Contenu connexe
Similaire à Encryption & steganography in i pv6 source address
Similaire à Encryption & steganography in i pv6 source address (20)
Plus de IAEME Publication
Plus de IAEME Publication (20)
Encryption & steganography in i pv6 source address
- 1. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
315
ENCRYPTION & STEGANOGRAPHY IN IPv6 SOURCE ADDRESS
Mustafa Alaa Qasim1
, Dipak Pawar2
1
(Research Scholar, Department of Computer Engineering, VIT College, University of Pune,
Pune, India)
2
(Asst. Prof., Department of Computer Engineering, VIT College, University of Pune, Pune,
India)
ABSTRACT
Steganography is the process of hiding a secret message in covert channel that is
difficult to detect the existence of secret message. Covert channel is a secret communication
channel used for transmitting information. Steganography within the source address fields of
Internet Protocol Version 6 (IPv6) packets create a covert channel in which secret messages
are passed from one side to another. Cryptography is the conversion of data into a secret code
for transmission over a public network. The feature of Steganography over cryptography is
that messages which not attract attention to themselves, whereas cryptography protects the
contents of a message. Steganography can protect both messages and communicating parties.
keywords: Covert Channel, Steganography, Cryptography.
I. INTRODUCTION
Steganography is very old art of embedding private messages in seemingly innocuous
messages in a way that prevents the detection of the secret messages by a third party.
Similarly, Steganography means establishing covert channels. A covert channel is a secret
communication channel used for transmitting information [1]. Steganographic methods
operate in two steps: First, a cover object is analyzed to determine to what extent it can be
modified so that the medications will not be easily observable, second: the message bits are
inserted into the cover object by making changes replaced by the message bits to create an
altered cover object [2]. TCP/IP header fields such as type of service, IP Identification field,
fragment offset, option etc. may be used to embed steganographic data and use as
steganographic carriers [3,4]. Internet protocol version 6 (IPv6) is the “next generation”
internet protocol which is set slowly, merge and ultimately replace IPv4. If the world
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING
& TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 2, March – April (2013), pp. 315-324
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
© I A E M E
- 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
316
continues at its current rate of adding 170 million IP addresses per year for new hosts which
connect the Internet, people will exhaust the current address space available for IPv4 in 7.5
years. This is the main driving force behind the push to switch to IPv6 [5]. An IPv6 packet
header consists of the fields shown below in Figure 1.
Version
( 4 Bit )
Traffic class
( 8 Bit )
Flow Label ( 20 Bit )
Payload Length
( 16 Bit )
Next Header
( 8 Bit )
Hop Limit
( 8 Bit )
Source Address
( 128 Bit )
Destination Address
( 128 Bit )
Fig.1 IPv6 Header
Many covert channels can be selected in IPv6 header such as traffic class, flow label,
payload length, next header, hop limit and source address [6]. The IPv6 specifications [7]
along with the privacy extensions for the stateless address auto configuration feature
introduces the possibility of embedding a significant amount of secret data into the source
address field. The packet header will likely be undetectable to an uninformed observer. The
source address is a 128-bit field, which is intended to contain the universally unique internet
address of the originator of the packet. The privacy extensions proposed for IPv6 rely on the
random generation of a 64-bit portion of the 128-bit source address, the expectation that the
built-in randomness will create a shield of entropy, which should effectively hide any
enclosed message [5]. Cryptography can be defined as secret writing. The basic service that
cryptography offers is the ability of transmitting information among people in a way that
prevents a third party from reading it. Cryptographic systems usually involves both an
algorithm and secret key. The reason for having a secret key is keeping the algorithm secret
in a very difficult way to view [1].
II. RELATED WORK
One of the most common ways of sending messages in modern times, is through the
use of the internet [5]. The TCP/IP header can be used as a carrier for a steganographic covert
channel. The Steganographic covert channels depend on modification of network protocol
header values. In TCP Header, there are many possible hidden channels such as PAD
(padding bits) with bandwidth 31 bits/packet, usage of chosen ISN (initial sequence number)
with 32 bits per connection, usage of urgent pointer when URG=0-16 bits/packet, usage of
reserved bits with 6 bits/packet, and existence of data when
RST=1and Port numbers as analphabet (→) [3,4].
- 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
317
Source Port
Destination Port
Sequence Number
Acknowledgment Number
Header
Length
Reserved
Code
bits Window
Checksum
Urgent Pointer
Checksum
Padding
Fig.2 TCP Header
In IPv6 header, there are many possible hidden channels such as traffic class (set a
false traffic class), flow Label (set a false flow label), payload Length (increase value to
insert extra data), next header (set a valid value to add an extra extension header), hop limit
(increasing or decreasing value of hop limit) and source address (set a false source address)
[6]. IPv6 address is 128 bits consist of two parts: network prefix 64 bit and interface identifier
64 bit which is host ID part.
Fig.3 IPv6 Source address
Network prefix has two parts : global routing prefix 48 bit and subnet ID 16 bit.
Fig.4 IPv6 Source Address
IPv6 source address is used as a covert channel by two methods: first, encoding
messages through MAC address (Passive Injection) and this is subdivided into long MAC
encoding and short MAC encoding, second is encoding messages through packet creation
(Active Injection). The packets spoofed source address contains the secret message created
- 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
318
by the program which is injected into the network solely for sending the secret message. All
these methods use 64 bit interface identifier in IPv6 source address only to hide the secret
messages [5]. Therefore; if we select source IPv6 address then we can hide 8 bytes of data in
a IPv6 packet. This kind of message hiding, is difficult to detect; but if it is detected, then the
message can be easily extracted because cryptography is not applied.
III. PROPOSED METHOD: AES STEGANOGRAPHY
In this Method, encryption is used to encode the text (which is now encrypted
message), it will be injected into source address covert channel of IPv6 packet.
The Advanced Encryption Standard (AES) algorithm is a symmetric block cipher that can
process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits,
will be used in this method. The key size used for an AES cipher specifies the number of
repetitions of transformation rounds that convert the input called the plaintext into the final
output, which is called the cipher text [8]. The number of cycles of repetition are as follow:
• 128-bit keys: 10 cycles of repetition.
• 192-bit keys: 12 cycles of repetition.
• 256-bit keys: 14 cycles of repetition.
Each round consists of several processing steps, including one that depends on the
encryption key itself. A set of reverse rounds are applied to transform ciphertext back into the
original plaintext by using the same encryption key.
Message " Vishwakarma Institute of Technology affiliated to the University of Pune " is
a plain text, it will be encrypted by using AES algorithm. The cipher text will be:
"gYKVPmH2C6/jgUvBXHN6PaOAe7swxbmMFOgnfU3Sx0tBkWAbqwnKig/t1nfR+JoG2j
2hL7dzM7xlBdUqeCwQbJRxptuV2UmJQ41mL2VFDIU="
After that, this Cipher text will be converted to hexadecimal in order to match IPv6 source
address format. It is shown below:
67594b56506d4832
764258484e365061
78626d4d464f676e
74426b5741627177
316e66522b4a6f47
647a4d37786c0d0a
7751624a52787074
5134316d4c325646
The message will be divided into four parts each part Contains 64 bits (16 Character):
Part 1 : 6759:4b56:506d:4832
Part 2: 7642:5848:4e36:5061
Part 3: 7862:6d4d:464f:676e
Part 4: 7442:6b57:4162:7177
Part 5: 316e:6652:2b4a:6f47
Part 6: 647a:4d37:786c:0d0a
Part 7: 7751:624a:5278:7074
Part 8: 5134:316d:4c32:5646
- 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
319
Each part will be injected into interface identifier (64 bit)of IPv6 packet. When using
IPv6 source address steganography, the sender will not know whether the packet delivered to
destination or not, because the three way handshake will not be completed due to fake source
address, so the acknowledgement from receiver will not reach the real source address
(Sender). The network prefix (64 bit) contains four places, the last place is for the subnet ID
which will be used as a sequence number for the message by assigning a number to each part
starting from 0 to 7 and also count of total number of packets sent by sender. Proposed
method includes sequence number which is useful on receiver side to track the packets sent
by sender. The receiver will receive the packets with sequence number. In case of any loss in
any packet, destination can inform the sender about missing part of the message to re-
transmit.
This method is used with two types of IPv6 address :
Site Local: (FEC0:0000:0000:1111: 200:5aee:feaa:20a2) and Global. IPv6 Internet
addresses (2001:4860:b002:1820: 200:5aee:feaa:20a2)
Both Sites Local and Global subnet ID are used, so we can use this part for sequence packet.
N.W Prefix Interface Identifier
Subnet ID
Part 1: feca:0000:0000:7a8:6759:4b56:506d:4832
Part 2: feca:0000:0000:6a8:7642:5848:4e36:5061
Part 3: feca:0000:0000:5a8:7862:6d4d:464f:676e
Part 4: feca:0000:0000:4a8:7442:6b57:4162:7177
Part 5: feca:0000:0000:3a8:316e:6652:2b4a:6f47
Part 6: feca:0000:0000:2a8:647a:4d37:786c:0d0a
Part 7: feca:0000:0000:1a8:7751:624a:5278:7074
Part 8: feca:0000:0000:0a8:5134:316d:4c32:5646
IV. PROGRAMMER'S DESIGN
Existing system performs communication between two parties by using IPv6 source
address as covert channel. If third party extracts data, the message will be directly exposed to
intruder. Hence, more level of security is required. That can be achieved by using
cryptography. Therefore; steganography is followed by cryptography approach for better
security. A cryptography techniques are shown in this table:
Algorithm Type Security
RC4 Private Medium
Blowfish Private Medium
AES Private High
RSA Public High
Table 1 Cryptography Algorithm
- 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
320
AES algorithm with private key, is suitable due to design and strength of all key
lengths of the AES algorithm (i.e., 128, 192 and 256). These are sufficient to protect
classified information up to the secret level. Top secret information will require the use of
both the 192 or 256 key lengths. The implementation of AES in products intends to protect
national security systems and/or information.
Input at Sender Side
– Cover medium(C): IPv6 packet (IPv6 Source Address field)
– Private Key for AES encryption
– Secret Message(M)
Output at Receiver End
– Cover Medium(C): IPv6 packet (IPv6 Source Address field)
– Private Key for AES decryption
– Secret Message(M)
Sender Site Algorithm
1. Accepting the message from the user(Plaintext).
2. Applying AES encryption algorithm with Private Key on plaintext to produce ciphertext.
3. Converting the Ciphertext to Hex to match IPv6 Source Address formatting.
4. Calculating the number of IPv6 packets.
5. Creating IPv6 packet(s) and assign a sequence number to each packet.
6. Hiding the hex in covert channel IPv6 source address.
7. Sending all packets to receiver.
Receiver Site Algorithm
2. Receiving packets; and collecting them according to the sequence number.
3. Analyzing packet one by one. Fetching data of IPv6 source address.
4. Collecting all these encrypted data to form ciphertext.
5. Applying AES decryption algorithm using same Private key by sender on the ciphertext to
produce plaintext.
6. Arrange plaintext data according to packet sequence to form a secret message
V. ARCHITECTURE DESIGN
We are showing secure model of AES Steganography.
Crypto, AES system input Consist of:
1. Secret message.
2. Private Key.
Output: AES Crypto message Ct.
AES Steganography input:
1. IPv6 Packet.
2. Crypto message Ct.
Output: AES-Steganography packets.
- 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
321
Fig.5 Architecture design
VI. RESULTS AND DISCUSSION
This project is implemented in JAVA.JAVA open source library i.e. jpcap is used to
capture and send IPv6 packets. This project is performed on Windows 7 platform. Wireshark
protocol analyzer software is used to monitor the traffic generated from project. For security
on secret data cryptography by using AES algorithm is also applied. To run this project at
first receiver opens the communication device as shown in figure 6. Then sender will accept
secret message from user and perform Steganography and cryptography and send the
message as shown in figure 7. Then receiver accepts packets, arrange them according to
sequence number then apply decryption and display secret message to receiver as shown in
figure 8.
Fig.6 Receiver Site(Open communication device)
- 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March
Computer Engineering and Technology (IJCET), ISSN 0976
6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
322
Fig.7 Sender Site
Fig.8 Receiver Site
Computer Engineering and Technology (IJCET), ISSN 0976-
April (2013), © IAEME
- 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
323
VI.I MATHEMATICAL MODEL
Let's assume Y = 0.7 is the probability of detecting the cover media IPv6 source
address.
Let's assume X = 0.9 is the probability of detecting the message for Active injection
Steganography [5].
.S = X * Y
S = 0.9 * 0.7
S = 0.63 …… probability of detecting the message
Let's assume X = 0.6 is the probability of detecting the message for Short MAC
encoding Steganography [5].
S = X * Y
S = 0.6 * 0.7
S = 0.42 …… probability of detecting the message
Let's assume X = 0.7 is the probability of detecting the message for Long MAC
encoding Steganography [5].
S = X * Y
S = 0.7 * 0.7
S = 0.49 …… probability of detecting the message
Let's assume X = 0.3 is the probability of detecting the message for Proposed Method
(i.e. Steganography and Cryptography). We are assuming low probability for proposed
technique because earlier techniques only consider Steganography whereas we are proposing
Steganography followed by cryptography.
S = X * Y
S = 0.4 * 0.7
S = 0.28 …… probability of detecting the message
We have kept Y constant and we are varying X because X depends on Steganography
technique applied. Proposed method outperform existing methods in terms of security as
shown in figure 9.
Fig.9 Comparision Graph
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
Short MAC
Encoding
Long MAC
Encoding
Active
Injection
Proposed
Method
Probabilty of detecting message
Security Level
- 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 2, March – April (2013), © IAEME
324
VII. CONCLUSION
IPv6 source address is used as a covert channel with capability of storing 64 bit per
packet with assigning a sequence number to each packet which is useful for receiver to track
the packets, providing high level of security by applying AES with private key. Applying
Steganography and cryptography reduce the probability of piracy from detecting the
messages on the network. The proposed method can be applied when high level of security is
required for example: Confidential communication for secret data, Military, etc.
VIII. ACKNOWLEDGEMENTS
We thank Prof. Sandeep Shinde & Mr. Muhammad Hussein Mayud for their valuable
guidance in carrying out our research work.
REFERENCES
[1] Richard Popa, "An Analysis of Steganographic Techniques", The Politehnica
University of Timisoara,1998.
[2] Zoran Duric, Michael Jacobs, Sushil Jajodia, "Information Hiding: Steganography and
Steganalysis", George Mason University2005.
[3] Murdoch, S.J., and Lewis, S. "Embedding covert channels into TCP/IP",
Informatioding,2005.
[4] Kamran Ahsan. "Covert channel analysis and data hiding in tcp/ip". Master's thesis,
University of Toronto, 2002.
[5] Barret Miller, "Steganography in IPv6", University of Arkansas, 2008.
[6] Lewandowski, Grzegorz, "Network-aware Active Wardens in IPv6". Dissertations,
Syracuse University (2011). http://surface.syr.edu/eecs_etd/306
[7] S. Deering, R. Hinden, "Internet Protocol Version 6(IPv6) Specification", RFC 2460.
[8] National Institute of Standards and Technology. Advanced Encryption Standard (AES).
Federal Information Processing Standards Publications –FIPS 197.
[9] "en.wikipedia.org/wiki/Advanced_Encryption_Standard"
[10] Fahim A. Ahmed Ghanem and Vilas M. Thakare, “Optimization of Ipv6 Packet’s
Headers Over Ethernet Frame”, International journal of Electronics and Communication
Engineering & Technology (IJECET), Volume 4, Issue 1, 2013, pp. 99 - 111, ISSN
Print: 0976- 6464, ISSN Online: 0976 –6472.
[11] Shamim Ahmed Laskar and Kattamanchi Hemachandran, “Steganography Based on
Random Pixel Selection for Efficient Data Hiding”, International journal of Computer
Engineering & Technology (IJCET), Volume 4, Issue 2, 2013, pp. 31 - 44,
ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.