A Secure method for image Signaturing using SHA256,RSA

and Advanced Encryption Standard

K.Kusuma1, Ch.Sai Sreeja2, Ch.Mounika3,K.Sri Hrashini4, Y.Mukesh Chowdary5
Under the Guidence of Mr G.Manga Rao , Assistant Professor ,
PBR Visvodaya Institute of Technology & Science – Udayagiri Road, Kavali, Nellore, INDIA
1
kalichetikusuma.26@gmail.com , 2chsaisreeja2707@gmail.com, 3mounikachowdary1716@gmail.com,
4
sriharshinikurapati03@gmail.com , 5chowdary6922@gmail.com

Abstract –
Images are the most sensitive and easily
editable form of data that is available right now.
Because of all the image manipulation programs
which are more powerful and some are Open-
source like GIMP (GNU Image Manipulation
Program) and paid ones like Adobe detectable
with the human eye and hence conveying wrong
information, this information can be destructive
or misleading in some situations. So, there is a
need to secure images that are sensitive and need
to be secured and verified by the viewer that they
are original and not being touched by any
middlemen. There are two options either to
encrypt the images or to digitally sign them. In
this method, The signature of the image is done
through 3 steps. The three steps include SHA256
(secure hash algorithm), RSA (Rivest-shamir-
adleman), and AES (Advanced Encryption
Standard). The signature of the image is stored in
a binary file which is sent to the person who
needs to verify the image that is already present
near the viewer. The method has been tested by
artificially applying attacks such as blurring the
image greyscale the image and changing one
pixel in the image. The images which have PSNR
less than 30% are also being detected as
manipulated. The method can successfully detect
even a change in one pixel of the original image
and mark it as manipulated image.
Key Words:-
Advanced Encryption Standard(AES),Rivest Shamir
Adlemen (RSA),Cryptography, Digital Signature,
SHA256.
I. INTRODUCTION:-
The internet has evolved into a critical
requirement in today's world. Almost everyone uses
the internet in their everyday lives for a variety of
reasons,including education, business, entertainment,
and more. However, as the Internet has grown in
popularity, so has the number of people who use it.
Security issues have become more complicated as
well. One of these safeguards is the concern is data
theft and forgeries. Data transport on the internet,
unauthorized access to the internet can be intercepted
and altered. A person creating a one-of-a-kind sign is
one approach to avoid this. This guarantees that the
information is genuine. Cryptography has been around
for a long time. Data encryption is a means of securing
data. Because it can be used in a variety of ways.
Digital signatures are a type of network security
technology. A digital signature can be used to identify
whether or not a document is authentic. data from the
sender is correct. then it is required to verify. Digital
signatures must serve the same purposes as traditional
signatures. traditional signatures, which can guarantee
authentication, non-repudiation, and integrity In their
digital signatures. Two algorithms are combined in
one implementation, namely public key algorithms
and hashing algorithms are two types of algorithms.
The problem that is addressed is that images being
very sensitive and easily editable data available online
can be edited and convey wrong information
sometimes could be very dangerous. So, the image
will be signed and even a onepixel change will be
detected in the original image. Thus, saving many
people from viewing edited images and interpreting
wrong and misleading images. The filename is also
misleading in some situations so the filename is
included along with the image data so that even
changes in the filename can also be detected by one
character in the filename. This method secures images
digitally by signing the images and enhancing their
security by the current cryptographic techniques such
as SHA256 Hash, Rivest Shamir Adleman (RSA),
Advanced Encryption Standard (Advanced Encryption
Standard (AES)), etc. They all have their unique
algorithm design to perform encryption and
decryption. Although some of them including MD5 [1]
and Vigenere Cipher have to become quite old and
easily decrypted. Therefore, nowadays to secure the
authenticity and to perform the secure transfer of
sensitive data Advanced Encryption Standard (AES)
[2] (Advanced Encryption Standard), SHA256 hash,
and RSA algorithms are being used.
These encryption algorithms are very hard to break,
moreover, these algorithms are open-source and are
present for a long time. Due to this, the algorithms are
prone to brute force. This method uses three
encryption layers and performs the sensitive data
transfer and verifies the image authenticity very
securely. Wars like the 2006 Lebanon [3] war
happened due to simple Image manipulations done by TABLE II. CONSTANT INITIAL VALUES IN SHA-256 HASHING

the mainstream media which was an attempt to sway H0 32’h6a09e667

the public opinion and convey Israel as an aggressor H1 32’hbb67ae85
and suggesting that Israel was guilty of targeting H2 32’h3c6ef372
civilians. There are vast applications for digital H3 32’ha54ff53a
signatures namely emails if one doesn't have to trust H4 32’h510e527f
H5 32’h9b05688c
your email provider in terms of privacy and tampering
H6 32’h1f83d9ab
when you write e-mails.one can encrypt the message
H7 32’h5be0cd19
and sign it with the recipient's public key. This assures In SHA-256 the basic following operations are applied.
the sender that the message was not tampered with and • Initial Preparation
that it was sent by you. Your supplier may fail to send
• Initialization of Hash Values (h)
the message entirely. Hence ,digital signatures are
widely used and the core of those signature methods • Initializing the Round Constants
have to be updated with more secure and advanced • Main Loop
algorithms that have more resistance to attacks and
• Compressing
have less tolerance to errors.
• Modifying the Resulting Values
II. RELATED RESEARCH
The size of the hash value produced by SHA-256 is
A. SHA (Secure Hashing Algorithm) The National
given by 256 bits as mentioned in Table 1 this is done by
Institute of Standards and Technology (NIST) taking a binary message and padding the image with a
standard insists on the adoption of secure hash required number of zeros if not divisible by 512 exactly and
algorithms such as SHA-256 [4]. Hash function divided into blocks(b). This is the preparation in initial
calculations are utilized during information preparation. The values mentioned in Table 2 are initial
transmission to produce the message digest [5]. hash. These values remain the same for any message and
Along these lines, it turns into a fundamental each has a word size as described in Table 1 is 32 bits There
instrument for implanted security in email, are 64 rounds on each message block represented by M(k), k
banking, and different applications. A has work meaning a kth block of the message.
takes a selfassertive length message contribution Each round consists of These Operations
to deliver a fixed-length yield. A hash method is a
single direction method; it is hard to reverse
deliver the same hash. These properties become a
significant viewpoint to guarantee hash capacity
can work approximately [6]. SHA-256 is a
cryptographic hash function that is most widely
used in the field of cryptocurrency and has
undergone many changes to gain the security and
Collision Resistance it offers in the present day
[7], Collision Resistance means the hashes will be Fig. 1. One Round in SHA256
completely different and it is difficult to produce
the same hash with two different samples of data Here in Fig 1 each operation is shown and in below
[8] equations it is being explained
TABLE I .CHARACTERISTICS OF SHA-256 HASH FUNCTION
Ch (E, F, G) = (E & F) XOR ((~ E) & G)
Size (in
(1)
bits)
Ma (A, B, C) = (A & B) XOR (A & C) XOR (B & C)
Hash Value Size (n) 256
(2)
K number & 64 64
∑(0) = (A >>> 2) XOR (A >>> 13) XOR (A >>> 22) (3)
Size of each message block 512
(m) ∑(1) = (E >>> 6) XOR (E >>> 11) XOR (E >>> 25) (4)
Size of the word (w) 32
Total Words 8 Here Eq(1) describes Ch operation Eq(2) describes
Number of Digest Rounds 64 Ma Operation. Eq(3) describes ∑(0) operation. In Eq(4) last
3 blocks are to be taken and combined to output stream
taking modulus by 2³² as it needs 256-bit output at the end.
In (5) The first 3 blocks of the message block are modified
according to the equation represented Equations (6), and (7)
are just rightshift with XOR in between. Finally, each round
has different is M(k) and Kt. are round constants initialized
by the first 32 bits of the fractional parts of the cube roots of
the first 64 primes 2..311. each round has a unique Kt. called
around constant. Every round's output is used as an input for
the next round, and so on until just the last bits of the
message are left, at which point the result of the last round
for the nth portion of the message block will give the result,
i.e. the hash for the entire message. The output has a length
of 256 bits.
Thus, the final hash of 256 bits of the hash will be
produced.
B. RSA (Rivest Shamir Adleman)
As per research, utilizing advanced marks for
advanced picture verification. Where the hash of the first
picture is being taken and scrambled with the RSA strategy.
It has been effectively performed on Lena's picture. The
consequences of the tests show that RSA use has high
security and is ready to validate pictures [9].
Because of an examination paper entitled an
adjusted RSA Calculation to upgraded computerized
security. By contrasting RSA what's more, adjusted RSA
calculations at the same time to handle information of
various sizes, it was produced that the RSA key generated
modem calculation was quicker and could build security
twice. Concerning RSA calculation as far as speed of
encryption and unscrambling quicker than Modified RSA
calculation [10].
This is an Asymmetric cryptographic calculation
that is famous and secure. It was proposed by Ron Rivest,
Leonard Adleman, and Adi Shamir in 1977 and has turned
into an IEEE standard and ensured in.
RSA was the first is as yet the most broadly utilized
calculation for public-key cryptography furthermore, it is
utilized for the huge number of uses from email encryption
to get web-based buying. It was the first cryptosystem to
empower senders to "sign" each message they send with the
goal that the beneficiary has evidence.
To scramble a message utilizing RSA pick two
essentially enormous indivisible numbers and they are p and
q individually as required by Eq(5). Also, an appropriate n is
figured utilizing the formula (5). Now subsequent steps in
Eq(6) calculate (n)
n = p*q
(5) φ (n) = ( p – 1) * (q - 1)
(6)
K = f(n) + 1 (7)
Two co-primes are being factored out from the k
computed from Eq(7), these co-primes are labeled e and d
respectively. The pair [e, n] is said to be the private key and
the pair [d, n] is said to be the public key.
· Encryption: Message of any length is taken and converted
into binary and then converted to decimal format and
labeled as m. Now, in the encryption process, the below
formula is used.
c=(me )modulo(n) (8)
Here in Eq(8) m is the message converted to
binary it is a number, c is called the cipher message or
encrypted message.
this can be converted to binary can be used accordingly.
1) Decryption:
M = (cd)modulo(n) (9)
The message (m) can be got back from the cipher c
by using the formula. (9) This decrypted message can be
used accordingly. The decryption process requires d and n
for ‘m’ to be obtained. So, [d, n] acts like keys i.e. public
key pair specifically.
The RSA Algorithm chosen in this method
produces 2048 bits of data as it chooses large numbers of
about 1024 bits of p and q mentioned in the Eq(5) and n
becomes 2048 bits.
C. Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) is a
symmetric key code and is generally seen as the "best
quality level" for scrambling data. Advanced Encryption
Standard (AES) is the overall encryption standard, for
making or encryption and unraveling information. Advanced
Encryption Standard (AES) was dispersed by NIST
(National Standards and Technology. Advanced Encryption
Standard (AES) is a square code assessment portrayed on
Federal information
Handling Standard (FIPS), Advanced Encryption
Standard (AES) was invented by two cryptographers from
Belgium namely Joan Daemen and Vincent Rijmen,
supplanting the old DES (Data Encryption Standard)
Algorithm, which turned out to be helpless against brute-
force attacks considering the 56-digits of key length. It takes
a data square of a specific size, conversationally 128 bytes,
and produces a relating yield square of a similar size [11].
The use of reasons to obfuscate and decipher messages in a
cryptographic framework is known as cryptographic
assessment. Secret Key Cryptography (SKC): Encryption
and unscrambling, or encryption and deciphering or
decryption, are all done with the same key. In a stream
figure, the plaintext digits are blended one by one, and the
distinction in reformist digits consists during the encryption.
Square code is a symmetric key code [12].
The below shown in Fig 2 is a block representation
of the AES encryption Algorithm.

Fig. 2. Advanced Encryption standard (AES)
Every round of Advanced Encryption Standard
(AES), besides the last, is a procedure with four tasks as
shown in Fig 3. The last round of the encryption alone is
diverse such that the blended mix column activity will not
be carried out [13]
Fig. 3. One Round in Advanced Encryption Standard
1) The Add Round Key Operation
The Add-Round-Key function is the only part of
the AES encryption process that works directly with the
round key. The input to the round and the round key is
passed through an exclusive or operator in this operation.
2) The Shift Row Operation
In this activity, each line of the state is consistently moved
to one side, contingent upon the line file.
• The primary column is moved 0 spots to the left.
• The subsequent line is moved 1 spot to the left.
• The third line is moved 2 spots to the left.
• The fourth line is moved 3 spots to the left.
3) SUB-BYTES Operation
The sub-byte operation is an unpredictable byte
substitution, dealing with each byte of the state freely. The
substitution table (S-Box) is autonomous of any info and is
outlined by the mix of the two methods.
• Take the multiplicative inverse in
Rijndael's limited field.
• Apply a relative change
The opposite of Sub Bytes is something the same
movement, using the changed the S-Box as mentioned in
Eq(10), Mathematically, an S-box is a vectorial Boolean
function. S-Box uses the characteristic 2 finite fields with
256 elements, which can also be called the Galois field
GF(28). It employs the following reducing polynomial for
multiplication.
GF(28) = GF(2) [x]/(x8 + x4 + x3 + x + 1) (11)
Eq(11) is showing a typical function for Galois
Field with 28 bits as input.
4) The Mix Column Operation
This segment includes advanced numerical
estimations in the Rijndael's finite field present in Eq (11)
Multiply each column of the obtained 4x4 matrix of 16 bits
in the previous step is multiplied with the below matrix:
2 3 1 1
1 2 31
1 1 2 3
3 1 1 2
To get the new rows that are scrambled in each
round using this matrix and thus each column is mixed up
like a deck of cards being shuffled but in an ordered fashion
because of Rijndael's finite field.
Advanced Encryption Standard (AES) produces the
same length of output as the input. In this case 2048 bits
same as the RSA output. As RSA output is the input to AES.
III. PROPOSED METHOD
In this method, both filename and image data have
to be taken to create a more secure signature. this is
effective because even if the filename is changed it also can
lead to many awful consequences like completely
misguiding the viewer or receiver. Thus, the usage of the
filename is important inside the encryption process.
• The filename also ensures extra security that
can be detected.
• If the filename has changed or actual image
data is changed.
• If the actual image data is changed it is
harmful.
 .
Fig. 4. Encryption / Signaturing
These are the steps that are needed to be followed:
• Step1: SHA Hashing
• Step2: RSA Encryption
• Step3: Advanced Encryption
Standard (AES)
In step 1 filename and image data are taken and
converted into binary then concatenate these outputs and
pass through the SHA256 hashing algorithm as shown in Fig
4.
In step 2 the output of step 1 is encrypted using the
RSA encryption algorithm. and a public key is sent to the
person who wants to verify and a private key is kept safe
with the photographer or the authority who wants to
digitally sign the image.
In step 3 The output of step 2 is passed through
Advanced Encryption Standard (AES) encryption and the
key used in this step should be known to both parties. The
three steps ensure that every pixel of the image data is used
in the encryption process. Hence enclosing all the image
data in the encrypted signature which is used to verify the
image at the receiver is safe by the use of RSA’s public key
and AES‘s 16 bytes or 128 bit key in the decryption/
verification phase which will help in detecting if the image
is being tampered
while transferring from the sender to receiver the
receiver can be guaranteed because RSA public key can
decrypt the files which are only encrypted by corresponding
private key at the sender’s side.
B. Decryption / Verification
Fig. 5. Decryption/ Verification
For the decryption process as proposed in Fig 5,
similar three levels are being utilized but in the opposite
order. i.e. There is a binary file sent to the viewer along with
the original data so that even if the image has been corrupted
the signature can be used to verify. first, the AES decryption
is done and followed by RSA decryption as the keys to
decrypt are also being sent finally the SHA hash of the
original image is got from the binary file which acts as a
signature. Now the image that is present at the user is
hashed along with the filename and concatenated together
respectively. And the both generated hash and decrypted
hash are compared if they are equal image is safe or else the
image is corrupted.
The SHA256 Hash is different for even 1-bit
change in the input because of the Mixing operations that
are being done in Eq(1, 2, 3) so that SHA256 has very-very
less collision rate thus even a change in 1 bit is also being
detected.
IV. RESULTS
Fig 6 is a test Image chosen, based on recent
activities that may cause controversies.
Fig. 6. Test Image with filename ‘lena512.jpeg’
This image file Fig 6 is taken and it is named
‘lena512.jpeg’
The hashes of filename and the bytes in the original
image using SHA256 Algorithm, the hashes are
concatenated and thus the input to the second step becomes
512 bits.
Here filename is entered in code and the program searches
for the file the images folder in the current directory. Then
the image and file name is converted into binary and is
separately hashed using SHA256 hash algorithm and they
are fed to RSA values of p, q, n, e, d as mentioned in
equations (5),(6),(7).Having private and public keys which
give 2048-bits encrypted data. Then this is again fed to the
Advanced Encryption Standard (AES) which contains a 16-
byte key. Which produces the final encrypted 2048-bit
cipher. This cipher acts as the signature to the image given.
Fig. 8.Manipulated images grey,blur, one-pixel-change
along with original
In Fig 8 each tampering next to the original image aare
being shown scaling on the top left blurring the image on
the top right and one-pixel change on the bottom left and
renaming on the bottom right corners.
The PSNR is calculated using the formula mentioned below
psnr = 20log (255/10 mse) (12)
mse =(original −tampered)2
(13)

In the above equation (12) ‘PSNR’ means Peak

Signal to Noise Ratio which determines the peak value by
which the original image differs from tampered or vice
versa. The ‘MSE’ in Eq(12) means mean square error which
is calculated using equation(13) where the sum of all the
differences squared on each pixel of original and tampered
image are being taken. This method verified the signature of
an original image against the manipulated image and is able
to successfully detect blurring, renaming, greying, and even
onepixel change in the original image.

TABLE III. TEST IMAGES AND RESPECTIVE PSNR VALUES

Fig:7 Results of the lena512.jpeg image
Here the in fig 7 shows that SHA hash and the hash of the Image Rename the Blur one pixel
image which needs to be verified should be the same. If not file Image(PSNR) change(PSNR)
the same, the image has been manipulated in the hashes are
the same.
The image was manually manipulated for testing. In reality, Infinity 31.30
45.83
the third-party malicious users manipulate the image using
various Image manipulation techniques such as GIMP,
Photoshop, and PIL (Python Imaging Library).
The following operations are done on the image for
testing the integrity of the proposed method.
Infinity 27.60 43.98
• Rename the image without touching the contents
• Greyscale convert the image
• Blur the image using gaussian blur
• Change value of one random pixel in the image
Infinity 29.96 41.62

30.25 43.56
Infinity

Table3 explains how much tampering is done

with each image for blurring and changing on epixel as
grey-scaling the image will change dimensions of
input vector there is no PSNR for grey scaling the
image. But the method can detect grey scaling the [5] K. Pavani and P. Sriramya, "Enhancing Public Key Cryptography
using
image as manipulated. RSA, RSA-CRT and N-Prime RSA with Multiple Keys," 2021 Third
International Conference on Intelligent Communication Technologies
and Virtual Mobile Networks (ICICV), 2021, pp. 1-6, doi:
10.1109/ICICV50876.2021.9388621.
VI. CONCLUSION [6] Alam, Shahzad, A. Jamil, Saldhi, Ankur, and M. Ahmad,“Digital
This method is very useful for protecting an image authentication and encryption using digitalsignature,” in2015
International Conference on Advancesin Computer Engineering and
image's authenticity by making use of efficient encryption Applications, 2015, pp. 332–336.
algorithms which means digitally signing the highly [7] F.Dufaux,“Grand challenges in image processing,” Frontiers in Signal
sensitive photographs or even text images which when Processing,
vol.1,2021.[Online].Available:https://www.frontiersin.org/article/10.3
manipulated may lead to huge chaos like that happened in 389/frsip.2021.675547
the Lebanon war caused by miscommunication and [8] G. Feng, C. Zhang, Y. Si and L. Lang, "An Encryption and Decryption
misinterpretation of images these miscommunications and Algorithm Based on Random Dynamic Hash and Bits Scrambling,"
misinterpretations can be prevented by using digital 2020 International Conference on Communications, Information
System and Computer Engineering (CISCE), 2020, pp. 317-320, doi:
signatures with three levels of protection to ensure that the 10.1109/CISCE50729.2020.00070.
images that are seen are authentic information that is [9] R. Biswas and P. Blanco-Medina, “State of the art: Imagehashing,”
intended is conveyed in those images Hence this method can 2021
be used for the secure transportation of their sensitive data [10] Miles E. Smid Development of the Advanced EncryptionStandard
Volume 126, Article No. 126024 (2021)
files. The method could be slow as there are many https://doi.org/10.6028/jres.126.024 Journal of Research of the
computations required but the method is more secure and National Institute of Standards and Technology
reliable. The method can detect one-pixel change (i.e., [11] Jiangfan Feng, Wenzheng Sun, "Improved Deep Hashing with
Scalable Interblock for Tourist Image Retrieval", Scientific
PSNR of 30%) in the original image. Programming, vol.
2021, Article ID 9937061, 14 pages, 2021.
REFERENCES https://doi.org/10.1155/2021/9937061
International Conference onSmart Cities, Automation Intelligent [12] hash algorithms - F. E. De Guzman, B. D. Gerardo and R. P. Medina,
Computing Systems(ICON-SONICS), 2017, pp. 87–92. "Implementation of Enhanced Secure Hash Algorithm Towards a
SecondInternational Conference on Multimedia and
InformationTechnology, vol. 2, 2010, pp. 271–273.
[2] Sahib Khan , A novel image forgery detection technique using digital
signatures Vol 9 No 1 (2021): Journal of Engineering Research.
[3] Ben O'Loughlin Images as weapons of war: Representation, mediation
and interpretation January 2011 Review of International Studies
37(01):71 – 91 DOI:10.1017/S0260210510000811
[4] D. Ardy, Rizky, O. R. Indriani and, Sari, C. Atika, D. R.I. M.
Setiadi, Rachmawanto, and E. Hari, “Digital im-age signature
using triple protection cryptosystem (rsa,vigenere, and md5),”
in2017 Computer and Communication Systems (ICCCS), 2019, pp.
189-192, doi: 10.1109/CCOMS.2019.8821763.
[13] Zeeshan Haider, Kiramat Ullah and T. Jamal, "DoS Attacks at
Cooperative MAC", in Proc. of ArXiv, arXiv:1812.04935 [cs.NI],
Dec. 2018.
[14] T. Jamal and Z. Haider, "Denial of Service Attack in Cooperative
Networks", in Proc. of ArXiv, arXiv: CoRR Vol. arXiv:1810.11070
[cs.NI], Oct. 2018..
[15] Abikoye, O.C., Haruna, A.D., Abubakar, A., Akande, N.O. and Asani,
E.O., 2019. Modified advanced encryption standard algorithm for
information security. Symmetry, 11(12), p.1484.

[1] Z. Yong-Xia and Z. Ge, “Md5 research,” in2010 Secured Web Portal," 2019 IEEE 4th International Conference on