JOURNAL OF INFORMATION, KNOWLEDGE AND RESEARCH IN
INFORMATION TECHNOLOGY
STEGANOGRAPHY TECHNIQUE BASED MOBILE BANKING SYSTEM
1KRISHAN KANT LAVANIA, 2KOTHARI ROOSHABH H.,
3YAGNIK HARSHRAJ A.,4G.L.SAINI,
1 Head, Department Of Information Technology
Arya Institute Of Engineering & Technology, Kukas, Jaipur, India.
2,3,4 Student, M.Tech
Arya Institute Of Engineering & Technology, Kukas, Jaipur, India.
, ,,
ABSTRACT: In the lead development of mobile-commerce as one of the new branches of e-commerce, mobile-banking has emerged as main part of mobile-commerce. It has widen upon supply of various services based on different systems and with the help of various services such as the SMS. However, in spite of its various benefits, mobile-banking is in front of some challenges as well. One of these challenges is the security issues of this system. This paper presents a Steganography Technique for increasing security of the information requested by users. In this Technique, instead of straight way of sending the information, it is secreted in a picture by the password and is set on a website. Then the address of the picture is sent to the client. After receiving the address of the picture through SMS, the client downloads the picture by a particular program. After entering the password, the client can observe the information extracted from the picture if the password is entered correctly.
Key Words: Mobile-Commerce, Mobile-Banking, Steganography, Network Security.
ISSN: 0975 –6698| NOV 10 TO OCT 11 | VOLUME – 01, ISSUE - 02 Page 72
JOURNAL OF INFORMATION, KNOWLEDGE AND RESEARCH IN
INFORMATION TECHNOLOGY
1. INTRODUCTION
Cell phones have highly developed during the recent years and as a result of the progress in mobile phones and incorporating different services in the mobile phones, the banks have introduced to offer banking services on the mobile phone. Some of the advantages of m-banking over e-banking are[1]:
1- Ease of use.
2- No place constraint
3- Fully custom-made
4- High access coefficient
The main concern of mobile banking is to transfer and receive information securely,
that’s why so many protocols like WAP (Wireless Application Protocol) etc are needed
to make this transfer channel secure.
There are two types of services offered in mobile-banking,
A) Notifications and alerts.
B) Required secure information for customer use.
For Example Banks offer services for sending notifications such as transfer of money to the customer's account by a third party, alerts such as due dates for loan installments and information requested by the user such as credit balance of the accounts. While sending information, as the information is sent directly and after request of the user, it is possible that intruder might access and disclose the user's information. Many malicious codes like Trojans steal confidential data like passwords for online banking services. In phishing a spoof web page imitating that of the user’s online bank is designed and used to encourage the user to enter bank details in this false page. The data entered is sent to the cyber crooks. It has revealed that phishing attacks caused losses of $3.2 billion among US consumers in 2007 and in 2006, the average amount stolen from each victim of phishing and Trojans was €6,383.
Mobile Banking in the past
a) Low bandwidth
b) Latency issues
c) Security issues
d) High communication expenditure
e) Poor functionality
f) Low capabilities in the mobile
Mobile Banking Today
a) Data Services with high speed (GPRS)
b) More functionality
c) Higher Security transfer channel
d) Reduced data transfer costs
Significance of mobile banking
a) Practical and straightforward alerting services.
b) Sky-scraping market infiltration (near about 80% in some of leading countries) and still progressing.
c) Mobile transactions to be certified in many more places than ever before
d) New Business Alliances can be expected through Mobile services.
e) M-commerce is expected to report for a progressive high percentage of transactions [2].
Figure2. M-Banking Trends
M-Banking Security measures
a) Debit and Credit cards coupled to a specific phone number of consumer for supplementary transaction security
b) Transfer channel of SMS can be used with encryption by mobile payment applications to defend data integrity and security.
c) Accomplishment of secure PIN for transactions for fund transfer.
This paper presents a new Technique to enhance security of messages by using steganography method. Steganography is an of art hiding secret messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. The message is altered in a way to disguise the secret message in images, videos etc. In our scheme also we use steganography to hide Message. The hiding technique used must have sufficiently high capacity and must be robust.
2. GENERAL INFORMATION FOR STEGANOGRAPHY
Steganography word comes from the Greek words Steganós (Covered) and Graptos (Writing).In this 21st century sense of word steganography precisely referred to information or a file that has been masked inside a digital Picture, Video or Audio file.
Steganography normally does is make use of human perception, human senses are not skilled to look for files that have hidden information inside of them, although there are cryptographic programs available that can do what is called Steganalysis (Detecting use of Steganography.) the data is usually encrypted with a unique password when Steganography is used to hide information or a file inside a carrier file[3].
3. STEGANOGRAPHY TECHNIQUES
1. Encoding Secret Messages in Text
1.1 DOCUMENT
1.2 XML
2. Encoding Secret Messages in Images
2.1 LSB
2.2 FILTERING
2.3 MASKING
3. Encoding Secret Messages in Audio
3.1 LBC
3.2 PHASE CODING
Figure3. Principles of Steganography
Recently due to the increases in online fraud Banks are encouraged to think about some different solutions for remote authentication procedures. In this paper we discuss about the security of today’s mobile banking systems and present an overview, and in my suggested method, instead of direct sending of information, it is hidden in a picture by a password and placed in another website. Then the picture’s address is sent to the user instead of the information. A special program already installed on the user's mobile phone receives the picture’s address. Then this program downloads the picture containing the hidden information from the internet and shows it to the user after extracting the hidden information by using the password and based on steganography algorithm.
The customer sends his request for information to the bank; for example asks for his credit balance. Based on the request of the user, the bank prepares the information.
In our example, extracts the user's credit balance from the database. Then the bank system hides the prepared information in a picture based on a password and by the use of a special program that we call "coder". For this purpose, the bank has a huge collection of pictures of different sizes to choose from. Here, a picture with a proper size proportionate to the amount of information Requested is selected randomly[4].
4. ALGORITHM USED
In this paper, we use Least Significant Bits steganography that hide information in the least significant bits (LSB) of pixels colors. This technique hides each byte of information in two pixels. Two pixels are preferred where a byte of information is hidden by using a password.
For selecting the pixels where secure data will be hidden the specific algorithm is used:
First the image is segmented into p number of blocks of q number of pixels. According to the password, a block is chosen and the important data is hidden in an unfilled pixel of this block.
The algorithm used for choosing a block and an unfilled pixel in that block is as follows:
if the chosen block begins with the pixel number k and has q number of pixels then the number of the last pixel is k+q-1. Here we used an array of size q+1 for remembering unfilled pixels of current block. This array contains the number of pixels having no data. The last unit of the array is the total unfilled pixels in the current block. An unfilled pixel is selected and the last unfilled pixel number is copied to this array cell according to the given password. Then the total number of unfilled pixels on the block decreases by one. We can also use this technique for selecting a block to hide the secure data in itself. After proper selection of the pixels we hide a byte within them. There are three colors of each pixel i.e. Red, Green and Blue (RGB), and the secure data of client is stored in the Least Significant Bits of these colors.
As we know the human eyes are less responsive to blue colors, so major changes may be applied to blue colors, before the changes be acknowledged. Therefore each 16 bits of information are hidden into two pixels. The number representing the extent of secure data is stored in the image knowing this extent of the information is necessary for decoding right information. The Images are represented by the Portable Network Graphics format. Same Encoding Algorithm is also used for decoding. Once secure data of client is hidden in stored image, the name of the image is determined based on the client account and the request time of the client. Then the image is uploaded in a website selected by the bank's server. This website can be selected from chosen websites that are under control of the bank’s server. For example, the bank has 15 websites addresses and selecting one address, and copies the image thereon. To avoid expose of secure data of client this image will be removed automatically after 15 minutes. Then after the particular image address is sent to the client .Client has to install a specific software for decoding received address of particular image where secure data is stored. The specific program will be disconnecting from internet, once image is being downloaded. Based on right password that is entered by customer the decoder program will extract the secure information from the image that is being downloaded according to the algorithm used[5][6][7].
5. STEGANOGRAPHY TOOLS USED
a) S-Tools (GIF, JPEG)
b) StegHide (WAV, BMP)
c) Invisible Secrets (JPEG)
d) Hiderman
e) Many others…
6. DETECTING STEGANOGRAPHY
7. BENEFITS
1. Exposure of secure data is very negligible.
2. Password is not exchanged between the server and the mobile. Therefore there is no risk of exposure of user password.
3. Response time and speed of bank’s server increases.
4. It is difficult to detect password by intruder because password is stored in any particular
Image[8].
8. SHORTCOMINGS OF STEGANOGRAPHY
As in this modernization generation steganography technique is widely used everywhere so there are chances of many vulnerabilities. These vulnerabilities are needed to be sorted out. For this many new steganography techniques are being developed for more security of information [9].
9. CONCLUSION
This paper introduces a Steganography technique to transfer information securely on mobile from bank’s server using mobile banking system. This technique provides highly secure way of sending information to users in mobile-banking system by hiding information in image using steganography algorithm. This algorithm is flexible enough to modify based on future requirements of mobile-banking system. By mixing other cryptographic techniques with steganography, data can be more securely transfer and also security can be enhanced much more.
Further it can be used for Steganographic Authentications in Face and Voice Recognition for Mobile Systems.
10. REFERENCES
[1] A. Hiltgen, T. Kramp, and T. Weigold, 2006. Secure internet banking authentication. IEEE Security and Privacy.
[2] http://idbibank.com
[3] http://en.wikipedia.org/wiki/Steganograph.
[4] M. Shirali-Shahreza, "Stealth Steganography in SMS," Proceedings of the Third IEEE and IFIP Int. Conf. on Wireless and Optical Communications Networks.
[5] M. Shirali Shahreza, "An Improved Method for Steganography on Mobile Phone", WSEAS Transactions on Systems, Issue 7, vol. 4, pp. 955-957, July, 2005.
[6] B. Dukic, and M. Katic, "m-order - payment model via SMS within the m-banking," 27th Int. Conference on Information Technology Interfaces, 20-23 June, 2005, pp. 93-98. International Conference
[7] WAP Forum, Wireless Application Protocol Architecture Specification, Version 12-Jul-2001, available from http://www.wapforum.org, 2001.
[8] http://www,google.com
[9] Steganalysis: The Investigation of Hidden Information
ISSN: 0975 –6698| NOV 10 TO OCT 11 | VOLUME – 01, ISSUE - 02 Page 72