Design and Implementation Proposed Encod PDF

Design and Implementation: Proposed
Encoding and Hiding Texts in

an Image
A Thesis Submitted to the Council of the College of Basic

Education, the University of Sulaimani as Partial
Fulfillment of the Requirements for the Degree
of Master of Science in Computer Science
By
Nada Abdul Aziz Mustafa
Under Supervision of
Dr. Fadhil S.Abed
February Rashamea Rabi Al-Awal

2010 2709 1431
‫‪I‬‬
‫@@‬
‫@@‬
‫ﻜ ‪‬ﻢ‬
‫))ﻳ‪‬ﺮ‪‬ﻓ ‪‬ﻊ ﺍﷲ ﺍﻟﺬﻳﻦَﺁﻣﻨ‪‬ﻮﺍ ﻣﻨ ﹸ‬
‫ﻭ‪‬ﺍﻟﹼﺬﻳﻦ‪ ‬ﺃﹰﻭﺗ‪‬ﻮﺍ ﺍﻟﻌ‪‬ﻠﻢ‪ ‬ﺩ‪‬ﺭ‪‬ﺟ‪‬ﺎﺕٍ((‬
‫ﺻﺪﻕ ﺍﷲ ﺍﻟﻌﻈﻴﻢ‬
‫)ﺳﻮرة اﻟﻤﺠﺎدﻟﺔ ‪ ،‬اﻵﻳﺔ ‪( 58‬‬
II
Supervisor Certification
I certify that this thesis was prepared under my supervision at the
University of Sulaimania, as partial fulfillment for the degree of Master
of Computer Science.
Signature:
Supervisor: Dr. Fadhil S. Abed
Date:
In view of the available recommendations, I foreword this thesis

for debate by the examining committee.
Signature:
Name:
Head of Mathematics and Computer Department
Date:-
Signature:
Name: Dr. Solav Faeq Muhammad Ali
Chairman of the college committee of Higher Studies
Date:-
III
Linguistic Evaluation Certification
I hereby certify that this thesis has been checked by me and after
indicating all the grammatical and spelling mistakes; the thesis was given
again to the candidate to make the adequate corrections. After the second
reading, I found that the candidate corrected the indicated mistakes.
Therefore, I certify that this thesis is free from mistakes.
Name:
Date:
Signature:
IV
Committee Certification
We certify that we have read this thesis entitled “Design and
Implementation Proposed Encoding and Hiding Text in an Image”,
and as a committee, examined the student (Nada Abdul Aziz) in its
contents and what is related with it and then in our opinion it is adequate
as a thesis for the degree of Master of Science in Computer Science.
Signature: Signature:
Name: Name:
Date: / / Date: / /
(Supervisor) (Chairman)
Signature: Signature:
Name: Name:
Date: / / Date: / /
(Member) (Member)
Approved by the Council of the College of Basic of Education
Signature:
Name:
Date:
(Dean of the College of Basic Education)
V
Abstract
Our modern world has witnessed a revolution in the digital

information, which has their impact upon our societies and lives. On the
other hand, many challenges have arisen embedded in the easy access for
this information and revealing them, especially if we know that part of
them is very important and needs protection as well as secrecy for various
reasons. For protecting most of such information and data, which require
secrecy, the need for inventing protection systems has become necessary,
amongst them our research that deals with the studying and constructing a
proposed system for this task.
In guaranteeing more secrecy for such data and the difficulty in
detecting them, the researcher trey to propose a system, which depends
upon combining steganography with encryption in order to add more
security layers.
Our research, therefore, tries to support the secrecy of data and
information the researcher wish to send with great secrecy that make
them difficult to be detected or, at least, to hinder their detection for a
long time in which they lose their importance.
Our proposed system depends upon preparing the image's data for
the next step (DCT Quantization) through steganographic process and
using two levels of security: the RSA algorithm and the digital signature,
then storing the image in a JPEG format. In this case, the secret message
will be looked as plain text with digital signature, while the cover is
coloured image. Then, the results of the algorithm are submitted to many
criteria in order to be evaluated that prove the sufficiency of the algorithm
VI
and its activity. Thus, the proposed algorithm for this research can be
divided into two main parts: hiding the text of the sender, and extracting
it by the receiver. More over, part can be divided into many procedures
done by the program Delphi 5.
VII
Dedication
I dedicate this research to my husband Dr. Talib, my daughter

Layan and my son Ali who supported me by their love and encouragment
. I also dedicate it to my late mother and father, my sister, brother and
Zaynab, Ula for their help and support.
VIII
Acknowledgements
It’s a great pleasure for me in presenting this thesis to acknowledge
the help of Great Allah the Almighty for all His blessings and guidance,
which greatly helped me to finish this research.
I would like to express my special thanks to my supervisor Dr.

Fadhil S. Abed for his guidance, suggestions and continuous direction.
Without his scientific and technical assistance, the thesis would have
never been completed.
My thanks are due to the dean of the College of Basic Education
and the head of the Department of Mathematics and Computer. I would
also like to thank prof. Dr. Talib al-Quraishi, dean of the College of
Languages, University of Baghdad for his continuous support and
encouragement. My thanks are due to the members of the staff of the
Department of Computer Sciences, University of Mustansrya, especially
Mr. Salah and Mr. Hassan for their help. My thanks are due too to Dr.
kwestan, miss Mahabat at the College of Basic Education, University of
Sulaimani. I would like to thank my uncle prof. Dr.Faiq and Dr.
Ebraheem and his wife to whom I am indebted for their love and care.
Finally, my deepest thanks to Mr. Alaa for his fruitful discussions
and his valuable suggestions.
Lastly I would like to extend my sincere thanks to my family for their
patience and endurance and to all those who have participated in any
contribution to this work.
IX
List of Contents
Qura'anic Verse - - - - - - - I
Supervisor Certification- - - - - - II
Linguistic Evaluation Certification - - - - III
Committee Certification - - - - - IV
Abstract - - - - - - - - V
Dedication - - - - - - - - VII
Acknowledgements - - - - - - VIII
Chapter one
General Introduction
1.1 Introduction - - - - - - - 1
1.2 History of Steganography - - - - - 3
1.3 Suggestions in Steganography Systems- - - 4
1.4 Literature Survey - - - - - - 7
1.5 The Aim of the Work - - - - - 10
1.6 Layout of the Thesis - - - - - 10
X
Chapter two
Foundation of Cryptography
2.1 Introduction - - - - - - - 12
2.2 Classical Ciphers - - - - - - 13
2.3 Modern Cryptography - - - - - 14
2.3.1 Symmetric-Key Cryptography - - - 14
2.3.2 ِAsymmetric Key Cryptography - - 16
2.3.2.1 Knapsack Cryptosystem - - 18
2.3.2.2 Elliptic Curve Public Key Cryptosystems18
2.3.2.3 NTRU - - - - - 19
2.3.2.4 RSA (Rivest-Shamir-Adelman) - 19
2.4 Digital Signature - - - - - - 22
2.4.1 RSA Signature - - - - - 24
2.4.2 Encryption and Decryption in Digital Signatures 25
2.4.3 Digital Signatures and Verification - - 26
2.4.4 RSA Signature Algorithm - - - 27
2.5 Certificate - - - - - - - 28
2.6 Cryptanalysis - - - - - - - 29
XI
Chapter Three
Steganography Techniques
3.1 Introduction - - - - - - - 31
3.2 Steganography Types - - - - - 32
3.3 Kinds of Steganography - - - - - 33
3.3.1 Hiding Information in Text - - - 33
3.3.2 Hiding Information in Images - - - 34
3.3.3 Hiding Information in Audio - - - 34
3.4 Compression Techniques - - - - - 35
3.5 Image and Transform Domain - - - - 36
3.6 Types of Image Domain - - - - - 36
3.7 Types of Transform Domain - - - - 38
3.8 Conflicting Requirements - - - - 39
3.9 JPEG Standard Compression (color image) - - 40
3.9.1 Image Transformation from RGB to YCbCr 41
3.9.2 Image Blocks - - - - - 41
3.9.3 DCT Stage - - - - - 42
3.9.4 Quantization Stage - - - - 43
3.9.5 DC Coding and Zig-Zag Sequence - - 45
3.9.6 Entropy Coding - - - - - 45
3.10 Embedding And Detecting - - - - 46
3.11 Performance Measures - - - - - 47
3.11.1 Determine the Evaluation Criteria - - 48
3.12 Objective Fidelity Criteria - - - - 49
3.13 Detecting Steganography - - - - 50
3.13.1 Steganalysis - - - - - 51
3.13.2 Attacks to Steganographic Systems - - 51
XII
Chapter four
System design and Evaluation
4.1 Introduction - - - - - - - 54
4.2 The Proposed Hiding System - - - - 55
4.2.1 Cryptography Stage - - - - 55
4.2.1.1 RSA Algorithm - - - - 56
4.2.1.2 Digital Signature - - - 61
4.2.2 Steganography - - - - - 63
4.2.2.1 Least Significant Bits (2-LSB) - 63
4.2.2.2 DCT method - - - - 68
4.3 Hiding Bits - - - - - - - 70
4.4 Information about Extracting Stage - - - 75
4.4.1 Extracting Bits - - - - - 76
4.5 System Implementation - - - - - 86
4.5.1 System Requirements - - - - 86
4.5.2 Design System - - - - - 86
4.5.3 System Steps - - - - - 88
4.6 Experiment Result - - - - - - 105
XIII
Chapter five
Conclusion and Suggestions for Future Work
5.1 Conclusion - - - - - - - 112
5.2 Suggestions for Future Work - - - - 114
References - - - - - - - - 116
XIV
List of Abbreviations
Symbol Description
JPEG Joint Photographic Expert Group.
BMP Bit Map.
GIF Graphic Interchange Format.
DES Data Encryption Standard.
AES Advanced Encryption Standard.
OTP One-Time Pad.
NTRU Ntru public key method( number of theory).
RSA (Rivest-Shamir-Adelman).
CA Certificate Authority.
OSI Open System Infrastructure.
TCP/IP Transmission Control Protocol/ Internet Protocol.
LSB Least Significant Bit.
DCT Discrete Cosine Transform.
RGB Red, Green, Blue.
DFT Discrete Fourier Transform
LFSR Liner Feedback Shift Register.
YCbCr Luminance / Chrominance.
NIST National Institute for Standards and Technology.
SKC Secret Key Cryptography.
ASCII American Standard Code for Information Interchange
PSNR Peak Signal-to-Noise Ratio.
WWWI The First World Wide War.
XV
List of Figures
Page
Figure 2.1 Encryption and Decryption 12
Figure 2.2 Types of classical ciphers 13
Figure 2.3 Block ciphers 16
Figure 2.4 Public key encryption and decryption 17
Figure 2.5 Encryption in digital signature 26
Figure 3.1 Steganography types 23
Figure 3.2 Categories of steganography 33
Figure 3.3 Categories of image steganography 36
Figure 3.4 Trade-off among undetectability, capacity and robustness 40
Figure 3.5 Baseline JPEG encode 40
Figure 3.6 Steganography mechanism 46
Figure 4.1 Embedding stage 55
Figure 4.2 Generate public key 56
Figure 4.3 Inverse number in finite field key 58
Figure 4.4 Fast exponent ional 59
Figure 4.5 Converting number to binary 12 bits 60
Figure 4.6 Encrypting the digital signature 62
Figure 4.7 Cover-image and text before hiding 67
Figure 4.8 Stego-image and text after extracting 67
Figure 4.9 Encoding and hiding digital signature and text 70
Figure 4.10 Block outline to hiding one bit in the block 74
Figure 4.11 Decoding stage signature 76
Figure 4.12 Block diagram for extracting and printing text 79
Figure 4.17 proposed system implementation 87
Figure 4.18 Address the proposed system 88
Figure 4.19 Enter password 88
Figure 4.20 Starting choice form 89
Figure 4.21 First choice (Load Image BMP) 89
Figure 4.22 Open picture dialog form 90
Figure 4.23 Cover-image 90
Figure 4.24 Digital signature 91
Figure 4.25 Sender key, receiver key 92
Figure 4.26 Receiver key 92
Figure 4.27 keys for decryption signature 93
Figure 4.28 Encryption signature 93
Figure 4.29 load text 94
Figure 4.30 Load text from file 94
Figure 4.31 plain text 95
Figure 4.32 Directly enter text 95
Figure 4.33 Public key 96
Figure 4.34 Private key 96
Figure 4.35 Encryption text 97
XVI

Figure 4.37 Save picture dialog form 98
Figure 4.38 Extract text option 99
Figure 4.39 Open picture dialog 99
Figure 4.40 Stego-image 100
Figure 4.41 Enter key signature 100
Figure 4.42 Enter private key 101
Figure 4.43 Decryption digital signature and text 102
Figure 4.44 Plain text and digital signature 103
Figure 4.45 Result without embedding text and signature 104
Figure 4.46 Result after embedding text and signature 105
Figure 4.47 Secret messages 105
Figure 4.48 Cover image 106
Figure 4.50 Extracting stage 108
Figure 4.52 Extracting stage 110
List of Tables Page
Table 3.1 Luminance quantization 44

Table 3.2 Chrominance quantization 45
Table 4.1 Results of embedded differential length text(PSNR,, MSE,, Hiding time)) 68
Table 4.2 Results of embedded differential length text((Entropy,, variance,, Energy 68
Table 4.3 The amount add or subtract of each block 72
Table 4.4 Results of embedded differential length text((PSNR,, MSE,, Hiding time) 81
Table 4.5 Results of embedded differential length text((Entropy,, variance,, Energy)) 82
Table 4.7 Results of embedded differential length text((Entropy,, variance,, Energy) 85
Table 4.12 The difference between 2-LSB and the proposed hiding DCT method 111
CHAPTER
ONE
Chapter One:General Introduction 1
General Introduction
1.1 Introduction
Digital communication has become an essential part of infrastructure
nowadays, a lot of applications are internet-based and in some cases it is
desired that the communication be made secret. Two techniques are
available to achieve this goal:
One is Cryptography, where the sender uses an encryption key to scramble
the message, this scrambled message is transmitted through the insecure
public channel, and the reconstruction of the original, unencrypted message
is possible only if the receiver has the appropriate decryption key. The
second method is Steganography, where the secret message is embedded in
another message, image or audio [Sha02].
There are two main directions in information hiding: protecting only
against the detection of a secret message by a passive adversary, and hiding
data so that even an active adversary cannot remove it. The classic situation,
known as Simmons “Prisoners Problem”, is the following: Alice and Bob
are in jail and try to discuss an escape plan, but all their communication can
be observed by the warden. If their plan or the fact that they are discussing
an escape plan were detected they would be transferred to a more secure
prison. So they can only succeed if Alice can send messages to Bob so that
the warden can’t even detect the presence of a secret [Ach98].
Steganographic techniques can be used to hide data within digital
images with little or no visible change in the perceived appearance of the
image and can be exploited to export sensitive information. Since images are
frequently compressed for storage or transmission, effective steganography
must employ coding techniques to counter the errors caused by lossy
compression algorithms [Ande98]. The Joint Photographic Expert Group

(JPEG) compression algorithm, while producing only a small amount of
visual distortion, introduces a relatively large number of errors in the bitmap
data [Cur02]. It is often thought that communications may be secured by
encrypting the traffic, but this is not really true in practice. The history
teaches that it is better hiding messages rather than enciphering them,
because it arouses less suspicion [Cac01]. So the study of communications
security includes not just encryption but also traffic security, whose essence
lies in hiding information. Differently from cryptography that is about
protecting the content of messages, Steganography is about concealing their
existence [Ande98], i.e. hiding information in other information.
One possible approach to content security is the using of
cryptographic techniques [Bena87], but those encryption systems do not
completely solve the problem of unauthorized copying. All encrypted
content needs to be decrypted, before it can be used, but if encryption is
removed, there is no way to prove the ownership or copyright of the content.
Piracy of digital audio, video, pictures and books is already a common
phenomenon on the internet. So the main interest is concern over copyright
that drives recent research into digital “Watermarks” and “Fingerprints”. A
digital watermark [Cac01] is hidden copyright messages added to the
original digital data which can later be extracted or detected, while a

fingerprint is hidden serial numbers. The latter is useful to identify copyright
violators, checking the serial number, and to officially accuse them. Then
steganography literally mean, "covered writing" and encompasses methods
of transmitting secret messages through innocuous cover carriers in such a
manner that the existence of the embedded messages is undetectable [Hab06].
Carriers of such messages may resemble innocent images, audio, video, text.
The hidden message may be plaintext, cipher text [Rob01].
1.2 History of Steganography
Steganography has been widely used in historical times, especially
before cryptographic systems were developed. The earliest recordings of
steganography were by the Greek historian Herodotus in his chronicles
known as "Histories" and date back to around 440 B.C. Herodotus recorded
two stories of steganographic techniques during that time in Greece. The
first stated that king Darius of Susa shaved the head of one of his prisoners
and wrote a secret message on his scalp [Cum04]. When the prisoner’s hair
grew back, he was sent to the king's son in law Aristogoras in Miletus
undetected. The second story also came from Herodotus, which claims that a
soldier named Demeratus needed to send a message to Sparta that Xerxes
intended to invade Greece. Back then, the writing medium was text written
on wax-covered tablets. Demeratus removed the wax from the tablet, wrote
the secret message on the underlying wood, recovered the tablet with wax to
make it appear as a blank tablet and finally sent the document without being
detected. Romans used invisible inks, which were based on natural
substances such as fruit juices and milk. This was accomplished by heating
the hidden text, thus revealing its contents [Dun02]. Invisible inks have
become much more advanced and are still in limited use today. During the
15th and 16th centuries, many writers including Johannes Trithemius (author
of Steganographia) and Gaspari Schotti wrote on steganagraphic techniques
such as coding techniques for text, invisible inks, and incorporating hidden
messages in music [Ande98].
Between 1883 and 1907, further development can be attributed to the
publications of Auguste Kerckhoff and Charles Briquet. These books were
mostly about cryptography, but both can be attributed to the foundation of

some steganographic systems and more significantly to watermarking
techniques.
During the times of WWI and WWII, significant advances in
steganography took place. Concepts such as null ciphers (taking the 3rd
letter from each word to create a hidden message). A message sent by a
German spy during World War II read [Cum04]:
“Apparently neutral’s protest is thoroughly discounted and ignored. Isman
hard hit. Blockade issue affects for pretext embargo on by-products, ejecting
suets and vegetable oils.”
By taking the second letter of every word the hidden message “Pershing
sails for NY June 1” can be retrieved.
More recent cases of steganography include using special inks to write
hidden messages on banknotes and using digital watermarking and
fingerprinting of audio and video for copyright protection [Dun02].
1.3 Suggestions in Steganography Systems
All the major image file formats have different methods of hiding
messages, with different strong and weak points respectively. Where one
technique lacks in payload capacity, the other lacks in robustness. For
example, the patchwork approach has a very high level of robustness against
the most types of attacks, but can hide only a very small amount of
information [Mor02]. Least significant bit (LSB) in both BMP and GIF
makes up for this, but both approaches result in suspicious files that increase
the probability of detection [Hab06]. Thus for an agent to decide on which
steganographic algorithm to use, he would have to decide on the type of
application he wants to use the algorithm for and if he is willing to
compromise on some features to ensure the security of others [Mor02].
• LSB in BMP – when embedding a message in a “raw” image, that has not
been changed with compression, such as a BMP, there exists a trade-off
between the invisibility of the message and the amount of information that
can be embedded. A BMP is capable of hiding quite a large message, but the
fact that more bits are altered results in a larger possibility that the altered
bits can be seen with the human eye [Bra00]. The main disadvantage
regarding LSB in BMP images is surely the suspicion that might arise from a
very large BMP image being transmitted between parties, since BMP is not
widely used anymore.
Suggested applications: LSB in BMP is most suitable for applications where

the focus is on the amount of information to be transmitted and not on the
secrecy of that information [Por02].
• LSB in GIF – The strong and weak points regarding embedding

information in GIF images using LSB are more or less the same as those of
using LSB with BMP. The main difference is that since GIF images only
have a bit depth of 8, the amount of information that can be hidden is less
than with BMP. GIF images are especially vulnerable to statistical – or
visual attacks – since the palette processing that has to be done leaves a very
definite signature on the image. This approach is dependent on the file
format as well as the image itself, since a wrong choice of image can result
in the message being visible.
Suggested applications: LSB in GIF is a very efficient algorithm to use when

embedding a reasonable amount of data in a grayscale image.
• JPEG compression – The process of embedding information during JPEG

compression results in a stego image with a high level of invisibility, since
the embedding takes place in the transform domain [Mor02].
JPEG is the most popular image file format on the internet and the image
sizes are small because of the compression, thus making it the least
suspicious algorithm to use. However, the process of the compression is a
very mathematical process, making it more difficult to implement [Shi01].
Suggested applications: The JPEG file format can be used for most of the
applications of steganography, but is especially suitable for images that have
to be communicated over an open-system environment like the internet.
• Patchwork – The biggest disadvantage of the patchwork approach is the

small amount of information that can be hidden in one image. This property
can be changed to accommodate more information but one may have to
sacrifice the secrecy of the information. Patchwork’s main advantage,
however, is its robustness against malicious or unintentional image
manipulation [Cac01]. Should a stego image using patchwork be cropped or
rotated, some of the message data may be lost but since the message is
repeatedly embedded in the image, most of the information will survive.
Suggested applications: Patchwork is most suitable for transmitting a small

amount of very sensitive information.
• Spread spectrum – spread spectrum techniques satisfy most of the

requirements and are especially robust against statistical attacks, since the
hidden information is scattered throughout the image, while not changing the
statistical properties.
Suggested applications: spread spectrum techniques can be used for most

Steganography applications, although their highly mathematical and intricate
approach may prove too much for some [Mor02].
1.4 Literature Survey
1. Uruba I., (2001): The system is applied on colour –image and used LSB
method, it depends on the ASCII value of character and compares it with
the value of palette of pictures then if equally, the position of value
palette substitutes in other places.
2. Hamami A., (2002): In his work, he tried to design an efficient system to

scan and test suspicious images to find out if it contains a secret message
or not. The system tries to extract the secret message (the secret message
may be a text or an image) from the suspicious image (if it is possible)
and make changes on it. When failed to extract the secret message or to
prevent the suspicious image from passing a secret message, the system
has the ability to destroy the secret messages.
3. Fridrich J. and Goljan M., (2003): They describe a steganographic

technique that embeds high payloads for grayscale images by adding a
small-amplitude noise of specified properties to the image pixels.
Because the probability of distribution of the noise can be arbitrary, the
communicating parties have the flexibility to mask the embedding
distortion as superposition of a particular device noise. Thus, this

embedding paradigm will provide better security than embedding that
which uses somewhat arbitrary operations, such as LSBs or adding a
fixed-amplitude noise to the image .
4. Alawy S., (2004): An improved method has been introduced in this work
to hide a text in an image with JPEG format without drawing suspicion
about the hidden text, and not effective with JPEG compression.
The JPEG format uses a Discrete Cosine Transform (DCT) to transform
successive (8 x 8 pixel) blocks of the image into 64 DCT coefficients
each. Afterwards the coefficients are quantized by using a quantization
table. After this stage two coefficients from each block of quantized DCT
coefficients are used to hide the text bits.
5. Ashraf A.,(2004): In this thesis perform comparison of eight multi-

precision libraries using criteria such as performance, support of Public
Key primitive operations, ease of use, and portability. The performance
of all libraries is ranked based on the measurements performed according
to the original methodology that takes into account the performance and
relative use of primitive cryptographic operations.
The aim of this study is to evaluate the suitability of the investigated
libraries for implementation of a wide range of Public Key
Cryptosystems such as RSA, DSA and Elliptic Curve Schemes. Practical
recommendation regarding the optimum choice of the multi-precision
library, depending on the required performance, as well as time and
resources devoted to the implementation, are provided.
6. Davidson L. and Paul G., (2005): In this work defined a framework for
hidden message location based on image restoration. Hiding a message in
an image effectively decreases the probability of an image, or put another
way, increases the energy of an image. They defined two energy
functions for color and grayscale images. This allows to measure the
probability/energy of each pixel. The outliers in an image are the most
energized (i.e. least probable) pixels. The results indicate that the stego
images contain more energy than their cover counterparts. They believe
That results could be improved by dividing the image into similar
regions using spatial clustering techniques or Kohonen self organized
maps and apply our approach to identify outliers in each region.
7. Ibraheem A., (2007): In this work, a new steganographic method based

on the spatial domain is proposed instead of using the LSB-1 of the cover
for embedding the message, LSB-3 has been used to increase the
robustness. LSB-1,2 may be modified according to the bit of the
message, to minimize the difference between the cover and the stego-
cover. For more protection to the message bits a stego-Key has been used
to permute the message bits before embedding it.
8.Naji A. and Zaidan A., (2009): In this work the information was
encrypted before hiding it by AES method; this method is very strong, it
is a 128-bit key, they hide information in EXE file. It is impossible for
the attacker to guess the information hiding inside the EXE file because
of the difficulty of guessing the real size of EXE file. The hidden
information should be decrypted after retracting the information.
1.5 The Aim of the Work

The aim of this work is to design an algorithm which combines
between steganography and cryptography that can hide a text in an image in
a way that prevents, as much as possible, any suspicion of the hidden text.
The result of this work is having an image JPEG format contains a hidden
message to transfer. In other words, the algorithm was designed by preparing
the image data for the next two steps: DCT and Quantization, through an
embedding process and using two levels of security, RSA algorithm and its
digital signature.
1.6 Layout of the Thesis
Besides chapter one, the introduction, the thesis consists of other four
chapters, these are:
1. Chapter two: entitled "Foundation of Cryptography", it includes the
information about cryptography definition, classification and also
focuses on RSA-Public-key cryptography and digital signature.
2. Chapter three: entitled "Steganography Techniques", it includes the
information hiding classification and methods, and it focuses on DCT
method. The chapter describes also the steganographic media and
hiding data in images.
3. Chapter four: entitled "System design and Evaluation", it provides a
full description of the design and implementation of the proposed
system. The framework of the proposed stegongraphy system, which

consists of the proposed stegongraphy system, consists of different
stages and its algorithms are presented.
4. Chapter five provides the conclusions of this research, and a list of
suggestions for future work.
CHAPTER
TWO
Chapter Two: Foundation of Cryptography 12
Foundation of Cryptography
2.1 Introduction
Cryptography is the art and science of transforming (encrypting)
information (plaintext) into an intermediate form (ciphertext) which
secures information in storage or transit [Kum03]. As opposed to
steganography, which seeks to hide the existence of a message,
cryptography seeks to render a message unintelligible even when the
message is completely exposed [Con07]. Nowadays when more and more
sensitive information is stored on computers and transmitted over the
internet, we need to ensure information security and safety. Figure (2.1)
shows the encryption and decryption in cryptography.
Plan text Encryption Decryption
Hi KEY Z2 KEY Hi
Original data Scrambled data Original data
Figure (2.1): Encryption and Decryption
Cryptography includes at least key generation, secrecy

(confidentiality or privacy), message authentication (integrity) and
cryptography, it may also include no repudiation. In reference to digital
security, no repudiation means to ensure that a transferred message has
been sent and received by the parties claiming to have sent and received
the message. No repudiation is a way to guarantee that the sender of a
message cannot later deny having sent the message and that the recipient
cannot deny having received the message [Bar08].
Cryptography is a part of cryptology, a field of study covering all

forms of message protection, typically thought to include:
• Steganography (methods which seek to conceal the presence

of a message, such as patterns in graphics and secret inks)
• Cryptography (methods which translate a message into an
intermediate form intended to hide information even when
completely exposed)
• Cryptanalysis (methods which expose information hidden by
cryptography).
2.2 Classical Ciphers

Classical ciphers come in two basic types: substitution and
transposition (permutation), figure (2.2) shows the classical ciphers. The
substitution cipher replaces bits, characters, or blocks of characters with
different bits, characters, or blocks [Kak09]. The transposition cipher does
not replace the original text with a different text [Car07], but rather moves
the original values around. It rearranges the bits, characters, or blocks of
characters to hide the original meaning.
Classical
ciphers
Transposition Substitution
ciphers ciphers
Columnar Homophonic PolyGram Polyalphabetic Monoalphabeti

Transposition c
Playfair Vigenère Caesar Cipher

cipher Square
Affine Cipher
Figure (2.2): Types of classical ciphers

2.3 Modern Cryptography

There are two types of modern cryptosystems: secret-key and
public-key cryptography [Gol01]. In secret-key cryptography, also
referred to as symmetric cryptography, the same key is used for both
encryption and decryption. The most popular secret-key cryptosystem in
use today is the Data Encryption Standard DES [Mat98].
Public-key encryption (also called asymmetric encryption)

involves a pair of keys-a public key and a private key-associated with an
entity that needs to authenticate its identity electronically or to sign or
encrypt data [CGI04]. Each public key is published, and the corresponding
private key is kept secret.
2.3.1 Symmetric-Key Cryptography

Symmetric-key cryptography refers to encryption methods in
which both the sender and receiver share the same key .This was the only
kind of encryption publicly known until June 1976 [Can07]. The modern
study of symmetric-key ciphers relates mainly to the study of block
ciphers and stream ciphers and to their applications. In cryptography, a
block cipher operates on blocks of fixed length, often 64 or 128 bits
[Rit06], figure (2.3) shows the block cipher operation. Because messages
may be of any length, and because encrypting the same plaintext under
the same key always produces the same output, several modes of
operation have been invented which allow block ciphers to provide
confidentiality for messages of arbitrary length.
The earliest modes described in the literature provide only
confidentiality or message integrity, but do not perform both
simultaneously. Other modes have since been designed which ensure both
confidentiality and message integrity in one pass [Dwo01]. A block cipher
is, in a sense, a modern embodiment polyalphabetic cipher: block ciphers

take as input a block of plaintext and a key, and as an output, it takes a
block of ciphertext of the same size [Rit06], since messages are almost
always longer than a single block. The Data Encryption Standard (DES)
is based on a symmetric-key algorithm that uses a 56-bit key. DES is now
considered to be insecure for many applications . AES is one of the most
popular algorithms used in symmetric key cryptography. It is available in
many different encryption packages [Meh99]. AES is fast in both software
and hardware, it is relatively easy to implement, and requires little
memory, unlike its predecessor DES .
In practice, the digits are typically single bits or bytes. Stream
ciphers represent a different approach to symmetric encryption from
block ciphers. Stream ciphers typically execute at a higher speed than
block ciphers and have lower hardware complexity [Rit06]. However,
stream ciphers can be susceptible to serious security problems if used
incorrectly. Stream ciphers can be viewed as approximating the action of
a proven unbreakable cipher, the one-time pad (OTP), sometimes known
as the Vernam cipher. A one-time pad uses a keystream of completely
random digits. The keystream is combined with the plaintext digits one at
a time to form the ciphertext. This system was proved to be theoretically
secure by Shannon in 1949 [Ora98]. However, the keystream must be (at
least) the same length as the plaintext, and generated completely at
random. This makes the system very cumbersome to implement in
practice, and as a result the one-time pad has not been widely used,
except for the most critical applications.
Message Block 1 Cipher text

To: Ali Talib To: Ali Talib Key
jkm0%umj5
From: Layan Tal
Block 2
Cipher text
From: Layan Tal
Key xu@u40%um
Figure (2.3): Block Ciphers
2.3.2 ِAsymmetric-key Cryptography

In traditional cryptography, the sender and receiver of a message
know and use the same secret key; the sender uses the secret key to
encrypt the message [Ber04], and the receiver uses the same secret key to
decrypt the message. This method is known as secret key or symmetric
cryptography [Wei01]. The main challenge is getting the sender and the
receiver to agree on the secret key without anyone else finding out. If
they are in separate physical locations, they must trust a courier, a phone
system, or some other transmission medium to prevent the disclosure of
the secret key. Anyone who overhears or intercepts the key in transit can
later read, modify, and forge all messages encrypted or authenticated
using that key. The generation, transmission and storage of keys is called
key management; all cryptosystems must deal with key management
issues [Bar08]. Because all keys in a secret-key cryptosystem must remain
secret, secret-key cryptography often has difficulty providing secure key
management, especially in open systems with a large number of users.
In order to solve the key management problem, Whitfield Diffie
and Martin Hellman introduced the concept of public-key cryptography
in 1976. What they proposed for doing this was a ``trapdoor'' function
[And82] for which values could be easily computed but inverse images
could not be easily computed without the extra information provided by

the hidden key. In other words, given only the public key and possibly an
unlimited amount of encoded messages, it should be computationally
infeasible to find the hidden key and thereby decipher the messages
[Ste01]. Thus, anyone in possession of the public key may encode
messages, but only someone with the hidden key may decode them.
Public-key cryptosystems have two primary uses, encryption and digital
signatures. In their system, each person gets a pair of keys, one called the
public key and the other called the private key. The public key is
published, while the private key is kept secret [Kum03]. The need for the
sender and the receiver to share secret information is eliminated; all
communications involve only public keys, and no private key is ever
transmitted or shared. In this system, it is no longer necessary to trust the
security of some means of communications. The only requirement is that
public keys are associated with their users in a trusted (authenticated)
manner [Mat98]. Anyone can send a confidential message by just using
public information, but the message can only be decrypted with a private
key. Furthermore, public-key cryptography can be used not only for
privacy (encryption), but also for authentication (digital signatures) and
other various techniques. Figure (2.4) shows the use of public keys.
Plain text Plain text
Hello Hello
Transmit
Cik58 Decipher
Encipher
Cik58 With hidden
With public
key
key
Cipher text Cipher text
Figure (2.4): Public key encryption and decryption

Then public-key cryptography is a method for secret communication

between two parties without requiring an initial exchange of secret keys.
It can also be used to create digital signatures [CGI04]. Public key
cryptography is a fundamental and widely used technology around the
world, and enables secure transmission of information on the internet.
There are many types of public-key cryptography:
2.3.2.1 Knapsack Public Key Cryptosystem

One of the earliest public key cryptosystems is the knapsack
cryptosystem, first described by Ralph Merkle & Martin Hellman in 1978
[Lai01]. To encrypt a message, a subset of the hard knapsack is chosen by
comparing it with a set of bits (the plaintext), equal in length to the key,
and making each term in the public key that corresponds to a 1 in the
plaintext an element of the subset, while ignoring the terms
corresponding to 0 terms in the plaintext. The elements of this subset are
added together, and the resulting sum is the ciphertext. Decryption is
possible because the multiplier and modulus used to transform the easy,
superincreasing knapsack into the public key can also be used to
transform the number representing the ciphertext into the sum of the
corresponding elements of the superincreasing knapsack.
2.3.2.2 Elliptic Curve Public Key Cryptosystems
Elliptic curves have been intensively studied in algebraic geometry,

and number theory elliptic curve cryptosystems potentially provide
equivalent security to the existing public key schemes, but with shorter
key lengths. Having short key lengths means smaller bandwidth, memory
requirements and can be a crucial factor in some applications, for
example the design of smart card systems [Seb89].
2.3.2.3 NTRU Public Key Cryptosystem
NTRU is a fast public key cryptosystem that operates in the ring of

truncated polynomials given by R=Z[X]/( x − 1 ), where the domain
N
parameter N largely determines the security of the system. Typically N is

chosen to be a prime number (not for security reasons, but because
having N prime maximizes the probability that the private key has an
inverse with respect to a specified modulus). Recently, however,
Silverman has proposed taking N to be a power of two to allow the use of
Fast Fourier Transforms when computing the convolution product of
elements in the ring [Jos02].
2.3.2.4 RSA (Rivest-Shamir-Adelman) Cryptosystem
RSA is the most commonly used public key algorithm. It is

generally considered to be secure when sufficiently long keys are used
(512 bits are insecure, 768 bits are moderately secure, and 1024 bits are
good). The security of RSA relies on the difficulty of factoring large
integers. RSA is currently the most important public key algorithm .
RSA is an algorithm for public-key cryptography. It is the first
algorithm known to be suitable for signing as well as encryption, and one
of the first great advances in public key cryptography [Wri99]. RSA is
widely used in electronic commerce protocols, and is believed to be
secure and given sufficiently long keys and the use of up-to-date
implementations.
The algorithm was publicly described in 1977 by Ron Rivest, Adi

Shamir, and Leonard Adleman at MIT; the letters RSA are the initials of
their surnames.
The RSA algorithm involves three steps:

• Key generation.
• Encryption
• Decryption.
RSA involves a public key and a private key. The public key can
be known to everyone and is used for encrypting messages. Messages
encrypted with the public key can only be decrypted using the private
key. The keys for the RSA algorithm are generated in the following way
[Dur02]:
• Choose two distinct large random prime numbers P and q .
• Compute , is used as the modulus for both the public and

private keys.
• Compute the: ϕ (n) = ( p − 1)(q − 1) .
• Choose an integer e such that 1〈 e〈ϕ ( n) , and e and ϕ (n) share
no factors other than 1 (i.e. e and ϕ (n) are prime), e is released

as the public key exponent.
• Compute d to satisfy the congruence relation de ≡ 1 mod ϕ ( n) ,

d is kept as the private key. The public key consists of the modulus
and the public (or encryption) exponent . The private key
consists of the modulus and the private (or decryption) exponent
d which must be kept secret [Wri99].
All parts of the private key must be kept secret in this form. Alice can
recover from by using her private key exponent by the following
computation:
Given , she can recover the original message m .
This shows that we get the original message back:
The public key is the product of two randomly selected large prime
numbers, and the secret key is the two primes themselves [SEF02]. The
algorithm encrypts data using the product, and decrypts it with the two
primes, and vice versa. A mathematical description of the encryption and
decryption expressions is shown below:
Encryption: C = m (mod n)
e
Decryption: m = c (mod n)
d
Where:
m : The plain-text message
c : the encrypted message expressed as an integer number.
n : the product of two randomly selected, large primes p and q .
e : a large, random integer relatively prime to ( p − 1) * (q − 1) .
d : the multiplicative inverse of e , that is:
( e * d ) = 1 (mod( p − 1 ) * ( q − 1 )) .
The public key is the pair of numbers (n, e) . The private key is the
pair of numbers (n, d ) . This algorithm is secure because of the great
mathematical difficulty of finding the two prime factors of a large
number, and of finding the private key ( d ) from the public key ( e )
[Dur02]. This is difficult because the only known method of finding the
two prime factors of a large number is to check all the possibilities one by
one, which isn't practical because there are so many prime numbers.
Therefore, unless someone makes a very large and unexpected

mathematical break through, it's practically impossible to find out the
private key from a public key with RSA encryption, making it one of the
most secure methods ever invented.
RSA is much slower than DES and other symmetric cryptosystems.

In practice, Bob typically encrypts a secret message with a symmetric
algorithm, encrypts the (comparatively short) symmetric key with RSA,
and transmits both the RSA-encrypted symmetric key and the
symmetrically-encrypted message to Alice. This procedure raises
additional security issues. For instance, it is of utmost importance to use a
strong random number generator for the symmetric key.
As with all ciphers, how RSA public keys are distributed is

important to security. Key distribution must be secured against a man-in-
the-middle attack. Suppose Eve has some way to give Bob arbitrary keys
and make him believe they belong to Alice. Suppose further that Eve can
intercept transmissions between Alice and Bob [SEF02]. Eve sends Bob
her own public key, which Bob believes to be Alice's. Eve can then
intercept any ciphertext sent by Bob, decrypt it with her own secret key,
keep a copy of the message, encrypt the message with Alice's public key,
and send the new ciphertext to Alice [Wri99]. In principle, neither Alice
nor Bob would be able to detect Eve's presence. Defenses against such
attacks are often based on digital certificates .
2.4 Digital Signature

A digital signature or digital signature scheme is a type of
asymmetric cryptography. A digital guarantee that information has not
been modified, as if it were protected by a tamper-proof seal that is
broken if the content were altered [CGI04]. For messages sent through an
insecure channel, a properly implemented digital signature gives the

receiver reason to believe the message was sent by the claimed sender.
Digital signatures are equivalent to traditional handwritten signatures in
many respects; properly implemented digital signatures are more difficult
to forge than the handwritten type. The two major applications of digital
signatures are for setting up a secure connection to a web site and
verifying the integrity of files transmitted . In some countries, including
the United States, and in the European Union, electronic signatures have
legal significance. Digital signatures and hand-written signatures both
rely on the fact that it is very hard to find two people with the same
signature. When public-key cryptography is used to encrypt a message,
the sender encrypts the message with the public key of the intended
recipient [Kum03]. When public-key cryptography is used to calculate a
digital signature, the sender encrypts the "digital fingerprint" of the
document with his or her own private key. Anyone with access to the
public key of the signer may verify the signature.
A digital signature is basically a way to ensure that an electronic

document (e-mail, spreadsheet, text file, etc.) is authentic [CGI04].
Authentic means that you know who created the document and you know
that it has not been altered in any way since that person created it.
Authentication is any process through which one proves and

verifies certain information. Sometimes one may want to verify the origin
of a document, the identity of the sender, the time and date a document
was sent and/or signed, the identity of a computer or user, and so on. The
digital signature of a document is a piece of information based on both
the document and the signer's private key [Kum03]. It is typically created
through the use of a hash function and a private signing function
(encrypting with the signer's private key), but there are other methods.
Every day, people sign their names to letters, credit card receipts,
and other documents, demonstrating they are in agreement with the
contents. That is, they authenticate that they are in fact the sender or
originator of the item. This allows others to verify that a particular
message did indeed originate from the signer. Written signatures are also
vulnerable to forgery because it is possible to reproduce a signature on
other documents as well as to alter documents after they have been signed
[Esc00].
Digital signatures rely on certain types of encryption to ensure

authentication. Encryption is the process of taking all the data that one
computer is sending to another and encoding it into a form that only the
other computer will be able to decode. Authentication is the process of
verifying that information which is coming from a trusted source.
2.4.1 RSA Signature

To generate RSA signature keys, one simply generates an RSA key
pair containing a modulus n that is the product of two large primes, along
with integers e and d such that e . d = 1 mod ϕ ( n ) . The signer's
public key consists of e and the signer's secret key contains d . To sign a
message m , the signer computes S = m
d
mod n .
The reasons for applying a digital signature to communications are
[CGI04]:
1. Authentication
Although messages may often include information about the entity

of sending a message, that information may not be accurate. Digital
signatures can be used to authenticate the source of messages. When
ownership of a digital signature secret key is bound to a specific user, a
valid signature shows that the message was sent by that user. The
importance of high confidence in sender authenticity is especially

obvious in a financial context [Pou98]. For example, suppose a bank's
branch office sends instructions to the central office requesting a change
in the balance of an account. If the central office is not convinced that
such a message is truly sent from an authorized source, acting on such a
request could be a grave mistake.
2. Integrity
In many scenarios, the sender and receiver of a message may have

a need for confidence that the message has not been altered during
transmission. Although encryption hides the contents of a message, it
may be possible to change an encrypted message without understanding
it. (Some encryption algorithms, known as nonmalleable ones, prevent
this, but others do not.) However, if a message is digitally signed, any
change in the message after signature will invalidate the signature
[CGI04]. Furthermore, there is no efficient way to modify a message and
its signature to produce a new message with a valid signature.
2.4.2 Encryption and Decryption in Digital Signatures

Encryption is a mechanism by which a message is transformed so
that only the sender and recipient can see, figure (2.5) encryption in
digital signature. For instance, suppose that Alice wants to send a private
message to Bob. To do so, she first needs Bob’s public-key; since
everybody can see his public-key, Bob can send it over the network in the
clear without any concerns [Kum03]. Once Alice has Bob’s public-key,
she encrypts the message using Bob’s public-key and sends it to Bob.
Bob receives Alice’s message and, using his private-key, decrypts it.
Message Compute Digest

Digital
Signature
Digest Sign the file by using

sender's privet key to
encrypt digest
Figure (2.5): Encryption in digital signature
2.4.3 Digital Signatures and Verification

A Digital signature is a mechanism by which a message is
authenticated i.e. proving that a message is effectively coming from a
given sender, much like a signature on a paper document [Riv99]. For
instance, suppose that Alice wants to digitally sign a message to Bob. To
do so, she uses her private-key to encrypt the message; she then sends the
message along with her public-key typically, the public key is attached to
the signed message [AAs00]. Since Alice’s public-key is the only key that
can decrypt that message, a successful decryption constitutes a Digital
Signature Verification, meaning that there is no doubt that it is Alice’s
private key that encrypted the message.
The user Bob send Alice a signed message m in a public-key

cryptosystem by first computes his signature S for the message m using
d B
[Kum03]:
S = d B (m ) .
He then encrypts S using e A

(for privacy), and sends the result
e A
(S ) to Alice. He need not send m as well; it can be computed from S.
Alice first decrypts the ciphertext with d A

to obtain S . She knows who is
the presumed sender of the signature. She then extracts the message with
the encryption procedure of the sender, in this case e B

(available on the
public file):
m = eB (S )
Where:
d B
: Bob's privet key, e A
: Alice's public key
d A
:Alice's privet key, e B
: Bob's public key
2.4.4 RSA Signature Algorithm

RSA Signature Algorithm finds the public and private keys of the
sender and the receiver in the same way of the RSA algorithm.
Encryption of the digital signature is using the private key of the sender
and the public key of the receiver [Tra92]. To verify the signature; decrypt
the signature with the sender’s public key [CGI04].
Sender A:
1. Choose two primes p and q , and compute n = p.q .
2. Choose e A
such that 1〈eA 〈ϕ (n) with gcd ( e A,
ϕ (n)) = 1 .
3. Calculate d A
such that e .d
A A
≡ 1modϕ (n) .
4. Keep d A
, p, q secret and publish ( e A , n ).
dA
5. Sign the message S ≡ (m) (mod n) .
6. Use receiver public key e B

to encrypt the message.
Receiver B [Tra92]:
1. Use the private key d B
to decrypts the cipher text to knows who is
the sender.
2. Extract the message with public key for the sender
m≡ Se A
(mod n ) .
2.5 Certificate
A certificate is a piece of information that proves the identity of a
public-key’s owner. Like a passport, a certificate provides recognized
proof of a person’s (or entity) identity [CGI04]. Certificates are signed and
delivered securely by a trusted third party entity called a Certificate
Authority (CA). As long as Bob and Alice trust this third party, the CA,
they can be assured that the keys belong to the persons they claim to be.
A certificate contains among other things:
1) The CA’s identity
2) The owner’s identity
3) The owner’s public-key
4) The certificate expiry date
5) The CA’s signature of that certificate
6) Other information
The recipient can now verify few things about the issuer to make
sure that the certificate is valid and belongs to the person claiming its
ownership:
1) Compare the owner’s identity
2) Verify that the certificate is still valid
3) Verify that the certificate has been signed by a trusted CA
4) Verify the issuer’s certificate signature, hence making sure it has not
been altered [Bar08].
2.6 Cryptanalysis
Cryptanalysis refers to the study of ciphers, ciphertext, or
cryptosystems (that is, to secret code systems) with a view to finding
weaknesses in them that will permit retrieval of the plaintext from the
ciphertext, without necessarily knowing the key or the algorithm. This is
known as breaking the cipher, ciphertext, or cryptosystem [Chr06].
Breaking is sometimes used interchangeably with weakening. This

refers to finding a property (fault) in the design or implementation of the
cipher that reduces the number of keys required in a brute force attack .
There are 4 basic steps in a typical cryptanalysis:
1. Determine the language being used.
2. Determine the system being used – this can be a time-consuming

stage in the process and involves counting character frequency,
searching for repeated patterns and performing statistical tests.
3. Reconstruct the system’s specific keys.
4. Reconstruction of the plain text – this step typically takes place at
the same time as the keys are reconstructed [Car07].
Below are some of the most common types of attacks:
• Known-plaintext analysis: With this procedure, the cryptanalyst

has knowledge of a portion of the plaintext from the ciphertext.
Using this information, the cryptanalyst attempts to deduce the key
used to produce the ciphertext [Dur02].
• Chosen-plaintext analysis (also known as differential

cryptanalysis): The cryptanalyst is able to have any plaintext
encrypted with a key and obtain the resulting ciphertext, but the
key itself cannot be analyzed. The cryptanalyst attempts to deduce
the key by comparing the entire ciphertext with the original

plaintext.
• Ciphertext-only analysis: The cryptanalyst has no knowledge of the

plaintext and must work only from the ciphertext. This requires
accurate guesswork as to how a message could be worded. It helps
to have some knowledge of the literary style of the ciphertext
writer and/or the general subject matter.
• Man-in-the-middle attack: This differs from the above in that it
involves tricking individuals into surrendering their keys. The
cryptanalyst/attacker places him or herself in the communication
channel between two parties who wish to exchange their keys for
secure communication. The cryptanalyst/attacker then performs a
key exchange with each party, with the original parties believing
they are exchanging keys with each other. The two parties then end
up using keys that are known to the cryptanalyst/attacker [Sch00].
This type of attack can be defeated by the use of a hash function.
Successful cryptanalysis is a combination of mathematics,

inquisitiveness, intuition, persistence, powerful computing resources –
and more often than many would like to admit – luck. However,
successful cryptanalysis has made the enormous resources often devoted
to it more than worthwhile: the breaking of the German Enigma code
during WWII, for example, was one of the key factors in an early Allied
victory.
CHAPTER
THREE
Chapter Three: Steganography Techniques 31
Steganography Techniques
3.1 Introduction
Steganography is the practice of hiding private or sensitive
information within something that appears to be nothing out of the
usual, it is often confused with cryptology because the two are
similar in the way that they both are used to protect important
information. The difference between the two is that steganography
involves hiding information so it appears that no information is
hidden at all.
If a person or persons view the object that the information is
hidden inside of, he or she will have no idea that there is any
hidden information, therefore the person will not attempt to decrypt
the information.
Steganography comes from the Greek word steganos which
literally means “covered” and graphia which means “writing”, i.e.
covered writing. In the modern day, the word usually refers to
information or a file that has been concealed inside a digital
picture, video or audio file [Hab06].
What steganography essentially does is exploiting human
perception, human senses are not trained to look for files that have
information hidden inside them, although there are programs
available that can do what is called steganalysis (detecting use of
steganography).
The most common use of steganography is to hide a file inside
another file.
3.2 Steganography Types

There are three main types of steganography as illustrated in
Figure (3.1).
Steganography
Pure Secret Key Public Key
Figure (3.1): Steganography types
(a) Pure Steganography

We call a steganographic system which does not require the
prior exchange of some secret information (like a stego – key).
(b) Secret Key Steganography

A secret key steganography system is similar to a symmetric
cipher: the sender chooses cover C and embeds the secret message
into C using a secret key K. If the key used in the embedding
process is known to the receiver, he can reverse the process and
extract the secret message. Anyone who does not know the secret
key should not be able to obtain evidence of the encoded
information [Bra00].
(c) Public Key Steganography

Public key steganography system requires the use of two keys,
one is private and the other one is a public key.
3.3 Kinds of Steganography

Almost all digital file formats can be used for
steganography, but the formats that are more suitable are those
with a high degree of redundancy. The redundant bits of an object
are those bits that can be altered without the alteration being
detected easily [Hop04]. Image and audio files especially comply
with this requirement, while research has also uncovered other file
formats that can be used for information hiding.
Figure (3.2) shows the four main categories of file formats
that can be used for steganography.
Steganography
Text Images Audio/video Protocol
Figure( 3.2): Categories of steganography
3.3.1 Hiding Information in Text

Text steganography using digital files is not used very often
since text files have a very small amount of redundant data. Given
the proliferation of digital images, especially on the internet, and
given the large amount of redundant bits present in the digital
representation of an image, images are the most popular cover
objects for steganography.
The term protocol steganography refers to the technique of
embedding information within messages and network control
protocols used in network transmission . In the layers of the OSI
network model there exist covert channels where steganography
can be used . An example of where information can be hidden is in
the header of a TCP/IP packet in some fields that are either

optional or are never used [Sid99].
3.3.2 Hiding Information in Images

When hiding information inside images the LSB (Least
Significant Bit) method is usually used. To a computer, an image
file is simply a file that shows different colours and intensities of
light on different areas of an image.
The best type of image file to hide information inside of is a
24 Bit BMP (Bitmap) image because it is the largest type of file
and it is normally of the highest quality. When an image is of high
quality and resolution it is a lot easier to hide and mask information
[Pas00].
Although 24 Bit images are the best for hiding information

inside of due to their size, some people may choose to use 8 Bit
BMP’s or possibly another image format such as GIF, the reason
being is that posting of large images on the internet may arouse
suspicion. It is important to remember that if you hide information
inside an image file and that file is converted to another image
format, it is most likely that the hidden information inside will be
lost.
3.3.3 Hiding Information in Audio Files

When hiding information inside audio files, the technique
usually used is low bit encoding which is some what similar to
LSB that is generally used in images [Ben04]. The problem with
low bit encoding is that it is usually noticeable to the human ear, so
it is a rather risky method for someone to use if they are trying to
mask information inside an audio file. Spread spectrum is another

method used to conceal information inside an audio file. This
method works by adding random noises to the signal, the
information is concealed inside a carrier and spread across the
frequency spectrum [Yam03].
Echo data hiding is yet another method of hiding
information inside an audio file. This method uses the echoes in
sound files in order to try and hide information, by simply adding
extra sound to an echo inside an audio file, information can be
concealed. The thing that makes this method of concealing
information inside audio files better than other methods is that it
can actually improve the sound of the audio inside an audio file.
3.4 Compression Techniques

Two kinds of compression are lossless and lossy. Both
methods save storage space but have different results, interfering
with the hidden information, when the information is
uncompressed. Lossless compression lets us reconstruct the
original message exactly; therefore, it is preferred when the
original information must remain intact (as with steganographic
images). Lossless compression is typical of images saved as GIF
(Graphic Interchange Format) and 8-bit BMP.
Lossy compression, on the other hand, saves space but may
not maintain the original image’s integrity. This method typifies
images saved as JPEG (Joint Photographic Experts Group). Due to
the lossy compression algorithm, which we discuss later, the JPEG
formats provide close approximations to high-quality digital
photographs but not an exact duplicate [Cur02].
3.5 Image and Transform Domain

Image, also known as spatial domain techniques, embed
messages in the intensity of the pixels directly, while for transform,
also known as frequency domain, images are first transformed and
then the message is embedded in the image. Figure (3.3) shows the
categories of image steganography.
The image formats that are most suitable for image domain
steganography are lossless and the techniques are typically
dependent on the image format [Sil00]. These methods hide
messages in more significant areas of the cover image, making it
more robust.
Steganography
Text Images Audio/video Protocol
Transform Domain Image Domain
JPEG Patchwork
Spread Spectrum LSB in BMP
Patchwork LSB in GIF
Figure (3.3): Categories of image steganography

3.6 Types of Image Domain
Least significant bit (LSB) insertion is a common, simple
approach of embedding information in a cover image [Dab04]. The
least significant bit (in other words, the 8th bit) of some or all of
the bytes inside an image is changed to a bit of the secret message.
When using a 24-bit image, a bit of each of the red, green and blue
colour components can be used, since they are each represented by

a byte. In other words, one can store 3 bits in each pixel [Hab06].
In its simplest form, LSB makes use of BMP images, since
they use lossless compression. Unfortunately to be able to hide a
secret message inside a BMP file, one would require a very large
cover image. Nowadays, BMP images of 800 × 600 pixels are not
often used on the internet and might arouse suspicion [Ben04]. For
this reason, LSB steganography has also been developed for use
with other image file formats.
GIF images, are other popular image file formats commonly
used on the internet. By definition, a GIF image cannot have a bit
depth greater than 8, thus the maximum number of colours that a
GIF can store is 256 .GIF images are indexed images where the
colours used in the image are stored in a palette. Each pixel is
represented as a single byte and the pixel data is an index to the
colour palette. The colours of the palette are typically ordered from
the most used colour to the least used colours to reduce lookup
time [Cha01]. GIF images can also be used for LSB steganography,
although extra care should be taken. The problem with the palette
approach used with GIF images is that if one changes the least
significant bit of a pixel, it can result in a completely different
colour since the index to the colour palette is changed. If adjacent
palette entries are similar, there might be little or no noticeable
change, but if the adjacent palette entries are very dissimilar, the
change would be evident. One possible solution is to sort the
palette so that the colour differences between consecutive colours
are minimized [Por02]. Another solution is to add new colours
which are visually similar to the existing colours in the palette.
This requires the original image to have less unique colours than
the maximum number of colours (this value depends on the bit

depth used). Using this approach, one should thus carefully choose
the right cover image. Unfortunately any tampering with the palette
of an indexed image leaves a very clear signature, making it easier
to detect. A final solution to the problem is to use grayscale
images. In an 8-bit grayscale GIF image, there are 256 different
shades of grey . The changes between the colours are very gradual,
making it harder to detect.
3.7 Types of Transform Domain

To understand the steganography algorithms that can be used
when embedding data in the transform domain, we must first
explain the type of file format connected with this domain. The
JPEG file format is the most popular image file format on the
internet, because of the small size of the images [Poy03], we
explain it in detail later.
During the DCT transformation phase of the compression
algorithm, rounding errors occur in the coefficient data that are not
noticeable. Although this property is what classifies the algorithm
as being lossy, this property can also be used to hide messages. It is
neither feasible nor possible to embed information in an image that
uses lossy compression, since the compression would destroy all
the information in the process. Thus it is important to recognize
that the JPEG compression algorithm is actually divided into lossy
and lossless stages [Ahu95]. The DCT and the quantization phase
form part of the lossy stage, while the Huffman encoding used to
further compress the data is lossless.
Patchwork is a statistical technique that uses redundant
pattern encoding to embed a message in an image . The algorithm
adds redundancy to the hidden information and then scatters it

throughout the image. A pseudorandom generator is used to select
two areas of the image (or patches), patch A and patch B . All the
pixels in patch A is lightened while the pixels in patch B is
darkened [Cac01]. A disadvantage of the patchwork approach is that
only one bit is embedded. One can embed more bits by first
dividing the image into sub-images and applying the embedding to
each of them . The advantage of using this technique is that the
secret message is distributed over the entire image, so should one
patch be destroyed, the others may still survive [Mor02].
In spread spectrum techniques, hidden data is spread
throughout the cover-image making it harder to detect [Cha01].
Spread spectrum communication can be defined as the process of
spreading the bandwidth of a narrowband signal across a wide
band of frequencies . This can be accomplished by adjusting the
narrowband waveform with a wideband waveform, such as white
noise. After spreading, the energy of the narrowband signal in any
one frequency band is low and therefore difficult to detect [Cac01].
In spread spectrum image steganography the message is embedded
in noise and then combined with the cover image to produce the
stego image. Since the power of the embedded signal is much
lower than the power of the cover image, the embedded image is
not perceptible to the human eye or by computer analysis without
access to the original image .
3.8 Conflicting Requirements

These requirements are mutually competitive and cannot be
clearly optimized at the same time. If one wants to hide a large
message inside an image, it is not possible, at the same time, to

reach absolute undetectability and large robustness. Thus, there
must be a trade-off between undetectability and robustness. Figure
(3.4) shows the trade-off among undetectability, capacity and
robustness. On the other hand, if robustness to large distortion is an
issue, the message that can be reliably hidden cannot be too long
[Cac01]. Capacity
Secure Copyright
Steganograph Marking
Undetectability Robustness
Figure (3.4): Trade-off among undetectability, capacity and

robustness
3.9 JPEG Standard Compression (colour image)
The key processing steps of JPEG standard are the heart of
the DCT–based of operation, figure (3.5) shows the baseline JPEG
encode [ITU92].
RGB Y Cb Cr
8*8
DCT Quant Zig-
Zag
Huffman
01101
Figure (3.5): Baseline JPEG encode

3.9.1 Image Transformation from RGB to YCbCr

Colour images are transformed from RGB into luminance /
chrominance colour space. The eyes are very sensitive to small
changes in luminance but not in chrominance, so the chrominance
part can later lose a lot of data, and thus be highly compressed, this
step is optional but important since the remainder of the algorithm
works on each colour component separately [Ala04]. Y component
is called luminance and (Cr and Cb) are called chrominance .
The following equations are used to compute the YCbCr values
from RGB .
Y = (77/256) R + (150/256) G + (29/256) B

Cb = -(44/256) R – (87/256) G + (131/256) B + 128 (3.1)
Cr = (131/256) R – (110/256) G – (21/256) B +128
The following equations are used to compute the RGB values from
YCbCr .
R = Y + 1.371 (Cr – 128)

G = Y – 0.698 (Cr – 128) – 0.336 (Cb –128) (3.2)
B = Y + 1.732 (Cb – 128)
3.9.2 Image Blocks

The pixels of each colour component are organized in groups
of (8 x 8) pixels (or data units). If the number of image rows and
columns is not a multiple of 8, the bottom row and the rightmost
column are duplicated as many times as necessary [TSC02].
3.9.3 DCT Stage

At the input to this stage, image samples are grouped into 8
x 8 blocks and inputted to the forward DCT (FDCT). At the output
from the encoder, the inverse DCT (IDCT) output 8 x 8 sample
blocks to form the reconstructed image. The DCT is given by
[Cha01]:
n −1 n −1
(2 x + 1)iπ ⎞ ⎛ (2 y + 1) jπ ⎞
cos ⎛⎜
1
G ij =
4 CC ∑ ∑ P
i j
x =0 y =0
xy
⎝ 16
⎟ cos ⎜
⎠ ⎝ 16
⎟ (3.3)
⎠
( P xy ) pixel in the block coefficients.
( Gij ) DCT coefficient.
x and y from 0 to n-1 (JPEG uses n = 8 , each block size equals 8 x

8 pixels).
The inverse transform is given by [TSC02]:
n −1 n −1
(2 x + 1)iπ ⎞ ⎛ (2 y + 1) jπ ⎞
cos ⎛⎜
1
P Xy = 4
∑∑ C C G
i =0 j =0
i j ij
⎝ 16
⎟ cos ⎜
⎠ ⎝ 16
⎟
⎠
(3.4)
Where:
1
C ,Ci j
=
2
(for i , j=0)
1, otherwise
The output of the FDCT is the set of 64 DCT coefficients.

The DCT coefficient values can thus be regarded as the relative
amount of the 2D spatial frequencies contained in the 64-point
input signal [Cha01]. The coefficient with zero frequency in both
dimensions is called the DC coefficient and the remaining are

called AC coefficients. This transformation provides no
compression at all of an image block, but simply changes the
representation of the source image [Sol01]. However, the
transformation usually gives a compaction of the energy of an
image block into a few coefficients. It must involve some loss of
information due to the limited precision of computer arithmetic.
This means that, even without the main lossy step, there will be
some loss of image quality, but it is normally small, and can be
neglected [Cac01].
3.9.4 Quantization Stage

Quantization, involved in image processing, is a lossy
compression technique achieved by compressing a range of values
to a single quantum value. When the number of discrete symbols in
a given stream is reduced, the stream becomes more compressible.
For example, reducing the number of colours required to represent
a digital image makes it possible to reduce its file size.
The human eye is fairly good at seeing small differences in
brightness over a relatively large area, but not so good at
distinguishing the exact strength of a high frequency brightness
variation. This fact allows one to get away with a greatly reduced
amount of information in the high frequency components. This is
done by simply dividing each component in the frequency domain
by a constant for that component, and then rounding to the nearest
integer. This is the main lossy operation in the whole process. As a
result of this, it is typically the case that many of the higher
frequency components are rounded to zero, and many of the rest
become small positive or negative numbers.
Quantization is defined as division of each DCT coefficient

by its step size T (i,j), followed by rounding to the nearest integer:
⎛ G ij ⎞
Q = integer_round ⎜ ⎟ (3.5)
ij ⎜T ⎟
⎝ ij ⎠
where (Qij) quantized DCT coefficient, (Tij) quantization value for

DCT coefficient Gij. Dequantization is the inverse function, which,
in this case, means simply that the normalization is removed by the
step size, which returns the result to a representation appropriate
for input to the IDCT [Sol01]:
IQ ij
= Q *T
ij ij
(3.6)
This is the step where the information loss occurs (in addition to
some unavoidable loss because of the finite precision calculations
in other steps). Table (3.2) shows Y component quantization table,
table (3.3) shows Cb and Cr component quantization table [TSC02].
Table (3.1): Luminance quantization

16 11 10 16 24 40 51 61
12 12 14 19 26 58 60 55
14 13 16 24 40 57 69 56
14 17 22 29 51 87 80 62
18 22 37 56 68 109 103 77
24 35 55 64 81 104 113 92
49 64 78 87 103 121 120 101
72 92 95 98 112 100 103 99
Table (3.2): Chrominance quantization

17 18 24 47 99 99 99 99
18 21 26 66 99 99 99 99
24 26 56 99 99 99 99 99
47 66 99 99 99 99 99 99
99 99 99 99 99 99 99 99
99 99 99 99 99 99 99 99
99 99 99 99 99 99 99 99
99 99 99 99 99 99 99 99
3.9.5 DC Coding and Zig-Zag Sequence

After quantization, the (DC) coefficient is treated separately
from the 63 (AC) coefficients. The (DC) coefficient is a measure of
average value of the 64 image samples [Sol01]. Because there is
usually strong correlation between the DC coefficients of adjacent
8 x 8 blocks.
3.9.6 Entropy Coding

The final DCT-based encoder-processing step is entropy
coding. This step achieves additional compression losslessly by
encoding the quantized DCT coefficients more compactly based on
their statistical characteristics. The JPEG proposal specifies two
entropy-coding methods: Huffman coding and arithmetic coding
[Kre04]. Huffman coding requires that one or more sets of Huffman
code tables must be specified by the application. The same tables

used to compress an image are needed to decompress it [Der06].
3.10 Embedding and Detecting

The first step in embedding and hiding information is to pass
both the secret message and the cover message into the encoder.
Inside the encoder, one or several protocols will be implemented to
embed the secret information into the cover message [Cha01]. The
type of protocol will depend on what information you are trying to
embed and what you are embedding it in. For example, you will
use an image protocol to embed information inside images. Figure
(3.6) shows a simple representation of the generic embedding and
decoding process in steganography. In this example, a secret image
is being embedded inside a cover image to produce the stego image
[Sol01].
Sender Receiver
Decrypt
Encrypt
Embed Extract
Stego key Stego key
Send to
Figure (3.6): Steganography mechanism
A key is often needed in the embedding process. This can be

in the form of a public or private key so you can encode the secret
message with your private key and the recipient can decode it using
your public key. In embedding the information this way, you can
reduce the chance of a third party attacker getting hold of the stego
object and decoding it to find out the secret information [Cac01].
Having passed through the encoder, a stego object will be
produced. A stego object is the original cover object with the secret
information embedded inside. This object should look almost
identical to the cover object as otherwise a third party attacker can
see embedded information. Having produced the stego object, it
will then be sent off via some communications channel, such as
email, to the intended recipient for decoding. The recipient must
decode the stego object in order for them to view the secret
information [Sol01]. The decoding process is simply the reverse of
the encoding process. It is the extraction of secret data from a stego
object.
In the decoding process, the public or private key that can
decode the original key that is used inside the encoding process is
also needed so that the secret information can be decoded.
Depending on the encoding technique, sometimes the original
cover object is also needed in the decoding process. After the
decoding process is completed, the secret information embedded in
the stego object can then be extracted and viewed [Cha01].
3.11 Performance Measures

Perfect steganography is that when one gets a stego-image
similar to the original cover. This may be impossible to reach,
when the cover changes to a stego-image, it gives the closest
criteria for the original cover [Yam03].
Determine the following criteria for both cover and stego-

object:
1. Energy
2.Variance
3. Entropy
Probability is one of statistical features, it provides information
about the characteristics of the colours level distribution for the
image [Cve05].
P( g ) = N ( g ) / M (3.7)
N (g): number of pixels with colour (g).

M : total number of pixels in an image
The embedding process should be defined in away that the
cover and the corresponding stego-object are perceptually similar.
3.11.1 Determine the Evaluation Criteria

1.Energy measures how the colours are distributed [Yam03].
L−1
Energy = ∑ [ p( g )]2 (3.8)
g =0
Where:
L: number of colours in an image
g : colour
P(g): probability of the colour
The energy measure has a maximum value, for an image
with a constant value and gets increasingly smaller as the pixel
values are distributed across more colour level values. By
comparing energy between the cover and the stego to see the
difference, there will be prefect stego when the difference in
energy is minimum.
2.Variance measures the contrast and it describes the spread of the

data. So a high constant image will have a high variance and a low
constant image will have a low variance [Cve05].
L−1 2
V ( g ) = ∑ (g − g ) p( g )
− (3.9)
g =0
Where:
g :stego colour
3. Entropy is a measure, which tells how many bits are needed to

code the image data and is given by:
L−1
Entropy = − ∑ [ p( g )] log [ p( g )] (3.10)
g =0 2
3.12 Objective Fidelity Criteria

lossy compression techniques cause some information
losses. Thus a use of fidelity criteria is required to measure the
amount of losses. Two kinds of fidelity criteria are normally used.
Subjective fidelity criteria: the subjective evaluation requires the
definition of qualitative scale to assess image quality. Human
subjective evaluation is used to determine the quality of the
reconstructed image relative to its original copy image. In order to
provide unbiased results, evaluation with subjective measures
requires careful selection of the test subjects and carefully designed
evaluation experiments.
In objective fidelity criteria (or objective evaluation), the level of

information loss is expressed as a function of the original image
and the decompressed image (it measures the amount of error in
the reconstructed decompressed image). Digital Signal Processing
and Information theory provide us with numerical metrics to
measure this error [Shi01].
To measure the difference between the original cover and
stego image we use:
Peak to Noise Ration ( PSNR), which expressed the following
equation [Gur03].
⎛ [ f (x, y)]2 ⎞
PSNR= 10log10 ⎜⎜ ⎟
⎟ (3.11)
⎝ MSE ⎠
Mean Square Error (MSE) is defined as [Shi01]:
1 m−1 n −1
MSE = ∑∑ [f ( x, y) − g( x, y)]2 (3.12)
mxn y=0 x =0
where f(x, y) and g(x, y) represent the input and the output image.
3.13 Detecting Steganography

The art of detecting steganography is referred to as
steganalysis. To put it simply, steganalysis involves detecting the
use of steganography inside of a file. Steganalysis does not deal
with trying to decrypt the hidden information inside a file, just
discovering it.
There are many methods that can be used to detect
steganography such as:
• Viewing the file and comparing it to another copy of the file

found on the internet (Picture File) [Kre04].
There are usually multiple copies of images on the internet,
so you may want to look for several of them and try compare the
suspect file to them. For example if you download a JPEG and
your suspect file is also a JPEG and the two files look almost
identical apart from the fact that one is larger than the other, it is
most probable your suspect file has hidden information inside it.
• Listening to the file [Cac01]. This is similar to the above
method used for trying to manually detect steganography in
picture files. If you are trying to detect hidden information
inside a MP3 audio file you will need to find an audio file to
compare it to that uses the same compression (MP3.) The
same applies to finding hidden information inside picture
files [Gon00].
3.13.1 Steganalysis
Steganalysis compares the properties of an unaltered file to
one that contains embedded information [Gur03].
Checking for file sizes and suspicious situations may work
in detecting the use of steganography, but do not provide any solid
evidence [Pas00].
3.13.2 Attacks to Steganographic Systems

A steganalysis “attack” represents the technique with which the
steganalyst attempts to recover, modify, or remove a stego
message. There exit 5 steganalysis attacks which are incidentally
derived from 4 cryptanalysis techniques: stego-only, known-cover,
known message, chosen stego, and chosen message. In the stego-

only method the steganalyst only has available the stego medium
or the finished stego product. This is by far the most difficult attack
approach since there is no starting point from which to start
extracting the hidden message [Bra00]. Attacks can be broadly
categorized although some attacks will fit into multiple categories:
• Basic Attacks
Basic attacks take advantage of limitations in the design of the
embedding techniques. Simple spread spectrum techniques, for
example, are able to survive amplitude distortion and noise
addition but are vulnerable to timing errors. It is possible to
alter the length of a piece of audio without changing the pitch
and this can also be an effective attack on audio files [Cum04].
• Robustness Attacks
Robustness attacks attempt to diminish or remove the presence
of a watermark. Although most techniques can survive a variety
of transformations, compression, noise addition, etc, they do not
cope so easily with combinations of them or with random
geometric distortions.
• Presentation Attacks
Presentation attacks modify the content of the file in order to
prevent the detection of the watermark [Bra00].
• Interpretation Attacks
Interpretation attacks involve finding a situation in which the
assertion of ownership is prevented . Robustness is usually used
to refer to the ability of the mark to survive transformations and

not resistance to an algorithmic attack. Therefore the definition
of robustness may not be sufficient [Cum04].
The steganographic attacks can be passive, when the attacker
is only able to analyze the information without changing it; or
active when the attacker can manipulate the data [Hab06]. These
attacks consist mainly of applying some sort of function that
modifies the structure or intensity of an image to destroy a possible
hidden message, although there is no evidence of its existence
[Ric03].
CHAPTER
FOUR
Chapter Four: System Design and Evaluation 54
System Design and Evaluation

4.1 Introduction
In this research, two techniques are available to those wishing to
transmit secrets using unprotected communications media. One is
cryptography, where the secret is scrambled and can be reconstituted only
by the holder of a key. The second method is steganography, where the
secret is encoded in another message in a manner such that, to the casual
observer, it is unseen. Steganography is often combined with
cryptography to provide an additional layer of security.
The JPEG format is currently the most common format for
storing image data. It is also supported by virtually all software
applications that allow viewing and working with digital images.
Recently, several steganographic techniques for data hiding in JPEG have
been developed.
The proposed algorithm depended on preparing the image data for
next steps (DCT, quantization) through embedding processes and using
two level of security RSA algorithm, and digital signature, later the stego
image is JPEG format. The secret message in this approach is plaintext,
digital signature, while the cover is a coloured image. The algorithm
results are submitted to many evaluating criteria to evaluate them, which
prove their efficiency and activity. The proposed algorithm of this thesis
can be divided into two main parts, hiding and extracting, each of them
can be further divided into a number of procedures, which were
performed in Delphi 5 program.
4.2 The Proposed Hiding System

This stage includes two parts; cryptography and steganography.
The cryptography part includes encryption of the secret message by using
a public key type RSA algorithm and the digital signature. The
steganography part includes hiding the secret message and digital
signature after converting them to stream of bits. Figure (4.1) shows the
block outline of this stage.
Secret Digital
message signature
Cover image
RGB
Encryption
Separation
R, G, B
Stream of bits
Hide stage
Save image
(stego image)
Figure (4.1): Embedding stage
4.2.1 Cryptography Stage

There are several types of asymmetric algorithms used in the
computing world today. They may have different internal mechanisms
and methods, but the one thing they do have in common is that they are
all asymmetric. This means that a key is used to encrypt a message
different from the key that is used to decrypt a message. RSA is a public
key algorithm that is the most understood, easiest to implement, and the
most popular when it comes to asymmetric algorithm.
4.2.1.1 RSA Algorithm

RSA involves a public and private key. The public key can be
known to everyone and it is used for encrypting messages. The public key
for the RSA algorithm is generated by the algorithm below. Figure (4.2)
shows the general description to find the public key for RSA algorithm.
The secret message in this work ends by (# ) to determine the end
of the message in an extracting stage. Each letter in the message is
converted to a decimal number by ASCII code, and encrypted by using
the public key. All the cipher numbers are converted to a stream of bits
each one consists of 12 bits.
Begin
Enter prime numbers

( p , q)
n= (p * q)
φ(n ) = ( p-1) * ( q-1 )
Enter e (1< e < φ(n ))
gcd No
(e, φ(n ) )=1
Yes
End
Figure (4.2): Generating public key

The public key needs two prime numbers to find (n and φ(n )). The
algorithm bellow is used to check if the number is prime or not.
Algorithm (4.1): Test of prime numbers

1- enter number (p)
2- f = 0
3- I = 2→ (p-1)
4- If ( p mod I ) = 0 ) then f = 1
5- Go to 3
6- If (f = 1 ) then go to 1
7- If ( f = 0 ) then ( p ) prime number.
The private key is used for decrypted messages. The private key
for the RSA algorithm is generated by the following algorithm (inverse
method). Figure (4.3) shows the general description to find the private
key for the RSA.
Begin
X1=1 X2=0 X3 = φ(n )

Y1=0 Y2=1 Y3 = e
Q = X3 div Y3
T1 = X1 – ( Q*Y1)
T2 = X2 – ( Q*Y2)
T3 = X3 – ( Q*Y3 )
X1=Y1 X2=Y2 X3= Y3

Y1=T1 Y2=T2 Y3=T3
No inverse Yes Y3 =0
D=0
No
Yes
Y3 >1
No
Yes
Y2 > 0 D = Y2 mod φ(n )
No
Y2 = Y2 + φ(n )
D = Y2
Yes
Y2 < 0
No
End
Figure (4.3): Inverse number (private key)

After finding these keys, the public key is used to encrypt the
secret message. The algorithm below shows the encryption of the secret
message. Figure (4.4) shows the general description to encrypt the secret
message by using the public key for the RSA.
Begin Secret message
Convert to a decimal
number (txt)
Convert e to a stream of bits ( h )
C=1
2
C = C mod n
No
h (bit = 1)
Yes
C = (C * txt ) mod n
No
End h
Yes
Cipher = C
No
End message
Yes
End
Figure (4.4): Fast exponentional

After converting the secret message to decimal numbers and

encryption by using the public key for the RSA algorithm, the result of
encryption must be converted to stream of bits, each one consists of 12
bits. The algorithm below explains how the cipher number is converted to
a binary form. Figure (4.5) describes the general steps to convert cipher
numbers to a stream of bits, each number consists of 12 bits.
Begin
C = number
Message (numbers) S='' B=''
No Yes
C mod 2 =0
S = S + '1' S = S + '0'
C = C div 2
No
C=0
Yes
Add '0' to S
B= reverse S
Cph = B
No
End
message
Yes
End Figure (4.5): Convert each no.

to 12 bits
60
4.2.1.2 Digital Signature

A major benefit of public key cryptography is that it provides a
method for employing digital signatures. Digital signatures let the
recipient of information verify the authenticity of the information’s
origin, and also verify that the information is not altered while in
transmitting. Thus, public key digital signatures provide an authentication
and data integrity. A digital signature also provides non-repudiation,
which means that it prevents the sender from claiming that he or she did
not actually send the information.
The digital signature in this work must be ended by the dot (.) to
determine the end of the digital signature in the extracting stage. Each
letter in the digital signature is converted to a decimal number by ASCII
code, and encryption by using the private key for the sender and the
public key for the receiver. All the cipher numbers are converted to a
stream of bits each one consists of 12 bits.
In the digital signature, find the public and private keys of the
sender and the receiver in the same way of the RSA algorithm.
Encryption of the digital signature is done by using the private key of the
sender and the public key of the receiver. The algorithm below shows the
encryption method for the digital signature. Figure (4.6) shows the
general description to encrypt the digital signature by using the private
key of the sender and the public key of the receiver.
Begin
Convert d to a stream of bits ( h1) Digital signature
Convert e to a stream of bits ( h2 ) Convert to a decimal number
C=1
2
C = C mod n1
No
h1i (bit = 1)
Yes
C = (C * dgt ) mod n1
No
End h1
Yes
N=C , C=1
2
C = C mod n2
No
h2i (bit = 1)
Yes
C = (C * N ) mod n2
No
End h2
Yes
Cipher = C
No
End signature
Figure (4.6): Encrypting

Yes
the digital signature
End
4.2.2 Steganography
Each steganographic method has its own advantages and
disadvantages. The 2-LSB method is clear, very simple to implement, and
if the encoded image is transmitted perfectly with no error, when it is
decoded, there will be no data lost in the text ( digital signature and
message). The disadvantages of the 2-LSB method lies in that if the form
of stego image is changed in any way ( resized or compression to JPEG ),
the entire text could be lost. The size of stego image is very high,
therefore it needs more time when it is transmitted via the internet.
The above disadvantages lead to suggest a new method to embed
text in the cover image. The new method used covers image bitmap (24
bit) and produces stego image JPEG format. The stego image in our case
is a small size, it needs less time when it is transmitted via the internet,
and if it is changed ( JPEG to bitmap or recompressed more than one
time) the entire text will be kept.
4.2.2.1 Least Significant Bits (2-LSB)

An extremely simple steganographic method is to take the
individual pixels in an image. Each of these pixels in an image is made up
of a string of bits. In this work, the 2-least significant bits from each
colour value in a cover image are taken to hold 2-bits of a secret message
by simply overwriting the data that was already there. The impact of
changing the 2-LSB bits is almost always entirely imperceptible.
The length of a message that is hidden in this method arrives to
thousands of characters ( often at 12 bits per text character). The cover
image is commonly stored in 24-bit files. Each pixel in an image consists
of 24 bit binary numbers, 8-bit for each colour (red, green, blue). In this
work, two adjacent pixels are used to hide one character.
The following steps describe the details of 2-least significant bits

steganography, in order to conceal secret messages and digital signatures
inside cover images.
1. Input a digital signature and convert each character to a decimal
number (ASCII code).
2. Compute the public and private keys of the sender to the digital
signature.
3. Compute the public and private keys of the receiver to the
digital signature.
4. Encrypt the digital signature (decimal number) by using the
private key of the sender and the public key of the receiver.
5. Convert the cipher from the digital signature to a stream of
binary bits, each number consists of ( 12 bits ).
6. Input the secret message and convert each character to a decimal
number (ASCII code).
7. Compute the public and private keys of the RSA algorithm.
8. Encrypt the secret message (decimal number) by using the
public key.
9. Convert the cipher of the secret message to a stream of binary
bits, each number consists of ( 12 bits ).
10. Combine the stream binary bits of the digital signature and the
secret message.
11. Input the cover image ( BMP format ).
12. Use two adjacent pixels to hide one character (decimal number).
13. Convert the colours value of cover image ( red, green, blue ) to a
stream of binary bits each value (8 bits) .
Test:
first pixels ( red = (130)10 = (10000010)2 )
( green = (180)10 = (10110100)2 )
( blue = (90)10 = (01011010)2 )

second pixels ( red = (137)10 = (10001001)2 )
( green = (178)10 = (10110010)2 )
( blue = (94)10 = (01011110)2 )
14. Put zero in the 2-LSB in each colour value.
Test:
first pixels ( red = (130)10 = (10000000)2 )
( green = (180)10 = (10110100)2 )
( blue = (90)10 = (01011000)2 )
second pixels ( red = (137)10 = (10001000)2 )
( green = (178)10 = (10110000)2 )
( blue = (94)10 = (01011100)2 )
15. Part the stream binary of each character to 6 parts each one
consists of 2-bits, 3 parts for one pixel .
Test:
character after encryption (326)10 = (00 01 01 00 01 10)2
B G R B G R
16. Add the secret text (digital signature and message) to the cover
image by applying OR operation.
Test:
red green blue
10000000 10110100 01011000
OR operation 10 01 00
-------------- ------------- --------------
10000010 10110101 01011000
red green blue

10001000 10110000 01011100
OR operation 01 01 00
-------------- --------------- ---------------

10001001 10110001 01011100
17. Convert the stream of binary bits after applying OR operation to

decimal numbers.
First pixel ( red = 130, green = 181, blue = 88 )
Second pixel ( red = 137, green = 177, blue = 92 )
18. Save the stego image.
Test 1:
The testing of this example is preformed by taking the secret text
(49927 characters) and the cover-image (352*288). Figure (4.7) shows
the cover image and the text before encryption and hiding. Figure (4.8)
shows the stego-image and the text after extracting and decryption. Table
(4.1) shows the PSNR( equation (3.11)), MSE (equation(3.12)) for each
colour , text length, and hiding time. Table (4.2) shows the entropy
(equation(3.10)), variance (equation (3.9)) and energy equation(3.8)) of
each colour in the cover and stego image.
Figure (4.7): Shows the cover-image and text before hiding
Figure (4.8): Shows the stego-image and text after extracting

Table (4.1): Results of the embedded differential length text

Text Hiding
Color PSNR MSE
length time
Red 44.32 db 1.55
49927 00:00:01
Green 44.15db 1.58
character Second
Blue 44.37db 1.54

Entropy variance Energy
color
cover stego Cover stego cover stego
Red 7.67 7.67 421.31 394.96 0.0228 0.023
Green 7.67 7.63 708.29 676.49 0.0215 0.0226
Blue 7.67 7.54 1227.98 1165.26 0.0212 0.0246
4.2.2.2 DCT Method

A more complex way of hiding a secret message inside an image
comes with the use and modifications of discrete cosine transformations.
Discrete cosine transformations(DCT) are used by the JPEG compression
algorithm to transform successive 8 x 8 pixel blocks of the image, into
64 DCT coefficients.
In this work one coefficient is used from each block (8 x 8) to hold
the bit called DC coefficient in position (0,0), by preparing the value of
pixels in the block until the DC coefficient becomes odd or even
dependent on the bit which is wanted to be hidden. Figure (4.9) shows the
general description of embedding messages and digital signatures in an
image. This work includes the following steps :
1. Load a colour image (bitmap format 24 bits), and part the colours
into the red, green, and blue.
2. Convert the image formula from RGB to YCbCr, equation(3.1).
3. Separate the image components Y, Cb, Cr into blocks, each one
consists of 64 pixels (8*8).
4. Transform each block (8*8) pixels to spatial frequency domain via
the forward DCT, equation(3.3).
5. Combine the stream of bits of the digital signature and the secret
message.
6. Embed the stream of bits in the cover image. In each block embed
one bit in the DC element. This step will be described in detail
later on.
7. Quantize these blocks with quantization coefficients. The DCT
coefficients are divided by their corresponding quantization
coefficients ( quantization table ) and rounded to the nearest
integer.
8. Quantize DCT coefficients by multiplying the same quantization
tables that are used in a compression stage to obtain DCT
coefficients.
9. Inversing DCT is applied in this step in each block, equation(3.4).
10. Reconstruct the image by combining all the blocks.
11. Transform the image formula from YCbCr to RGB, equation(3.2).
12. Save the stego image in JPEG format.
Begin
Cover image ( RGB )
Convert to ( YCbCr )
Secret Digital
Block 8 x 8 message Signature
Encryption
DCT stage
Stream of bits
Hiding stage
Quantize stage
Inverse quantize
Inverse DCT
Combine blocks
Convert to RGB ( stego image) End
Figure (4.9): Encoding and hiding digital signatures and texts
4.3 Hiding Bits

In this step, the text bits are embedding in the cover-image. After
inputting the text in the system, convert each letter in the text to a decimal
number and encrypt it and convert each one to a binary form. Figure
(4.10) shows the block diagram of hiding one bit in the block. Some steps
are implemented to embed the text bits. These steps are:
1. From each block (8*8) one DCT coefficient is chosen to hold the
bit. This coefficient is in position (0,0). Compute the quantize DC
coefficient ( dc ) .
dc = round (block (0,0) / 16 (4.1)
2. If (dc) is an odd number and the bit ('1'), or (dc) is an even number
and bit ('0'), no change happens in the original block pixels. Bring a
new block and a new bit to continue or work and hide them.
3. If (dc) is an odd number and the bit ('0'), or (dc) is an even number
and bit ('1'), there must be a change in the original block
coefficients until (dc) value satisfies the relationship in point (2).
How can be satisfied in this work.
Compute the new Quantize DC coefficient without rounding
(dc1).
dc1 = (block (0,0) / 16 (4.2)
If (dc > dc1 ) then find the different ( df ) between them. To

determine the number of pixels ( np ) that must be changed by
subtracting one to the original value through comparing (np)
with table (4.3). Table (4.3) shows the number of pixels that
must be changed, subtract or add depended on the number of
difference.
Df=dc-dcl (4.3)
Np=0.5-df (4.4)
If (dc1 > dc) then find the different ( df ) between them. To

determine the number of pixels ( np ) that must be changed by
adding one to the original value through comparing (np) with

a table contains how many numbers must be subtracted or
added corresponding to the difference between the two results.
df=dc1-dc (4.5)
np=0.5-df (4.6)
Table (4.3): Shows the amount added or subtracted of each block

Difference Amount
0.000-0.063 8
0.064-0.125 16
0.126-0.188 24
0.189-0.250 32
0.251-0.313 40
0.314-0.375 48
0.376-0.437 56
0.438-0.500 64
After subtracting or adding from the original coefficients

block work, the research employs the DCT in the same block
again.
4. Steps one, two and three continue with each block until hiding
all the bits.
Original coefficients block
60.83 66.07 68.07 73.01 92.16 119.12 132.03 130.12
Bits
61.05 68.05 71.00 72.00 81.37 96.97 108.35 109.97
( 1 0101010101…)
69.09 72.09 71.20 66.20 63.46 65.95 69.08 69.05
65.22 64.22 64.10 63.10 64.46 64.46 63.31 62.08
62.18 62.18 65.31 69.31 71.97 73.97 74.33 75.33
72.03 74.80 78.97 81.10 80.80 80.35 82.16 84.39
72.04 74.82 78.05 81.18 83.35 86.12 88.05 89.16
62.27 60.04 59.05 62.18 69.35 75.12 74.03 69.15
DCT stage
DCT coefficients
605.10 -62.22 7.41 3.21 -7.79 0.29 0.04 0.08
28.83 -39.44 14.03 0.04 -8.27 -0.28 -0.34 0.08
69.09 72.09 71.20 66.20 63.46 65.95 69.08 69.05
65.22 64.22 64.10 63.10 64.46 64.46 63.31 62.08
62.18 62.18 65.31 69.31 71.97 73.97 74.33 75.33
72.03 74.80 78.97 81.10 80.80 80.35 82.16 84.39
72.04 74.82 78.05 81.18 83.35 86.12 88.05 89.16
62.27 60.04 59.05 62.18 69.35 75.12 74.03 69.15
dc = (round ( 605.10 / 16 )) = 38
Yes
( dc = even)
& (bit='0')
bring new
bit and new
No
block
(dc= odd)
& (bit='1')
Yes
No
dc1= (605.10 / 16 ) = 37.81
1
Yes No
df = (dc – dc1 ) = 0.19 dc >dc1 df = (dc1 – dc )
np = ( 0.5 – df ) = 0.31 np = ( 0.5 – df )

No.
0.000 - 0.063 8
0.064 – 0.125 16
0.126 – 0.181 24
0.182 – 0.245 32
0.246 – 0.309 40
0.310 – 0.373 48
0.374 – 0.437 56
0.438 – 0.500 64
No. pixels must be change in No. pixels must be change in
original value (subtract 1) = 48 original value (add 1)
59.83 65.07 67.07 72.01 91.16 118.12 131.03 129.12

60.05 67.05 70.00 71.00 80.37 95.97 107.35 108.97
68.09 69.09 70.20 65.20 62.46 64.95 68.08 68.05
64.22 63.22 63.10 62.10 63.46 63.46 62.31 61.08
61.18 61.18 64.31 68.31 70.97 72.97 73.33 74.33
71.03 73.80 77.97 80.10 79.80 79.35 81.16 83.39
72.04 74.82 78.05 81.18 83.35 86.12 88.05 89.16
62.27 60.04 59.05 62.18 69.35 75.12 74.03 69.15
DCT stage
599.10 -62.22 7.41 3.21 -7.79 0.29 0.04 0.08

26.03 -39.44 14.03 0.04 -8.27 -0.28 -0.34 0.08
45.18 -47.87 8.84 7.39 -6.78 0.07 -0.56 -0.31
49.08 -33.58 0.39 -0.57 -0.25 0.04 0.15 -0.32
-20.52 -11.51 0.59 10.10 -0.73 0.22 0.58 0.01
9.01 6.22 -0.19 0.25 -0.16 -0.13 0.12 -0.02
-9.73 11.95 0.23 0.30 -0.35 0.32 -0.04 -0.00
0.73 0.29 0.40 -0.53 -0.11 0.34 0.07 -0.61
dc = (round ( 599.10 / 16 )) = 37 2
Figure (4.10): Shows block outline to hiding one bit in the block
4.4 Information about the Extracting Stage

This stage includes two parts, first extract bits from a stego image
and convert each group of bits (12 bits) to a decimal number, second
decrypt the decimal number to find the digital signature and the message.
Figure (4.11) shows the general description of extracting messages and
digital signatures from images. The extracting message and digital
signature stage include the following steps :
1.Load the stego image (bitmap 24 bits). This image contains the
digital signature and the secret message.
2. Convert the image formula from RGB to YCbCr.
3. Separate image components into blocks, each one consists of (8 x
8) pixels.
4. Transform each block (8 x 8) pixels to spatial frequency domain via
the forward DCT. This step is executed on the Y components only.
5. The fifth step includes:
♦ Extract the digital signature bits and convert each group (12 bits)
to decimal numbers and decrypt it by using a public key of the
sender and a private key of the receiver.
♦ Convert each number after decryption to a corresponding letter
until extracting all digital signatures.
♦ Extract the cipher text bits and convert each group (12 bits) to a
decimal number and decrypt it by using a private key of the RSA.
♦ Convert each number after decryption to corresponding letter
until extracting all plain text. This step will be described in detail.
6. Print the secret message and the digital signature.
Begin
Stego image (JPEG)
Convert to (bmp)
Convert to YCbCr
Block
(8 x 8) pixels
DCT stage
Extract stage
Digital signature
Print message
Print digital
signature
End
Figure (4.11): Decoding stage

4.4.1 Extracting Bits
In this stage, the bits are extracting from the stego-image. After
converting the stego-image from JPEG to BMP, convert the image form
RGB to YCbCr, separate the image components into blocks, each one
consists of (8 x 8) pixels and transform each block (8 x 8) pixels to
spatial frequency domain via the forward DCT. Figure (4.12) shows the
block diagram for extracting bits from the stego-image. Some steps are
implemented to extract the bits :
1. From each block the same DCT coefficients are used in

embedding stage choice to extract the bit. This coefficient is in
position (0, 0) in each block.
2. Divide the value in position (0,0) by 16 and round the result
called (dc) and inspect the result.
dc = round (block (0,0) / 16)
a. If the dc value equals odd numbers, this means one is

hidden in it.
b. If the dc value equals even numbers, this means zero is
hidden in it.
3. Convert each 12 bits to decimal numbers.
4. Decrypt the decimal number by using the receiver key of the
digital signature. Convert the result to a corresponding letter until
finding (.) that refers to end the digital signature.
5. After finding all the characters of the digital signature, decrypt
the decimal number by a private key ( RSA algorithm ) and
convert the number after the decryption stage to a corresponding
letter.
6. Steps one, two , three, four and five continue until finding the (#)
character that refers to the end of the text.
56.52 58.41 63.76 74.54 91.31 111.78 131.56 142.03

68.27 67.86 67.75 71.41 78.76 88.54 98.42 104.90
Original 68.48 67.25 65.73 64.50 63.86 64.63 66.41 67.41
coefficients 58.82 59.12 60.59 61.37 61.73 61.08 60.27 59.86

60.93 63.12 66.59 70.95 73.73 74.50 73.97 73.86
block
73.37 74.95 77.84 81.50 83.86 84.63 85.41 85.29
71.27 71.86 73.63 76.10 78.76 81.54 83.42 84.90
56.52 57.41 58.88 62.54 66.90 71.78 76.56 79.44
DCT stage
592.77 -66.03 9.64 -0.10 0.67 -0.00 -0.16 -0.10

23.84 -35.93 14.22 -0.26 -0.24 -0.05 0.07 0.06
DCT 41.91 -51.84 15.85 -0.28 -0.21 -0.11 -0.10 -0.14
coefficients 56.29 -34.23 0.14 0.21 0.08 -0.08 0.00 -0.02
-17.88 -22.07 -0.09 0.05 -0.01 -0.12 0.12 -0.01
0.21 0.06 -0.01 -0.17 -0.23 0.26 0.42 0.18
-0.29 0.19 -0.22 -0.32 -0.08 0.32 -0.24 0.10
0.00 -0.08 -0.17 -0.00 -0.08 -0.01 0.11 -0.18
dc = round ( 592.77 / 16 ) = 37
Yes No
(dc= odd number)
TX = TX + ' 1 ' TX = TX + ' 0 '
No Bring new block

TX = 12 bit and extract new
bit
Yes
Nm =Convert TX to decimal number
1
Decryption (Nm) Yes No Decryption (Nm)

by privet key End digital by receiver key
(RSA algorithm) signature digital signature
ch='.'
Find character (ch) Find character (ch)
No
Sign = Sign + ch
ch = ' # ' Text =text + ch
Yes
Bring new block and

Print the text &
extract new bit
digital signature
End
Figure (4.12): Shows the block diagram for extracting and printing text
Where Text : string contains the plain text.

Sign : string contains the digital signature.
dc : real value refers to the hiding bit.
TX : string [12] bits (obtain the extract bit from each block).
Nm : integer number.
Ch : character.
Test 1:
The testing of this example is performed by taking the secret text
(110 characters) and the cover-image (352*288). Figure (4.13) shows the
cover image and the secret message before encryption and hiding. Figure
(4.14) shows the stego-image and the text after extraction and decryption.
Table (4.4) shows the PSNR(equation(3.11)), MSE(equation(3.12)) of
each colour , text length, compression ratio and hiding time. Table (4.5)
shows the entropy(equation(3.10)), variance(equation(3.9)) and
energy(equation(3.8)) of each colour in the cover and stego image.


Text Compression Hiding
Colour PSNR MSE
length ratio time
Red 33.64db 5.3
110 00:00:04
Green 33.94db 5.12 14
character second
Blue 32.35db 6.15

color
Red 7.79 7.8 201.3 203.48 0.044 0.044
Green 7.55 7.56 239.07 232.34 0.057 0.056
Blue 6.64 6.74 1267.21 1319.23 0.185 0.166
Average 7.32 7.36 569.19 585.01 0.059 0.088
Test 2:
The testing of this example is preformed by taking the secret text
(120 characters) and the cover-image (352*288). Figure (4.15 ) shows the
cover image and the text before encryption and hiding. Figure (4.16)
shows the stego-image and the text after extraction and decryption. Table
(4.6) shows the PSNR, MSE for each colour , text length, compression
ratio and hiding time. Table (4.7) shows the entropy, variance and energy
of each colour in the cover and stego image.



Colour PSNR MSE
length ratio time
Red 28.08db 10.05
120 00:00:04
Green 29.16db 8.87 8
character Second
Blue 27.72db 10.48

colour
Red 7.63 7.6 100.91 102.77 0.05 0.051
Green 7.4 7.4 106.41 106.74 0.063 0.063
Blue 7.38 7.41 184.6 278.6 0.067 0.066
Average 7.47 7.47 130.64 162.70 0.06 0.06
4.5 System Implementation

The goal of this system is to embed the text and the digital
signature in a cover-image (BMP format) to produce the stego-image
(JPEG format).
System implementation accepts five inputs in the embedding stage:
1. Input the file (BMP format), cover-image.
2. Input the secret message.
3. Input the public key to encrypt the text.
4. Input the digital signature.
5. Input the public key to encrypt the digital signature.
System implementation accepts three inputs in the extracting stage:
1. Input the file (BMP format), contains the secret message.

2. Input the privet key to decrypt the text.
3. Input the privet key to decrypt the digital signature.
Figure (4.17) shows the block diagram of the proposed system
implementation .
4.5.1 System Requirements
The Microsoft Window XP or Millennium has been used as an
operation system, and Borland Delphi 5 as a programming language.
4.5.2 Design System

The proposed system is divided into five main parts, these parts
are: 1. Embedding message.
2.Extracting message.
3.Test before embedding.
4.Test after embedding.
5.Exit.
Main Screen
1. Embedding message
2. Extracting Message
3. Test before embedding
4. Test after embedding
5. Exit
Choice Op
No
Op <= 5
5 4 3 Yes 2 1
Exit Test after Test before Extracting Embedding
Load cover Load cover Load bmp Load bmp

& stego & stego image image
(jpeg, bmp) (jpg, bmp)
Enter signature Signature

PSNR key algorithm
PSNR
MES Enter RSA

MES RSA key algorithm
Energy Decryption text &

Energy Hiding stage
signature
Variance
Variance Print text & Save image
signature jpeg
Entropy
Entropy
Exit Exit
Comp. ratio
Comp. ratio
Exit
Hiding time
Exit
Figure(4.17):The block diagram of the system

4.5.3 System Steps

The proposed system starts operation with the form that refers to
the address of the proposed system and the supervised figure (4.18).
Figure (4.18): Address of the proposed system

Figure (4.19) asks the user to input the password to start the work with
the system.
Figure (4.19): Enter password

The figure (4.20) asks the user to choose the type of operation.
Figure (4.20): Starting a choice form

♦ Embedding Steps
The first of the proposed system, is embedding the message. This
choice will lead to five main choices ( Load Image BMP, Digital
Signature, RSA Algorithm, Embedding Stage and Save Image JPEG),
figure (4.21 ) shows the choice of the Embedding Steps.
Figure (4.21): The first choice (Load Image BMP)

• Load Image BMP

This option is used to load a cover image. The user can load this
image from the open picture dialog form from any location in the
computer. Figure (4.22),(4.23) shows the chosen image and the cover-
image.
Figure (4.22): Open picture dialog form
Figure (4.23): Cover-Image

• Digital Signature
This choice will lead to four main choices ( Load Signature,
Sender Key, Receiver Key and Encryption Signature). Figure (4.24)
shows the first choice load signature. This option is used to enter the
digital signature from the window after choosing the load signature
option.
Figure (4.24): Digital Signature
Sender Key
This option is used to enter the (p, q, e) that are used in the sender key in
encrypting the digital signature. Figure (4.25) shows this choice.
Figure (4.25): Sender key

Receiver Key
This option is used to enter the (p, q, e) used in the receiver key that are
used in the decryption of the digital signature. Figure (4.26) shows this
choice. Figure (4.27) shows keys that must be saved to be used in the
decryption stage for the digital signature.
Figure (4.26): Receiver key

Figure (4.27): Decryption signature
Encryption Signature
This option is used to encrypt the digital signature by using the public key
for the receiver. Figure (4.28) shows this choice.
Figure (4.28): Encryption signature

• RSA Algorithm
This choice will lead to three main choices ( Load Text, Public
Key, and Encryption Text). Figure (4.29 ) shows the first choice load text.
This option contains two choices (Text From File, Input Text).
Figure (4.29): Load text

Text from File, this option is used to load a text. The user can load this
text from the open dialog form, from any location in the computer. Figure
(4.30),(4.31) shows this option.
Figure (4.30): Load text from file

Figure (4.31): plain text

Input text, this option is used to enter the text directly. Figure (4.32)
shows this option.
Figure (4.32): Directly enter the text

Public Key
This option is used to enter the (p, q, e) that are used in the public
key used in encrypting the text. Figure (4.33) shows this choice.
Figure (4.33): Public key

Figure (4.34) shows private key that must be saved to be used in
decryption stage to find the plain text.
Figure (4.34): Private key

Encryption Text
This option is used to encrypt the text by using the public key.
Figure (4.35) shows this choice.
Figure (4.35): Encryption text

• Embedding Stage
This option is used to embed the text and the digital signature after
encrypting and converting each number to the binary form. Figure (4.36)
shows this option.
Figure (4.36): Embedding stage

• Save Image
This option can be used to save the stego-image. When the user
clicks on this option, the save picture dialog form will appear and asks the
user about the name and location that will be used to save the stego-
image (JPEG file format). Figure (4.37) shows the save picture dialog
form.
Figure (4.37): Save picture dialog form
♦ Extracting Message
The second step with the proposed system is extracting the
message. This choice will lead to five main choices (Load Stego Image ,
Enter Signature Key, Enter Private Key, Decryption Text and Print plain
Text). Figure (4.38) shows these options.
Figure (4.38): Extract text option

• Load Stego Image
This option is used to load a stego-image. The user can load this
image from the open picture dialog form, from any location in the
computer. Figure (4.39) shows an open dialog form, and figure (4.40)
shows the chosen image (stego-image).
Figure (4.39): Open picture dialog

Figure (4.40): Stego-Image

• Enter Signature Key
This option can be used to enter the key that is used to decrypt the
digital signature. When the user clicks on this option, an open window
appears to enter the numbers that refer to the key. Figure (4.41) shows the
enter key.
Figure (4.41): Enter key signature

• Enter Private Key

This option can be used to enter the key that is used to decrypt the
text. When the user clicks on this option, an open window appears to
enter the numbers that refer to the key. Figure (4.42) shows enter key.
Figure (4.42): Enter private key
• Decryption Text
This option can be used to decrypt the digital signature by using
keys and the decryption of the text by using the private key. Figure (4.43)
shows the decryption of the text option.
Figure (4.43): Decryption of the digital signature and text
• Print Plaintext and Digital Signature

This option can be used to print the plain text and the digital
signature after the decryption by using the special key. When the user
clicks on this option, a window will appear that contains the plain text
and the digital signature. Figure (4.44) shows the plain text and the digital
signature.
Figure (4.44): Plain Text and digital signature
♦ Test Before Embedding Message

The third step in this proposed system is testing before embedding
a message. This will reveal the results between the cover-image and
stego-image without embedding the message and the digital signature by
using PSNR (equation(3.11)), MES(equation(3.12)), entropy (equation
(3.10)),Variance(equation(3.9)), Energy(equation(3.8)) and compression
ratio. The test is executed for each colour and the compression ratio is
computed for the stego-image. Figure (4.45) shows these results.
Figure (4.45): Results without embedding the text and the signature
♦ Test After Embedding the Message

The fourth step in the proposed system is doing the test after
embedding the message. This step will reveal the results between the
cover-image and stego-image after embedding the message and the
digital signature signature by using PSNR(equation(3.11)),
MES(equation(3.12)), entropy(equation(3.10)), Variance(equation(3.9)),
Energy(equation(3.8)) and compression ratio. The test is executed for
each colour and the compression ratio is computed for the stego-image.
Figure (4.46) shows this result.
Figure (4.46): Results after embedding the text and the signature
4.6 Experiment Result

In these experiments, the secret message, the digital signature and
encrypting the message are used via the RSA algorithm. Figure (4.47)
explains the two secret messages.
A second method of communication, called Steganography

offers data protection in a somewhat different manner #
a: first secret message (109) characters
Encryption prevents an unauthorized party from discovering

the contents of a communication #
b: second secret message (93) characters
Figure (4.47 ): Secret Messages

Barrow and Lion bitmap images of size 352*288 are applied as cover
images. Figure (4.48) shows the two cover images.
a b
Figure (4.48): Cover Image

a: Barrow
b: Lion
Test 1:
In this experiment, the system that has been used to embed the
message contains (109) characters, and the digital signature contains (5)
characters. Figure (4.49) shows the embedding stage. Figure (4.50) shows
the extracting stage. Table (4.8) and (4.9) show the results of the
experiment.
Figure (4.49): Embedding Stage

Figure (4.50): Extracting stage
Table (4.8): Rresults of embedded differential length text

Colour PSNR MSE
length ratio time
Red 29.94db 8.11
109 00:00:04
Green 30.77db 7.37 10
character second
Blue 29.24db 8.79
Table (4.9): Results of embedded differential length text

Entropy Variance Energy
colour
Cover stego Cover stego cover stego
Red 7.77 7.76 174.23 185.72 0.043 0.044
Green 7.51 7.51 138.66 132.3 0.056 0.055
Blue 7.19 7.24 181.89 174.92 0.078 0.076
Average 7.49 7.50 164.92 164.31 0.059 0.058
Test 2:
In this experiment, the system that has been used to embed the message
contains (93) characters, and the digital signature contains (5) characters.
Figure (4.51) shows the embedding stage. Figure (4.52) shows the
extracting stage. Table (4.10) and (4.11) show the results of the
experiment.
Figure (4.51) The Embedding stage

Figure (4.52): The Extracting stage

Colour PSNR MSE
length ratio time
Red 28.48db 9.6
93 00:00:04
Green 28.93db 9.12 10
character second
Blue 27.63db 10.59

Entropy Variance Energy
colour
Cover stego Cover stego cover stego
Red 23.22 23.19 404.59 428.06 0.173 0.175
Green 21.86 21.87 324.39 314.38 0.257 0.258
Blue 20.8 20.88 490.51 510.22 0.331 0.331
Average 21.96 21.98 406.49 417.55 0.25 0.25
The table (4.12) shows the difference between 2-LSB and the proposed
hiding DCT method:
2-LSB The proposed hiding

DCT method
Hiding time very short Depends on the size of

an image
Security Weak Strong
Detection Suspicious Very difficult to be

suspected
Size Large Small
Transmitting Very slow Very fast

time
Table (4.12): The difference between 2-LSB and the proposed hiding
DCT method
CHAPTER
FIVE
Chapter five: Conclusion and Suggestions for Future Work 112
Conclusions and Suggestions for Future Work
5.1 Conclusions
The proposed system provides the JPEG method with the digital
signature and RSA cipher and hopes for a embedding text in an image. A
number of conclusions were derived from this study:-
1. we used cover images, size 352*288 and a secret message with

different lengths. The results explain :
• Compression ratio is different from an image to another
because of the different data given for each image.
• The PSNR value for the colour of images is between (27-
33).
• The PSNR value increases with the increase of the secret
message length.
• The MSE value of the colour of image is between (6-10).
• The hiding time of this image (352*288) is 4 seconds. The
hiding time increases with large images.
2. Steganography is not intended to replace cryptography but rather to

supplement it. If a message is encrypted and hidden with a
steganographic method it provides an additional layer of protection
and reduces the chance of the hidden message being detected.
3. The proposed system can be defined as asymmetric key

Steganography since it uses two keys, a secret key and a public key
between the sender and the receiver, in this system there is no need
for the knowledge of original cover in the extraction process.
4. In this system, we prove that if you hide information inside an

image file (BMP) and that file is converted to another image
format(JPEG), the hidden information will not be lost.
5. LSB in BMP is most suitable for applications where the focus is on

the amount of information to be transmitted and not on the secrecy
of that information, because LSB in BMP images are surely the
suspicion that might arise from a very large BMP image being
transmitted between parties. So we use JPEG, because it is suitable
for images that have to be communicated over an open system
environment like the Internet.
6. From the implementation we conclude that the proposed system is

very rapid in performing the extraction process and the size of the
embedded text does not affect the speed of the system very much.
7. The proposed system does not affect the image quality; we can say
it is not noticeable for human eyes. To prove this we show the
cover-image and the stego –image to a team of 15 persons to take
their opinion if there is any difference between the stego-image and
the cover-image and their answer that there is no difference
between both images.
8. The values of variance criteria are large in 2-LSB method than in

the proposed hiding DCT method. This means that the proposed
design is better than the 2-LSB, and helps to avoid suspecting the
attacker.
9. The energy criteria values between the cover and stego image in
the proposed hiding DCT method approximately are equal. This
helps to prevent suspecting the attacker.
10. The compression ratio depends on the data in an image itself, and
hiding time depends on the method of the steganography.
11. If use 8 bits to represent the character, this helps to hide more
characters in an image(352*288) but with a low security (length of
RSA key equals 256). Therefore, the researcher change the 8 by 12
bits to represent the character to get more security (length of RSA
key equals 4095 with the same size images).
5.2 Suggestions for Future Work

During the development of the proposed system, many suggestions
for future work emerged to increase the system efficiency; among these
suggestions are the following:
1. The method of embedding is DCT transform insertion, in the future
another embedding method should be employed like wavelet or
Sparta spectrum methods.
2. Improved systems to deal with video images and audio.

3. The Encryption method (RSA) could be replaced by other public

keys ciphering algorithm or by mixing two symmetric methods to
increase the security level.
4. Use the hash function with the digital signature.

References
References 116
References
[AAs00]
American Association,"Digital Signature Guidelines Tutorial",
Section of Science and Technology Information Security Committee,
ISSN 0453-3312, 2000.
[Ach98]
Achin C.,"An Information-Theoretic Model for Steganography".
MIT Laboratory for Computer Science 545 Technology Square.
Cambridge, USA, May 13, 1998. Lecture Notes in Computer Science,
Springer, p.p.101-555,1998.
[Ahu95]
Ahumada A., Horng R., "Smoothing DCT Compression Artifacts"
NASA Ames Research Center. Stanford University, LNCS # 537,
p.p.189-205, 1995.
[Ala04]
Alawy S., "Robust Information Hiding Techniques Using JPEG",
Master of Science in Computer Science, Iraq university, 2004.
[And82]
Andrew C., "Theory and Application of Trapdoor Functions",
Computer Science Division, University of California, Berkeley,
California 94720-0272, 1982.
[Ande98]
Anderson R. & Fabien A. P., "On The Limits of Steganography".
IEEE Journal of Selected Areas in Communications, Special Issue on
Copyright & Privacy Protection. ISSN 0733-8716, May 1998.
[Ash04]
Ashraf A.,"Comparative Analysis of Multi-Percicion Arithmetic
Libraries for Public key Cryptography" , thesis in M.Sc., George
Mason University, ISSN 0131-9212, 2004.
[Bar08]
Barker E. & Barker W., "Recommendation for Key Management
Part 2:Best Practices for Key Management Organization", NIST
Special Publication, ISSN 3502-4331, 2008.
References 117
[Ben04]
Bennett K., "Linguistic Steganography: Survey, Analysis, And
Robustness Concerns For Hiding information text", Master of
Science in Computer Science, Center for Education and Research in
Information Assurance and Security, 2004.
[Bena87]
Benaloh J.C., "Verifiable Secret-Ballot Elections". Ph.D. thesis, Yale
University, New Haven, YALEU/DCS/TR-561, 1987.
[Ber04]
Berger D.F., "A Scalable Architecture for Public Key Distribution
Acting in Concert with Secure DNS", Master of Science in Computer
Science, August 2004.
[Bra00]
Brainos A.C., "A Study of Steganography and The Art of Hiding
Information", Master of Science in Computer Science, East Carolina
University, 2000.
[Cac01]
Cacciaguerra S. & Ferretti S., "Data Hiding: Stganography and
Copyright Marking". Department of Computer Science, University
of Bologna Mura A. Zamboni 7, 40127 Bologna, Italy, 2001.
[Can07]
Canniere C., "Analysis and Design of Symmetric Encryption
Algorithms", Master in Computer Science, Katholieke Universities
Leuven (Бельгия), Department of Electrical Engineering, the degree
of doctor, 2007.
[Car07]
Carter B. & Magoc T., "Classical Ciphers and Cryptanalysis",
London University, Department of computer science, September 11,
p.p.173-206, 2007.
[CGI04]
CGI Group Inc., "Public Key Encryption and Digital Signature",
Received 2/6/2004, Accepted 13/8/2004.
[Cha01]
Chandramouli R., Kharrazi M. & Memon N., "Image Steganography
and Steganalysis: Concepts and Practice", Department of Electrical
References 118
and Computer Engineering Stevens Institute of Technology,

Hoboken, NJ 12345,USA,2001.
[Chr06]
Christensen C., "Cryptography of the Vigenère Cipher", MAT/CSC
483, Master in Computer Science, 2006.
[Con07]
Conrad E., "Explanation of the Three Types of Cryptosystems",
February 6th, London University, ISSN 0521-8521, 2007.
[Cum04]
Cummins J., Diskin P., Lau S.& Parlett R., "Steganography and
Digital Watermarking". School of Computer Science. The University
of Birmingham, LNCS # 222, p.p. 100-212, 2004.
[Cur02]
Currie D.L. & Irvine C.E., "Surmounting the Effects of Lossy
Compression on Steganography". Fleet Information Warfare Center
and Computer Science Department , NAB Little Creek, LNCS # 193,
p.p. 601-334, 2002.
[Cve05]
Cvejic N. & Seppnen T., "Watermark Bit Rate in Diverse Signal
Domains". World Academy of Science. Engineering and Technology,
Received 3/3/2005, Accepted 11/6/5.
[Dab04]
Dabeer O., Sullivan K., Chandrasekaran S. & Manjunath B. S.,
"Detection of Hiding in the Least Significant Bit", IEEE.
Transactions on Signal Processing, VOL. 52, NO. 10, October, 2004.
[Dav05]
Davidson L. and Paul G., "Locating Secret Messages in Images",
Computer Science, SUNY Albany, 1400 Washington Avenue, Albany,
NY 12222, (2009),USA.
[Der06]
Dereich S. & Scheutzow M., "High-resolution quantization and
entropy coding for fractional Brownian motion". Institut four
Mathematic, TU-Berlin, p.p.509-404, 2006.
References 119
[Dun02]
Dunbar B., "A detailed Look at Steganographic, Techniques and
their use in an Open-Systems Environment" SANS Institute 2002,
As part of the Information Security Reading Room, 01/18/2002.
[Dur02]
Durfee G., "Cryptanalysis Of RSA Using Algebraic And Lattice
Methods", Master in Computer Science, June 2002.
[Dwo01]
Dworkin M., "Recommendation for Block Cipher Modes of
Operation Methods and Techniques", NIST Special Publication 800-
38A Edition, 2001.
[Esc00]
Escalante R.M., "Socio-Legal Issues Affecting the Use of Digital
Signatures for Secure E-commerce Transactions", Master in
computer Science, A Caribbean Perspective University of the West
Indies, Trinidad, 2000.
[Fri03]
Fridrich J. and Goljan M., "Digital image steganography using
stochastic modulation", Department of Electrical and Computer
Engineering, SUNY Binghamton, Binghamton, NY, 13902-6000,
USA,2003.
[Gay06]
Gayyar M.E., "Watermarking Techniques Spatial Domain Digital
Rights Seminar", thesis submitted for the partial fulfillment of the
degree of doctor of philosophy in Mathematics Media Informatics
University of Bonn Germany, 2006.
[Gol01]
Goldreich O., "Foundations of Cryptography: Basic Tools",
Cambridge University Press, Master in Computer Science, 2001.
[Gon00]
González F.P. & J. Hernández, "A tutorial On Digital
Watermarking, Dept. Technology Communications, Spain, LNCS #
104, p.p. 66-12, 2000.
References 120
[Gur03]
Gurijala A. & Deller J.R.,"Watermarking with Objective fidelity
And Robustness Criteria", Michigan State University, Department of
Electrical & Computer Engineering / 2120 EB East Lansing, MI
48824 USA,2003.
[Hab06]
Habes A., "Information Hiding in BMP image Implementation,
Analysis and Evaluation". Thesis: Master in Computer Science,
Saint Petersburg Institute for Informatics and Automation. Russian
Academy of Sciences, February 26, 2006.
[Ham02]
Hamami, M., "Information Hiding attack in Image" , Master in
Computer Science, Iraqi commission for computer &Informatics,
Informatics Institute for Postgraduate Studies 2002.
[Hop04]
Hopper H., "Toward a theory of Steganography", School of
Computer Science, Carnegie Mellon University, CMU-CS-04-157,
July 2004.
[ITU92]
International Telecommunication Union, "Information Technology-
Digital Compression and Coding of Continuous-Tone Still Images
Requirements and Guidelines, Recommendation T.81,1992.
[Ibr07]
Ibraheem A., " Hiding Data Using LSB-3", Dept. of Computer
Science, College of Education, University of Basrah, Basrah, Iraq.
ISSN 2695 1817, Received 5/3/2007 , Accepted 19/9/2007.
[Jos02]
Jose S., "Key Recovery and Message Attacks on NTRU-Composite",
Master in Computer Science, DoCoMo Communications
Laboratories USA, Inc. USA, 2002.
[Kak09]
Kak A., " Classical Encryption Techniques", Avinash Kak, Purdue
University, p.p.350-105, 2009.
References 121
[Kre04]
Krenn J., "Steganography and Steganalysis", London university,
LNCS # 969, p.p. 25-98, Received 3/1/2004 , Accepted 15/8/2004.
[Kum03]
Kumar M., "Cryptographyic Study of Some Digital Signature
Schemes", a thesis submitted for the partial fulfillment of the degree
of doctor of philosophy in Mathematics, 2003.
[Lai01]
Lai M. K., "Knapsack Cryptosystems: The Past and the Future",
Department of Information and Computer Science University of
California, LNCS # 661, p.p. 88-11, 2001.
[Mat98]
Matsui M., "Linear Cryptanalysis Method for DES Cipher", Master
in Computer Science, Computer & Information System Laboratory,
Mitsubishi Electric Corporation 5-1-1, Japan – 1998.
[Meh99]
Mehuron W., "Data Encryption Standard (DES)", U.S. Department
Of Commerce / National Institute of Standards and Technology,
LNCS # 510, p.p. 17-22, October 1999.
[Mor02]
Morkel T., Eloff J.H.P.& Olivier M.S.,"An overview of Image
Steganography", Information and Computer Security Architecture
(ICSA)Research Group Department of Computer Science, University
of Pretoria, Pretoria, South Africa, LNCS # 410, p.p. 88-81, 2002.
[Naj09]
Naji A. and Zaidan A., "Cryptography and Steganography",
IJCSNS International Journal of Computer Science and Network
Security, Electrical and Computer Engineering Department,
International Islamic University Malaysia, 53100 Gombak, Kuala
Lumpur, Malaysia. VOL.9 No.5, May 2009.
[Ora98]
Oranchak D., "Evolutionary Algorithm for Decryption of
Monoalphabetic Homophonic Substitution Ciphers Encoded as
Constraint Satisfaction Problems", NTU School of Engineering and
Applied Science Roanoke, VA 24018, 1998.
References 122
[Pas00]
Pastorfide E. & Flores G. A., "An Image Steganography Algorithm
for 24-bit Color Images Using Edge-Detection Filter", CMSC 190
Special Problem, Institute Of computer Science, p.p.112-208, 2000.
[Por02]
Por L.Y., Lai W.K., and Alireza Z., "A Comprehensive
Steganographic Tool Using Enhanced LSB Scheme", Faculty of
Computer Science and Information Technology University of
Malaya, LNCS # 125, p.p. 26-71, 2002.
[Pou98]
Poupard G. & Stern J., "Security analysis of practical
authentication, and signature generation, Advance in Cryptology" ,
Eurocrypt - 98, LNCS # 1403, p.p. 422 - 436 Springer Verlag, 1998.
[Poy03]
Poynton C., "YUV and luminance considered harmful", Received
1/2/2003, Accepted 22/8/2003.
[Ric03]
Richer P., "Steganalysis: Detecting hidden information with
computer forensic analysis", This paper is from the SANS Institute
Reading Room site, SANS Institute,2003.
[Rit06]
Ritter T., "Learning About Cryptography, A Basic Introduction to
Crypto", LNCS # 758, p.p. 37-44, January 2006.
[Riv99]
Rivest R., Shamir A., & Adleman L., " A Method for Obtaining
Digital Signatures and Public-Key Cryptosystems", Computer
Science, Massachusetts Institute of Technology, Cambridge, 1999.
[Rob01]
Robila S., "Steganography (Steganalysis)", Victor Habrahamashon
Institute, CMPT-495,2001.
[Sch00]
Schneier B., "Cryptanalysis", 2000.
http://www.bletchleypark.net/cryptology/cryptanalysis.html.
References 123
[Seb89]
Seberry J. & Pieprzyk J., "Cryptography: An Introduction to
Computer Security", Prentice-Hall, Received 12/5/1989, Accepted
13/11/1989.
[SEF02]
The Shodor Education Foundation, Inc, "RSA Cryptology", This
project is supported, in part, by the National Science Foundation ,
LNCS # 950, p.p. 86-91, 2002.
[Sha02]
Sharma N., Bhatia J. S.& Gupta N., "An Encrypto-Stego Technique
Based Secure Data Transmission System", LNCS # 123, p.p. 58-19,
2002.
[Shi01]
Shih T.Y. & Liu J.K., "On the Performance of JPEG2000 for Aerial
Photo Compression", Department of Civil Engineering National
Chiao-Tung University, Received 21/6/2001, Accepted 9/12/2001.
[Sid99]
Siddiqui K.,"Covert Channels Over TCP/ IP & Protocol
Steganography : A Survey", Master in Computer Science, Lahore
University of Management Sciences, 1999.
[Sil00]
Silva E., "The Best Transform in the Replacement Coefficients and
the Size of the Payload Relationship Sense", Master in Computer
Science, Department of Electrical and Computer Engineering, Tufts
University Medford, MA, USA, 2000.
[Sol01]
Solanki K., Sullivan K., Madhow U. & Manjunath B. S., "Provably
Secure Steganography: A Chie Ving Zero K-L Divergence Using
Statistical Restoration", Dept. of Electrical and Computer
Engineering University of California at Santa Barbara, LNCS # 324,
p.p. 21-11, 2001.
[Ste01]
Steffen A., "Secure Network Communication Part II Public Key
Cryptography", LNCS # 999, p.p. 20-10, Received 2/12/2000,
Accepted 11/4/2001.
References 124
[Tra92]
Trappe W. & Washington L., " Introduction to cryptography with
coding theory", New Jersey: Prentice Hall, Rivest R. MD5, 1992.
Algorithm[Online]Available:
http://www.kleinschmidt.com/edi/md5.htm.
[TSC02]
Technical Standardization Committee on AV & IT Storage Systems
and Equipment, "Exchangeable image file format for digital still
cameras", Exif Version 2.2, Published by Japan Electronics and
Information Technology Industries Association, Established in April,
LNCS # 870, p.p. 80-99, 2002 .
[Uru01]
Uruba I., "Hiding Text in Image" M.Sc. Thesis, University of
technology, Computer Science Department, London University,
2001.
[Wei01]
Weise J., "Public Key Infrastructure Overview", Global Security
Practice, Sun Blue Prints, OnLine:
ttp://www.sun.com/blueprints, Part No.: 816-1279-10, August
2001.
[Wri99]
Wright D., "Public-key cryptography", Department of Computer
Science, University of London, LNCS # 110, p.p. 76-20, December 19,
1999.
[Yam03]
Yamane A., Iyota T., Choi Y., Kubota Y. & Watanabe K., "A Study
on Propagation Characteristics of Spread Spectrum Sound Waves
Using a Band-Limited Ultrasonic Transducer", Faculty of
Engineering, Soka University, Received October 20, 2003; accepted
December 5, 2003.
‫ﻣﺴﺘﺨﻠﺺ اﻟﺒﺤﺚ‬
‫ﻟﻘﺪ ﺷﻬﺪ ﻋﺎﻟﻤﻨﺎ اﻟﺤﺪﻳﺚ ﺛﻮرة ﻓﻲ ﻋﺎﻟﻢ اﻟﻤﻌﻠﻮﻣﺎت اﻟﺮﻗﻤﻴﺔ اﻟﺘﻲ ﺗﺮآﺖ ﺁﺛﺎرهﺎ ﻋﻠﻰ ﻣﺠﺘﻤﻌﺎﺗﻨﺎ‬
‫وﺣﻴﺎﺗﻨﺎ‪ .‬وﻓﻲ ﻣﻘﺎﺑﻞ ذﻟﻚ‪ ،‬ﺑﺮزت ﺗﺤﺪﻳﺎت آﺜﻴﺮة ﺗﻤﺜﻠﺖ ﻓﻲ ﺳﻬﻮﻟﺔ اﻟﻮﺻﻮل إﻟ ﻰ ﺗﻠ ﻚ اﻟﻤﻌﻠﻮﻣ ﺎت‬
‫وآﺸﻔﻬﺎ‪ ،‬ﺧﺎﺻﺔ إذا ﻣﺎ ﻋﻠﻤﻨﺎ أن ﻗﺴﻤﺎ ﻣﻨﻬﺎ ذات أهﻤﻴﺔ آﺒﻴﺮة وﺗﺘﻄﻠﺐ اﻟﺤﻤﺎﻳ ﺔ واﻟ ﺴﺮﻳﺔ ﻷﺳ ﺒﺎب‬
‫ﻣﺘﻨﻮﻋ ﺔ‪ .‬وﻣ ﻦ اﺟ ﻞ اﻟﺤﻔ ﺎظ ﻋﻠ ﻰ اﻟﻜﺜﻴ ﺮ ﻣ ﻦ ه ﺬﻩ اﻟﻤﻌﻠﻮﻣ ﺎت واﻟﺒﻴﺎﻧ ﺎت اﻟﺘ ﻲ ﺗﺘﻄﻠ ﺐ اﻟ ﺴﺮﻳﺔ‪،‬‬
‫ﺑﺮزت اﻟﺤﺎﺟﺔ إﻟﻰ اﺧﺘﺮاع أﻧﻈﻤﺔ ﺣﻤﺎﻳﺔ‪ ،‬وﻣﻦ ﺑﻴﻨﻬﺎ ﻣﻮﺿ ﻮع ﺑﺤﺜﻨ ﺎ اﻟ ﺬي ﻳﺘﻨ ﺎول دراﺳ ﺔ وﺑﻨ ﺎء‬
‫ﻧﻈﺎم ﻣﻘﺘﺮح ﻣﻦ ﺷﺎﻧﻪ اﻟﻘﻴﺎم ﺑﻬﺬﻩ اﻟﻤﻬﻤﺔ‪.‬‬
‫وﻣﻦ أﺟﻞ ﺿﻤﺎن ﺳﺮﻳﺔ أآﺜﺮ ﻟﻠﺒﻴﺎﻧﺎت وﺻﻌﻮﺑﺔ آﺸﻔﻬﺎ‪ ،‬ﻓﻘﺪ ﺣﺎوﻟﻨﺎ اﻗﺘﺮاح ﻧﻈﺎم ﻳ ﺪﻣﺞ ﻣ ﺎ ﺑ ﻴﻦ‬
‫اﻟﺘﺸﻔﻴﺮ واﻹﺧﻔﺎء ﻣﻦ أﺟﻞ إﺿﺎﻓﺔ ﻣﺴﺘﻮﻳﺎت أﻣﻨﻴﺔ أﺧﺮى‪.‬‬
‫ﻳﻌﺘﻤ ﺪ ﻧﻈﺎﻣﻨ ﺎ اﻟﻤﻘﺘ ﺮح ﻋﻠ ﻰ ﺗﻬﻴﺌ ﺔ ﺑﻴﺎﻧ ﺎت اﻟ ﺼﻮر ﻟﻠﺨﻄ ﻮة اﻟﺘﺎﻟﻴ ﺔ )‪(DCT,Quantization‬‬
‫ﻣ ﻦ ﺧ ﻼل ﻋﻤﻠﻴ ﺔ اﻹﺧﻔ ﺎء واﺳ ﺘﺨﺪام ﻣ ﺴﺘﻮﻳﻴﻦ ﻣ ﻦ اﻷﻣﻨﻴ ﺔ‪ :‬ﺧﻮارزﻣﻴ ﺔ أل ‪ RSA‬واﻟﺘﻮﻗﻴ ﻊ‬
‫اﻟﺮﻗﻤﻲ‪ ،‬وﻣﻦ ﺛﻢ ﻧﺨﺰن اﻟﺼﻮرة ﻋﻠﻰ ﺷﻜﻞ ‪ JPEG‬وﻓﻲ هﺬﻩ اﻟﺤﺎﻟﺔ ﺗﻜﻮن اﻟﺮﺳﺎﻟﺔ اﻟ ﺴﺮﻳﺔ ﻧ ﺼﺎ‬
‫ﻋﺎدﻳ ﺎ ﻣ ﻊ ﺗﻮﻗﻴ ﻊ رﻗﻤ ﻲ‪ ،‬ﺑﻴﻨﻤ ﺎ ﻳﻜ ﻮن اﻟﻐﻄ ﺎء ﺻ ﻮرة ﻣﻠﻮﻧ ﺔ‪ .‬وﻋﻨﺪﺋ ﺬ‪ ،‬ﻓ ﺎن ﻧﺘ ﺎﺋﺞ اﻟﺨﻮارزﻣﻴ ﺔ‬
‫ﺗﺨ ﻀﻊ ﻟﻌ ﺪة ﻣﻌ ﺎﻳﻴﺮ ﻟﺘﻘﻴﻴﻤﻬ ﺎ ﺗﺜﺒ ﺖ آﻔﺎﻳ ﺔ ه ﺬﻩ اﻟﺨﻮارزﻣﻴ ﺔ وﻓﻌﺎﻟﻴﺘﻬ ﺎ‪ .‬وﻋﻠﻴ ﻪ ﻓ ﺈن اﻟﺨﻮارزﻣﻴ ﺔ‬
‫اﻟﻤﻘﺘﺮﺣﺔ ﻟﻬﺬا اﻟﺒﺤﺚ ﻳﻤﻜﻦ ﺗﻘﺴﻴﻤﻬﺎ إﻟﻰ ﻗﺴﻤﻴﻦ رﺋﻴﺴﻴﻴﻦ‪ :‬إﺧﻔﺎء اﻟﻨﺺ ﻣﻦ اﻟﻤﺮﺳ ﻞ‪ ،‬وﻓﺘﺤ ﻪ ﻣ ﻦ‬
‫اﻟﻤﺴﺘﻠﻢ‪ .‬وآ ﻞ واﺣ ﺪ ﻣ ﻦ ه ﺬﻳﻦ اﻟﻘ ﺴﻤﻴﻦ ﻳﻤﻜ ﻦ ﺗﻘ ﺴﻴﻤﻪ إﻟ ﻰ ﻋ ﺪة إﺟ ﺮاءات ﻳﻘ ﻮم ﺑﺄداﺋﻬ ﺎ ﺑﺮﻧ ﺎﻣﺞ‬
‫‪.Delphi 5‬‬
@@
@™í—ä@öbÑ‚gì@Ñ“m@Õà@Öïjmì@âïá—m
@ @bà@òŠí–@À
@óïäbáïÝÜa@óÉàbu@O@óïbýa@óïiÜa@óïÝØ@Ýª@¶a@óà‡Õà@óÜbŠ
@ @pbjbä@ãíÝÈ@À@nub¾a@óuŠ†@Þïä@pbjÝnà@æà@övØ
@ @@ÞjÔ@æà
@ @ôÑ—àîÉÜa@‡jÈ@õ‡ä
@ @@Óa‹’g@o¥
@@ ‡jÈ@çbáÝ@ÞšbÐ@N†
@ @Ãbj’@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ßìýa@ÊïiŠ@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@óïŠ
2010@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@1431@@@@@@@@@@@@@@@@ @@ @@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @2709
@@óØòìóåï
ÜüÙŽïÜ@õómŠíØ@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@
@aìóØ@ç†Šbàˆ@õŠbïäaŒ@ôäbéïu@óÜ@ôåïi@òìóîü‚ói@ôÙŽï’Šü’@çbáŽîíä@ôäbéïu@@ @@@
@òìó÷@ ŠójàaŠóióÜ@ L@ òŠbî†@ òìóäb¹bîˆ@ ì@ çb¹bØóÜóàüØ@ Šóói@ çbîó−óq@ æŽîí’
@ìóäbîŠbïäaŒ@ ìó÷@ üi@ ´“îó @ ôäbb÷ói@ óÜ@ a‡Üóè@ õŠó@ ŠûŒ@ ôØóïîŠbÙnÜóèŠói
@ì@çŠûŒ@ôØóïïÙä‹ @çòìb‚@çbïÙï’ói@aìóØ@çbáïäaŒ@Šó ó÷@ômójîbmói@L@ôån‚Šò†
@bu@ N@ æ’óšóàóè@ ôØóîüè@ ‡äóš@ ŠóióÜ@ óîóè@ òìóånaŠbq@ ì@ Žïéä@ ói@ ônîíŽïq
@ônîíŽïq@ óïïåŽïéä@ ói@ çbïnîíŽïq@ aìóØ@ óäbîŠbïäaŒ@ ãóÜ@ ŠûŒ@ ôånaŠbq@ õìbåŽïqóÜ
@ômóibi@ a‡äbîíŽïäóÜ@ L@ a‡ Üóè@ õŠó@ ´aŠbq@ ôäbØóàónï@ õòìóåîŒû†
@Žôäaíni@óØ@òìa‹Ø@Œbïå“Žïq@ôÙŽïàónï@ôä†‹Øbåïi@ìòìóåï ÜüÙŽïÜ@óØ@çbàóØòìóåïÜüÙŽïÜ
@@N@oŽïnjÜóè@óØŠó÷@ãói
@bî@ çbØóåŽîì@ bî@ çbØóäbîói@ íŽïä@ ôäbØóïåŽïéä@ óàbä@ ôØûŠòìbä@ ôäbb÷@ ói@ óîüi@@@@@@
@õŒbïå“Žïq@ a‡äbá Üìóè@ óîüi@ L@ @ a‹Øò†@ Ò’óØ@ çbØóïïäò†@ óïïû†@ bî@ çbØóÔò†
@ôä†‹Ø†bîŒ@ ìbåŽïqóÜ@ pbÙi@ Øóî@ @ õónŽîìb÷@ ò‹Ñ’@ ìòìóä†Šb’@ óØ@ æîóÙi@ ÚŽïàónï
@@N@óÙî†@ôånaŠbq@ôÙŽïnb÷@‡äóš
@Žõ‡äóè@ ôä†‹Øò†bàb÷@ ói@ oŽïóiò†@ o“q@ çbàóØòìa‹ØŒbïå“Žïq@ óàónï@
@ìòìóä†Šb’@ôŽîŠóÜ@H@ DCT , Quantization@I@‹m@õìbäóè@üi@óåŽîì@õóàbåäbîói
@L@ íõŠbØòŠbàˆ@ ôä†‹Øììâì@ ì@ ômóïïàŒŠaí‚@ Z@ ´aŠbq@ ônb÷@ ìì†@ ôäbåŽïèŠbØói
@ôÙŽïÔò†@ónŽïiò†@óØóïïåŽïéä@óàbä@ómóÜby@ãóÜ@ì@JPEG@@õòíŽï’@ŠóóÜ@óØóåŽîì@çb’bq
@ôØóîóåŽîì@ óØòŠóÙï’üqa†@ óîóäaìóÜ@ L@ õŠbØòŠbàˆ@ ôä†‹Øììâì@ Žßó óÜ@ ôîbb÷
@æî‡äóš@ Šói@ ónŽîìóØò†@ çbØóïïàŒŠaí‚@ óàb−ó÷Šò†@ bìó÷@ L@ ì@ oŽïiò†@ ÂäòŠìbäòŠ
@óîüi@ LoŽïåŽïá
Üóò†@ õŠóîŠbØ@ ìómóïïàŒŠaí‚@ ãó÷@ õbäaím@ ôä‡äbäóÜóè@ üi@ ŠòíŽïq
@ô’ói@ìì†@Šóói@µäaímò†@óîòìóåïÜüÙŽïÜ@ãó÷@üi@óîòìa‹ØŒbïå“Žïq@ómóïïàŒŠaí‚@ãó÷
@çóîýóÜ@ õòìóä†‹Ø@ L@ ìåàbîóq@ óÜ@ ×ò†@ õòìóä†Šb’@ Z@ æîóÙi@ ô’óia†@ ôØòŠó
@ÚŽîìbäóè@‡äóš@üi@oŽî‹Ùi@•óia†@óîa‡äaímóÜ@ó’ói@ìì†@ãóÜ@ÛóîŠóè@Lòìò‹ Šòíàbîóq
N@oŽïnò‡ Üóè@ôŽïq@@Delphi 5@ôàa‹ û‹q@óØ
@@@ @
@ç†‹Ø@†üØ@ói@õŒbïå“Žïq@:@ç†‹ÙŽïuói@Žôu@ì@æîaî†
@ @a†óåŽîì@óÜ@×ò†@ñòìóä†Šb’@ì
@@
@@
@@
@ @ôäbáŽïÝ@õüÙäaŒ@O@@ômòŠóåi@õò†ŠòìŠóq@ôvïÜüØ@ói@òìa‹Ø@•óÙ“Žïq@óØóîóàbä
@ônäaŒ@óÜ@‹Žïnubà@@õóÝq@ôäbåŽïè@oò†ói@@Žíi@ŠóØìaìóm@ôÙŽï’ói@Ûòì
@ @ŠómíïràüØ
@@
@@
@@
@ @çóîýóÜ
@ @ôÑ—à@îÉÜa@‡jÈ@õ‡ä
@@
@@
@ @’ŠóqŠóói
@ @‡jÈ@çbáÝ@ÞšbÐN†
@@
@@
@ @pbií’@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@ @ãóØóî@ôÉïiòŠ@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Žôàó’òŠ
@ @2010@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@1431@@@@@@@@@@@@@@@@@@ @@ @@@@@@@@@@@@@@@@@@@@@@@@@@ @@@ @@2709

Design and Implementation Proposed Encod PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Design and Implementation Proposed Encod PDF

Uploaded by

Copyright:

Available Formats

Design and Implementation: Proposed

Encoding and Hiding Texts in

A Thesis Submitted to the Council of the College of Basic

February Rashamea Rabi Al-Awal

In view of the available recommendations, I foreword this thesis

Linguistic Evaluation Certification

Approved by the Council of the College of Basic of Education

Our modern world has witnessed a revolution in the digital

I dedicate this research to my husband Dr. Talib, my daughter

I would like to express my special thanks to my supervisor Dr.

2.2 Classical Ciphers - - - - - - 13

2.3 Modern Cryptography - - - - - 14

2.3.1 Symmetric-Key Cryptography - - - 14

2.3.2 ِAsymmetric Key Cryptography - - 16

2.3.2.1 Knapsack Cryptosystem - - 18

2.3.2.2 Elliptic Curve Public Key Cryptosystems18

2.3.2.4 RSA (Rivest-Shamir-Adelman) - 19

2.4 Digital Signature - - - - - - 22

2.4.1 RSA Signature - - - - - 24

2.4.2 Encryption and Decryption in Digital Signatures 25

2.4.3 Digital Signatures and Verification - - 26

2.4.4 RSA Signature Algorithm - - - 27

Figure 4.36 Embedding stage 97

List of Tables Page

Table 3.1 Luminance quantization 44

compression algorithms [Ande98]. The Joint Photographic Expert Group

original digital data which can later be extracted or detected, while a

mostly about cryptography, but both can be attributed to the foundation of

Suggested applications: LSB in BMP is most suitable for applications where

• LSB in GIF – The strong and weak points regarding embedding

Suggested applications: LSB in GIF is a very efficient algorithm to use when

• JPEG compression – The process of embedding information during JPEG

• Patchwork – The biggest disadvantage of the patchwork approach is the

Suggested applications: Patchwork is most suitable for transmitting a small

• Spread spectrum – spread spectrum techniques satisfy most of the

Suggested applications: spread spectrum techniques can be used for most

1.4 Literature Survey

2. Hamami A., (2002): In his work, he tried to design an efficient system to

3. Fridrich J. and Goljan M., (2003): They describe a steganographic

distortion as superposition of a particular device noise. Thus, this

5. Ashraf A.,(2004): In this thesis perform comparison of eight multi-

7. Ibraheem A., (2007): In this work, a new steganographic method based

1.5 The Aim of the Work

1.6 Layout of the Thesis

system. The framework of the proposed stegongraphy system, which

Plan text Encryption Decryption

Original data Scrambled data Original data

Figure (2.1): Encryption and Decryption

Cryptography includes at least key generation, secrecy

Cryptography is a part of cryptology, a field of study covering all

• Steganography (methods which seek to conceal the presence

2.2 Classical Ciphers

Columnar Homophonic PolyGram Polyalphabetic Monoalphabeti

Playfair Vigenère Caesar Cipher

Figure (2.2): Types of classical ciphers

2.3 Modern Cryptography

Public-key encryption (also called asymmetric encryption)

2.3.1 Symmetric-Key Cryptography

is, in a sense, a modern embodiment polyalphabetic cipher: block ciphers

Message Block 1 Cipher text

Figure (2.3): Block Ciphers

2.3.2 ِAsymmetric-key Cryptography

could not be easily computed without the extra information provided by