Académique Documents
Professionnel Documents
Culture Documents
RANDOMIZATION
Submitted by
B.BHANU ANIL
(Reg.No.50908005)
Bhimavaram-534201
(2008-2011)
1
CERTIFICATE
2
CERTIFICATE
3
DECLARATION
I here by declare that the project work titled “TRIPLE-A SECURE RGB
PLACE: BHIMAVARAM
DATE:
(B.BHANU ANIL)
4
ACKNOWLEDGEMENT
The pleasure, the achievement, the glory, the satisfaction, the reward, the
application and the construction of my project can not be thought without a few, how
apart from their regular schedule, spared a valuable time for me. This acknowledgement
not just a position of words but also an account of the indictment. They have been a
guiding light and source of inspiration towards the completion of the project.
I wish to express my thanks to one to one and all, which directly or indirectly
helped me during my project work.
B.BHANU ANIL
5
Table of Contents
1. INTRODUCTION
2. SYSTEM ANALYSIS
4. ABOUT SOFTWARE
5. SYSTEM DESIGN
CLASS DIAGRAMS
6
5.4 DYNAMIC MODAL
SEQUENTIAL DIAGRAM
ACTIVITY DIAGRAM
6 SAMPLE CODING
7 SCREENS
9 CONCLUSION
BIBLOGRAPHY
7
TRIPLE-A SECURE RGB IMAGE STEGANOGRAPHY
BASED ON RANDOMIZATION
INTRODUCTION TO PROJECT
Image-based steganography techniques need an image to hide the data in. This
image is called a cover media. Digital images are stored in computer systems as an array
of points (pixels) where each pixel has three color components: Red, Green, and Blue
(RGB). Each pixel is represented with three bytes to indicate the intensity of these three
colors (RGB). Some techniques have been used for image steganography such as LSB,
SCC, Pixel Indicator and image intensity.
In LSB, the least significant bit of each pixel for a specific color channel or for all
color channels is replaced with a bit from the secret data. Although it is a simple
techniques, but the probability of detecting the hidden data is high. SCC technique is an
enhancement. The color channel, where the secret data will be hidden in, is cycling
8
frequently for every bit according to a specific pattern. For example, the first bit of the
secret data is stored in the LSB of red channel, the second bit in the green channel, the
third bit in the blue channel and so on. This technique is more secure than the LSB but
still it is suffers detecting the cycling pattern that will reveal the secret data. Also it has
less capacity than the LSB. Pixel indicator technique is another image steganography
technique where the least two significant bits of specific color channel is used to indicate
the existence of secret data in the least significant two bits of other two channels
according to rules detailed in . A new idea of RGB steganography is proposed in this
project. It is based on color intensity, which is outside the focus of this work.
Even though pixel indicator technique adds some randomization to harden the
detection of the secret data, its capacity varies depending on the actual values of the
indicator channel so the actual capacity is unpredictable. Our suggested technique tries to
add more randomization to the selection of the pixels in which the secret data is stored,
affecting the number of bits used to keep the secret data, and the channels that are used to
store the secret data.
Digital Steganography is the art of hiding information into another overing media
in a way that nobody except the receiver can detect the secret message and retrieve it.
The user can set different password for every Message he sends. This will enable
the manager to transmit to two groups the same image but with two different passwords
two different Messages
9
1.2 SCOPE:
There is only one safe place for private data and messages: the place where
nobody looks for it. A file encrypted with algorithms like PGP are not readable, but
everybody knows that there is something hidden. Wouldn't it be nice, if everyone could
open your encrypted files, and see noisy photos of some old friends instead of your
private data. They surely wouldn't look for pieces of encrypted messages in the pixel
values.
The security can be considered two layers the hiding layer and the encryption
layer. Layer one is the hiding part of triple- A algorithm . Notice that the secret data is
scattered throughout the whole image. Also, extracting the secret data without the
Knowledge of seeds is almost impossible. On top of layer one, layer two uses AES
algorithm to encrypt the data. Therefore, even if the attacker knows how to extract the
data from the image it is still encrypted. Our algorithm has the same unpredictable
message size as the pixel indictor scheme but the former has maximum capacity ratio
better than the latter. Also, the unpredictability in pixel indicator is function of the image
carrier (C) which is usually has mega sizes. Triple-A in the other case depends on the key
(K) which is of smaller size.
In old days of Greece where some practices were recorded like: writing a message
on a wooden table then covering it with wax, and tattooing a messenger hair after shaving
and then let his hair grow up before sending him to the receiver where his hair was
shaved again. Other techniques use invisible ink, microdots, it is hectic and latency
problem and in secure.
10
OVERCOME OF THESE PROBLEMS
We will not change the text itself, but we will change the unseen attributes of the
text. These attributes are many and it is impossible for web servers to track them all.
There are lots of Steganographic methods and tracking them will waste huge amounts of
processing for uncertain results. Be aware that Steganography is more effective than
encryption when used in the right way
1.2.2 LIMITATIONS:
By this application.
11
1.4 ORGANIZATION PROFILE:
Services :
12
development, documentation and testing. We provide robust, secure and highly scalable
solutions to enhance your business.
.NET :
PHP :
13
new and existing dynamic websites running on the PHP, Apache and MySQL
combination becoming choice of masses for delivering dynamic web content.
JAVA :
Java Competency Center helps clients realize the benefits of Enterprise Java J2EE
platforms, and related technologies including Web Services and J2ME. 8 Sigma Softvill
Technologies has built a competency center that focuses on skill building, knowledge
management and pioneering research in emerging Java technologies.
14
8 Sigma Softvill Offshore Software Development, is committed to provide ever
increasing levels of customer satisfaction by offering the highest quality in software
development, e-commerce solutions, web site design, after sales and other IT enabled
services. For this, we use modern software development platforms and software
development tools.
Our area of software development takes it birth from the basic requirement of a
small vendor or even a kid and grows up to fulfill the requirements of large corporations.
Careers
Create. Innovate. Be the best. Within this world, you are your own boss. You set
your own standards and you strive to meet them. Every team member is an asset, and 8
SIGMA SOFTVILL TECHNOLOGIES knows that only the best people can help
make it the best company. Providing impeccable services to Clients requires people who
probe their business, understand it, and interpret it for the global web environment.
Empowering our people to deliver their best at all times is a continuous process at8
.SIGMA SOFTVILL TECHNOLOGIES.
15
The twin objectives of career development at 8 SIGMA SOFTVILL
TECHNOLOGIES:
16
2 SYSTEM ANALYSIS:
INTRODUCTION
Assuming that a new system is to be developed, the next phase is system analysis.
Analysis involved a detailed study of the current system, leading to specifications of a
new system. Analysis is a detailed study of various operations performed by a system and
their relationships within and outside the system. During analysis, data are collected on
the available files, decision points and transactions handled by the present system.
Interviews, on-site observation and questionnaire are the tools used for system analysis.
Using the following steps it becomes easy to draw the exact boundary of the new system
under consideration:
In old days of Greece where some practices were recorded like: writing a message
on a wooden table then covering it with wax, and tattooing a messenger hair after shaving
and then let his hair grow up before sending him to the receiver where his hair was
shaved again. Other techniques use invisible ink, microdots, it is hectic and latency
problem and in secure.
DISADVANTAGES:
17
The proposed system will get through all the drawbacks of the existing system. It
is used as a converting the information without any perceptible distortions. It an adaptive
image steganography with high capacity and good security is proposed.
Limitations:
2.3FEASIBILITY REPORT:
18
infinite time. There are aspects in the feasibility study portion of the preliminary
investigation:
• Technical Feasibility
• Operational Feasibility
• Economical Feasibility
TECHNICAL FEASIBILITY
Evaluating the technical feasibility is the important part of a feasibility study. This
is because, at this point of time not to many detailed design of the system, making it
difficult to access like performance, cost(on account of technology to be deployed)etc.
This project needs simple hardware components those are PIV 2.8 GHz Processor
and Above, RAM 1 GB and Above, HDD 40 GB Hard Disk Space and Above
OPERATIONAL FEASIBILITY:
Proposed projects are beneficial only if they can be turned out into information
system. That will meet the organization’s operating requirements. Operational feasibility
aspects of the project are to be taken as an important part of the project implementation.
19
Some of the important issues raised are to test the operational feasibility of a project
includes the following: -
Will the system be used and work properly if it is being developed and implemented?
Will there be any resistance from the user that will undermine the possible application
benefits?
The well-planned design would ensure the optimal utilization of the computer resources
and would help in the improvement of performance status.
ECONOMICAL FEASIBILITY:
A system can be developed technically and that will be used if installed must still
be a good investment for the organization. In the economical feasibility, the development
cost in creating the system is evaluated against the ultimate benefit derived from the new
systems. Financial benefits must equal or exceed the costs.
The system is economically feasible. It does not require any addition hardware or
software. Since the interface for this system is developed using the existing resources and
technologies available at NIC, There is nominal expenditure and economical feasibility
for certain.
20
3. SOFTWARE REQUIREMENT SPECIFICATION:
3.1FUNCTIONAL REQUIREMENTS:
Outputs from computer systems are required primarily to communicate the results
of security in network. They are also used to provides a permanent copy of the results for
later consultation. The various types of outputs in general are:
Internal Outputs whose destination is within organization and they are the
Operational outputs whose use is purely within the computer network and using
database.
Input data can be in four different forms - Relational DB, text files, .xls and xml files.
For testing and demo you can choose data from any domain. User-B can provide
business data as input.
LOGIN REQUIREMENTS:
User must have specified login name/user name and password. In the login form
the user must enter valid user name and password.
21
REGISTRATION REQUIREMENTS:
If a new person wants to registration he must fill the registration form. In this user
must enter all the fields which are present in the registration form. If there is any empty
field present in the form it should display registration failed message.
MESSAGE HIDEING:
After successfully login stegnography image window opens. In this stage user
enters image file path that should be use as a cover media. Secret key it gives security for
the data. Enter secret data in the text field. After entering these details click hide message
button for data hiding. Then save the file which have image and secret data in the data
base.
In this stage the user select the encrypted file and enter valid key. Then click
extract button. The secret message should be displayed in the text field. Then the user
may save the file in the data base if require.
2. 24 X 7 availability
4. Flexible service based architecture will be highly desirable for future extension
22
3.2.1Usability:
Usability is the ease of use and learnability of a human-made object. The object
of use can be a software application, website, process, or anything a human interacts
with. A usability study may be conducted as a primary job function by a usability analyst.
This application is more usability because in this application the fields are more
familiar to the user in the run time.
3.2.2Reliability:
3.2.3 Performance:
This application performs more accuracy. The hidden data is accurately decrypted
in the receiver end.
3.2.4Supportability:
This application supports any type of text format can be used to hide in the image file.
23
These are simply the constraints which are imposed by the client in development
of the project. So these requirements should be implemented while the development of
the project.
Typical pseudo requirements are the platform and language on which the system
is implemented.
3.4IMPLEMENTATION REQUIREMENTS:
Hardware Requirements:
Software Requirements:
24
4. ABOUT SOFTWARE
The pre-coded solutions that form the framework's Base Class Library cover a
large range of programming needs in a number of areas, including user interface, data
access, database connectivity, cryptography, web application development, numeric
algorithms, and network communications. The class library is used by programmers, who
combine it with their own code to produce applications.
Programs written for the .NET Framework execute in a software environment that
manages the program's runtime requirements. Also part of the .NET Framework, this
runtime environment is known as the Common Language Runtime (CLR). The CLR
provides the appearance of an application virtual machine so that programmers need not
consider the capabilities of the specific CPU that will execute the program. The CLR also
provides other important services such as security, memory management, and exception
handling. The class library and the CLR together compose the .NET Framework.
Interoperability :
25
programs that execute outside the .NET environment. Access to COM components is
provided in the System.Runtime.InteropServices and System.EnterpriseServices
namespaces of the framework; access to other functionality is provided using the
P/Invoke feature.
The Base Class Library (BCL), part of the Framework Class Library (FCL), is a
library of functionality available to all languages using the .NET Framework. The BCL
provides classes which encapsulate a number of common functions, including file reading
and writing, graphic rendering, database interaction and XML document manipulation.
Simplified Deployment :
Security:
26
Portability:
Architecture
27
Common Language Infrastructure:
The core aspects of the .NET framework lie within the Common Language
Infrastructure, or CLI. The purpose of the CLI is to provide a language-neutral platform
for application development and execution, including functions for exception handling,
garbage collection, security, and interoperability. Microsoft's implementation of the CLI
is called the Common Language Runtime or CLR.
Assemblies:
Metadata:
All CLI is self-describing through .NET metadata. The CLR checks the metadata
to ensure that the correct method is called. Metadata is usually generated by language
compilers but developers can create their own metadata through custom attributes.
Metadata contains information about the assembly, and is also used to implement the
reflective programming capabilities of .NET Framework.
28
Security:
.NET has its own security mechanism with two general features: Code Access
Security (CAS), and validation and verification. Code Access Security is based on
evidence that is associated with a specific assembly. Typically the evidence is the source
of the assembly (whether it is installed on the local machine or has been downloaded
from the intranet or Internet). Code Access Security uses evidence to determine the
permissions granted to the code. Other code can demand that calling code is granted a
specified permission. The demand causes the CLR to perform a call stack walk: every
assembly of each method in the call stack is checked for the required permission; if any
assembly is not granted the permission a security exception is thrown.
When an assembly is loaded the CLR performs various tests. Two such tests are
validation and verification. During validation the CLR checks that the assembly contains
valid metadata and CIL, and whether the internal tables are correct. Verification is not so
exact. The verification mechanism checks to see if the code does anything that is 'unsafe'.
The algorithm used is quite conservative; hence occasionally code that is 'safe' does not
pass. Unsafe code will only be executed if the assembly has the 'skip verification'
permission, which generally means code that is installed on the local machine.
29
Class library
System
System. CodeDom
System. Collections
System. Diagnostics
System. Globalization
System. IO
System. Resources
System. Text
System.Text.RegularExpressions
Microsoft .NET Framework includes a set of standard class libraries. The class
library is organized in a hierarchy of namespaces. Most of the built in APIs are part of
either System.* or Microsoft.* namespaces. It encapsulates a large number of common
functions, such as file reading and writing, graphic rendering, database interaction, and
XML document manipulation, among others. The .NET class libraries are available to
all .NET languages. The .NET Framework class library is divided into two parts: the
Base Class Library and the Framework Class Library.
The Base Class Library (BCL) includes a small subset of the entire class library
and is the core set of classes that serve as the basic API of the Common Language
Runtime. The classes in mscorlib.dll and some of the classes in System.dll and
System.core.dll are considered to be a part of the BCL. The BCL classes are available in
both .NET Framework as well as its alternative implementations including .NET
Compact Framework, Microsoft Silverlight and Mono.
30
The Framework Class Library (FCL) is a superset of the BCL classes and refers
to the entire class library that ships with .NET Framework. It includes an expanded set of
libraries, including WinForms, ADO.NET, ASP.NET, Language Integrated Query,
Windows Presentation Foundation, Windows Communication Foundation among others.
The FCL is much larger in scope than standard libraries for languages like C++, and
comparable in scope to the standard libraries of Java.
Memory management:
The .NET Framework CLR frees the developer from the burden of managing
memory (allocating and freeing up when done); instead it does the memory management
itself. To this end, the memory allocated to instantiations of .NET types (objects) is done
contiguously from the managed heap, a pool of memory managed by the CLR. As long as
there exists a reference to an object, which might be either a direct reference to an object
or via a graph of objects, the object is considered to be in use by the CLR. When there is
no reference to an object, and it cannot be reached or used, it becomes garbage. However,
it still holds on to the memory allocated to it. .NET Framework includes a garbage
collector which runs periodically, on a separate thread from the application's thread, that
enumerates all the unusable objects and reclaims the memory allocated to them.
31
objects on the heap (which were initially allocated contiguously) using reflection. All
objects not marked as reachable are garbage. This is the mark phase. Since the memory
held by garbage is not of any consequence, it is considered free space. However, this
leaves chunks of free space between objects which were initially contiguous. The objects
are then compacted together, by using memcpy to copy them over to the free space to
make them contiguous again. Any reference to an object invalidated by moving the
object is updated to reflect the new location by the GC. The application is resumed after
the garbage collection is over.
Versions:
32
.NET Framework stack:
33
such as the file system and peripherals such as printers. Another kind of client application
is the traditional ActiveX control (now replaced by the managed Windows Forms
control) deployed over the Internet as a Web page. This application is much like other
client applications: it is executed natively, has access to local resources, and includes
graphical elements.
In the past, developers created such applications using C/C++ in conjunction with
the Microsoft Foundation Classes (MFC) or with a rapid application development (RAD)
environment such as Microsoft® Visual Basic®. The .NET Framework incorporates
aspects of these existing products into a single, consistent development environment that
drastically simplifies the development of client applications.
The Windows Forms classes contained in the .NET Framework are designed to be
used for GUI development. You can easily create command windows, buttons, menus,
toolbars, and other screen elements with the flexibility necessary to accommodate
shifting business needs.
For example, the .NET Framework provides simple properties to adjust visual
attributes associated with forms. In some cases the underlying operating system does not
support changing these attributes directly, and in these cases the .NET Framework
automatically recreates the forms. This is one of many ways in which the .NET
Framework integrates the developer interface, making coding simpler and more
consistent.
This model provides you with all the features of the common language runtime
and class library while gaining the performance and scalability of the host server.
34
The following illustration shows a basic network schema with managed code
running in different server environments. Servers such as IIS and SQL Server can
perform standard operations while your application logic executes through the managed
code.
ASP.NET is the hosting environment that enables developers to use the .NET
Framework to target Web-based applications. However, ASP.NET is more than just a
runtime host; it is a complete architecture for developing Web sites and Internet-
distributed objects using managed code. Both Web Forms and XML Web services use IIS
and ASP.NET as the publishing mechanism for applications, and both have a collection
of supporting classes in the .NET
C#.NET
It is specifically designed and targeted for use with Microsoft's .NET Framework (a
feature rich platform for the development, deployment, and execution of distributed
applications).
It is a language based upon the modern object-oriented design methodology, and
when designing it Microsoft has been able to learn from the experience of all the
35
other similar languages that have been around over the 20 years or so since object-
oriented principles came to prominence
One important thing to make clear is that C# is a language in its own right.
Although it is designed to generate code that targets the .NET environment, it is not itself
part of .NET. There are some features that are supported by .NET but not by C#, and you
might be surprised to learn that there are actually features of the C# language that are not
supported by .NET like Operator Overloading.
However, since the C# language is intended for use with .NET, it is important for
us to have an understanding of this Framework if we wish to develop applications in C#
effectively. So, in this chapter
However, before it can be executed by the CLR, any source code that we develop
(in C# or some other language) needs to be compiled. Compilation occurs in two steps
in .NET:
At first sight this might seem a rather long-winded compilation process. Actually,
this two-stage compilation process is very important, because the existence of the
Microsoft Intermediate Language (managed code) is the key to providing many of the
benefits of .NET. Let's see why.
36
Microsoft Intermediate Language (often shortened to "Intermediate Language", or
"IL") shares with Java byte code the idea that it is a low-level language with a simple
syntax (based on numeric codes rather than text), which can be very quickly translated
into native machine code. Having this well-defined
Platform Independence
First, it means that the same file containing byte code instructions can be placed
on any platform; at runtime the final stage of compilation can then be easily
accomplished so that the code will run on that particular platform. In other words, by
compiling to Intermediate Language we obtain platform independence for .NET, in much
the same way as compiling to Java byte code gives Java platform independence.
You should note that the platform independence of .NET is only theoretical at
present because, at the time of writing, .NET is only available for Windows. However,
porting .NET to other platforms is being explored (see for example the Mono project, an
effort to create an open source implementation of .NET, at http://www.go-mono.com/).
Performance Improvement
Instead of compiling the entire application in one go (which could lead to a slow
start-up time), the JIT compiler simply compiles each portion of code as it is called (just-
in-time). When code has been compiled once, the resultant native executable is stored
until the application exits, so that it does not need to be recompiled the next time that
37
portion of code is run. Microsoft argues that this process is more efficient than compiling
the entire application code at the start, because of the likelihood those large portions of
any application code will not actually be executed in any given run. Using the JIT
compiler, such code will never get compiled.
This explains why we can expect that execution of managed IL code will be
almost as fast as executing native machine code. What it doesn't explain is why Microsoft
expects that we will get a performance improvement. The reason given for this is that,
since the final stage of compilation takes place at run time, the JIT compiler will know
exactly what processor type the program will run on. This means that it can optimize the
final executable code to take advantage of any features or particular machine code
instructions offered by that particular processor.
Traditional compilers will optimize the code, but they can only perform
optimizations that will be independent of the particular processor that the code will run
on. This is because traditional compilers compile to native executable before the software
is shipped. This means that the compiler doesn't know what type of processor the code
will run on beyond basic generalities, such as that it will be an x86-compatible processor
or an Alpha processor. Visual Studio 6, for example, optimizes for a generic Pentium
machine, so the code that it generates cannot take advantages of hardware features of
Pentium III processors. On the other hand, the JIT compiler can do all the optimizations
that Visual Studio 6 can, and in addition to that it will optimize for the particular
processor the code is running on.
Language Interoperability:
How the use of IL enables platform independence, and how JIT compilation
should improve performance. However, IL also facilitates language interoperability.
38
Simply put, you can compile to IL from one language, and this compiled code should
then be interoperable with code that has been compiled to IL from another language.
Intermediate Language
Use of attributes
39
COM. .NET interfaces are not the same as COM interfaces; they do not need to support
any of the COM infrastructure (for example, they are not derived from I Unknown, and
they do not have associated GUIDs). However, they do share with
COM interfaces the idea that they provide a contract, and classes that implement a
given interface must provide implementations of the methods and properties specified by
that interface.
Working with .NET means compiling to the Intermediate Language, and that in
turn means that you will need to be programming using traditional object-oriented
methodologies. That alone is not, however, sufficient to give us language interoperability.
After all, C++ and Java both use the same object-oriented paradigms, but they are still not
regarded as interoperable. We need to look a little more closely at the concept of
language interoperability.
An associated problem was that, when debugging, you would still have to
independently debug components written in different languages. It was not possible to
step between languages in the debugger. So what we really mean by language
interoperability is that classes written in one language should be able to talk directly to
classes written in another language. In particular:
A class written in one language can inherit from a class written in another language
The class can contain an instance of another class, no matter what the languages of
the two classes are
An object can directly call methods against another object written in another language
40
When calling methods between languages we can step between the method calls in
the
debugger, even where this means stepping between source code written in different
languages.
This is all quite an ambitious aim, but amazingly, .NET and the Intermediate
Language have achieved it. For the case of stepping between methods in the debugger,
this facility is really offered by the Visual Studio .NET IDE rather than from the CLR
itself.
For instance, VB developers will be used to being able to pass variables around
without worrying too much about their types, because VB automatically performs type
conversion. C++ developers will be used to routinely casting pointers between different
types. Being able to perform this kind of operation can be great for performance, but it
breaks type safety. Hence, it is permitted only in very specific circumstances in some of
the languages that compile to managed code. Indeed, pointers (as opposed to references)
are only permitted in marked blocks of code in C#, and not at all in VB (although they
are allowed as normal in managed C++). Using pointers in your code will immediately
cause it to fail the memory type safety checks performed by the CLR.
You should note that some languages compatible with .NET, such as VB.NET,
still allow some laxity in typing, but that is only possible because the compilers behind
the scenes ensure the type safety is enforced in the emitted IL.
41
Although enforcing type safety might initially appear to hurt performance, in
many cases this is far outweighed by the benefits gained from the services provided by
.NET that rely on type safety. Such services include:
Language Interoperability
Garbage Collection
Security
Application Domains
This data type problem is solved in .NET through the use of the Common Type
System (CTS). The CTS defines the predefined data types that are available in IL, so that
all languages that target the .NET framework will produce compiled code that is
ultimately based on these types.
The CTS doesn't merely specify primitive data types, but a rich hierarchy of
types, which includes well-defined points in the hierarchy at which code is permitted to
define its own types. The hierarchical structure of the Common Type System reflects the
single-inheritance object-oriented methodology of IL, and looks like this:
42
Common Language Specification (CLS)
Garbage Collection
43
applications ask for. Up until now there have been two techniques used on Windows
platform for deal locating memory that processes have dynamically requested from the
system:
The .NET runtime relies on the garbage collector instead. This is a program
whose purpose is to clean up memory. The idea is that all dynamically requested memory
is allocated on the heap (that is true for all languages, although in the case of .NET, the
CLR maintains its own managed heap for .NET applications to use). Every so often,
when .NET detects that the managed heap for a given process is becoming full and
therefore needs tidying up, it calls the garbage collector. The garbage collector runs
through variables currently in scope in your code, examining references to objects stored
on the heap to identify which ones are accessible from your code – that is to say which
objects have references that refer to them. Any objects that are not referred to are deemed
to be no longer accessible from your code and can therefore be removed. Java uses a
similar system of garbage collection to this.
Security
Role-based security is based on the identity of the account under which the
process is running, in other words, who owns and is running the process. Code-based
security on the other hand is based on what the code actually does and on how much the
code is trusted. Thanks to the strong type safety of IL, the CLR is able to inspect code
before running it in order to determine required security permissions. .NET also offers a
44
mechanism by which code can indicate in advance what security permissions it will
require to run.
The importance of code-based security is that it reduces the risks associated with
running code of dubious origin (such as code that you've downloaded from the Internet).
For example, even if code is running under the administrator account, it is possible to use
code-based security to indicate that that code should still not be permitted to perform
certain types of operation that the administrator account would normally be allowed to
do, such as read or write to environment variables, read or write to the registry, or to
access the .NET reflection features.
The .NET base classes are a massive collection of managed code classes that have
been written by Microsoft, and which allow you to do almost any of the tasks that were
previously available through the Windows API. These classes follow the same object
model as used by IL, based on single inheritance. This means that you can either
instantiate objects of whichever .NET base class is appropriate, or you can derive your
own classes from them.
The great thing about the .NET base classes is that they have been designed to be
very intuitive and easy to use. For example, to start a thread, you call the Start() method
of the Thread class. To disable a TextBox, you set the Enabled property of a TextBox
object to false. This approach will be familiar to Visual Basic and Java developers, whose
respective libraries are just as easy to use. It may however come as a great relief to C++
developers, who for years have had to cope with such API functions as GetDIBits(),
RegisterWndClassEx(), and IsEqualIID(), as well as a whole plethora of functions that
required Windows handles to be passed around.
45
Name Spaces
Namespaces are the way that .NET avoids name clashes between classes. They
are designed, for example, to avoid the situation in which you define a class to represent a
customer, name your class Customer, and then someone else does the same thing (quite a
likely scenario – the proportion of businesses that have customers seems to be quite
high).
A namespace is no more than a grouping of data types, but it has the effect that
the names of all data types within a namespace automatically get prefixed with the name
of the namespace. It is also possible to nest namespaces within each other. For example,
most of the general-purpose .NET base classes are in a namespace called System. The
base class Array is in this namespace, so its full name is System. Array.
Although C# and .NET are particularly suited to web development, they still offer
splendid support for so-called "fat client" apps, applications that have to be installed on
the end-user's machine where most of the processing takes place. This support is from
46
Windows Forms:
Windows Control:
Although Web Forms and Windows Forms are developed in much the same way,
you use different kinds of controls to populate them. Web Forms use Web Controls, and
Windows Forms use Windows Controls.
Windows Services:
It is very easy to write services in C#. There are .NET Framework base classes
available in the System.ServiceProcess namespace that handle many of the boilerplate
47
tasks associated with services, and in addition, Visual Studio .NET allows you to create a
C# Windows Service project, which starts you out with the Framework C# source code
for a basic Windows service.
48
SQL SERVER 2005:
Using Visual Studio.NET, there is no need to open the Enterprise Manager from
SQL Server. Visual Studio.NET has the SQL Servers tab within the Server Explorer that
gives a list of all the servers that are connected to those having SQL Server on them.
Opening up a particular server tab gives five options:
Database Diagrams
Tables
Views
Stored Procedures
Functions
DATABASE DIAGRAMS
To create a new diagram right click Database diagrams and select New Diagram.
The Add Tables dialog enables to select one to all the tables that you want in the visual
diagram you are going to create.Visual Studio .NET looks at all the relationships between
the tables and then creates a diagram that opens in the Document window.
Each table is represented in the diagram and a list of all the columns that are
available in that particular table. Each relationship between tables is represented by a
connection line between those tables.The properties of the relationship can be viewed by
right clicking the relationship line.
TABLES
The Server Explorer allows to work directly with the tables in SQL Server. It
gives a list of tables contained in the particular database selected. By double clicking one
of the tables, the table is seen in the Document window. This grid of data shows all the
columns and rows of data contained in the particular table.
The data can be added or deleted from the table grid directly in the Document
window. To add a new row of data , move to the bottom of the table and type in a new
row of data after selecting the first column of the first blank row. You can also delete a
49
row of data from the table by right clicking the gray box at the left end of the row and
selecting Delete.
By right clicking the gray box at the far left end of the row, the primary key can
be set for that particular column. The relationships to columns in other tables can be set
by selecting the Relationships option.To create a new table right-click the Tables section
within the Server Explorer and selecting New Table. This gives the design view that
enables to start specifying the columns and column details about the table.
To run queries against the tables in Visual Studio .NET, open the view of the
query toolbar by choosing View->Toolbars->Query.To query a specific table, open that
table in the Document window. Then click the SQL button which divides the Document
window into two panes-one for query and other to show results gathered from the
query.The query is executed by clicking the Execute Query button and the result is
produced in the lower pane of the Document window.
VIEWS
To create a new view, right-click the View node and select New View. The Add
Table dialog box enables to select the tables from which the view is produced. The next
pane enables to customize the appearance of the data in the view.
FEATURES OF SQL-SERVER
The OLAP Services feature available in SQL Server version 7.0 is now called
SQL Server 2000 Analysis Services. The term OLAP Services has been replaced with the
term Analysis Services. Analysis Services also includes a new data mining component.
The Repository component available in SQL Server version 7.0 is now called Microsoft
SQL Server 2000 Meta Data Services. References to the component now use the term
Meta Data Services. The term repository is used only in reference to the repository
engine within Meta Data Services.
50
1. TABLE
2. QUERY
3. FORM
4. REPORT
5. MACRO
TABLE
A database is a collection of data about a specific topic.
VIEWS OF TABLE
We can work with a table in two types,
1. Design View
2. Datasheet View
Design View
To build or modify the structure of a table we work in the table design view. We
can specify what kind of data will be hold.
Datasheet View
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY
A query is a question that has to be asked the data. Access gathers data that
answers the question from one or more table. The data that make up the answer is either
dynaset (if you edit it) or a snapshot (it cannot be edited).Each time we run query, we get
latest information in the dynaset. Access either displays the dynaset or snapshot for us to
view or perform an action on it such as deleting or updating.
5.SYSTEM DESIGN
51
INTRODUCTION:
Software design sits at the technical kernel of the software engineering process
and is applied regardless of the development paradigm and area of application. Design is
the first step in the development phase for any engineered product or system. The
designer’s goal is to produce a model or representation of an entity that will later be built.
Beginning, once system requirement have been specified and analyzed, system design is
the first of the three technical activities -design, code and test that is required to build and
verify software.
The importance can be stated with a single word “Quality”. Design is the place
where quality is fostered in software development. Design provides us with
representations of software that can assess for quality. Design is the only way that we can
accurately translate a customer’s view into a finished software product or system.
Software design serves as a foundation for all the software engineering steps that follow.
Without a strong design we risk building an unstable system – one that will be difficult to
test, one whose quality cannot be assessed until the last stage.
52
PROCESS MODEL USED WITH JUSTIFICATION
There is only one safe place for private data and messages: the place where
nobody looks for it. A file encrypted with algorithms like PGP are not readable, but
everybody knows that there is something hidden. Wouldn't it be nice, if everyone could
open your encrypted files, and see noisy photos of some old friends instead of your
private data? They surely wouldn't look for pieces of encrypted messages in the pixel
values.
Module:
1. Carrier Bitmap
2. Key/filename
3. Hide
4. Extract
Carrier Bitmap:
In this module u have upload the image. To hide a message, open a bitmap file
Key :
To enter a password or select a key file. The key file can be any file, another
bitmap for example. This password or key will be treated as a stream of bytes specifying
the space between two changed pixels. I don't recommend text files, because they may
result in a quite regular noise pattern. The longer your key file or password is, the less
regular the noise will appear.
Hide:
Next step, enter the secret message or choose a file, and click the Hide button.
The application writes the length of the message in bytes into the first pixel. After that it
53
reads a byte from the message, reads another byte from the key, and calculates the
coordinates of the pixel to use for the message-byte. It increments or resets the color
component index, to switch between the R, G and B component. Then it replaces the R,
G or B component of the pixel (according to the color component index) with the
message-byte, and repeats the procedure with the next byte of the message. At last, the
new bitmap is displayed. Save the bitmap by clicking the Save button. If the grayscale
flag is set, all components of the color are changed. Grayscale noise is less visible in most
images.
Extract:
To extract a hidden message from a bitmap, open the bitmap file and specify the
password or key you used when hiding the message. Then choose a file to store the
extracted message in (or leave the field blank, if you only want to view hidden Unicode
text), and click the Extract button. The application steps through the pattern specified by
the key and extracts the bytes from the pixels. At last, it stores the extracted stream in the
file and tries to display the message. Don't bother about the character chaos, if your
message is not a Unicode text. The data in the file will be all right. This works with every
kind of data, you can even hide a small bitmap inside a larger bitmap. If you are really
paranoid, you can encrypt your files with PGP or GnuPG before hiding them in bitmaps.
54
NAVIGATION:
Every organization needs security for their data. By using this application the data
will stored and send in securely.
First user enter valid user id and password for login. Then he enter in to data
hiding /extract window.
If a new person wants to register, the person should fill the all fields in the
registration form. If the person may leave any field in empty it should be displayed a
message.
Data hiding:
In data hiding step the data is encrypted by using AES algorithm with secret key,
which is entered by the user.
In this application we use carrier bit map as a cover media. Key is used to
provide security for the data by using this key the data is encrypted with the help of AES
algorithm. Then the data is immerges in to the carrier bit map image.
After hiding the message the file is send to the receiver, and save it into the
database if he required.
55
Data Extracting :
In this step the data will extract from the carrier bit map image file which is send
by the sender. Now the receiver can extract the secret message from that image file by
using valid key. And save that file into database if required.
The functional model, represents in UML with use case diagrams, describes the
functionality of the system from the user’s point of view.
USECASE DIAGRAMS:
Use case is nothing but collection of scenarios. An actor initiate a use case. After its
initiation, a use case may interacts with other users as well. A Use case represents a
complete flow of events through the system in the sense that it describes a series of
interactions that results from the initiation of the use case.
56
Sender use case diagram:
System
Registration
Login
Image Upload
Sender
Enter Password
Encrypt
Send
57
Receivers use case diagram:
System
Registration
Login
Image Upload
Reciver
Enter Password
Decrypt
Display
Save
58
Usecase diagram:
FileName
key
Password
User/ Admin
Save File
Extract
Entry condition The sender must have valid user name and
password.
59
Use case for data extracting:
3.Extract data.
60
It describes the structure of the system in terms of objects attributes, associations
and operations
CLASS DIAGRAMS:
It describes the structure of the system in a class diagram each class is modal as a
rectangle. This rectangle. This rectangle contains three parts one defines the class name,
the second one describes the attributes and the last one describe about operations.
Class: A Class is a description for a set of objects that shares the same attributes,
and has similar operations, relationships, behaviors and semantics.
61
Classdiagram:
62
5.4 DYNAMIC MODAL:
SEQUENCE DIAGRAM:
Sequence diagrams are used to formalize the behavior of the system and to
visualize the communication among objects. They are useful for identifying the
additional objects that participate in use Cases.
Object:
Actor:
An actor represents a coherent set of roles that users of a system play when
interacting with the use cases of the system. An actor participates in use cases to
accomplish an overall purpose. An actor can represent the role of a human, a device, or
any other systems.
Message:
63
arrow can be labeled with the name of the message (operation or signal) and its argument
values
Duration Message:
A message that indicates an action will cause transition from one state to another
state.
Self Message:
A message that indicates an action will perform at a particular state and stay there.
Create Message:
A message that indicates an action that will perform between two states.
64
Sequence diagram for login:
Enter userid,password()
varify()
Check()
response()
response Yes()
response no()
This sequence diagram can explain how the user can login in to the system. It
contains 4 objectives, the user can entered id and password these values are verified at the
login form, and those values are check for validation by using data base. If the values not
correct system gives a failed message. Otherwise it proceeds in to the next level.
65
Sequence diagram for registration:
Enter uservalues()
varify()
Insert()
redirect()
response()
This sequence diagram explains how the new user can register into the system. In
this stage user can fill all the fields which are present in that form. After inserting those
values are stored into the database. Then the user can login in to the system.
66
Sequence diagram for hideing the plain text in an image file:
Key
Imageuploa generatinc hidewith
sender dcls ls Takeplain encrypted send
text data
enter imager
url()
varify()
click on generation()
plain text()
send to reciever()
Hide()
response()
This sequence diagram can explain how the sender can merge the data in to the
image file. Sender first upload an image file and give a key and plain text. The plain text
is encripted by using AES algorithem wit the key. Then the data is hide in to the image
file and send it to the receiver.
67
Sequence Diagram for extract plain text from image file:
varify()
enter key()
execute decrypt
response()
In this sequence diagram how the data is extracted from the image is explained.
Receiver enter the received image file and related key to decrypt the data. After getting
the data the file is saved in to the data base .
68
STATECHART DIGRAM:
Upload Image
Isvalid
EnterKey/anyfile as password
click to Hide
69
STATECHART FOR EXTRACTING SECRET MESSAGE FROM IMAGE:
Isvalid
click to Extract
70
ACTIVITY DIAGRAM:
71
[Enter User Name and Password ]
[submit ]
Validate Details
[Enter
Registration
Get Details
Details ]
[submit ]
Validate Data
Accepted
72
[Enter U ser N ame and Passw ord
]
Get Details
[Submit]
Validate Data
73
[Enter Login Details ]
[submit ]
Validate Data
no
yes
[submit ]
Validate Details
Validate Data
no
yes no
yes
74
[Enter Login Details ]
[submit ]
Validate Data
no
yes
Aruthenticated
Validate Details
Validate Data
no
yes no
yes
75
Flow Chart for hiding secret text in Image and extracting
START
Upload Image
Enter ke/password
Is
vali
Is file
Is Key d
Save
START
76
5.5 Database Dictionaray:
77
78
6.Sample Code:
using System;
using System.Drawing;
using System.Windows.Forms;
using System.Text;
using System.IO;
namespace PictureKey {
messageStream = null;
int currentStepWidth = 0;
79
byte currentKeyByte;
byte currentReverseKeyByte;
long keyPosition;
int currentColorComponent = 0;
Color pixelColor;
Int32 messageLength;
if(extract){
pixelColor = bitmap.GetPixel(0,0);
}else{
messageLength = (Int32)messageStream.Length;
80
if(messageStream.Length >= 16777215){
long countRequiredPixels = 1;
//add up the gaps between used pixels (sum up all the bytes of the key)
countRequiredPixels += keyStream.ReadByte();
countRequiredPixels *=
(long)System.Math.Ceiling( ((float)messageStream.Length / (float)keyStream.Length) );
81
colorValue -= red << 2;
bitmap.SetPixel(0,0, pixelColor);
keyStream.Seek(0, SeekOrigin.Begin);
messageStream.Seek(0, SeekOrigin.Begin);
if(keyStream.Position == keyStream.Length){
keyStream.Seek(0, SeekOrigin.Begin);
//Get the next pixel-count from the key, use "1" if it's 0
currentKeyByte = (byte)keyStream.ReadByte();
//jump to reverse-read position and read from the end of the stream
keyPosition = keyStream.Position;
82
keyStream.Seek(-keyPosition, SeekOrigin.End);
currentReverseKeyByte = (byte)keyStream.ReadByte();
keyStream.Seek(keyPosition, SeekOrigin.Begin);
currentStepWidth -= bitmapWidth;
pixelPosition.Y++;
//Move X-position
pixelPosition.Y++;
}else{
pixelPosition.X += currentStepWidth;
if(extract){
messageStream.WriteByte(foundByte);
83
currentColorComponent = (currentColorComponent==2) ? 0 :
(currentColorComponent+1);
}else{
//To add a bit of confusion, xor the byte with a byte read from the
keyStream
if(useGrayscale){
}else{
currentColorComponent = (currentColorComponent==2) ? 0 :
(currentColorComponent+1);
bitmap = null;
keyStream = null;
84
private static byte GetColorComponent(Color pixelColor, int colorComponent){
byte returnValue = 0;
switch(colorComponent){
case 0:
returnValue = pixelColor.R;
break;
case 1:
returnValue = pixelColor.G;
break;
case 2:
returnValue = pixelColor.B;
break;
return returnValue;
private static void SetColorComponent(ref Color pixelColor, int colorComponent, int newValue){
switch(colorComponent){
case 0:
break;
case 1:
break;
85
case 2:
break;
return color;
}}
86
7 SCREENS:
87
88
Enter a password or select a key file:
89
Secret message or choose a file, and click the Hide button. The application
90
Save the file in specified location:
91
Extracting Process:
92
93
Enter a password or select a key file to Extract:
94
Select The Extract Tab on Form:
95
Click extract hidden text button to extract secret text from image:
96
To save the content text click save browse button it is on extract tab:
97
9.TESTING:
INTRODUCTION
A strategy for software testing integrates software test case design methods into a
well-planned series of steps that result in the successful construction of software. Testing
is the set of activities that can be planned in advance and conducted systematically. The
underlying motivation of program testing is to affirm software quality with methods that
can economically and effectively apply to both strategic to both large and small-scale
systems.
A strategy for software testing may also be viewed in the context of the spiral.
Unit testing begins at the vertex of the spiral and concentrates on each unit of the
software as implemented in source code. Testing progress by moving outward along the
spiral to integration testing, where the focus is on the design and the construction of the
software architecture. Talking another turn on outward on the spiral we encounter
98
validation testing where requirements established as part of software requirements
analysis are validated against the software that has been constructed. Finally we arrive at
system testing, where the software and other system elements are tested as a whole.
UNIT TESTING
MODULE TESTING
SUB-SYSTEM TESING
Component Testing
SYSTEM TESTING
Integration Testing
ACCEPTANCE TESTING
USER
TESTING
99
UNIT TESTING
Unit testing focuses verification effort on the smallest unit of software design, the
module. The unit testing we have is white box oriented and some modules the steps are
conducted in parallel.
All logical decisions have been exercised on their true and false sides
All loops are executed at their boundaries and within their operational bounds
All internal data structures have been exercised to assure their validity.
To follow the concept of white box testing we have tested each form .we have
created independently to verify that Data flow is correct, All conditions are exercised to
check their validity, All loops are executed on their boundaries.
Use the design of the code and draw correspondent flow graph.
V(G)=E-N+2 or
V(G)=P+1 or
100
V(G)=Number Of Regions
3. CONDITIONAL TESTING
In this part of the testing each of the conditions were tested to both true and false
aspects. And all the resulting paths were tested. So that each path that may be generate on
particular condition is traced to uncover any possible errors.
This type of testing selects the path of the program according to the location of
definition and use of variables. This kind of testing was used only when some local
variable were declared. The definition-use chain method was used in this type of testing.
These were particularly useful in nested statements.
5. LOOP TESTING
In this type of testing all the loops are tested to all the limits possible. The
following exercise was adopted for all loops:
All the loops were tested at their limits, just above them and just below them.
101
All the loops were skipped at least once.
For nested loops test the inner most loop first and then work outwards.
For concatenated loops the values of dependent loops were set with the help of
connected loop.
Unstructured loops were resolved into nested loops or concatenated loops and tested
as above.
102
Test Description Input Output Actual Status
outp
ut P = Passed
C.
No. F = Failed
104
Test Description Input Output Actual output Status
C. No. P = Passed
F = Failed
105
7 Username & blank Values Error message F
password inserted should be
Blank username displayed
password
Test Case for selecting an image file and entering a secret message:
C. P= Passed
No.
F = Failed
106
text button.
107
Test Description Input Output Actual Status
outpu
C. No. t P = Passed
F = Failed
C. No. P = Passed
F = Failed
109
10.CONCLUSION:
Triple-A concealment technique is introduced as a new method to hide digital data inside
image-based medium. The algorithm adds more randomization by using two different
seeds generated from a user-chosen key in order to select the component(s) used to hide
the secret bits as well as the number of the bits used inside the RGB image component.
This randomization adds more security especially if an active encryption technique is
used such as AES. The capacity ratio is increased above SCC and pixel indicator scheme.
Triple-A has a capacity ratio of 14% and can be increased if more number of bit is used
inside the component(s). As a final note, we can say that SCC algorithm is a special case
of Triple-A algorithm if the number of bit used is fixed and equal 1 and Seed2 is
restricted to [0,2] with circular effect.
FUTURE IMPROVEMENT:
The Steganography is used to cover the information. It also avoids the information
without any perceptible distortions. In future this process can not only be used in images
alone it can use in video formats and also in audio formats to enhance in future.
110
BIBLIOGRAPHY:
J. Fridrich, M. Goljan, and R. Du. Detecting lsb steganographyn color and gray-
scale images. IEEE Multimedia,8(4):22–28, 2001.
111
N. Provos and P. Honeyman. Detecting steganographic content on the internet. In
NDSS’02: Network and Distributed System Security Symposium, pages 1–13, Reston,
Virginia, 2002. Internet Society.
112