CRYPTOGRAPHY
(INFORMATION SECURITY)
&
STEGANOGRAPHY
- A different combination
Presented by…
P. Anusha (3rd year CSE)
Email id: liveanusha@yahoo.com
Ph.no: 9866177530
Y.Rajitha (3rd year CSE)
Email id: rajitha_sree_70@yahoo.com
From:
SREE VIDYANIKETHEN ENGINEERING
COLLEGE
Cryptography or Cryptology is derived from
Abstract:
Greek, which means the practice and study of hiding
This paper is about CRYPTOGRAPHY and
information. In modern times, cryptography is
STEGANOGRAPHY– the science of scrambling
considered to be a branch of both mathematics and
data and the art of being invisible are used to make it
computer science, and is affiliated closely with
unintelligible to all, except the intended person, and
information
its various methods in making the work look more
engineering. Cryptography is used in applications
perfect. Cyber crimes have become a common piece
present
of vandalism in the present computerized world.
especially
What has changed dramatically is the ability to
importance.
in
theory,
computer
technologically
where
data
security,
advanced
security
has
and
societies;
highest
tamper with information. In a society where
information is mostly stored and transmitted in
Until modern times, cryptography referred
electronic form, what has become an absolute must is
almost exclusively to encryption, the process of
a means to ensure information security that is
converting ordinary information (plaintext) into
independent
medium
unintelligible gibberish. Decryption is the reverse,
responsible for generating or storing it. Today, there
moving from unintelligible cipher text to plaintext. A
is an immediate need to delve into the clutter of
cipher (or cipher) is a pair of algorithms which
material. There are many laws in enforcement and
perform this encryption and the reversing decryption.
many new devices, which are used to prevent such
The detailed operation of a cipher is controlled both
crimes. Nevertheless, these all devices resemble a
by the algorithm and, in each instance, by a key. This
seismograph, which records the amount of quake but
is a secret parameter (ideally, known only to the
cannot prevent the same. Here comes the discussion
communicants) for a specific message exchange
on cryptography, which plays a major role in this
context. Keys are important, as ciphers without
field of security of sending messages?
variable keys are trivially breakable and therefore
of
the
actual
physical
less than useful for most purposes. Historically,
Steganography is the art and science of
ciphers were often used directly for encryption or
writing hidden messages in such a way that no one
decryption, without additional procedures such as
apart from the sender and intended recipient even
authentication or integrity checks.
realizes there is a hidden message. By contrast,
cryptography obscures the meaning of a message, but
it does not conceal the fact that there is a message.
Today,
the
term
steganography
includes
the
concealment of digital information within computer
files.
In colloquial use, the term "code" is often
used to mean any method of encryption or
concealment of meaning. However, in cryptography,
code has a more specific meaning; it means the
replacement of a unit of plaintext (i.e., a meaningful
word or phrase) with a code word (for example, apple
pie replaces attack at dawn). Codes are no longer
Introduction
used in serious cryptography—except incidentally for
such things as unit designations (egg: 'Bronco Flight'
or Operation Overlord) —- since properly chosen
Simple versions of either offered little confidentiality
ciphers are both more practical and more secure than
from enterprising opponents, and still don't. An early
even the best codes, and better adapted to computers
substitution cipher was the Caesar cipher, in which
as well.
each letter in the plaintext was replaced by a letter
some fixed number of positions further down the
History
of
cryptography
and
cryptanalysis
alphabet. It was named after Julius Caesar who is
reported to have used it, with a shift of 3, to
communicate with his generals during his military
The Ancient Greek scytale (rhymes with
Italy),
probably
much
like
this
modern
campaigns, just like EXCESS-3 code in boolean
algebra.
reconstruction, may have been one of the earliest
devices used to implement a cipher.
Various physical devices and aids have been
used to assist with ciphers. One of the earliest may
Before the modern era, cryptography was
concerned solely with message confidentiality (i.e.,
encryption) — conversion of messages from a
comprehensible form into an incomprehensible one,
and back again at the other end, rendering it
unreadable by interceptors or eavesdroppers without
secret knowledge (namely, the key needed for
decryption of that message). In recent decades, the
field has expanded beyond confidentiality concerns
to include techniques for message integrity checking,
sender/receiver
signatures,
identity
interactive
authentication,
digital
proofs,
secure
and
computation, amongst others.
have been the scytale of ancient Greece, a rod
supposedly used by the Spartans as an aid for a
transposition cipher. In medieval times, other aids
were invented such as the cipher grille, also used for
a kind of steganography. With the invention of
polyalphabetic ciphers came more sophisticated aids
such as Alberti's own cipher disk, Johannes
Trithemius' tabula recta scheme, and Thomas
Jefferson's multi-cylinder (reinvented independently
by Bazeries around 1900). Several mechanical
encryption/decryption devices were invented early in
the 20th century, and many patented, including rotor
machines — most famously the Enigma machine
The earliest forms of secret writing required
used by Germany in World War II. The ciphers
little more than local pen and paper analogs, as most
implemented by better quality examples of these
people could not read. More literacy, or opponent
designs brought about a substantial increase in
literacy, required actual cryptography. The main
cryptanalytic difficulty after WWI.
classical cipher types are transposition ciphers, which
rearrange the order of letters in a message (e.g. 'help
me' becomes 'help em' in a trivially simple
rearrangement scheme), and substitution ciphers,
which systematically replace letters or groups of
letters with other letters or groups of letters (e.g., 'fly
at once' becomes 'gmz bu podf' by replacing each
letter with the one following it in the alphabet).
The development of digital computers and
electronics after WWII made possible much more
complex ciphers. Furthermore, computers allowed for
the encryption of any kind of data that is represented
by computers in any binary format, unlike classical
ciphers which only encrypted written language texts,
dissolving the utility of a linguistic approach to
cryptanalysis in many cases. Many computer ciphers
patterns. Since then the emphasis has shifted, and
can be characterized by their operation on binary bit
cryptography
sequences (sometimes in groups or blocks), unlike
mathematics, including aspects of information theory,
classical and mechanical schemes, which generally
computational complexity, statistics, combinatorics,
manipulate traditional characters (i.e., letters and
abstract algebra, and number theory. Cryptography is
digits) directly. However, computers have also
also a branch of engineering, but an unusual one as it
assisted cryptanalysis, which has compensated to
deals with active, intelligent, and
some extent for increased cipher complexity.
opposition
Nonetheless, good modern ciphers have stayed ahead
security
of cryptanalysis; it is usually the case that use of a
engineering need deal only with neutral natural
quality cipher is very efficient (i.e., fast and requiring
forces.
now
(see
makes
extensive
cryptographic
engineering);
most
use
malevolent
engineering
other
of
kinds
and
of
few resources), while breaking it requires an effort
many
orders
of
magnitude
larger,
Modern cryptography
making
cryptanalysis so inefficient and impractical as to be
effectively impossible.
The modern field of cryptography can be divided into
several areas of study.
Extensive open academic research into
cryptography is relatively recent — it began only in
the mid-1970s with the public specification of DES
•
Symmetric-key cryptography
Symmetric-key
cryptography
refers
to
(the Data Encryption Standard) by the NBS, the
encryption methods in which both the sender and
Diffie-Hellman paper,and the public release of the
receiver share the same key (and, less commonly, in
RSA algorithm. Since then, cryptography has become
which their keys are different, but related in an easily
a widely used tool in communications, computer
computable way).The modern study of symmetric-
networks, and computer security generally. The
key ciphers relates mainly to the study of block
present security level of many modern cryptographic
ciphers and stream ciphers and to their applications.
techniques is based on the difficulty of certain
A block cipher is, in a sense, a modern embodiment
computational
integer
of Alberti's polyalphabetic cipher: block ciphers take
factorisation problem or the discrete logarithm
as input a block of plaintext and a key, and output a
problem. In many cases, there are proofs that
block of cipher text of the same size. Since messages
cryptographic techniques are secure if a certain
are almost always longer than a single block, some
computational problem cannot be solved efficiently.
method of knitting together successive blocks is
With one notable exception—the one-time pad—
required. Several have been developed, some with
these proofs are contingent, and thus not definitive,
better security in one aspect or another than others.
but are currently the best available for cryptographic
They are the mode of operations and must be
algorithms and protocols.
carefully considered when using a block cipher in a
problems,
such
as
the
cryptosystem.
Essentially, prior to the early 20th century,
cryptography was chiefly concerned with linguistic
The Data Encryption Standard (DES) and
•
Public-key cryptography
the Advanced Encryption Standard (AES) are block
cipher
designs
which
have
been
Symmetric-key cryptosystems typically use
designated
cryptography standards by the US government
(though DES's designation was finally withdrawn
after the AES was adopted).Despite its deprecation as
an official standard, DES (especially its stillapproved and much more secure triple-DES variant)
remains quite popular; it is used across a wide range
of applications, from ATM encryption to e-mail
privacy and secure remote access.Many other block
ciphers have been designed and released, with
considerable variation in quality. Many have been
thoroughly broken. See Category:Block ciphers.
the same key for encryption and decryption, though
this message or group of messages may have a
different key than others. A significant disadvantage
of symmetric ciphers is the key management
necessary to use them securely. Each distinct pair of
communicating parties must, ideally, share a different
key, and perhaps each ciphertext exchanged as well.
The number of keys required increases as the square
of the number of network members, which very
quickly requires complex key management schemes
to keep them all straight and secret. The difficulty of
establishing a secret key between two communicating
Stream ciphers, in contrast to the 'block'
parties, when a secure channel doesn't already exist
type, create an arbitrarily long stream of key material,
between them, also presents a chicken-and-egg
which is combined with the plaintext bit-by-bit or
problem which is a considerable practical obstacle for
character-by-character, somewhat like the one-time
cryptography users in the real world.
pad. In a stream cipher, the output stream is created
based on an internal state which changes as the cipher
Cryptanalysis
operates. That state's change is controlled by the key,
The goal of cryptanalysis is to find some
and, in some stream ciphers, by the plaintext stream
weakness or insecurity in a cryptographic scheme,
as well. RC4 is an example of a well-known stream
thus
cipher; see Category:Stream ciphers.
Cryptanalysis might be undertaken by a malicious
Cryptographic hash functions (often called
message digest functions) do not necessarily use
keys, but are a related and important class of
cryptographic algorithms. They take input data (often
an entire message), and output a short, fixed length
hash, and do so as a one-way function. For good
ones, collisions (two plaintexts which produce the
same hash) are extremely difficult to find.
Message authentication codes (MACs) are
much like cryptographic hash functions, except that a
secret key is used to authenticate the hash value on
receipt.
permitting
its
subversion
or
evasion.
attacker, attempting to subvert a system, or by the
system's designer (or others) attempting to evaluate
whether a system has vulnerabilities, and so it is not
inherently a hostile act. In modern practice, however,
cryptographic algorithms and protocols must be
carefully examined and tested to offer any assurance
of the system's security (at least, under clear — and
hopefully reasonable — assumptions).
It is a commonly held misconception that
every encryption method
can be broken. In
connection with his WWII work at Bell Labs, Claude
Shannon proved that the one-time pad cipher is
unbreakable, provided the key material is truly
"Cryptanalysis" is also used to refer to any
random, never reused, kept secret from all possible
attempt to circumvent the security of other types of
attackers, and of equal or greater length than the
cryptographic algorithms and protocols in general,
message. Most ciphers, apart from the one-time pad,
and not just encryption. However, cryptanalysis
can be broken with enough computational effort by
usually excludes attacks that do not primarily target
brute force attack, but the amount of effort needed
weaknesses in the actual cryptography; methods such
may be exponentially dependent on the key size, as
as bribery, physical coercion, burglary, keystroke
compared to the effort needed to use the cipher. In
logging, and so forth, although these latter types of
such cases, effective security could be achieved if it
attack are an important concern in computer security,
is proven that the effort required (ie, 'work factor' in
and are often more effective than traditional
Shannon's terms) is beyond the ability of any
cryptanalysis.
adversary. This means it must be shown that no
Even though the goal has been the same, the
efficient method (as opposed to the time-consuming
brute force method) can be found to break the cipher.
Since no such showing can be made currently, as of
today,
the
one-time-pad
remains
the
only
methods and techniques of cryptanalysis have
changed
drastically
through
the
history
of
cryptography, adapting to increasing cryptographic
complexity, ranging from the pen-and-paper methods
theoretically unbreakable cipher.
of the past, through machines like Enigma in World
There are a wide variety of cryptanalytic
War II, to the computer-based schemes of the
attacks, and they can be classified in any of several
present. The results of cryptanalysis have also
ways. A common distinction turns on what an
changed — it is no longer possible to have unlimited
attacker knows and what capabilities are available. In
success in code breaking, and there is a hierarchical
a ciphertext-only attack, the cryptanalyst has access
classification of what constitutes a rare practical
only to the ciphertext (good modern cryptosystems
attack. In the mid-1970s, a new class of cryptography
are usually effectively immune to ciphertext-only
was introduced: asymmetric cryptography. Methods
attacks). In a known-plaintext attack, the cryptanalyst
for breaking these cryptosystems are typically
has access to a ciphertext and its corresponding
radically different from before, and usually involve
plaintext (or to many such pairs). In a chosen-
solving carefully-constructed problems in pure
plaintext attack, the cryptanalyst may choose a
mathematics,
plaintext and learn its corresponding ciphertext
factorization.
the
best-known
being
integer
(perhaps many times); an example is gardening, used
by the British during WWII. Finally, in a chosen-
Cryptographic protocols
ciphertext attack, the cryptanalyst may choose
ciphertexts
and
learn
their
corresponding
plaintexts.[7] Also important, often overwhelmingly
so, are mistakes (generally in the design or use of one
of the protocols involved; see Cryptanalysis of the
Enigma for some historical examples of this).
In many cases, cryptographic techniques
involve back and forth communication among two or
more parties in space (eg, between the home office
and
a
branch
office)
or
across
time
(e.g.,
STEGANOGRAPHY
cryptographically protected backup data). The term
cryptographic protocol captures this general idea.
Cryptographic
protocols
have
-The art of being invisible
been
developed for a wide range of problems, including
relatively
simple
ones
like
interactive
proof
systems,zero-knowledge, and much more complex
The word steganography is of Greek origin
ones like electronic cashand secure multiparty
and means "covered, or hidden writing". Its ancient
computation.
origins can be traced back to 440 BC. Herodotus
mentions two
examples
of steganography in.
When the security of a good cryptographic
Demeratus sent a warning about a forthcoming attack
system fails, it is rare that the vulnerability leading to
to Greece by writing it on a wooden panel and
the breach will have been in a quality cryptographic
covering it in wax. Wax tablets were in common use
primitive. Instead, weaknesses are often mistakes in
then as re-usable writing surfaces, sometimes used
the protocol design (often due to inadequate design
for shorthand. Another ancient example is that of
procedures, or less than thoroughly informed
Histiaeus, who shaved the head of his most trusted
designers), in the implementation (e.g., a software
slave and tattooed a message on it. After his hair had
bug), in a failure of the assumptions on which the
grown the message was hidden. The purpose was to
design was based (e.g., proper training of those who
instigate a revolt against the Persians. Later, Johannes
will be using the system), or some other human error.
Trithemius’s book Steganographia is a treatise on
Many cryptographic protocols have been designed
cryptography.
and analyzed using ad hoc methods, but they rarely
have any proof of security. Methods for formally
Generally, a steganographic message will
analyzing the security of protocols, based on
appear to be something else: a picture, an article, a
techniques from mathematical logic (see for example
shopping list, or some other message. This apparent
BAN logic), and more recently from concrete
message is the cover text. For instance, a message
security principles, have been the subject of research
may be hidden by using invisible ink between the
for the past few decades.Unfortunately, to date these
visible lines of innocuous documents.
tools have been cumbersome and are not widely used
for complex designs.
The advantage of steganography over
cryptography alone is that messages do not attract
The study of how best to implement and
integrate cryptography in applications is itself a
distinct field, see: cryptographic engineering and
security engineering.
attention to themselves, to messengers, or to
recipients. An unhidden coded message, no matter
how unbreakable it is, will arouse suspicion and may
in itself be incriminating, as in countries where
encryption is illegal. Often, steganography and
cryptography are used together to ensure security of
the covert message.
Steganography
used
in
electronic
file systems, add random looking padding
communication include steganographic coding inside
bytes at the end of a cipher text so that its
of a transport layer, such as an MP3 file, or a
size cannot be used to figure out the size of
protocol, such as UDP.
the original plaintext. Examples of software
that use this technique include FreeOTFE
Steganographic message (the plaintext) is
and True Crypt.
often first encrypted by some traditional means,

Chaffing and winnowing
producing a cipher text. Then, a cover text is

Invisible ink
modified in some way to contain the cipher text,

Null ciphers
resulting in stegotext. For example, the letter size,

Concealed messages in tampered executable
spacing, typeface, or other characteristics of a cover
files, exploiting redundancy in the i386
text can be manipulated to carry the hidden message;
only the recipient (who must know the technique
instruction set.

used) can recover the message and then decrypt it.
Francis Bacon is known to have suggested such a

material
A new steganographic technique involves
Delays in key presses in some applications
(telnet or remote desktop software) can
mean a delay in packets, and the delays in
the packets can be used to encode data.
Modern Steganography entered the world in
There is no extra processor or network
1985 with the advent of the Personal Computer
steganography
video
sent over the network from the keyboard.
Modern steganographic techniques
classical
in
injecting imperceptible delays to packets
Steganographic techniques
to
pictures
(optionally played at slower or faster speed).
technique to hide messages.
applied
Embedded
activity, so the steganographic technique is
problems.
"invisible" to the user. This kind of
Development following that was slow, but has since
steganography could be included in the
taken off, based upon the number of 'stego' programs
firmware of keyboards, thus making it
available.
invisible to the system. The firmware could


Concealing messages within the lowest bits
then be included in all keyboards, allowing
of noisy images or sound files.
someone to distribute a key logger program
to thousands without their knowledge.
Concealing data within encrypted data. The
data to be concealed is first encrypted before

Content-Aware
Steganography
hides
being used to overwrite part of a much
information in the semantics a human user
larger
assigns a datagram; these systems offer
block of encrypted
data. This
technique works most effectively where the
security
decrypted version of data being overwritten
adversary/warden.
has no special meaning or use: some
cryptosystems, especially those designed for

against
BPCS-Steganography
a
-
non-human
a
very
embedding capacity steganography
large
commonly this is actually done. For example: a 24-
Countermeasures
bit bitmap will have 8 bits representing each of the
The detection of steganographically encoded
three color values (red, green, and blue) at each pixel.
packages is called steganalysis. The simplest method
If we consider just the blue there will be 28 different
to detect modified files, however, is to compare them
values of blue. The difference between 11111111 and
to the originals. To detect information being moved
11111110 in the value for blue intensity is likely to
through the graphics on a website, for example, an
be undetectable by the human eye. Therefore, the
analyst can maintain known-clean copies of these
least significant bit can be used (more or less
materials and compare them against the current
undetectably) for something else other than color
contents of the site. The differences (assuming the
information. If we do it with the green and the red as
carrier is the same) will compose the payload.
well we can get one letter of ASCII text for every
three pixels
In
general,
using
an
extremely
high
compression rate makes steganography difficult, but
For example:
not impossible; while compression errors provide a
good place to hide data, high compression reduces
the amount of data available to hide the payload in,
raising the encoding density and facilitating easier
Here I am hiding a data in the following figure by
using the S-TOOL software:
Before hiding…
detection (in the extreme case, even by casual
observation).
Applications
Usage in modern printers
Steganography is used by some modern
printers, including HP and Xerox brand color laser
printers. Tiny yellow dots are added to each page.
The dots are barely visible and contain encoded
printer serial numbers, as well as date and time
stamps
The larger the cover message is (in data
content terms—number of bits) relative to the hidden
message, the easier it is to hide the latter. For this
reason, digital pictures (which contain large amounts
of data) are used to hide messages on the internet and
on other communication media. It is not clear how
After hiding...
We may have a doubt here that there is no difference
between the above two figures. But we found the
difference when we reveal the second image by using
S-TOOL software we may get the hidden data.
Conclusion:
This paper mainly presents about he cryptography
and also steganography, the usage of those in
different fields to provide the security and the
protocols used in it the modern techniques which are
used to provide the security and the protocols which
are used to provide are also mentioned. So by the
usage of this cryptography it provides the security to
our data transmission without any leakage of the
confidential matter to the intruders or any third party.
This is the main use of this paper.
References:
--Cryptography and network security by William
Stallings
--hack proofing your network by Ryan Russell
--Introduction
Springer
to
cryptography
by
Buchmann,