International Journal of Computer Science Engineering and Information Technology Research (IJCSEITR) ISSN 2249-6831 Vol.

3, Issue 1, Mar 2013, 25-30 TJPRC Pvt. Ltd.

A NOVEL SECURED MECHANISM FOR AUTHENTICATION COOKIE

J. N. V. R. SWARUP KUMAR1 & V. ANANTHARAMAIAH2
1

Asst.Professor of CSE, Gudlavalleru Engineering College, Gudlavalleru, Andhra Pradesh, India

2

PG Student, CSE, Gudlavalleru Engineering College, Gudlavalleru, Andhra Pradesh, India

ABSTRACT
Steganography is the technique of concealing the very existence of information being sent. It is the art of hiding secret messages enveloped in an obscure way. Its results depend on the secrecy of the cover carrier. After the steganographic carrier is disclosed then the security depends on the robustness and complex logic of the algorithm and the cryptographic methods used. So, secrecy is achieved only when the algorithm is more robust against steganalysis. This paper discusses a novel secured mechanism for authentication cookie. The cookie message is first encrypted and then embedded. The resulting bits of the message after encryption will be hidden inside the selected segment of cover image. We introduce a new technique of incorporating bits in the colour image by using proposed COLOR LSB method. This improves security to our information which is embedded inside the image. This is the web technology which is also used in session management.

KEYWORDS: Steganography, LSB, Steganalysis, Cookie, Session Management, Image, Pixel, Segmentation INTRODUCTION
The word steganography [1] is of Greek origin and means "concealed writing" from the Greek words steganos meaning "covered or protected", and graphei meaning "writing". The goal of steganography [1, 2, 7] is to send a message through some unsuspicious carrier. The message can be of any format-a text, an image or it can be an audio file. Steganography techniques are used to prevent reveal of the information that a secret message is being sent at all. Digital steganography is changing the digital carriers like images or sounds. Even though changes may be made for encryption, the carrier should not have any changes. Steganography methods combine concepts of digital signal processing, cryptography, statistical communication theory and human perception. Cryptography is not equivalent to steganography. Cryptographic techniques make the data unreadable. If a cryptographic message is discovered it can be understood to be a piece of hidden information. Steganography hides the very existence of a message in the cover medium. It is beneficial to combine the encryption and steganographic techniques by encrypting a message using cryptography and then hiding the encrypted message using steganography. These stego-images do not raise suspicions that information has been transferred. So when a hacker can break the steganographic technique used, he needs to decode the encryption technique to understand the information [10]. Segmentation is the process of dividing a digital image into multiple segments. Segmentation helps in changing the representation of image and converting it to a meaningful and easier-to-analyze form. Image segmentation is usually used to consider the specific part of image. To the core, image segmentation is assigning label to every pixel and similarly labeled pixels have common visual characteristics. Authentication cookies are the most common method used by web servers to know whether the user is logged in or not, and which account they are logged in under. Without such a mechanism, the site would not know whether to send a page containing sensitive information, or require the user to authenticate him/her by logging in. The security of an authentication cookie generally depends on the security of the issuing website and the user's web browser, and on whether

26

J. N. V. R. Swarup Kumar & V. Anantharamaiah

the cookie data is encrypted. Security vulnerabilities may allow a cookie's data to be read by a hacker, used to gain access to user data, or used to gain access (with the user's credentials) to the website which the cookie belongs to.

BACKGROUND THEORY
In the last few years the theories behind information hiding has progressed very rapidly. Information hiding process, having been evolved as one of factors of communications security, has improved information hiding algorithms as well as accurate models of the channel potential and frequency of error occurrence. At the same time, steganography security, to serve in a scenario where there is constant threat in the presence of an enemy who is obviously aiming at information retrieval, whatever they are has been noticed as one of the important issues steganographic techniques face [5, 6, 7]. For all the steganographic systems, most vital and basic requirement is the undetectability. The hidden message should not be detected by any other people apart from the sender and intended recipient. Moreover, the cover message with hidden message i.e. stego-media are indistinguishable from the original ones i.e. cover-media. Under any circumstances of statistical attacks on cover media, the fidelity should not be lost [10]. Steganography uses two types of protocols: secret-key and public-key steganography. In secret-key steganographic model, a secret-key is shared between the communication parties before conveying messages. The input message may be digital data or bit stream. Public-key cryptography requires the use of two keys, one private and one public key. The public-key is used in the embedding process where as the private key is used to retrieve the hidden message [5, 6, 7]. Even though a considerable number of steganography techniques were in use, study of this subject in the scientific literature goes back to Simmons, who in 1983 formulated it as the prisoners problem. Digital Steganography Methods The steganography applications [9, 10] range from those that actually hide encrypted data, within the file, to those that simply attach hidden information to the end of a file such as Camouflage. The community is concerned with a number of digital technologies, namely, text files, images, movies and audio. One of the main methods typically used for steganography involves the process of hiding a message in image pixels. Digital images are the most popular carrier medium used. Image-Based Steganography Many steganographic tools in the World Wide Web are available for varied image formats. The fact that images can be usefully subjected to lossy compression methods has suggested that extra information could be concealed in them. Properties of images can be manipulated including luminescence, contrast and colors. A 24-bit color image has three components corresponding to Red, Green and Blue. The three components are normally quantized using 8 bits. An image made of these components is described as a 24-bit color image. Each byte can have a value from 0 to 255 representing the intensity of the color. The darkest color value is 0 and the brightest is 255. Transparency is controlled by the addition of information to each element of the pixel data i.e., labelling. A 24-bit pixel value can be stored in 32 bits. The extra 8 bits is for specifying transparency. This is sometimes called the alpha channel. An ideal 8-bit alpha channel can support transparency levels from 0 (completely transparent) to 255 (completely opaque). It can be stored as part of the pixel data or image segment [1, 3, 11].

A Novel Secured Mechanism for Authentication Cookie

27

Current techniques for embedding of messages into image carriers fall into three categories [4, 9]: Least-Significant Bit embedding. (or simple embedding) Transform techniques. Perceptual masking & Filtering Techniques.

THE PROPOSED METHOD

The methodology uses indexed (24 bits/pixel) bitmaps such as BMP, GIF & PNG as the carrier medium to hide secret texts. Secret message is encrypted before hiding. The bits of secret message will be hidden inside the selected segment of indexed image. Use of both steganography and cryptography techniques result in high secure applications. In an indexed color image, text is stored in the RGB (red, green, blue) components of the pixel of the selected segment. This segment contains whole message embedded as a character per pixel. There are several standard LSB methods: Single-LSB Double-LSB etc. For the new methodology, COLOR LSB is used. BMP, GIF and PNG are some indexed image formats. This new LSB technique can be used with all the types of color images. As the COLOR LSB allows embedding a whole character into a single pixel, it ensures that more and more data can be embedded. Color LSB is the process of using the RGB components of a pixel in color image. In this method 8-bit character is divided into three parts (three LSB bits of the character as first part, next three LSB bits as second part, remaining two MSBs as third part). First part is embedded into the three LSBs of red component, second part into the three LSBs of green part and finally the third part into the two LSBs of blue component. Here, we discuss a tool that operates on 24-bit indexed color images using asymmetric key cryptography and hiding text within a segment of image. By the use of segmentation the steganography process can be more secure against hacking and steganalysis, as it is more difficult to detect in which part of the image the actual text is embedded. The techniques used for the proposed method is explained in the following steps: Segmentation Segmentation is done by following steps: Partition a digital image into multiple segments using the K-Means algorithm. Select a segment which consists of more number of pixels among all the segments.

Hiding Cookie Message in the Segment The following are required for hiding a message: A carrier image (color) Secret message in text format A stego Key (stored in a file) Encryption algorithm

28

J. N. V. R. Swarup Kumar & V. Anantharamaiah

Figure1: Hiding Message in the Segment Secret message is in text format. Asymmetric key cryptography encrypts the secret message. The number of bits in the segment of an image should be sufficient enough to hide the encrypted message. Larger the data size, larger should be the segment size. Stego key should be used for hiding and extracting same message. The keys may be different for different messages. Figure above illustrates the process of message hiding. Extracting a Hidden Message Extraction process shown in figure2 is much easier than hiding as there is only one Segment. The stego key is required to locate a carrier pixel. Pixel can be checked for the text and the found bits in the RGB components are saved. This process will be continued until the message is complete. After retrieving the encrypted text, decrypt will be done to decrypt the message.

Figure 2: Extracting the Hidden Message Algorithm for Proposed Method Steps to Hide the Message Using the Proposed Method: Choose the proper image for the cover medium. Segment the image using K-means algorithm. Choose the appropriate Segment (the larger segment which is having high capacity to hide the text). Encrypt the required Cookie message using ELGAMAL algorithm. Embed the encrypted cookie massage using the COLOR LSB method and secret key in the chosen cover media.

A Novel Secured Mechanism for Authentication Cookie

29

Send the stego image to the destination.

Steps to Extract the Message Using the Proposed Method: De-segment the image received. Select the segment in which the cookie message is hidden. De-embed the encrypted message from the segment using the secret key. Decrypt the cookie message using the corresponding key for decryption. The message is available to use after decryption.

EXPERIMENTAL ANALYSIS
The traditional LSB methods do not provide high capacity and flexibility to hide a whole character in a single pixel. Usually steganography is applied to normal images; by the segmentation technique we can provide higher level security to the secret message against steganalysis and hacking. This proposed method provides rather better security with the use of cipher text. Table 1: Comparative Results S.No 1 2 3 4 5 6 7 8 9 Original 71.2131 91.4541 116.8887 82.7183 131.8025 101.9898 105.4361 91.9313 18.9911 Regular LSB 71.2107 91.4515 116.8766 82.7076 131.799 101.9865 105.4215 91.9226 18.9803 Proposed Method 71.2123 91.450 116.8681 82.7082 131.8015 101.9878 105.4313 91.9205 18.9714

The above results illustrate that the mean of proposed method values increased than original and regular LSB methods. When message is embedding in the image by using regular LSB method, message bits stored in pixels eight bit plane. So, the pixel value does not change much. Then mean value of image also not changed much and the value is nearby original image mean. When message is embedding in the image by using proposed COLOR LSB method, Message bits of single character stored in single RGB pixel. So, pixel value changes a tiny than other embedding methods. Even though mean value of proposed method increases integrity of message and robustness of cookie security is enhanced. In total the analysis shows that the performance of the proposed method is much better than the current methodologies.

CONCLUSIONS
The use of adaptive steganography for web info security through the Internet has been discussed in detail in this paper. This includes higher embedding capacity using segmentation and new LSB technique. The embedding capacity of the approach is provided through the large segment size and COLOR LSB. This method is highly robust with the use of two level securities, Steganography at the first level and Cryptography at the second level. By using this novel secured

30

J. N. V. R. Swarup Kumar & V. Anantharamaiah

mechanism for authentication cookie, we get more security in web applications like secured cookie, session management and etc.

REFERENCES
1. 2. A Discussion of Covert Channels and Steganography by Mark Owens, March 19, 2002. Review on current steganography technologies by S. G. K. D. N. Samaratunge, 7th International Information Technology Conference, 2005, Sri Lanka. 3. An efficient colour re-indexing scheme for palette based compre-ssion by Wenjun Zeng, Jin Li and Shawmin Lei, Sharp Laboratories of America. 4. A Review of Data Hiding in Digital Images by Eugene T. Lin and Edward J. Delp, Video and Image Processing Laboratory (VIPER), School of Electrical and Computer Engineering, Purdue University, Indiana. 5. On the limits of Steganography by Ross J. Anderson, Fabien A. P. Petitcolas, IEEE Journal of selected areas in Communications, 16(4):474-481, May 1998. Special issue on Copyright & Privacy protection. ISSN 0733-8716). 6. 7. 8. Exploring Steganography: Seeing the Unseen by Neil F. Johnson, Sushil Jajodia, George Mason University Steganography and the Art of hiding information by Vish Krishnan, Overland Park, K.S. Information hiding a survey by Fabien A. P. Petitcolas, Ross J. Anderson & Markus G. Kuhn (Proceedings of the IEEE special issue on protection of multimedia content, 87(7):1062-1078, July 1999). 9. An evaluation of Image Based Steganography Methods by Kevin Curran, Internet Technologies Research Group, University of Ulster Karen Bailey, Institute of Technology, Letterkenny, Ireland (International Journal of Digital Evidence). 10. Secure Error-Free Steganography for JPEG Images by Yeuan- Kuen Lee, Ling-Hwei Chen, Department of Computer and Information Science, National Chiao Tung University, 1001 Taiwan, R.O.C. Second International Conference on Industrial and Information Systems, ICIIS 2007, 8 11 August 2007, Sri Lanka 339 11. New Steganography Technique for Palette Based Images by S.G.K.D.N. Samaratunge, University of Colombo School of Computing (UCSC), University of Colombo, Second International Conference on Industrial and Information Systems, ICIIS 2007, 8 11 August 2007, Sri Lanka