Secure digital documents using Steganography and QR Code

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonWith the increasing use of the Internet several problems have arisen regarding the processing of electronic documents. These include content filtering, content retrieval/search. Moreover, document security has taken a centre stage including copyright protection, broadcast monitoring etc. There is an acute need of an effective tool which can find the identity, location and the time when the document was created so that it can be determined whether or not the contents of the document were tampered with after creation. Owing the sensitivity of the large amounts of data which is processed on a daily basis, verifying the authenticity and integrity of a document is more important now than it ever was. Unsurprisingly document authenticity verification has become the centre of attention in the world of research. Consequently, this research is concerned with creating a tool which deals with the above problem. This research proposes the use of a Quick Response Code as a message carrier for Text Key-print. The Text Key-print is a novel method which employs the basic element of the language (i.e. Characters of the alphabet) in order to achieve authenticity of electronic documents through the transformation of its physical structure into a logical structured relationship. The resultant dimensional matrix is then converted into a binary stream and encapsulated with a serial number or URL inside a Quick response Code (QR code) to form a digital fingerprint mark. For hiding a QR code, two image steganography techniques were developed based upon the spatial and the transform domains. In the spatial domain, three methods were proposed and implemented based on the least significant bit insertion technique and the use of pseudorandom number generator to scatter the message into a set of arbitrary pixels. These methods utilise the three colour channels in the images based on the RGB model based in order to embed one, two or three bits per the eight bit channel which results in three different hiding capacities. The second technique is an adaptive approach in transforming domain where a threshold value is calculated under a predefined location for embedding in order to identify the embedding strength of the embedding technique. The quality of the generated stego images was evaluated using both objective (PSNR) and Subjective (DSCQS) methods to ensure the reliability of our proposed methods. The experimental results revealed that PSNR is not a strong indicator of the perceived stego image quality, but not a bad interpreter also of the actual quality of stego images. Since the visual difference between the cover and the stego image must be absolutely imperceptible to the human visual system, it was logically convenient to ask human observers with different qualifications and experience in the field of image processing to evaluate the perceived quality of the cover and the stego image. Thus, the subjective responses were analysed using statistical measurements to describe the distribution of the scores given by the assessors. Thus, the proposed scheme presents an alternative approach to protect digital documents rather than the traditional techniques of digital signature and watermarking

Steganography-based secret and reliable communications: Improving steganographic capacity and imperceptibility

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Unlike encryption, steganography hides the very existence of secret information rather than hiding its meaning only. Image based steganography is the most common system used since digital images are widely used over the Internet and Web. However, the capacity is mostly limited and restricted by the size of cover images. In addition, there is a tradeoff between both steganographic capacity and stego image quality. Therefore, increasing steganographic capacity and enhancing stego image quality are still challenges, and this is exactly our research main aim. Related to this, we also investigate hiding secret information in communication protocols, namely Simple Object Access Protocol (SOAP) message, rather than in conventional digital files. To get a high steganographic capacity, two novel steganography methods were proposed. The first method was based on using 16x16 non-overlapping blocks and quantisation table for Joint Photographic Experts Group (JPEG) compression instead of 8x8. Then, the quality of JPEG stego images was enhanced by using optimised quantisation tables instead of the default tables. The second method, the hybrid method, was based on using optimised quantisation tables and two hiding techniques: JSteg along with our first proposed method. To increase the steganographic capacity, the impact of hiding data within image chrominance was investigated and explained. Since peak signal-to-noise ratio (PSNR) is extensively used as a quality measure of stego images, the reliability of PSNR for stego images was also evaluated in the work described in this thesis. Finally, to eliminate any detectable traces that traditional steganography may leave in stego files, a novel and undetectable steganography method based on SOAP messages was proposed. All methods proposed have been empirically validated as to indicate their utility and value. The results revealed that our methods and suggestions improved the main aspects of image steganography. Nevertheless, PSNR was found not to be a reliable quality evaluation measure to be used with stego image. On the other hand, information hiding in SOAP messages represented a distinctive way for undetectable and secret communication.The Ministry of Higher Education in Syria and the University of Alepp

NAISS: A Reverse Proxy Approach to Mitigate MageCart's E-Skimmers in E-Commerce

The rise of payment details theft has led to increasing concerns regarding the security of e-commerce platforms. For the MageCart threat family, the attacks employ e-skimmers, which are pieces of software code that instruct clients to forward payment details to an attacker-controlled server. They can be injected into hosting providers' servers as HTML tags such as script, iframe, and img. By leveraging image steganography - the technique of hiding structured information inside images without visual perturbances - MageCart groups can deliver e-skimmers without raising suspicion. In this work, we systematically review applicable solutions in the literature and evaluate their drawbacks in the setting of a compromised hosting provider. While promising, existing solutions in the literature present shortcomings such as a lack of compatibility, adaptability, or functionality in the presence of an attacker. Based on this review, we compile a set of features for a better solution, which we use as a foundation for designing our proposed solution - NAISS: Network Authentication of Images to Stop e-Skimmers. Through our solution, digital signatures of individual images are checked inside a server-side middlebox residing in the hosting provider's network to prevent the transmission of unauthorized images to clients. Elliptic curve signatures are provided by the e-commerce platform developer prior to uploading a website to the hosting provider. Our proof-of-concept implementation shows that NAISS is capable of filtering 100% of present stegoimages, regardless of their novelty, while imposing a minimal performance detriment and no client-side modifications

Covert Channels Within IRC

The exploration of advanced information hiding techniques is important to understand and defend against illicit data extractions over networks. Many techniques have been developed to covertly transmit data over networks, each differing in their capabilities, methods, and levels of complexity. This research introduces a new class of information hiding techniques for use over Internet Relay Chat (IRC), called the Variable Advanced Network IRC Stealth Handler (VANISH) system. Three methods for concealing information are developed under this framework to suit the needs of an attacker. These methods are referred to as the Throughput, Stealth, and Baseline scenarios. Each is designed for a specific purpose: to maximize channel capacity, minimize shape-based detectability, or provide a baseline for comparison using established techniques applied to IRC. The effectiveness of these scenarios is empirically tested using public IRC servers in Chicago, Illinois and Amsterdam, Netherlands. The Throughput method exfiltrates covert data at nearly 800 bits per second (bps) compared to 18 bps with the Baseline method and 0.13 bps for the Stealth method. The Stealth method uses Reed-Solomon forward error correction to reduce bit errors from 3.1% to nearly 0% with minimal additional overhead. The Stealth method also successfully evades shape-based detection tests but is vulnerable to regularity-based tests

Digital Rights Management: Improving Online Digital Images Copy Rights Management through an Enhanced Least Significant Bit Steganographic Algorithm

Digital media no doubt presents numerous advantages compared to the traditional analog media. Of the most importance is the fact that digital content (images, graphics, audio and video) can be easily copied, transmitted, retrieved and distributed over private and open access networks. The global availability of the internet- certainly the most impactful information exchange tool today- plus the numerous file sharing tools freely available have made the distribution of copyrighted digital media files simple and straightforward. Duplication of exact copies of original images, for example can be easily done and circulated without authentication. As much as this is an advantage in trying to enhance sharing of information, it certainly creates problems of ownership and authenticity and digital rights protection. There already exists copyright laws that provide for protection of all online content but the task of continuously guarding the web and correctly identifying those that infringe against these laws is increasingly becoming enormous. There is therefore need to continuously invest in development of new technologies and algorithms that will make it more and more difficult to illegally copy or use someone else content. To improve security of copyrighted online digital images, this paper proposes the use of an enhanced LSB steganographic algorithm that employs a selective and randomized approach in picking specific number of target image bits to swap with the owners signature authentication bits using a pseudo random number generator (PRNG). The carefully selected password seed is used to determine the set of selected numbers used for targeting specific image bits for the signature hiding. An experimental design is setup to determine the effectiveness of the method by comparing and analyzing the stego images’ statistical characteristics and the ability of steganalysis methods to detect the hidden signature. The experimental results indicate improved levels of imperceptibility and hence improved security against illegal copying. Keywords: Digital Media, Steganography, Copyright, Steganalysis, Stego image, imperceptibilit

An enhanced Least Significant Bit Steganographic Method for Information Hiding

The least significant bit (LSB) insertion method is a simple steganographic algorithm that takes the least significant bit in some bytes of the cover medium and swaps them with a sequence of bytes containing the secret data in order to conceal the information in the cover medium. However its imperceptibility and hiding capacity are relatively low. This is as revealed by the statistical characteristics of its resultant stego images compared to the original cover images. To increase the level of imperceptibility and the hiding capacity in the LSB insertion method, this research proposes an enhanced LSB method that employs a selective and randomized approach in picking specific number of target image bits to swap with the secret data bits during the embedding process. To facilitate the selective picking of the target image bits, the standard minimal linear congruential number generator (LCG) is used. The message digest (digital signature) of a user supplied password is used to seed the LCG and to extract the message from the cover medium. In measuring the effectiveness of the proposed method, the study adopted an experimental research design where the statistical characteristics of the proposed method stego images were compared with those of the traditional LSB method in a comparative experiment designed to establish the levels of image distortion (noise) introduced in the original cover image when either of the methods is used under the same payload and image. The experiment results indicated improved levels of imperceptibility and hiding capacity in the proposed method. Key Words: Steganography, Steganalysis, Stego image, payload, imperceptibilit