TABLE OF CONTENTS

S.NO CONTENTS PAGE NO

ABSTRACT LIST OF TABLES LIST OF FIGURES LIST OF ABBREVIATIONS

1.

INTRODUCTION 1.1 Aim 1.2 Objective 1.3 Organization profile

2.

SYSTEM STUDY 2.1 Existing system 2.2 Proposed system 2.3 Feasibility study

3.

SYSTEM SPECIFICATION 3.1 Hardware 3.2 Software 3.3 Software description

4.

MODULE SPECIFICATION

5.

SYSTEM DESIGN 5.1 DFD 5.2 Data Dictionary 5.3 Table Structure 5.4 Input Design 5.5 Output Design 5.6 Screen Shots

6. 7. 8.

TESTING AND VALIDATION CONCLUSION BIBLOGRAPHY

List of Abrivation
a) Plaintext: The original intelligible message. b) Cipher text: The transformed message. c) Cipher: An algorithm for transforming an intelligible message to unintelligible by transposition. d) Key: Some critical information used by the cipher, known only to the sender & receiver. e) Encipher :( Encode) the process of converting plaintext to cipher text using a cipher and a key. f) Decipher :( Decode) the process of converting cipher text back into plaintext using a cipher & key. g) Cryptanalysis: The study of principles and methods of transforming an unintelligible message back into an intelligible message without knowledge of the key. Also called code breaking h) Cryptology: Both cryptography and cryptanalysis i) Code: an algorithm for transforming an intelligible message into an unintelligible one using codes. j) Hash algorithm: Is an algorithm that converts text string into a string of fixed length. k) Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption l) Public Key Cryptography (PKC): Uses one key for encryption and another for decryption m) Pretty Good Privacy (PGP): PGP is a hybrid cryptosystem. n) Public Key Infrastructure (PKI): PKI feature is Certificate authority.

ABSTRACT

The problem of unsecure communication is compounded by the fact that much of this information is sent over the public Internet and may be processed by third parties, as in e-mail or instant messaging (IM)

Cryptography can be used to provide message confidentiality and integrity and sender verification. The basic functions of cryptography are encryption, decryption and cryptographic hashing. In order to encrypt and decrypt messages, the sender and recipient need to share a secret. Typically this is a key, like a password, that is used by the cryptographic algorithm.

Cryptography involves converting a message text into an unreadable cipher. On the other hand, steganography embeds message into a cover media and hides its existence. Both these techniques provide more security of data neither of them alone is secure enough for sharing information over an unsecure communication channel and are vulnerable to intruder attacks.

In this paper I propose an advanced system of encrypting data that combines the features of cryptography, steganography along with multimedia data hiding. This system will be more securing than any other these techniques alone and also as compared to steganography and cryptography combined systems.

1. INTRODUCTION

Electronic communication is the lifeblood of many organizations. Much of the information communicated on a daily basis must be kept confidential. Information such as financial reports, employee data and medical records needs to be communicated in a way that ensures confidentiality and integrity.

Why network security? When networks were not that pervasive, that is when computing devices were running in their own Islands, it was rather easy to deal with security. The only thing they needed to do was to lock the door. Now, as more and more computing devices are getting connected and more and more applications are being built as distributed applications, the physical security model has lost its significance. The advent of the internet and the web has raised the scale and frequency of network Security threats.

Common Security Threats

Identity interception: It means that someone might steal your identity and use it as their own. Masquerading. If you send your username and password in clear text form, someone might be able to grab it from the network and use it elsewhere with the intention of perpetrating fraud.

Replay attack: They might capture your request of withdrawing 1000 dollars from your Bank account and then replay that request over the network.

Data interception and manipulation: If someone can read your credit card information while it is on the wire, they could cause a lot of trouble for you.

Repudiation: When someone performs a transaction and then deny it later can be a big problem in ecommerce. For example, if you are manufacturer of something and you received a 1 million dollar purchase request from a customer, you will want to make sure that person does not deny it after the transaction has been completed. We all know what denial of service means.

Common Network Security Needs

Authentication (Identity verification) Access control (Authorization) Data confidentiality (Privacy) Data integrity (Tamper-proofing) Non-repudiation (Proof of transaction) Auditing

Cryptography can be used to provide message confidentiality and integrity and sender verification. The basic functions of cryptography are encryption, decryption and cryptographic hashing.

The three basic types of cryptography in common use are symmetric key, asymmetric (public) key systems and cryptographic hash functions. Typically, the strength of a crypto system is directly related to the length of the key. This assumes that there is no inherent weakness in the algorithm and that the keys are chosen in a way that fully utilizes the key space (the number of possible keys). There are many kinds of attacks that can be used against crypto systems, but these are beyond our scope here. That said, if you use public algorithms with no known vulnerabilities, use reasonable key lengths (most defaults are fine) and choose good keys (which are normally chosen for you), your communications will be very secure.

Symmetric key cryptography uses the same key to encrypt and decrypt data. Some common symmetric key algorithms are the Data Encryption Standard (DES), Triple DES, Blowfish and the Advanced Encryption Standard (AES). DES is ineffective because it uses a 64-

bit key and has been broken. Be careful, because some crypto security, like Microsofts Windows XP Encrypted File System (EFS), defaults to DES and must be changed to provide good security.

Asymmetric (public) key cryptography uses a pair of mathematically related keys. Each key can be used to encrypt or decrypt. However, a key can only decrypt a message that has been encrypted by the related key. The key pair is called the public/private key pair. Some common public key systems are Rivest-Shamir-Adelman (RSA), Diffe-Hellman and Digital Signature Standard (DSS).

Cryptographic hash functions take a message of arbitrary length and compute a fixed signature, often called a message digest, for the message. This can be done for a file, e-mail message or your entire hard-drive image. The main properties of these functions are that it is difficult to find different files that produce the same digest and that the function is one-way. Therefore, it is not computationally feasible to recover a message given its digest.

1.1 Aim:

Information is a strategic resource which is paramount for the effective functioning of any organization. This information needs to be managed and safeguarded from malicious and unauthorized users. Various encryption and data security standards have been suggested and implemented for this purpose.

The Aim of this project is to propose new DATA ENCRYPTION and DECRYPTION software that amalgamates the best of many encryption algorithms creating a new unified approach to data security, confidentiality, and authentication by bringing all these diverse algorithms to work in tandem.

1.2 Objective: In today's world of Electronic Commerce on the Internet, the need for secure communications is obviously crucial. Cryptographic technologies provide enterprises with the best mechanisms of protecting their information, without putting the business at risk by exposing it on the Net. Cryptography allows you to transmit data securely over the Internet.

Information is a strategic resource, Security measures are taken through physical and administrative means, similarly spread of IT has given a requirement for automated/technical security measures, In any organization a significant portion of its budget is spent on managing information.

Main Objective of this Project is to provide

Confidentiality Authentication Integrity Access Control

For secured data over the TCP /IP Network.

1.3 Organization profile :

2. SYSTEM STUDY

2.1 EXISTING SYSTEM: Most of the present day encryption standards use only one of the classical or modern encryption algorithms to render the information/message unreadable and irretrievable. However, these standards are prone to eavesdropping and other intruders attack such as brute force attack. However the problem is that of key exchange - it is the mechanism for safely ensuring both parties, the sender and the receiver, have the secret key. This is one of the weakest areas of symmetric cryptography. So the demerit of this method is that if the key is known, privacy is sacrificed. Security Attacks

Interruption: In an attack where one or more of the systems of the organization become unusable due to attacks by unauthorized users. This leads to systems being unavailable for use.

Interception: An unauthorized individual intercepts the message content and changes it or uses it for malicious purposes. After this type of attack, the message does not remain confidential.

Modification: The content of the message is modified by a third party. This attack affects the integrity of the message. So for maintaining the data secretly while communicating data between two persons or two organizations data is to be converted to other format and the data is to be transmitted. So

now we deal with the Cryptography which is process of transmitting data securely without any interruption. Network security is the security of data transmission in the communication.

NEED FOR NETWORK SECURITY: The Applications of Network Security to the various Data Transfer techniques and protocols. From the dawn of civilization, to the highly networked societies that we live in Today communication has always been an integral Part of our existence.

Radio communication Network communication Mobile communication Telephonic communication

All these methods and means of communication have played an important role in our lives, but in the past few years, network communication, especially over the Internet, has emerged as one of the most powerful Methods of communication with an overwhelming Impact on our lives.

Such rapid advances in Communications technology have also given rise to Security threats to individuals and organizations.

2.2 PROPOSED SYSTEM:

In this paper we propose an advanced system of encrypting data that combines the features of cryptography, steganography along with multimedia data hiding. This system will be more secure than any other these techniques alone and also as compared to steganography and cryptography combined systems The message will first be encrypted using Asymmetric Key Cryptography technique. The data will be encrypted using basic DES algorithm. This cipher will now be hidden into a multimedia file. Cryptographic algorithms generally need a reference table which aids the conversion of a small block of data into another block (may not be a block of data in the original content).

In order to provide higher security levels the algorithm is designed to use a reference database .The reference database will consist of various reference grids. Each of these grids will have a 3-d representation of the encoding schema which will be used to represent the characters in terms of specific numbers. (The same number may or may not represent a different character in a different grid).

2.3 FEASIBILITY STUDY The feasibility study is carried out to test whether the proposed system in words is being implemented. The feasibility study is based on the following major factors.

TYPES OF FEASIBILITY

Economical Feasibility Technical feasibility

2.1.1 ECONOMICAL FEASIBILITY

Economical feasibility is the most recently used method for evaluating effectiveness of the proposed system .It is obliquely known as cost benefit analysis. This procedure determined the benefits and savings that are expected from the proposed system and compared with the cost of the existing system. In case of the existing system, the hardware in the company is sufficient for system development and maintenance.

2.1.2 TECHNICAL FEASIBILITY

The hardware, the software and to what extent they can support the proposed system are the keys for this study .The airways has all the required software necessary development and maintenance. Taking into consideration of the above criteria, the proposed system is technically feasible and further developments could be accomplished easily.

Social Feasibility
Infrastructure projects will often have significant social and environment impacts arising from their construction and operation, which can be both positive and negative. The impact may include flow on affects beyond the immediate project area and beyond the people directly associated with the project. In this project the social relationship between the traffic police and the highway group.

3. SYSTEM SPECIFICATION

3.1 HARDWARE USED:

P4Processor Keyboard Mouse Multimedia Color monitor 256MBRAM Net work modem

3.2 SOFTWARE USED:

Windows xp. Dot Net Frame work 4.0.

Software Description:
About the Software we used.
WHAT IS .NET? Microsoft .net is a set of micro soft software technologies for rapidly building and integrating xml web services, micro soft windows-based applications, and web solutions. The .net framework is a language-neutral platform for writing programs that can easily and securely interoperate. Theres no language barrier with .net: there are numerous languages available to the developer including managed c++, c#, and visual basic and java script. The .net framework provides the foundation for components to interact seamlessly, whether locally or remotely on different platforms. It standardizes common data types and communications protocols so that components created in different languages can easily interoperate. The .net is also the collective name given to various software components built upon the .net platform. These will be both products (visual studio.net and windows.net server, for instance) and services (like passport, .net my services, and so on).

The .net framework

The .net framework has two main parts: 1. The common language runtime (CLR). 2. A hierarchical set of class libraries. The CLR is described as the execution engine of .net. It provides the environment within which programs run. The most important features are: Conversion from a low-level assembler-style language, called intermediate language (il), into code native to the platform being executed on.

Memory management, notably including garbage collection.

Checking and enforcing security restrictions on the running code.

Loading and executing programs, with version control and other such features.

The following features of the .net framework are also worth description:

Managed code - is code that targets .net, and which contains certain extra information metadata - to describe itself. Whilst both managed and unmanaged code can run in the runtime, only managed code contains the information that allows the CLR to guarantee, for instance, safe execution and interoperability. Managed data - with managed code comes managed data. CLR provides memory allocation and deal location facilities, and garbage collection. Some .net languages use managed data by default, such as c#, visual basic.net and jscript.net, whereas others, namely c++, do not. Targeting CLR can, depending on the language youre using, impose certain constraints on the features available. As with managed and unmanaged code, one can have both managed and unmanaged data in .net applications - data that doesnt get garbage collected but instead is looked after by unmanaged code.

Common type system - the CLR uses something called the common type system (cts) to strictly enforce type-safety. This ensures that all classes are compatible with each other, by describing types in a common way. Cts define how types work within the runtime, which enables types in one language to interoperate with types in another language, including cross-language exception handling. As well as ensuring that types are only used in appropriate ways, the runtime also ensures that code doesnt attempt to access memory that hasnt been allocated to it.

Common language specification - the CLR provides built-in support for language interoperability. To ensure that you can develop managed code that can be fully used by developers using any programming language, a set of language features and rules for using them called the common language specification (cls) has been defined. Components that follow these rules and expose only cls features are considered cls-compliant.

The class library The .net provides a single-rooted hierarchy of classes, containing over 7000 types. The root of the namespace is called system; this contains basic types like byte, double, Boolean, and string, as well as object. All objects derive from system. Object. As well as objects, there are value types. Value types can be allocated on the stack, which can provide useful flexibility. There are also efficient means of converting value types to object types if and when necessary. The set of classes is pretty comprehensive, providing collections, file, screen, and network I/O, threading, and so on, as well as xml and database connectivity. The class library is subdivided into a number of sets (or namespaces), each providing distinct areas of functionality, with dependencies between the namespaces kept to a minimum.

Languages supported by .NET The multi-language capability of the .net framework and visual studio .net enables developers to use their existing programming skills to build all types of applications and xml web services. The .net framework supports new versions of Microsofts old favorites visual basic and c++ (as vb.net and managed c++), but there are also a number of new additions to the family: Visual basic .net has been updated to include many new and improved language features that make it a powerful object-oriented programming language. These features include inheritance, interfaces, and overloading, among others. Visual basic also now supports structured exception handling, custom attributes and also supports multi-threading. Visual basic .net is also cls compliant, which means that any cls-compliant language can use the classes, objects, and components you create in visual basic .net. Managed extensions for c++ and attributed programming are just some of the enhancements made to the c++ language. Managed extensions simplify the task of migrating existing c++ applications to the new .net framework. C# is Microsofts new language. Its a c-style language that is essentially c++ for rapid application development. Unlike other languages, its specification is just the grammar of the language. It has no standard library of its own, and instead has been designed with the intention of using the .net libraries as its own.

Microsoft visual j# .net provides the easiest transition for java-language developers into the world of xml web services and dramatically improves the interoperability of java-language programs with existing software written in a variety of other programming languages. Active state has created visual Perl and visual python, which enable .net-aware applications to be built in either Perl or python. Both products can be integrated into the visual studio .net environment. Visual Perl includes support for active states Perl dev kit. Other languages for which .net compilers are available include: Fortran Cobol Eiffel

Fig1 .net framework asp.net xml web services base class libraries common language runtime operating system windows forms

Dwide field training

ADO.NET

Ado.net provides a set of classes which a script can use to interact with databases. Scripts can create instances of ado.net data classes and access their properties and methods. A set of classes which work with a specific type of database is known as a .net data provider. Ado.net comes with two data providers, the SQL server.net data provider (which provides optimized access for Microsoft SQL server databases) and the oledb.net data provider, which works with a range of databases. The main ado.net oledb data access classes are oledbconnection, oledbcommand, oledbdatareader and oledbdataadapter.

Features of Visual Basic .Net

Visual studio .net is the single ide that all the .net languages can use. It makes everything available to all languages. Visual studio .net is a great multilanguage development environment and offers a complete set of tools to build windows forms, asp.net web applications, and xml web services.

Start page The start page offers three tabs at the top of the window that enables to modify visual studio.net as well as find important information. The tabs are html server controls versus web server controls control type Html server controls when to use this control type When converting traditional asp 3.0 web pages to asp.net web pages and speed of completion is a concern. It is a lot easier to change your html elements to html server controls than it is to change them to web server controls. When you prefer a more html-type programming model. When you wish to explicitly control the code that is generated for the browser. Web server controls When you require a rich set of functionality to perform complicated page requirements. When you are developing web pages that will be viewed by a multitude of browser types and that require different code based on these types. When you prefer a more visual basic-type

programming model that is based on the use of controls and control properties.

Projects tab this tab is the one to start new projects and launch projects that already exists. This tab lets you to create a new project or open an existing project. Online resources tab this tab provides a number of online resources when connected to the internet. My profile tab this tab enables to customize the visual studio.net environment to resemble the structured environment that is familiar with. Server explorer This window enables to perform a number of functions such as database connectivity, performance monitoring, and interacting with event logs. By using server explorer you can log on to a remote server and view database and system data about that server. Many of the functions that are performed with the enterprise manager in SQL server can now be executed in the server explorer. Solution explorer This provides an organized view of the projects in the application. The toolbar within the solution explorer enables to View code page of the selected item. View design page of the selected item. Refresh the state of the selected item. Copy the web project between web servers. Show all the files in the project, including the hidden files. See properties of the selected item.

Class view The class view window can be viewed from the start page by clicking the class view tab. The class view shows all the classes that are contained within your solution. The class view shows the hierarchical relationship among the classes in your solution as well as the number of other items including methods, enumerations, namespaces, unions, and events. It is possible to organize the view of these items within the window by right-clicking anywhere in the class view area and choosing how the items are sorted.

Toolbox The toolbox window enables to specify elements that will be part of the windows forms or web forms. It provides a drag and drop means of adding elements and controls to the pages or forms. The code snippets can also be stored within the toolbox. Properties window This window provides the properties of an item that is part of the application. This enables to control the style and behavior of the item selected to modify. Dynamic help This window shows a list of help topics. The help topics change based on the item selected or the action being taken. The dynamic help window shows the help items displayed when you have a button control on the page selected. After the item is selected, a list of targeted help topic is displayed. The topics are organized as a list of links. Clicking one of the links in the dynamic help window opens the selected help topic in the document window.

Document window The document window is the main window within visual studio.net where the applications are built. The document window shows open files in either design or html mode. Each open file is represented by a tab at the top of the document window. Any number of files can be kept open at the same time, and you can switch between the open files by clicking the appropriate tab. Design mode versus html mode Visual studio.net offers two modes for viewing and building files: design and html. By clicking the design tab at the bottom of the document window, you can see how the page will view to the user. The page is built in the design mode by dragging and dropping elements directly onto the design page or form. Visual studio .net automatically generates the appropriate code. When the page is viewed in html mode, it shows the code for the page. It enables to directly modify the code to change the way in which the page is presented. Working with SQL server through the server explorer Using visual studio.net, there is no need to open the enterprise manager from SQL server. Visual studio.net has the SQL servers tab within the server explorer that gives a list of all the

servers that are connected to those having SQL server on them. Opening up a particular server tab gives five options: Database diagrams Tables Views Stored procedures Functions

Database diagrams To create a new diagram right click database diagrams and select new diagram. The add tables dialog enables to select one to all the tables that you want in the visual diagram you are going to create. Visual studio .net looks at all the relationships between the tables and then creates a diagram that opens in the document window. Each table is represented in the diagram and a list of all the columns that are available in that particular table. Each relationship between tables is represented by a connection line between those tables. The properties of the relationship can be viewed by right clicking the relationship line.

Tables The server explorer allows working directly with the tables in SQL Server. It gives a list of tables contained in the particular database selected. By double clicking one of the tables, the table is seen in the document window. This grid of data shows all the columns and rows of data contained in the particular table. The data can be added or deleted from the table grid directly in the document window. To add a new row of data, move to the bottom of the table and type in a new row of data after selecting the first column of the first blank row. You can also delete a row of data from the table by right clicking the gray box at the left end of the row and selecting delete. By right clicking the gray box at the far left end of the row, the primary key can be set for that particular column. The relationships to columns in other tables can be set by selecting the relationships option. To create a new table right-click the tables section within the server explorer and selecting new table. This gives the design view that enables to start specifying the columns and column details about the table.

To run queries against the tables in visual studio .net, open the view of the query toolbar by choosing view->toolbars->query. To query a specific table, open that table in the document window. Then click the SQL button which divides the document window into two panes-one for query and other to show results gathered from the query. The query is executed by clicking the execute query button and the result is produced in the lower pane of the document window. Views To create a new view, right-click the view node and select new view. The add table dialog box enables to select the tables from which the view is produced. The next pane enables to customize the appearance of the data in the view.

MODULE SPECIFICATION

In our Project the following modules have been covered. List of Module: ENCRYPT MODULE CIPHER GENERATION MODULE STEGO FUNCTION MODULE IMAGE CONVERSION MODULE SECURITY KEY GENERATION MODULE

DECRYPT MODULE IMAGE CONVERSION MODULE STEGO CIPHER RETRIVAL MODULE

 SECURITY KEY ACCESS MODULE CIPHER CONVERTION MODULE

ENCRYPT MODULE 1) CIPHER GENERATION MODULE: In this module our system receives the data (or) file to be converted as cipher text. Our Cryptography function involves converting a message text into an unreadable cipher by using Given Algorithm.

2. STEGO FUNCTION MODULE:

Visual steganography is one of the most secure forms of steganography available today. It is most commonly implemented in image files. However embedding data into image changes its color frequencies in a predictable way. To overcome this predictability, we propose the concept of multiple cryptography where the data

will be encrypted into a cipher and the cipher will be hidden into a multimedia image file in encrypted format. We shall use traditional cryptographic techniques to achieve data encryption and visual stegano algorithms will be used to hide the encrypted data. 3) IMAGE CONVERSION MODULE: In this module the attributes of the image will be encrypted and saved so as to provide us the information if the image is edited or modified or the image extension has been changed like jpg to gif. These properties can be used in the decoding (identifying the correct block of data from the data grid). So only the correct encrypted image in the correct format will produce the sent message. For decryption, the receiver must know which image to decode and in which format as changing the image format changes the color distribution of the image. Every image gives a random data on decryption that has no meaning. But only the correct Format decryption gives the original message. 4) SECURITY KEY GENERATION MODULE: In this module our system generates the Security Key And this key is encrypted as a cipher text and is sent as a part of messages. During the decryption receiver should extract this security key from the image file using given decryption algorithm.

DECRYPT MODULE

1) IMAGE CONVERSION MODULE: For decryption, the receiver must know which image to decode and in which format as changing the image format changes the color distribution of the image. Every image gives a random data on decryption that has no meaning. But only the correct Format decryption gives the original message. So receiver should know the correct format of the image and image should be converted as the right format Such as jpg, gif , Bmp ..etc..,

2) STEGO CIPHER RETRIVAL MODULE: After hiding the data in the image, the image will be sent to the receiver. The receiver should have the password which will be used to extract the cipher data from image.

3) SECURITY KEY ACCESS MODULE: Security key for decryption of cipher data should be extracted from the image by using stego function sent by message sender. So in this module receiver should extract the security key that is hidden in the image .This key is used to convert the cipher data as plain text.

4) CIPHER CONVERTION MODULE: In this module This cipher can now be decrypted using an inverse function of the DEA algorithm to get the message text. For decryption the cipher was retrieved by checking the pixel variations and inverse DEA function was applied to retrieve the message.

SYSTEM DESIGN In this paper we propose an advanced system of encrypting data that combines the features of cryptography, steganography along with multimedia data hiding. This system will be more secure than any other these techniques alone and also as compared to steganography and cryptography combined systems The message will first be encrypted using Asymmetric Key Cryptography technique. The data will be encrypted using basic DES algorithm . This cipher will now be hidden into a multimedia file. Cryptographic algorithms generally need a reference table which aids the conversion of a small block of data into another block (may not be a block of data in the original content). In order to provide higher security levels the algorithm is designed to use a reference database as shown in Fig. 2. The reference database will consist of various reference grids. Each of these grids will have a 3-d representation of the encoding schema which will be used to represent the characters in terms of specific numbers. (The same number may or may not represent a different character in a different grid). The message will first be encrypted using Asymmetric Key Cryptography technique. The data will be encrypted using basic DES algorithm . This cipher will now be hidden into a multimedia file. The cipher will be saved in the image using a modified bit encoding technique by truncating the pixel values to the nearest zero digit (or a predefined digit) and then a specific number which

defines the 3-D representation of the character in the cipher code sequence can be added to this number. For every character in the message a specific change will be made in the RGB values of a pixel. (This change should be less than 5 for each of R,G and B values) This deviation from the original value will be unique for each character of the message. This deviation also depends on the specific data block (grid) selected from the reference database. For each byte in the data one pixel will be edited. Thus one byte of data will be stored per pixel in the image. In this method the cipher sequence can be decoded without the original image and only the edited image will be transmitted to the receiver.

Fig 2.0 Matrices in a Grid of the Reference database

In the first few lines of image properties, the attributes of the image will be encrypted and saved so as to provide us the information if the image is edited or modified or the image extension has been changed like jpg to gif. These properties can be used in the decoding (identifying the correct block of data from the data grid). So only the correct encrypted image in the correct format will produce the sent message

For decryption, the receiver must know which image to decode and in which format as changing the image format changes the color distribution of the image. Every image gives a random data on decryption that has no meaning. But only the correct Format decryption gives the original message. After hiding the data in the image, the image will be sent to the receiver. The receiver should have the decryption key (private key) which will be used to decode the data.

The message can be decoded using an inverse function (as used in traditional techniques) using the receivers private key. This key can be a part of the image or a text or any attribute of the image. The receivers private key is used to identify the reference grid from the reference database. After selecting the correct grid, the x and y component of the image can define the block that has been used to encrypt the message and the RGB values can point to the data in the block identified by the x, y component .

The cipher is retrieved by obtaining the difference in the pixel value from the closest predefined value (zero truncation). These numbers will now define the saved bit and will form the cipher

text. This cipher can now be decrypted using an inverse function of the DEA algorithm to get the message text.

Fig 5.1 server end encryption form

Fig 5.2 Server end Encryption added text and image

Fig 5.3 Server end Plain text to be sent

Fig 5.4 Server end Encryption Password

Fig 5.5 Server end Encrypted chipper text

Fig 5.6 Fig 5.2 Server end Encrypted text added to image

Fig 5.7 cipher text to be decrypted in Client END

Fig 5.8 Client End decryption form with pass word

Fig 5.9 Client end decryption

Fig 5.10 plain text decrypted client End

TESTING AND VALIDATION

TESTING PROCESS The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement.

The system was designed using an image of size 200x150(30000) pixels. Initially, the pixel values were incremented to the next higher multiple of 5. The message text was converted into cipher text using DEA algorithm. The secret key used was This is the Secret Key. Maximum possible size (29 Kb) of message data was taken considering one byte per pixel. The cipher text was then embedded into the jpeg image by pixel variation (decrement) of the selected value that was between 0-3 for R, 0-4 for G and 0-4 for B values of the pixel.

The reference database consisted of 3 data grids. The data grid was selected on the basis of the number of pixels of the image. If the pixels were less than 1, 00,000 pixels the data grid 1 was selected, if they were between 1, 00,000 and 10, 00,000 then the data grid 2 was selected else the data grid 3 was selected. Each data grid had 20 matrices which were selected on the basis of the height to width ratio. The image containing message data was found to have no visible distortion.

For decryption the cipher was retrieved by checking the pixel variations and inverse DEA function was applied to retrieve the message. To retrieve the cipher from the image, the difference in the pixel value from the next higher multiple of 5 was calculated. The correct data grid from the reference database was selected on the basis of the number of pixels in the image.

The correct matrix from the data grid was selected on the basis of the height to width ratio. After this the encrypted message was retrieved from the image. The inverse DEA function was applied to this encrypted message in order to retrieve the original message text. The steganocryptic algorithm combines the features of cryptography and steganography and hence provides a higher level of security than either of the techniques alone. The algorithm also is more secure than a normal cryptographic system as the encrypted data is hidden into a multimedia file and then transmitted. It is also more secure than a Steganography system as the data to be hidden is in an encrypted format. The algorithm scores over traditional visual steganography systems like LSB encoding as it implements multiple encryptions.

The image bits are used not to store the message but a slight deviation which correspond to a unique character. This deviation is then retrieved from the image and used to decrypt the original message. The image used for encryption is jpeg as it has the least deviation of embedding data.

TYPES OF TESTS UNIT TESTING Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program input produces valid outputs. All decision branches and

internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results.

INTEGRATION TESTING Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components is correct and consistent. Integration testing is specifically aimed at arise from the combination of components. exposing the problems that

FUNCTIONAL TESTING Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements, system documentation and user manuals. Functional testing is centered on the following items: Valid Input Invalid Input Functions Output : identified classes of valid input must be accepted. : identified classes of invalid input must be rejected. : identified functions must be exercised. : identified classes of application outputs must be exercised.

Systems/Procedures

: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key functions, or special test cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined processes, and successive processes must be considered for testing. Before functional testing is complete, additional tests are identified and the effective value of current tests is determined.

SYSTEM TESTING System testing ensures that the entire integrated software system meets requirements. It tests a configuration to ensure known and predictable results. An example of system testing is the configuration oriented system integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process links and integration points.

BOX TESTING White Box Testing is a testing in which the software tester has knowledge of the inner workings, structure and language of the software, or at least its purpose. It is used to test areas that cannot be reached from a black box level.

BLACK BOX TESTING Black Box Testing is testing the software without any knowledge of the inner workings, structure or language of the module being tested. Black box tests, as most other kinds of tests, must be written from a definitive source document, such as specification or requirements document, such

as specification or requirements document. It is a testing in which the software under test is treated, as a black box .you cannot see into it. The test provides inputs and responds to outputs without considering how the software works.

UNIT TESTING Unit testing is usually conducted as part of a combined code and unit test phase of the software lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct phases. TEST STRATEGY AND APPROACH Field testing will be performed manually and functional tests will be written in detail. Test objectives All field entries must work properly. Pages must be activated from the identified link. The entry screen, messages and responses must not be delayed. Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page.

Integration Testing Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. The task of the integration test is to check that components or software applications, e.g. components in a software system or one step up software applications at the company level interact without error.

Acceptance Testing User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements

Test Results All the test cases mentioned above passed successfully. No defects encountered.

CONCLUSION

The proposed system is aimed to simplify the complex and redundant process with the flexibility of a simple process. The proposed system is being developed as an attempt to overcome the difficulties of the existing system. The following are the merits of the proposed system. It provides two levels of security to the information being transmitted. That is the intruders cannot easily break the system. Even if they realize the existence of a secret data they cannot easily recognize the data, since data is hidden in two ways. This system overcomes the demerits of using single level of hiding. That is either using cryptography or steganography. And one more thing to add is it requires only the computation time of single level hiding, because visual cryptography requires no computation to decrypt the information.

This method can be used to increase the security on web based applications. The user will be asked to provide the secret key and the password can be compared from image files using the key. It can be used as advancement over the existing option to input the security phrase in various web based applications.

Cryptography protects users by providing functionality for the encryption of data and authentication of other users. This technology lets the receiver of an electronic message verify the sender, ensures that a message can be read only by the intended person, and assures the recipient that a message has not be altered in transit.

This Project describes the cryptographic concepts of symmetric key encryption, public-key encryption, types of encryption algorithms, hash algorithms, digital signatures, and key exchange. The Cryptography Attacking techniques like Cryptanalysis and Brute Force Attack.

This Project provides information of Network Security Needs and Requirements. Cryptography is a particularly interesting field because of the amount of work that is, by necessity, done in secret. The irony is that today, secrecy is not the key to the goodness of a cryptographic algorithm. Regardless of the mathematical theory behind an algorithm, the best algorithms are those that are well known and well-documented because they are also well-tested and well-studied!

In fact, time is the only true test of good cryptography; any cryptographic scheme that stays in use year after year is most likely a good one. The strength of cryptography lies in the choice (and management) of the keys; longer keys will resist attack better than shorter keys.

BIBILILOGRAPHY:

1. www.codeproject.com 2. www.c#dotnet.com 3. www.c#corner.com 4. www.msdn.microsoft.com 5. www.csharp.com 6. www.gotdotnet.com 7. www.aspnextgen.com

8. Nikolaos K. Papanikolaou, An Introduction to Quantum Cryptography, http://www.acm.org/crossroads/xrds11-3/qcrypto.html 9.Mart Haitjema, A Survey of the Prominent Quantum Key Distribution Protocols, http://www.cs.wustl.edu/~jain/cse571-07/ftp/quantum/index.html#b92 10. Andrew S. Tanenbaum, (2000) Computer Networks , Prentice Hall of India publications. 11. E. Balaguruswamy, (2000) Programming in ANSI C , Tata McGraw-hill publishing company limited. 12. Diffle, W., and Hellman, M.E., (1976) New Directions In Cryptography, IEEE Transcript on Information Theory. 13. William Stallings, (1999) Cryptography And Network Security, Prentice Hall. 14. Anderson, R.J., (1994) Why Cryptosystems Fail, Commn. Of the ACM, vol. 37,pp. 32-40. 15. De Jonge, W., and Chaum, D., (1987) Some Variations on RSA Signatures and their Security CRYPTO 86 proceedings. 16. Rivest, R.L., Shamir, A., and Adleman, L., (1978) On a Method for obtaining Digital Signatures and Public Key Cryptosystems Commn. Of the ACM, vol. 21, pp. 120-126.