which provides platform-specific code. Swing also has more sophisticated interface capabilities than AWT and offers such features as tabbed panes and the ability to change images on buttons. Swing is included in the Java Foundation Classes (JFC) which is provided in the Java Developers
Java applet or ap|) JvM fJFQ Operating system D livers #
AWT calls AWT
: High-level Ul functions, such as USER module in Windows or
Motif interface ill UNIX Low-level Ul functions, such .is the GDI module in Windows or
X. Window services in UNIX.
Swing calls C 5> Objects
Fig 7.2 Swings
Swing calls the operating system at a lower level than AWT. Whereas AWT routines use native code, Swing was written entirely in Java and is platform independent.
The Java Foundation Classes (JFC) is a graphical framework for building portable Java-based graphical user interfaces (GUIs). JFC consists of the Abstract Window Toolkit (AWT), Swing and Java 2D. Together, they provide a consistent user interface for Java programs, regardless whether the underlying user interface system is Windows, Mac OS X or Linux.
AWT is the older of the two interface libraries, and was heavily criticized for being little more than a wrapper around the native graphical capabilities of the host platform. That meant that the standard widgets in the AWT relied on those capabilities of the native widgets, requiring the developer to also be aware of the differences between host platforms.
An alternative graphics library called the Internet Foundation Classes was developed in more platform-independent code by Netscape. Ultimately, Sun merged the IFC with other technologies under the name "Swing", adding the capability for a pluggable look and feel of the widgets. This allows Swing programs to maintain a platform-independent code base, but mimic the look of a native application.
Most programs use data in one form or another, whether it is as input, output, or both. The sources of input and output can vary between a local file, a socket on the network, a database, variables in memory, or another program. Even the type of data can vary between objects, characters, multimedia, and others.
Data for a program may come from several sources. Data created by a program may be sent to several destinations. The connection between a program and a data source or destination is called a stream. An input stream handles data flowing into a program. An output stream handles data flowing out of a program.
Fig 7.3 Data handling
The Java Development Kit (JDK) provides APIs for reading and writing streams of data. These APIs have been part of the core JDK since version 1.0, but are often overshadowed by the more well-known APIs, such as JavaBeans, JFC, RMI, JDBC, and so on. However, input and output streams are the backbone of the JDK APIs.
To bring data into a program, a Java program opens a stream to a data source, such as a file or remote socket, and reads the information serially. On the flip side, a program can open a stream to a data source and write to it in a serial fashion. Whether you are reading from a file or from a socket, the concept of serially reading from, and writing to different data sources is the same.
Prior to JDK 1.1, the input and output classes (mostly found in the java.io package) only supported 8-bit byte streams. The concept of 16-bit Unicode character streams was introduced in JDK 1.1. While byte streams were supported via the java.io.InputStream and java.io.OutputStream classes and their subclasses, character streams are implemented by the java.io.Reader and java.io.Writer classes and their subclasses.
Most of the functionality available for byte streams is also provided for character streams. The methods for character streams generally accept parameters of data type char parameters, while byte streams, you guessed it, work with byte data types. The names of the methods in both sets of classes are almost identical except for the suffix, that is, character-stream classes end with the suffix Reader or Writer and byte-stream classes end with the suffix Input Stream and Output Stream. For example, to read files using character streams, you would use the java.io.FileReader class; for reading it using byte streams you would use java.io.FileInputStream.
Unless you are working with binary data, such as image and sound files, you should use readers and writers.
Multitasking is performing two or more tasks at the same time. Nearly all operating systems are capable of multitasking by using one of two multitasking techniques: process-based multitasking and thread-based multitasking.
Process-based multitasking is running two programs concurrently. Programmers refer to a program as a process. Therefore, you could say that process-based multitasking is program-based multitasking.
Thread-based multitasking is having a program perform two tasks at the same time. For example, a word processing program can check the spelling of words in a document while you write the document. This is thread-based multitasking.
A good way to remember the difference between process-based multitasking and thread-based multitasking is to think of process-based as working with multiple programs and thread-based as working with parts of one program.
The objective of multitasking is to utilize the idle time of the CPU. Think of the CPU as the engine of your car. Your engine keeps running regardless of whether the car is moving. Your objective is to keep your car moving as much as possible so you can get the most miles from a gallon of gas. An idling engine wastes gas.
The same concept applies to the CPU in your computer. You want your CPU cycles to be processing instructions and data rather than waiting for something to process. A CPU cycle is somewhat similar to your engine running.
It may be hard to believe, but the CPU idles more than it processes in many desktop computers. Let's say that you are using a word processor to write a document. For the most part, the CPU is idle until you enter a character from the keyboard or move the mouse. Multitasking is designed to use the fraction of a second between strokes to process instructions from either another program or from a different part of the same program.
Making efficient use of the CPU may not be too critical for applications running on a desktop computer because most of us rarely need to run concurrent programs or run parts of the same program at the same time. However, programs that run in a networked environment, such as those that process transactions from many computers, need to make a CPU's idle time productive.
The java.net package provides a powerful and flexible infrastructure for networking. java.net provides the classes for implementing networking applications. Using the socket classes, you can communicate with any server on the Internet or implement your own Internet server. A number of classes are provided to make it convenient to use Universal Resource Locators (URLs) to retrieve data on the Internet.
Fig 7.4 The classes of java.netpackage
CHAPTER 8 DATA FLOW DIAGRAM
Sender side 1
Fig 8.1 Level 0: DFD
Fig 8.2 Level 1:Embedding information in a file
Fig 8.3 Level 2 : Retrieving original information
Encrypted Message / file
Fig 8.4 Level 3 : Steganography
CHAPTER 9 SNAPSHOTS
Fig 9.1 Login Form
Fig 9.3 Window for decoding.
Fig 9.6 Retrieved message from master file.
Embedding file - Stego Magic 2.0.0 Q[n][x
Fig 9.7 Embedding a file in a master file.
Fig 9.8 Retrieved file from the master file.
The main features of Steganography are:
1. Messages do not attract attention to themselves.
2. The tool should be easy to use, and should use a graphical user interface.
3. The tool works cross-platform.
4. Small file distortions after hiding information.
5. It is possible to extract info after it has been compressed.
6. Information is protected with password
ADVANTAGES AND LIMITATIONS
The advantages of Steganography are:
1. It provides a better security for the sharing of data in local area network.
2. Important files carrying confidential information can be stored in the server in an encrypted form.
3. Using public key or private key can encrypt files.
4. No intruder can get any useful information from the original file during transmit.
5. It provides a better-secured data storage and transmission both at the system level and network level.
The limitations of Steganography are:
1. It provides the storing of data in an unprotected mode.
2. Password leakage may occur and it leads to the unauthorized access of data.
3. The intruders will affect stegos.
In the area of communication revolution, information has been an inevitable component. The attraction of web services is simplicity, firewall neutrality and lack of dependency on the implementation technology at the service end.
Efficient computing capabilities are therefore utilized. The availability of the required information at the press of a button is something favourable and therefore computers are used for this purpose. Thus, one way of potential taping is achieved.
The project "Steganography" after being tested and was found to be achieving what is meant for. But this system never provides a full proof solution for all their problems in the user point of view. The system is found to be 100% error free and ready for implementation.
The system has been designed in such a way that it can be modified with very little effort when such a need arises in the future. The system has been found to work efficiently and effectively. Due to its higher user friendliness, others may use these documents as a prototype for developing similar application.
Future enhancements and plans which are envisioned for the system are the following:
1. The development of a system that will utilize the Steganographic Obliterator on incoming and email messages and attachments.
2. Investigate the feasibility of embedding the program in firewalls to act as a first line of
defense against steganographic data transmission.
3. Expand the steganographic algorithm attack method beyond the least significant
bits using some other techniques.
2. en .wikipedia.org/wiki/steganography
6. Hilbert Schildt (2002) Java 2: The Complete Reference.Fifth Edition
7. William Stallings (2003) Cryptography and network security principle and practice