Highly Secure Online Voting System with Multi Security using Biometric and Steganography

INTERNATIONAL JOURNAL OF ADVANCED SCIENTIFIC RESEARCH AND TECHNOLOGY

ISSUE 2, VOLUME 2 (APRIL 2012) ISSN: 2249-9954

B. Swaminathan#1

, J. Cross Datson Dinesh

#2

Assoc. Prof. Dept of Computer Science and Engineering Rajalakshmi Engineering College

Chennai, India

E-mail: [email protected]

Dept of Computer Science and Engineering

Rajalakshmi Engineering College

Chennai, India

E-mail: [email protected]

______________________________________________________________________________

ABSTRACT

In this paper an online voting system is proposed with secure user authentication by

providing biometric as well as password security to voter accounts. The basic idea is to merge

the secret key with the cover image on the basis of core image. The result of this process

produces a stego image which looks quite similar to the cover image. The core image is a

biometric measure, such as a fingerprint image. The stego image is extracted at the server side to

perform the voter authentication function. This system greatly reduces the risks as the hackers

have to find both the secret key and template which makes the election procedure to be secure

and robust against a variety of fraudulent behaviors.

Keywords: Online Voting, Data hiding, Biometric, Stego image, Steganography.

______________________________________________________________________________

Corresponding Author: J. Cross Datson Dinesh

INTRODUCTION

It has always been an arduous task for the election commission to conduct free and fair polls in

our country, the largest democracy in the world. Crores of rupees have been spent on this to

make sure that the elections are riot free. The most important aspect of the democracy is the

ability of the people to choose their ruler by vote. Integrity of the election process will determine

the integrity of democracy itself. So the election system must be secure and robust against a

variety of fraudulent behaviors, should be transparent and comprehensible that voters and

candidates can accept the results of an election. A voting system must be usable by the entire

voting population, regardless of age, infirmity or disability.

Electronic Voting Machines ("EVM") are being used in Indian General and State Elections to implement electronic voting in place of ballot papers and boxes which were used earlier in

conventional voting system. It may be vulnerable to fraudulent activities like impersonation of

voters, booth capturing and so on. My aim is to present a new online voting system employing

Highly Secure Online Voting System with Multi Security using

Biometric and Steganography



biometrics in order to avoid rigging and to enhance the accuracy and speed of the process so that

one can cast his vote irrespective of his location. As online voting is risky, it is difficult to come

up with a system which is perfect in all senses. Once we are sure that a voter is genuine, we can

easily address other issues like anonymity and tamper resistance. The system uses thumb

impression as well as password for voter authentication as we know that the thumb impression of

every human being has a unique pattern. Thus it would have an edge over the present day voting

systems.

RELATED WORK

Subba Rao et al., [1] proposed a steganography technique that is based on randomizing the

sequence of cipher bits. Advantage of this technique is there is no one-to-one mapping between a

given cipher text and an image.

Constantinos Patsakis and Evangelos Fountas [2] proposed Fibonacci LSB Data Hiding

Technique to more integer bases. In this work, a new embedding method, which generalizes the

idea of Fibonacci decomposition, enabling more data to be embedded in an image with good

statistical properties was presented.

Namita Tiwari and Dr.Madhu Shandilya [3] evaluated the LSB based Methods of Image

Steganography on GIF File Format. This paper focused on hiding the message in the least

significant bits of the colors of the pixels of a GIF image.

Hanan Mahmoud Hanan et al., [4] proposed a Novel Technique for Steganography in

Fingerprints Images. This paper describes the design and implementations of a project

concerning the hiding of messages in images specifically fingerprint images. The policy of this

project is to keep the confidential messages hidden inside the drawing of the fingerprints.

Sanjay Saini and Dr. Joydip Dhar [5] proposed an eavesdropping proof secure online voting

model. In this paper an online voting framework was formulated which ensures that the voter is

able to vote in a public environment without his vote being eavesdropped on by a neighbor.

E.S. Shameem Sulthana and Dr.S.Kanmani [6] presented the Evidence based Access Control

over Web Services scheme using Multi Security. This paper explains about voting through

internet, with facial detection integrated with finger print authentication and automated load

balancing, fused with data hiding security.

Alok Kumar Vishwakarma and Atul Kumar [7] proposed a Novel Approach for Secure

Mobile-Voting using Biometrics in Conjunction with Elliptic Curve Crypto-Stegano Scheme.

This paper describes a secure mobile-voting system using cryptography and steganography.

Nabin Ghoshal and J. K. Mandal [8] proposed a Steganographic Scheme for Colour Image

Authentication. This paper deals with a novel steganographic technique which demonstrates the

colour image authentication technique in frequency domain based on the Discrete Fourier

Transform(DFT). Experimental results confirmed that this algorithm performs better than

discrete cosine transformation (DCT), Quaternion Fourier Transformation (QFT) and Spatio

Chromatic DFT (SCDFT) based schemes.

Masoud Afrakhteh and Subariah Ibrahim [9] presented an Enhanced Least Significant Bit

Scheme robust against Chi-Squared attack. Among the steganographic techniques and

particularly in conventional least significant bit (LSB) insertion method, there is a challenging

issue and that is how to embed desired secret bits in a cover medium in a way not to be seen by

human vision. This paper proposes a method that utilizes more surrounding pixels unlike BPCS,

PVD and MBNS methods which use 3 or 4 immediate neighbors of each pixel and finally, it is

proved that the method is robust against Chi-squared attack.



Guo-Shiang Lin et al., [10] a framework for Enhancing Image Steganography with Picture

Quality Optimization and Anti-Steganalysis based on Simulated Annealing Algorithm. In this

paper, a closed-loop computing framework was proposed which iteratively searches proper

modifications of pixels/coefficients to enhance a base steganographic scheme with optimized

picture quality and higher anti-steganalysis capability.

PROPOSED METHODOLOGY

Using the proposed system voting can be done through internet with the concept of

Steganography and biometrics. User PIN and the secret key are transmitted to the server securely

using Steganography. Steganography is the idea of hiding private or sensitive data within

something that appears to be nothing out of the normal. If a person views the digital object, he or

she will have no idea that there is any hidden information, and therefore the person will not

attempt to decrypt the information. The general model of Steganography says if you want to send

some secret message then choose a cover image, find its redundant bits and replace these bits with data bits of the message. The message can be easily extracted by doing some operations on

the other end.

Least significant bit insertion is a common approach to embed information in a cover file.

This process overwrites the LSB of a pixel value with a message bit. If we choose a 24-bit image

as cover, we can easily store 3 bits in each pixel. Human eye will not be able to find the

difference in any case. Unfortunately, this process of LSB modification changes the statistical

properties of the cover image, so eavesdroppers can detect the distortions in the resulting stego

image. This is quite viable that we cant embed anybodys personal information in this manner. So, what we can do is that, we can encrypt the message before embedding, or we can perform

steganography providing strong encryption at the same time.

Fingerprint images are chosen as keys for encrypting the secret key. Fingerprint recognition is

used for user authentication because it is the most deployed biometric technique, both in civil

and criminal applications, because of its high maturity and cost-effective capture and processing.

Some information about the voter should be collected to support such a system. Firstly, each

and every individual in the country should be provided with a Personal Identification Number.

This is needed for maintenance of voter accounts in the database. Secondly, we need Thumb

Impressions (fingerprint images) of all the individuals. Thirdly, during the account creation every

individual will be provided with a system generated Secret key which he/she should not disclose

to anybody. This will be needed to cast the vote. The voter account creation process is shown in

fig 1.1:

Fig 1.1 Secret Key Generation

Assuming all voters information in a country is securely collected, biometric reader available for voting, the system is online during the election period only, the methodology is as follows.



To cast a vote, a voter logs into the system by entering the personal identification number and

secret key. Along with this voter has to give the thumb impression on the fingerprint sensor.

The system will generate the cover image and embed the secret key into it according to the

predefined procedure to generate the stego image as shown in fig 1.2:

Fig 1.2: Stego Image Creation Now this stego image will be sent securely to the server for voter authentication. Fingerprint

forgery may be restricted by using advanced fingerprint readers which employ Ultrasonic and

Capacitance.

At the server side, Optical Character Recognition technique will be used to read the personal

identification number represented on the image. After reading it, the server will find out the

details of that individual from the database. These details will be his/her fingerprint image and

secret key. Using these details, the image can be decoded to find out the embedded message

which should be the secret key of that individual. Once authentication is complete, the voter will

be allowed to vote. In this next page, all the details regarding the voting boundaries of that

individual will be shown. Here voter can select the desired candidate and finalize the vote. After

casting the vote, the account will be closed and in the database the voted bit will be set to one for

that voter.

A. CREATION OF RANDOM COVER IMAGE

Every voter should have a 16-digit personal identification number. This number will be

automatically written over a base image in predefined font style & size. Let us use 256*256

pixels bitmap cover image. The base image should be clear so that the text written over it is

machine readable. This image will be finally modified into a stego image and sent over insecure

channel. The base image is chosen randomly among a set of images in the system. Cover image

is a simple inscription of personal identification number over the base image. So, the cover

image for each voter is different which will reduce the chances of predicting the image by an

attacker during transmission.

B. SECRET KEY EXPANSION USING SHA 256 HASHING ALGORITHM

The secret key plays very important role in the whole process. It should not be compromised

in any case. It should be short enough to be remembered by everybody. Let us assume it to be a

4-digit number, similar to ATM PIN. This 4-digit PIN can easily be represented using 2 bytes.

But 2 byte data looks very much vulnerable in terms of length as an attacker can easily predict

the secret data by Steganalysis. So, to increase the complexity of analysis, the 2 byte secret key is

expanded to 32 byte key by applying SHA 256 hashing algorithm. Now these 256 bits will

become a part of the actual secret message. When the secret message is embedded in the cover

image, its statistical properties will not remain same. The stego image will remain more complex



to be analyzed because more features of the key image are utilized in this case. So, it would be

more difficult for the attackers to predict the embedded data.

C. GENERATION OF THE SECRET MESSAGE

In this phase of the methodology, we will get a 288 bit secret message from a 16 bit secret

key. Firstly, the secret key is concatenated with the time-stamp value. The timestamp is a 32 bit

value which represents the current date. Now we will apply SHA 256 algorithm to get a 256 bit

hash code for that key. Now the same time-stamp is concatenated with this hash code to get the

secret message. So, our secret message will be of 288 bit length. As the actual secret key is never

embedded in the stego image, there will be no chance of predicting secret key from it. The

mechanism is shown in fig 1.3:

Fig 1.3: Secret Message Generation

D. STEGO IMAGE CREATION ALGORITHM

The output of this algorithm is a stego image S and the inputs are expanded secret key

concatenated with time-stamp, i.e. secret message, a cover image and the core image. In this

embedding process we are going to modify the 256*256 pixels cover image given by the array

Cover[] of 3*216

of size. In terms of cryptography, performing permutations on input data

increases the level of confusion. More is the level of confusion, more it will become

unpredictable. In this phase we distribute the bits of secret message throughout the image in a

random manner. As we need to embed 288 bits of secret message SM[] into cover image, we need to determine the bytes of cover image which we are going to modify. These are determined by random

function with secret key as seed. Here, we have a Random Number RN[] array of size 288 with

values ranging from 1 to 3*216

. We have a core image array Core[] of 3*216

bytes. So, in order to

yield stego image Stego[] we are going to use the following algorithm.

Stego Image Creation Algorithm: Input: Cover [], Core [], RN [], SM []

Output: Stego []

Begin

for every bit of Secret Message SM [i] do

if SM [i] = 1 then

if Cover[RN[i]] and Core[RN[i]] both odd then

Stego[RN[i]] = Cover[RN[i]] 1

Secret Key

(16 bits)

Hash code

(256 bits)

Timestamp

(32 bits)

Secret Message

(288 bits)

Timestamp

(32 bits)

Concatenate

Concatenate



else if Cover[RN[i]] and CI[RN[i]] both even then

Stego[RN[i]] = Cover[RN[i]] +1

end

else

Stego[RN[i]] = Cover[RN[i]]

end

else if SM[i] = 0 then

if Cover[RN[i]] and Core[RN[i]] both either even or odd

then Stego[RN[i]] = Cover[RN[i]]

else

Stego[RN[i]] = Cover[RN[i]] + 1

end

end End

According to the algorithm, if secret message bit is one and both cover image and key image

byte values are odd we are making stego image byte value one less than cover image byte value,

else one more than that. If secret message bit is zero and both cover image and key image byte

values are even or odd we are keeping stego image byte value same as cover image byte value,

else one more than that. We should notice that during extraction we have to apply the same

random function with the same seed.

For example,

1) Cover image array of size 10: Cover[] = {4, 20, 25, 32, 14, 09, 26, 35, 77, 46}

2) Core image array of size 10: Core[] = {17, 15, 07, 05, 64, 98, 74, 58, 38, 14}

3) Random number array of size 10: RN[] = {7, 4, 2, 8, 6, 1, 9, 0, 5}

4) Secret Message of size 10 bits: SM[] = {1, 0, 1, 1, 0, 0, 1, 1, 0, 0}

The resulting stego image is shown in Table I:

SM [i]

Cover[RN[i]] Core[RN[i]] Stego[RN[i]]

1 Cover[7] = 35 Core[7] = 58 Stego[7] = 35

0 Cover[4] = 14 Core[4] = 64 Stego[4] = 14

1 Cover[2] = 25 Core[2] = 07 Stego[2] = 24

1 Cover[8] = 60 Core[8] = 38 Stego[8] = 61

0 Cover[6] = 32 Core[6] = 74 Stego[6] = 32

0 Cover[1] = 20 Core[1] = 15 Stego[1] = 21

1 Cover[9] = 46 Core[9] = 14 Stego[9] = 47

1 Cover[0] = 04 Core[0] = 17 Stego[0] = 04

0 Cover[5] = 09 Core[5] = 98 Stego[5] = 10

0 Cover[3] = 32 Core[3] = 05 Stego[3] = 33 Table I: Creating Stego Image

From the above algorithm, final stego image is: Stego [] = {04, 21, 24, 33, 14, 10, 32, 35, 61,

47}

E. DECRYPTION ALGORITHM FOR AUTHENTICATION

In the extraction process, firstly the personal identification number from the Stego image is

read using OCR. Now, from the matching entry in the voter database, we read the core image

and Secret key of that individual. The key to successful comparison is the time-stamp value. The

timestamp (e.g. Date) delivers the security from replay attacks, so that the same stego image



cannot be used again in future. Using the secret key as seed we are generating the array RN[] of

size 288. From the stego image we are forming the array Stego[]. Also, we have array Core[]

given by key image. Using these we can extract the SM[] by applying the algorithm given

below.

Decryption Algorithm Input: Stego [], Cover [], RN[], Secret Key

Output: Authentic Voter/ Not an Authentic Voter

Begin

[], [], , k = 0 for i=0 to 287 do

if Stego[RN[i]] and Core[RN[i]] both either even or odd then

SM[i]= 0

else SM[i] = 1

end

end

for i = 256 to 287 do

Date [k++] =SM[i]

end

= (,) if (M[], 256()) then Return: Authentic Voter

else

Return: Not an Authentic Voter

end

End

In the above algorithm, we are checking bytes of stego image and key image, if both are odd

or even we are taking the secret message as one otherwise zero. Using the Date value contained

in the secret message and Secret Key we can verify the authenticity.

Previous example is continued,

1) From the above embedding algorithm we have:

Stego[] = {04, 21, 24, 33, 14, 10, 32, 35, 61, 47 }

2) From Database we have:

Core[] = {17, 15, 07, 05, 64, 98, 74, 58, 38. 14}

Extraction of secret message is shown in Table II:

Core[RN[i]] Stego[RN[i]] SM[i]

Core[7] = 58 Stego[7] = 35 1

Core[4] = 64 Stego[4] = 14 0

Core[2] =07 Stego[2] = 24 1

Core[8] = 38 Stego[8] = 61 1

Core[6] = 74 Stego[6] = 32 0

Core[1] = 15 Stego[1] = 21 0

Core[9] = 14 Stego[9] = 47 1

Core[0] = 17 Stego[0] = 04 1

Core[5] = 98 Stego[5] = 10 0

Core[3] = 05 Stego[3] = 33 0 Table II: Retrieving the Secret Message



F. VOTING PROCEDURE

Once any individual passes the authenticity criteria, he/she will be logged into his/her voting

account. We can easily restrict a voter from logging into his/her voting account more than once

during elections. Once a particular voter is authenticated by the system, a secure channel will be

established using https and then he/she will be able to cast the vote. The vote will remain secret

in every sense, i.e., it will not be reflected anywhere in the database that which user has voted for

whom. Finally, the account will be closed and that user will not be able to log back in by any

means again. This completes the voting process. The methodology of the voting process is

described in the fig 1.4:

Fig 1.4: Online Voting System Flowchart

CONCLUSION

In this paper we have enforced a method for integrating Cryptography and Steganography to

present a highly secure Online Voting System. The security level of our system is greatly

improved by the new idea of random cover image generation for each voter. The user

authentication process of the system is improved by adding both biometric and password

security. The Steganography portion of the system is secured by random distribution of message

bits into the cover image. This system will preclude the illegal practices like rigging. Thus, the

citizens can be sure that they alone can choose their leaders, thus exercising their right in the

democracy.

REFERENCES

[1] Subba Rao, Brahmananda Rao, Rukma Rekha, Secure image steganography based on randomized sequence of bits, eighth international conference on information technology 2011.

PIN

Cover Image

Creation

Encryption Secret Key

Fingerprint Stego Image

Server

PIN Extraction

Decryption

(Extract Secret Msg)

Secret Key Verification Database

Caste Vote

Voter

Compare

Update



[2] Constantinos patsakis, Evangelos Fountas,Extended fibonacci LSB data hiding technique ti more integer bases3rd international conference on advanced computer theory 2010.

[3] Namita Tiwari and Dr.Madhu Shandilya, Evaluation of Various LSB based Methods of Image Steganography, International Journal of Computer Applications Volume 6 No.2, September 2010.

[4] Hanan Mahmoud Hanan Saad Al-Hulaibah Sarah Ahmad Al-Naeem Suha, Novel

Technique for Steganography in Fingerprints Images: Design and Implementation Sixth International Conference on Information Assurance and Security 2010.

[5] Sanjay Saini and Dr. Joydip Dhar, An eavesdropping proof secure online voting model International Conference on Computer Science and Software Engineering 2008.

[6] E.S. Shameem Sulthana and Dr. S.Kanmani, Evidence based Access Control over Web Services using Multi Security International Journal of Computer Applications March 2011.

[7] Alok Kumar Vishwakarma1 and Atul Kumar A Novel Approach for Secure Mobile-Voting using Biometrics in Conjunction with Elliptic Curve Crypto-Stegano Scheme International Journal of Technology and Engineering Systems, March 2011.

[8] [8] Nabin Ghoshal, J. K. Mandal A Steganographic Scheme for Colour Image

Authentication (SSCIA) IEEE-International Conference on Recent Trends in Information Technology, June 3-5, 2011.

[9] [9] Masoud Afrakhteh and Subariah Ibrahim Enhanced Least Significant Bit Scheme

Robust Against Chi-Squared Attack Fourth Asia International Conference on Mathematical/Analytical Modeling and Computer Simulation 2010.

[10] [10] Guo-Shiang Lin, Yi-Ting Chang, and Wen-Nung Lie A Framework of Enhancing Image Steganography with Picture Quality Optimization and Anti-Steganalysis Based on

Simulated Annealing Algorithm IEEE Transactions on Multimedia, August 2010.

Documents

Highly Secure Online Voting System with Multi Security using Biometric and Steganography