Low-complexity methods for image and video watermarking

Coria Mendoza, Lino Evgueni

05 1900

For digital media, the risk of piracy is aggravated by the ease to copy and distribute the content. Watermarking has become the technology of choice for discouraging people from creating illegal copies of digital content. Watermarking is the practice of imperceptibly altering the media content by embedding a message, which can be used to identify the owner of that content. A watermark message can also be a set of instructions for the display equipment, providing information about the content’s usage restrictions. Several applications are considered and three watermarking solutions are provided. First, applications such as owner identification, proof of ownership, and digital fingerprinting are considered and a fast content-dependent image watermarking method is proposed. The scheme offers a high degree of robustness against distortions, mainly additive noise, scaling, low-pass filtering, and lossy compression. This method also requires a small amount of computations. The method generates a set of evenly distributed codewords that are constructed via an iterative algorithm. Every message bit is represented by one of these codewords and is then embedded in one of the image’s 8 × 8 pixel blocks. The information in that particular block is used in the embedding so as to ensure robustness and image fidelity. Two watermarking schemes designed to prevent theatre camcorder piracy are also presented. In these methods, the video is watermarked so that its display is not permitted if a compliant video player detects the watermark. A watermark that is robust to geometric distortions (rotation, scaling, cropping) and lossy compression is required in order to block access to media content that has been recorded with a camera inside a movie theatre. The proposed algorithms take advantage of the properties of the dual-tree complex wavelet transform (DT CWT). This transform offers the advantages of both the regular and the complex wavelets (perfect reconstruction, approximate shift invariance and good directional selectivity). Our methods use these characteristics to create watermarks that are robust to geometric distortions and lossy compression. The proposed schemes are simple to implement and outperform comparable methods when tested against geometric distortions.

Watermarking

Image processing

Information security

Complex wavelets

Piracy

Lossy compression

The role of the notary in secure electronic commerce

Smith, Leslie Gordon

January 2006

The profession of the notary is at a cross roads. The Notary operates in a world of paperbased transactions where the use of traditional signatures and seals are mandatory. The practices and procedures which have evolved over centuries simply cannot be applied directly in a digital environment. Establishing a framework for the authentication of computer-based information in today's commercial environment requires a familiarity with concepts and professional skills from both the legal and computer security fields. Combining these two disciplines is not an easy task. Concepts from the information security field often correspond only loosely with concepts from the legal field, even in situations where the terminology is similar. This thesis explores the history of the Notary, the fundamental concepts of e-commerce, the importance of the digital or electronic signature and the role of the emerging &quotCyber" or &quotElectronic" Notary (E-Notary) in the world of electronic commerce. The research investigates whether or not the functions of the &quotNotary Public" can successfully evolve in the world of E-Commerce, and if so what are the ramifications. This thesis comprises a survey and critical analysis of proposed architectures and implementations for &quotElectronic Notary Services" in an Internet based, electronic commerce environment. It includes an analysis of relevant historical and legal factors relevant to these emerging technologies. Given the highly dynamic nature of this topic, this thesis does not propose or recommend a single architecture or implementation but emphasises the need for further research not only into technological factors but also into the real legal and social needs that affect the role of the E-Notary. The approach undertaken was an analytical approach to the available current documentation against input from leading practitioners included practicing Notaries from Australia, the United States and the Court of Faculties - London.

Notarial act

Notary

electronic commerce

e-commerce

information security

digital information

A proposed security protocol for data gathering mobile agents

Al-Jaljouli, Raja, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2006

We address the security issue of the data which mobile agents gather as they are traversing the Internet. Our goal is to devise a security protocol that truly secures the data which mobile agents gather. Several cryptographic protocols were presented in the literature asserting the security of gathered data. Formal verification of the protocols reveals unforeseen security flaws, such as truncation or alteration of the collected data, breaching the privacy of the gathered data, sending others data under the private key of a malicious host, and replacing the collected data with data of similar agents. So the existing protocols are not truly secure. We present an accurate security protocol which aims to assert strong integrity, authenticity, and confidentiality of the gathered data. The proposed protocol is derived from the Multi-hops protocol. The protocol suffers from security flaws, e.g. an adversary might truncate/ replace collected data, or sign others data with its own private key without being detected. The proposed protocol refines the Multi-hops protocol by implementing the following security techniques: utilization of co-operating agents, scrambling the gathered offers, requesting a visited host to clear its memory from any data acquired as a result of executing the agent before the host dispatches the agent to the succeeding host in the agent???s itinerary, and carrying out verifications on the identity of the genuine initiator at the early execution of the agent at visited hosts, in addition to the verifications upon the agent???s return to the initiator. The proposed protocol also implements the common security techniques such as public key encryption, digital signature, etc. The implemented security techniques would rectify the security flaws revealed in the existing protocols. We use STA, an infinite-state exploration tool, to verify the security properties of a reasonably small instance of the proposed protocol in key configurations. The analysis using STA reports no attack. Moreover, we carefully reason the correctness of the security protocol for a general model and show that the protocol would be capable of preventing or at least detecting the attacks revealed in the existing protocols.

Mobile agents

security protocol

formal methds

information security

E-invigilation of e-assessments

Ketab, Salam

January 2017

E-learning and particularly distance-based learning is becoming an increasingly important mechanism for education. A leading Virtual Learning Environment (VLE) reports a user base of 70 million students and 1.2 million teachers across 7.5 million courses. Whilst e-learning has introduced flexibility and remote/distance-based learning, there are still aspects of course delivery that rely upon traditional approaches. The most significant of these is examinations. The lack of being able to provide invigilation in a remote-mode has restricted the types of assessments, with exams or in-class test assessments proving difficult to validate. Students are still required to attend physical testing centres in order to ensure strict examination conditions are applied. Whilst research has begun to propose solutions in this respect, they fundamentally fail to provide the integrity required. This thesis seeks to research and develop an e-invigilator that will provide continuous and transparent invigilation of the individual undertaking an electronic based exam or test. The analysis of the e-invigilation solutions has shown that the suggested approaches to minimise cheating behaviours during the online test have varied. They have suffered from a wide range of weaknesses and lacked an implementation achieving continuous and transparent authentication with appropriate security restrictions. To this end, the most transparent biometric approaches are identified to be incorporated in an appropriate solution whilst maintaining security beyond the point-of-entry. Given the existing issues of intrusiveness and point-of-entry user authentication, a complete architecture has been developed based upon maintaining student convenience but providing effective identity verification throughout the test, rather than merely at the beginning. It also provides continuous system-level monitoring to prevent cheating, as well as a variety of management-level functionalities for creating and managing assessments including a prioritised and usable interface in order to enable the academics to quickly verify and check cases of possible cheating. The research includes a detailed discussion of the architecture requirements, components, and complete design to be the core of the system which captures, processes, and monitors students in a completely controlled e-test environment. In order to highlight the ease of use and lightweight nature of the system, a prototype was developed. Employing student face recognition as the most transparent multimodal (2D and 3D modes) biometrics, and novel security features through eye tracking, head movements, speech recognition, and multiple faces detection in order to enable a robust and flexible e-invigilation approach. Therefore, an experiment (Experiment 1) has been conducted utilising the developed prototype involving 51 participants. In this experiment, the focus has been mainly upon the usability of the system under normal use. The FRR of those 51 legitimate participants was 0 for every participant in the 2D mode; however, it was 0 for 45 of them and less than 0.096 for the rest 6 in the 3D mode. Consequently, for all the 51 participants of this experiment, on average, the FRR was 0 in 2D facial recognition mode, however, in 3D facial recognition mode, it was 0.048. Furthermore, in order to evaluate the robustness of the approach against targeted misuse 3 participants were tasked with a series of scenarios that map to typical misuse (Experiment 2). The FAR was 0.038 in the 2D mode and 0 in the 3D mode. The results of both experiments support the feasibility, security, and applicability of the suggested system. Finally, a series of scenario-based evaluations, involving the three separate stakeholders namely: Experts, Academics (qualitative-based surveys) and Students (a quantitative-based and qualitative-based survey) have also been utilised to provide a comprehensive evaluation into the effectiveness of the proposed approach. The vast majority of the interview/feedback outcomes can be considered as positive, constructive and valuable. The respondents agree with the idea of continuous and transparent authentication in e-assessments as it is vital for ensuring solid and convenient security beyond the point-of-entry. The outcomes have also supported the feasibility and practicality of the approach, as well as the efficiency of the system management via well-designed and smart interfaces.

An investigation of information security policies and practices in Mauritius

Sookdawoor, Oumeshsingh

30 November 2005

With the advent of globalisation and ever changing technologies, the need for increased attention to information security is becoming more and more vital. Organisations are facing all sorts of risks and threats these days. It therefore becomes important for all business stakeholders to take the appropriate proactive measures in securing their assets for business survival and growth. Information is today regarded as one of the most valuable assets of an organisation. Without a proper information security framework, policies, procedures and practices, the existence of an organisation is threatened in this world of fierce competition. Information security policies stand as one of the key enablers to safeguarding an organisation from risks and threats. However, writing a set of information security policies and procedures is not enough. If one really aims to have an effective security framework in place, there is a need to develop and implement information security policies that adhere to established standards such as BS 7799 and the like. Furthermore, one should ensure that all stakeholders comply with established standards, policies and best practices systematically to reap full benefits of security measures. These challenges are not only being faced in the international arena but also in countries like Mauritius. International researches have shown that information security policy is still a problematic area when it comes to its implementation and compliance. Findings have shown that several major developed countries are still facing difficulties in this area. There was a general perception that conditions in Mauritius were similar. With the local government's objective to turn Mauritius into a "cyber-island" that could act as an Information Communication & Technology (ICT) hub for the region, there was a need to ensure the adoption and application of best practices specially in areas of information security. This dissertation therefore aims at conducting a research project in Mauritius and assessing whether large Mauritian private companies, that are heavily dependent on IT, have proper and reliable security policies in place which comply with international norms and standards such as British Standard Organisation (BSO) 7799/ ISO 17799/ ISO 27001. The study will help assess the state of, and risks associated with, present implementation of information security policies and practices in the local context. Similarities and differences between the local security practices and international ones have also been measured and compared to identify any specific characteristics in local information security practices. The findings of the study will help to enlighten the security community, local management and stakeholders, on the realities facing corporations in the area of information security policies and practices in Mauritius. Appropriate recommendations have been formulated in light of the findings to improve the present state of information security issues while contributing to the development of the security community / Computing / M.Sc. (Information Systems)

Adherence to established standards

Information security framework

Information security policy

Information security practices

Security standards

Compliance

Information security risk

Procedures

005.8096982

Information policy -- Mauritius

Federated authentication using the Cloud (Cloud Aura)

Al Abdulwahid, Abdulwahid Abdullah

January 2017

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorised user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Traditionally deployed in a point-of-entry mode (although a number of implementations also provide for re-authentication), the intrusive nature of the control is a significant inhibitor. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This thesis reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between the need for high security whilst maximising user satisfaction. This is followed by a comprehensive literature survey and critical analysis of the existing research domain on continuous and transparent multibiometric authentication. It is evident that most of the undertaken studies and proposed solutions thus far endure one or more shortcomings; for instance, an inability to balance the trade-off between security and usability, confinement to specific devices, lack or negligence of evaluating users’ acceptance and privacy measures, and insufficiency or absence of real tested datasets. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilised in a universal manner. Accordingly, it is paramount to have a high level of performance, scalability, and interoperability amongst existing and future systems, services and devices. A survey of 302 digital device users was undertaken and reveals that despite the widespread interest in more security, there is a quite low number of respondents using or maintaining the available security measures. However, it is apparent that users do not avoid applying the concept of authentication security but avoid the inconvenience of its current common techniques (biometrics are having growing practical interest). The respondents’ perceptions towards Trusted Third-Party (TTP) enable utilising biometrics for a novel authentication solution managed by a TTP working on multiple devices to access multiple services. However, it must be developed and implemented considerately. A series of experimental feasibility analysis studies disclose that even though prior Transparent Authentication Systems (TAS) models performed relatively well in practice on real live user data, an enhanced model utilising multibiometric fusion outweighs them in terms of the security and transparency of the system within a device. It is also empirically established that a centralised federated authentication approach using the Cloud would help towards constructing a better user profile encompassing multibiometrics and soft biometric information from their multiple devices and thus improving the security and convenience of the technique beyond those of unimodal, the Non-Intrusive and Continuous Authentication (NICA), and the Weighted Majority Voting Fusion (WMVF) and what a single device can do by itself. Furthermore, it reduces the intrusive authentication requests by 62%-74% (of the total assumed intrusive requests without operating this model) in the worst cases. As such, the thesis proposes a novel authentication architecture, which is capable of operating in a transparent, continuous and convenient manner whilst functioning across a range of digital devices – bearing in mind it is desirable to work on differing hardware configurations, operating systems, processing capabilities and network connectivity but they are yet to be validated. The approach, entitled Cloud Aura, can achieve high levels of transparency thereby being less dependent on secret-knowledge or any other intrusive login and leveraging the available devices capabilities without requiring any external sensors. Cloud Aura incorporates a variety of biometrics from different types, i.e. physiological, behavioural, and soft biometrics and deploys an on-going identity confidence level based upon them, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s). While in use, it functions with minimal processing overhead thereby reducing the time required for the authentication decision. Ultimately, a functional proof of concept prototype is developed showing that Cloud Aura is feasible and would have the provisions of effective security and user convenience.

005.8

The role of 'perceptions of information value' in information security compliance behaviour : a study in Brunei Darussalam's public organisations

Haji-Tajuddin, Sharul T.

January 2016

It has been widely accepted that information is an asset and it needs to be protected. Many types of countermeasures were developed and implemented to ensure continuous protection of information where it is deemed necessary. Unfortunately, in many cases, breaches of security are the result of non-compliance behaviours of users or stakeholders of the system. These non-compliance behaviours increase the vulnerability of such system. Organisations are trying to improve their stakeholders compliance behaviour through different ways for example by providing necessary awareness, education and training and to the extent of providing rewards for healthy behaviours and reprimanding and penalising stakeholders for breaches of security. Despite all these efforts, information security breaches are still on the rise and many types of research have been done to understand this issue. It is postulated that an object is protected if it is appreciated. Appreciation of an object might relate to a value perceived by the owner in association with the object. For the similar reason, this thesis investigates the role of perceptions of information value in the context of its security. It is postulated that perceptions of information value could become an alternative way to understand information security compliance behaviour. Utilising a conceptual framework deduced from current literature to structurally analyse a list of research objectives, empirical evidence of the potential role of information perceived value in promoting better compliance behaviour have indeed been discovered. There is evidence that a perception of information value is developed through a systematic process of value assignment or information value assignment process. These processes are significant to the development of stakeholders intention to behave. The finding of this process has provided a platform for the organisation to understand the casual behind the information security behaviours displayed by stakeholders in the organisation. Further evidence has also suggested that the information value assignment is fuelled or influenced by several factors. These factors have provided a unique opportunity for the organisation to manipulate and nurture to have maximum impact on their information value assignment process, resulting in a possible improved intention to behave, thus, subsequently might affect the actual information security compliance behaviour.

658.4

A dimensão humana no processo de gestão da segurança da informação: um estudo aplicado à Pró-Reitoria de Gestão de Pessoas da Universidade Federal da Paraíba

Araujo, Sueny Gomes Leda

21 March 2016

Submitted by Viviane Lima da Cunha (viviane@biblioteca.ufpb.br) on 2017-04-26T12:11:40Z No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) / Made available in DSpace on 2017-04-26T12:11:40Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 4891600 bytes, checksum: e47187dc1816954c4d1cf20a19490124 (MD5) Previous issue date: 2016-03-21 / The information is presented as an important asset for institutions and needs to be protected adequately against undue destruction, temporary unavailability, adulteration or unauthorized disclosure. Various forms of physical, virtual and human threats jeopardize the security of information. Although the technology is responsible for providing part of the solution to these problems, many of the vulnerabilities of information systems can be attributed to man's actions. In this sense, it is salutary to study the human dimension in these processes. Concerned about the security of information in Federal Public Institutions the government published a series of laws, decrees, rules and reports that guides the implementation of information security management actions in public institutions. Thus, this study aimed to analyze the human dimension in the information security management process in the Dean of Personnel Management (Progep) of the Federal University of Paraíba (UFPB) from the perspective of the rules of the federal government. This research is characterized as descriptive research with qualitative and quantitative approach and case study as the method of investigation. Therefore, the documentary research was used, participant observation and interview as data collection techniques. From the triangulation of the three collection methods for data analysis was applied to content analysis. The sample was made up of nine directors who compose the Dean of Personnel Management. The results allowed identifying the need of UFPB on elaborate a policy of information classification, since its absence turns impossible the management of information security. As for information security awareness, it was noted the absence of actions that could contribute in the awareness of the public employee process, such as information security mentioned at the time of entry / ownership of public employees and collaborators; preparation of the responsibility and confidentiality term; formal disciplinary proceedings for breach of information security; and actions as informative manuals, campaigns, lectures and meetings. In the use of information security controls, there were initiatives of implementation of certain controls, however, the procedures were eventually made in error, without compliance of the regulatory guidelines. Based on the above, the results of this research can help minimize the impact of threats to information security in Progep /UFPB and, as well, contribute to the creation of a safety culture in federal institutions. / A informação apresenta-se como um importante ativo para as instituições, necessitando ser protegida de forma adequada contra destruição indevida, indisponibilidade temporária, adulteração ou divulgação não autorizada. Várias formas de ameaças físicas, virtuais e humanas, comprometem a segurança das informações. Apesar de a tecnologia ser responsável por fornecer parte da solução para esses problemas, muitas das vulnerabilidades dos sistemas de informação podem ser atribuídas às ações do homem. Nesse sentido, torna-se salutar estudar a dimensão humana nesses processos. Preocupado com a segurança da informação nas Instituições Públicas Federais, o governo publicou uma série de leis, decretos, normas e relatórios que orientam a implementação de ações de gestão de segurança da informação nas instituições públicas. Assim, o presente estudo teve por objetivo analisar a dimensão humana no processo de gestão de segurança da informação na Pró-Reitoria de Gestão de Pessoas (Progep) da Universidade Federal da Paraíba (UFPB) sob a ótica das normas do governo federal. Esta pesquisa caracteriza-se como pesquisa descritiva, com abordagem quali-quantitativa e, quanto ao método de investigação, estudo de caso. Para tanto, foi utilizada a pesquisa documental, observação participante e entrevista, como instrumentos de coleta de dados. A partir da triangulação dos três instrumentos de coleta, para a análise dos dados, foi aplicada a análise de conteúdo. A amostra desta pesquisa foi constituída pelos nove diretores que compõem a Pró-Reitoria de Gestão de Pessoas. Os resultados possibilitaram identificar a necessidade da UFPB em elaborar uma política de classificação da informação, uma vez que sua inexistência impossibilita a gestão da segurança da informação. Quanto à conscientização em segurança da informação, observou-se a inexistência de ações que poderiam contribuir no processo de conscientização dos servidores, como: menção à segurança da informação no momento de ingresso/posse de colaboradores e servidores; elaboração do termo de responsabilidade e confidencialidade; processo disciplinar formal para a violação da segurança da informação; e ações como manuais informativos, campanhas, palestras e reuniões. Na utilização dos controles de segurança da informação, observaram-se iniciativas de implantação de determinados controles, entretanto, os procedimentos acabaram sendo realizados de forma equivocada, sem a observância das orientações normativas. Com base no exposto, os resultados desta pesquisa podem auxiliar a minimizar a incidência de ameaças à segurança da informação na Progep/UFPB, bem como contribuir com a criação de uma cultura de segurança em instituições federais.

Segurança da Informação

Política de Segurança da Informação

Normas de Segurança da Informação

Information Security

Information Security Policy

Standards of Information Security

Corinda: heurísticas concorrentes para quebra de senhas / Corinda: concurrent heuristics for password cracking

Rodrigues, Bernardo Araujo

27 August 2018

Submitted by Luciana Ferreira (lucgeral@gmail.com) on 2018-10-01T15:53:01Z No. of bitstreams: 2 Dissertação - Bernardo Araujo Rodrigues - 2018.pdf: 3067186 bytes, checksum: 3e1e3581eaee095c176a4e930796f9cd (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2018-10-02T11:43:06Z (GMT) No. of bitstreams: 2 Dissertação - Bernardo Araujo Rodrigues - 2018.pdf: 3067186 bytes, checksum: 3e1e3581eaee095c176a4e930796f9cd (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) / Made available in DSpace on 2018-10-02T11:43:06Z (GMT). No. of bitstreams: 2 Dissertação - Bernardo Araujo Rodrigues - 2018.pdf: 3067186 bytes, checksum: 3e1e3581eaee095c176a4e930796f9cd (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2018-08-27 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES / This work proposes the development of a software with the purpose of cracking passwords based on concurrent heuristic algorithms, first order model theory and statistical inference. The proposed methodology is developed on the Go programming language, with focus on communicating sequential processes. The software uses concurrent heuristic algorithms based on statistical patterns derived from sample sets to perform password cracking. Distinct statistical distributions are detected on sample sets. The software is able to crack significant portions of three diferente password sets in short periods of time. It is concluded that concurrent heuristic algorithms are a viable alternative to perform Central Processing Unit password cracking and can be used to raise awareness amonsgt users about the importance of high entropy passwords and digital privacy. / Propõe-se neste trabalho o desenvolvimento de software para quebra de senhas baseado em algoritmos heurísticos concorrentes, teoria dos modelos de primeira ordem e inferência estatística. A metodologia proposta é desenvolvida na linguagem de programação Go, que possui foco em processos sequenciais comunicantes. O software utiliza algoritmos heurísticos concorrentes criados a partir de padrões estatísticos identificados em conjuntos de amostras para realizar quebra de senhas. O software é capaz de quebrar porções significativas de três diferentes conjuntos de senhas em curto período de tempo. Conclui-se que heurísticas concorrentes são alternativa viável para realizar a quebra de senhas em Unidades Centrais de Processamento, podendo ser utilizada para conscientizar usuários sobre a importância de senhas de alta entropia e privacidade digital.

Senhas

Segurança da informação

Passwords

Information security

Steganography-based secret and reliable communications : improving steganographic capacity and imperceptibility

Almohammad, Adel

January 2010

Unlike encryption, steganography hides the very existence of secret information rather than hiding its meaning only. Image based steganography is the most common system used since digital images are widely used over the Internet and Web. However, the capacity is mostly limited and restricted by the size of cover images. In addition, there is a tradeoff between both steganographic capacity and stego image quality. Therefore, increasing steganographic capacity and enhancing stego image quality are still challenges, and this is exactly our research main aim. Related to this, we also investigate hiding secret information in communication protocols, namely Simple Object Access Protocol (SOAP) message, rather than in conventional digital files. To get a high steganographic capacity, two novel steganography methods were proposed. The first method was based on using 16x16 non-overlapping blocks and quantisation table for Joint Photographic Experts Group (JPEG) compression instead of 8x8. Then, the quality of JPEG stego images was enhanced by using optimised quantisation tables instead of the default tables. The second method, the hybrid method, was based on using optimised quantisation tables and two hiding techniques: JSteg along with our first proposed method. To increase the steganographic capacity, the impact of hiding data within image chrominance was investigated and explained. Since peak signal-to-noise ratio (PSNR) is extensively used as a quality measure of stego images, the reliability of PSNR for stego images was also evaluated in the work described in this thesis. Finally, to eliminate any detectable traces that traditional steganography may leave in stego files, a novel and undetectable steganography method based on SOAP messages was proposed. All methods proposed have been empirically validated as to indicate their utility and value. The results revealed that our methods and suggestions improved the main aspects of image steganography. Nevertheless, PSNR was found not to be a reliable quality evaluation measure to be used with stego image. On the other hand, information hiding in SOAP messages represented a distinctive way for undetectable and secret communication.

621.382