AIRCC PUBLISHING CORPORATION
INNOVATIVE LOW-COST PERIMETER SECURITY GADGET WITH IN-BUILT MECHANISM TO ENSURE CONFIDENTIALITY, AUTHENTICITY AND NON-REPUDIATION
Ritesh Mukherjee 1, Anirban Goswami2, Soumit Chowdhury3 and Nabin Ghoshal4
1Centre for Development of Advanced Computing, Kolkata, India
2Techno Main Salt Lake, Sec – V, Kolkata-700091, India
3Government College of Engineering & Ceramic Technology, Kolkata-700010, India
4Department of Engineering & Technological Studies, University of Kalyani, Kalyani-741235, West Bengal, India
The concept is to capture and preserve the intruder’s details in unattended mode. A camera is integrated with a processing unit and counter arrangement to ensure authenticity and non-repudiation of the captured images of the intruder before court of law. Ownership claim is justified concocting confidential data sharing of visual cryptography. Signal quality is retained and unauthorized tampering of secret data resisted. Entire procedure indulges: Message Digest M is generated using SHA-2 from the date and time stamp of the acquired image, two shares are generated from MAC address (K) of the network card and encryption is done using AES involving encoding using Hamming 1 – bit technique. The cover image is prepared in DCT domain to restrict JPEG compression. Sensitive data is embedded in restricted areas of DCT transformed image. Extraction of secret data verifies an intruder. The experimental results prove its efficacy over existing conventional system.
Visual cryptography, share generation, AES, key exchange, image compression.
The term perimeter offers a defined boundary to act as the first line of defence against trespassers and Perimeter security has been an appropriate choice. But, the complexity of perimeter security depends on the valuation and surface area of a property. In modern times, electronic gadgets are widely used for perimeter security.
To be effective against well-heeled trespassers, active perimeter security and monitored CCTV are used to ensure both situation and customer requirements. Across the globe, property owners rely on surveillance systems in form of CCTV cameras to assist an individual in monitoring and protecting physical areas. But there is no specific template for a “perfect” perimeter detection system, due to the varying parameters like location, accessibility, points of entry, lighting and operational hours. So, recent technological advancement demands tailored surveillance system with maximum security and negligible human interference.
In the proposed algorithm, we have tried to amalgamate the hardware design of a self-developed security gadget with an inbuilt camera  having inbuilt processing unit to capture the facial image of a person with a timestamp.
The device has been framed with components having connectivity and functionalities defined as follows:
2.Gadget holding arrangement: This is a small sliding tray provided with the gadget to directly mount it.
3.Power supply module: The developed apparatus makes use of +5 volts regulated DC power supply up to a maximum 1000 mA current capacity. The Power supply module is a 5v micro USB power supply arrangement for the mentioned gadget.
4.Wi-fi dongle: Small USB wi-fi dongle which will be connected to the gadget and will help to transmit data from the portable gadget to the offsite storage in wireless mode.
5.Network cable [Optional]: A standard network cable with a RJ45 connecter will be used for the purpose of data transfer between a portable gadget and the offsite storage in wired mode. This will be useful as an alternate arrangement in absence of a reliable wireless arrangement.
6.Application Software: Above apparatus operates using application software. This application is responsible for headless start-up of the gadget, video capture, frame extraction, face detection, face image capture, time capture and transfer of facial images with a time stamp.
The gadget operates in following steps:
Basic requirements cum pre-requisites for the operation
After capturing the facial image, we use the technique of visual cryptography and steganography for effective data hiding process.
2. LITERATURE REVIEW
To assure fidelity of a file [2. 3], data hiding techniques generally explain the fabrication of authentication signals in a digital file. Creators generally own the copyright to a digital image the
moment they create it like in physical mode. The owner is privileged with several exclusive legal rights over the use and distribution of it. The fabrication of the owner’s key data as an invisible digital watermark [4, 5] in a digital file justifies the fact.
The concept of neural network-based visual cryptography helps to preserve the secrecy of data. To support visual cryptography, Shamir  proposed generation of public and private shares from secret information and subsequently shared the appropriate share. The secret data can only be revealed after bonding of appropriate shares. This justifies amalgamation of reversible data concealment  and encrypted information sharing to elucidate information security. In addition, Omnia Abdullah Alharbi et al.  supported conservative prevention of data through multilevel security pattern. In another algorithm, Sanjay Kumar et al.  mentioned recovery of cover media which justifies the authenticity of hiding.
Generally, data authentication protocols are implemented in the frequency domain and the DCT domain is most popular due to its efficient performance. Cox et al  proposed that DCT be used in the JPEG compression procedure. Moreover, resistance to JPEG compression was suggested by Koch et al  who used the middle band frequency coefficients of a DCT transformed block. The same concept was stated by Hsu et al. . In another algorithm, Langelaar et al.  confirmed that the choice of middle-frequency bands for embedding restricts watermark information from getting scattered to low-frequency areas of the image. Lin et al.  explained resistance to JPEG compression by using a mid-frequency band of a DCT block for embedding.
The proposed approach has some exclusive features like:
3.1 Phase I
Every facial image collected through an inbuilt camera is cropped and normalized in the desired format and preserved with a date stamp. The date-time stamp is in the format of YYYY MM DDHHMISS [I] i.e. DT, where I is the index of the images.
3.2. Phase II
DT is digital data and using Sha-2 a 256-bit message digest is generated from DT i.e. DT#.
The gadget has a unique ID (say K) that is its 48-bit MAC address of either a wired or wireless card. It is represented as a string of bits say Kb which is of fixed length. With the help of a selfdefined technique two shares KS1 and KS2 are pseudo-dynamically created from Kb. The bit ‘‘1’’ of Kb is represented as 0/1(KS1) & 1/0(KS2) and ‘‘0’’ as 0/1(KS1) & 0/1(KS2) respectively because Kb = KS1 XOR KS2. The bit sequence of KS1 and KS2 are generated pseudodynamically and so differs in content. KS2 cannot be generated from KS1 and even not vice versa. Even if a technically abled person with an ill intention tries to generate a duplicate version of KS1 and KS2, it cannot be done due to its pseudo-dynamic nature.
DT# is concatenated with KS2 to form DT#KS2.
Using Kb, DT#KS2 is encrypted by the technique of block cipher algorithm, i.e. AES (Advanced Encryption Standard) [16-18] with a key length of 256 bits to form DT#KS2E. Now DT#KS2E and KS1 are encoded using Hamming 1-bit error detection and correction technique  to form DT#KS2EEC and KS1EC.
3.3. Phase III
In the proposed algorithm, we have tried to prevent data loss even after JPEG compression is affected. Firstly, the facial part of the image collected from the camera is partitioned as non-overlapping 8×8 blocks. The 8×8 blocks are levelled off and two-dimensional DCT is applied to them. Even after decompression, decent image quality is maintained at a quality level of 50 and is represented as a Q50 quantization matrix. Also, a technique of rounding off the fractional value further supports the prevention of data loss. The casting position in a middle-frequency band of every alternate block is always pseudorandom. So, the steps of Levelling, DCT, Quantize and round off help to avoid any data loss even after any JPEG compression attack on the modified image. These factors also prevent collusion attacks.
The embedding of DT#KS2EEC and KS1EC is done in the mid-frequency range of the transformed block. DT#KS2EEC is embedded in the diagonal part of the first and second 4×4 blocks andKS1EC is embedded in the diagonal part of the third and fourth 4×4 blocks of each 8×8 block.
For authentication, the extraction algorithm executes on the facial image to be verified and performs the following steps to justify conﬁdentiality:
The whole process is for the verification purpose of a captured facial image of an intruder with a date and time stamp.
4. DETAILED DISCUSSION OF THE OPERATIONAL STEPS
The description of the processes are:
The composition of the device is:
3. All process parameters (for tested performance), more particularly those which are critical in the process
Figure 2 explains one possible implementation scenario where the gadget is installed in a residence to capture intruders’ facial images and preserve them in dedicated storage for future reference. This type of installation is perfectly comparable with a low-cost domestic alternative of CCTV kind of arrangement.
Figure 3 explains a scenario that may cover the deployment of the proposed gadget commercially where more than one gadget is installed at different strategic locations to capture the facial images of the trespassers and preserved in central storage, which may be in a compartmentalized manner for future reference. This type of implementation is suitable for the implementation of perimeter security in residential complexes and hotels etc.
Cropping and Normalization of the captured Image
The facial image of a person is captured through the in-built camera and cropped to get a distinct facial image only.
Then, the image is normalized by changing the pixel intensity range. The motivation for the same is to achieve consistency and avoid mental distraction for the dynamic range of a given set of data (signals or images). The formula for normalizing a grayscale digital image is:
IN = (IO – IOMI) * [(INMA – INMI) / (IOMA – IOMI)] +INMI (1)
In the proposed method, the values of INMA and INMI are taken as 255 and 0 respectively.
IN is stored in the system with the date-time stamp in the format YYYYMMDDHHMISS[I]. It is in digital form and a 256-bit message digest (SHA-2) is generated from it.
Generation of Shares
The 48-bit MAC address of a wired or wireless card is represented as a bit sequence and considered for the generation of shares.
The format of two shares (KS1 and KS2) depends on the intensity value defined by PI(x, y). To generate the shares “0” is represented as “0” and “1” is represented as “255”. The conversion is due to the framing of black and white pixels which will help to reconstruct the MAC address even after some image processing operations are applied as proposed by Tai-Wen Yue et al. .
The shares are generated as: (PI(i,j)==0) ? KS1(i,2*j-1) = 255, KS1(i,2*j) = 0, KS2 (i, 2*j-1) = KS1 (i, 2*j), KS2(i, 2*j) = KS1(i, 2*j-1) : (mod (random ([m n]), 2) == 0) ? KS1(i, 2*j-1) = 255, KS1(i,2*j) = 0, KS2(i, 2*j-1) = KS1(i,2*j-1), KS2(i, 2*j) = KS1(i,2*j): KS1(i,2*j-1) = 0;KS1(i,2*j) = 255, KS2(i, 2*j-1) = KS1(i,2*j-1),S2(i,2*j)= KS1(i,2*j); (2)
Here, r and c represent the width and height of payload data, i varies from 1 to r and j varies from 1 to c. The values of m and n are taken arbitrarily depending on the corresponding pixel intensity. The procedure of share generation from 48 bits MAC address is shown in figure 4.
Formation of Message digest and it’s encryption
Secured Hashing Algorithm (SHA) variant 2 is much more secure because it generates a unique value for every digest. A 256-bit hash value denoted as DT# is generated from DT. DT# is concatenated with KS2 to form DT#KS2.
Due to the involvement of a lesser number of bits in the encryption process as in DES technique, a more robust form of encryption is Advanced Encryption Standard (AES). This is a variant of the Rijndael block cipher which enhances the encryption technique to give the best protection for sensitive data from prying eyes.
In the proposed algorithm, we have taken consecutive blocks from DT# each of size 128 bits. i.e. AES technique which separates the data into a four-by-four column of sixteen bytes. This format explicitly considers the allowed values for the key length (Kl), block size (Bs) and the number of rounds (Rn) to be 8,4 and 14 respectively. Moreover, AES is a symmetric encryption algorithm and the same key Kb represented as 128 bits are used for the encryption and decryption process.DT#KS2 is encrypted to form (DT#KS2)E.
For execution, the AES-256 algorithm uses a round function and involve four different byte- oriented transformations:
The intended receiver knows the symmetric key.
The motive behind the use of the AES mechanism is that: 1) The image encrypted can only be deciphered by the receiver as the key is only known to the sender and receiver.2) AES technique proves better because a block is processed as a whole to frame the ciphertext.3) The key expansion method makes it more robust.
This technique provides enhanced confidentiality and is quite strong concerning the conventional approaches.
Encoding using Hamming 1-bit error detection and correction technique
Hamming code uses the block code technique to encode a message. Some redundant bits are taken and inserted at specific locations in a message for error detection and correction. The receiver receives a message and checks the bit position for error.
The redundant bits are determined as: 2r ≥ m + r + 1 where m is the number of data bits and r is the number of redundant bits. This is explained by Ramadhan J. Mstafa et al. .
For example, if the data to be encoded is 1011001, the redundant bits are R8, R4, R2, and R1 and will be combined with the data bits to form 101R8100R41R2R1.
In the algorithm, Hamming Code is used on a 3-bit code. We can assume a single bit as a set of 8 bits and pad an extra bit at the 9th position to get a set of 9 bits. Now 3 consecutive bits are put to manipulation using Hamming Code and the procedure is followed for encoding at the sender’s end and decoding at the receiver’s end. As per the formula, if there are 3 data bits then including 3 redundant bits the total bit set will of 6 bits (3 + 3).
In our algorithm, we have considered a data set of three bits at a time. For example, if the data set is D2D1D0 and check bit set is C0C1C2, then the encoded word will beC0C1D2C2D1D0. The weightage of C0, C1, C2 are calculated as:
C0 = 0, D2D1 = 00 or 10,
= 1, D2D1 = 01 or 11.
C1 = 0, D2D0 = 00 or 10,
= 1, D2D0 = 01 or 11.
C2 = 0, D1D0 = 00 or 10,
= 1, D1D0 = 01 or 11. (3)
After all the bits of (DT#KS2)E and KS1 are encoded we get (DT#KS2)EEC and KS1EC.
Generation of pseudorandom embedding point
ipos = (In), n varies from 1 to 8. B1 = I0I1I2I3.
d1 = (I0I1) XOR (I2I3) = d11d12.
k = Kn, n varies from 1 to 8. B2 = K0K1K2K3.
d2 = (K0K1) XOR (K2K3) = d21d22. d3 = d1 XOR d2 = d31d32.
ipos = Dec (d3) = any value from 0 to 3.
ipos= (ipos == 0 || ipos ==1) ? 1: (ipos == 2)? 2:3. (4)
Here B1 and B2 are the combination of 4 bits. d1, d2 and d3 are the intermediate values owing to bit operations.
Input: The facial part of the Image as cover and (DT#KS2)EEC and KS1EC as the payload.
Output: An authenticated Image.
The facial image is considered as a set of non–overlapping 8 x 8-pixel blocks. Firstly the blocks are prepared to resist loss through JPEG compression and then they are used individually for the embedding of the full payload.
Step 1: The technique of DCT is effective within the pixel intensity range of -127 to 128 and so the pixel values are leveled off by subtracting 128 from them individually.
Step 2: The values [–127 128] of a block are converted to frequency components on the application of the forward DCT formula (Equation 5).
Using the above formula, Bpq are obtained from Amn.
Step 3: The frequency coefficients are quantized by using a matrix Q50 and rounded off to the nearest integer. This is done to distribute the energy of an image in low, medium and high- frequency zone. Distortion in the low-frequency area produces visual alterations but the high- frequency zone is untouched by the JPEG quantizer. In the proposed algorithm, parametric modifications of the coefficients control share casting with an eye on resisting JPEG compression .
Step 4: Coefficients in the middle-frequency zone are chosen pseudo-randomly depending on: (flag == true) ? (S1(w) == 0) && (ipos == i) ? CI(i, 7-i) < 0 ? diff = 0 – CI(i, 7-i), CI(i, 7-i) =CI(i, 7-i) + (diff + d) :
(CI(i, 7-i) == 0) ? CI(i, 7-i) = CI(i, 7-i) + d : CI(i, 7-i) = CI(i, 7-i) :(S1(w) == 255) && ( ipos == i) ? CI(i, 7-i) > 0 ? diff = CI(i, 7-i) – 0, CI(i, 7-i) = CI(i, 7-i) – (diff+ d) : (CI(i, 7-i) == 0) ? CI(i, 7-i) = CI(i, 7-i) – d : CI(i, 7-i) = CI(i, 7-i) : Index values of CI are swapped for both black and white intensity values of S1(w). (6)
The assumptions are:
DT#EE is embedded in the diagonal part of the first and second 4×4 blocks and KS1E is embedded in the diagonal part of the third and fourth 4×4 blocks of each 8×8 block.
Step 5: Restoration is done by the product of the current block and Q50.
Step 6: The generated values of a block are rounded off to the nearest integer after applying Inverse DCT (IDCT) (equation 7).
Next, 128 is added to each value to complete the decompression procedure. The generated 8×8 block is returned to its original location. After all the blocks are properly rewritten, the image is reframed to form an authenticated image.
Payload Detection Process
Input: An authenticated image.
Output: An authentic Image.
The input image is considered as a set of non – overlapping 8 x 8 pixel blocks. The choice of blocks is similar to that done in the hiding process. The following steps are repeated for the total detection of the payload.
Step 1: To make DCT coefficients robust, 128 is subtracted from all the values of 8×8 blocks of the image.
Step 2: 2D DCT is applied to the levelled-off blocks.
Step 3: To resist JPEG compression, a standard matrix Q50 is used to quantize each matrix. Step 4: Mid frequency region coefficients are pseudo-randomly chosen for extraction of the bits. Step 5: The detection of the bits is accomplished as:
(flag == true) ? (ipos == i) ? (WI (i, 7-i) > 0)? S1E = 0: S1E = 255.
(flag == false) ? (ipos == i) ? (WI (7-i, i) > 0)? S1E = 0: S1E = 255. (8)
Here WI represents the pixel intensity and S1E represents the payload vector.
Step 6: The determination of bit (0/1) is done by flag variable. Subsequent 8 bits form a byte and the subsequent bytes are placed consecutively to check for their correctness.
In the proposed algorithm (DT#KS2)`EEC and KS1`EC are reframed internally and through Hamming process (DT#KS2)`E and KS1` are obtained and restored internally. (DT#KS2)`E is decrypted to form (DT#KS2)`. After de-concatenation, we get (DT#)` and (KS2)`.
Step 7: (KS2)` is overlapped with KS1` to produce Kbe. If Kbe matches with Kb, the collected image proves the presence of the intruder. Moreover, as (KS2)` never leaves the gadget, the match also ensures the non-repudiation property of the gadget.
Step 8: To ensure the integrity of the image, the (DT#)` is matched with Sha-2 that is generated from date and time stamp of the facial image chosen.
The flow chart in figure 5 is the pictorial representation of sub-sections 4.2 to 4.7 respectively.
The flow chart in figure 6 is the pictorial representation of sub-section 4.8 respectively.
5. COMPLEXITY ANALYSIS
The proposed algorithm aims at developing a low-cost device to detect and justify the presence of an intruder. The justification of presence has been achieved through amalgamation of visual cryptography and steganography in digital medium and so the complexity factor may not be much of a concern. The self-defined procedures have less amount of mathematical and computational complexity as compared to conventional procedures.
Result Analysis using Image quality Metrics
Certain standard grayscale facial images are taken for verifying the effectiveness of data insertion and extraction methods. Matlab (version R2020a) is used for coding. The dimension of the source images is taken as 512 x 512. Some of the sources and corresponding authenticated versions are shown in ﬁgure 7.
The source and authenticated images are visually identical, despite using the mid-frequency band to hold secret data.
The algorithm has restricted Visual Attacks by manipulating white noise. Further, the efficiency of the algorithm is tested with the image quality metrics like, Mean Square Error (MSE) , Peak Signal to Noise Ratio (PSNR) , Image Fidelity (IF), Structural Similarity Index Metric (SSIM) , Bit Error Rate (BER)  and Normalized Correlation Coefﬁcient (NCC) . In table 1, the values are mentioned according to the metrics.
The achieved average PSNR value is 43.16 dB is quite acceptable. The computed values of MSE, IF, SSIM, and CC i.e. 7.801, 0.934, 0.991, and 0.992 respectively justify closeness between the original and authenticated images w.r.t HVS. The values of table 1 also interpret the high possibility of sensitive data recovery during authentication.
The effectiveness of the algorithm has been based on modelling a low-cost device as the hardware component and establishing accurate proof of evidence of the presence of the intruder. The second part has been dealt with accurately based on secured generation of shares, encrypting the sensitive data in the best possible method, the accurate embedding of sensitive data and possible authentication as and when required.
In addition, the proposed algorithm is compared with similar existing techniques w.r.t PSNR as in table 2. The average PSNR value shows that the proposed technique is quite acceptable.
Statistical Attack: The fabrication intensity is properly verified to resist any significant distortions in the authenticating signals. Considering CS, MS, and t as a carrier signal, modified signal and intensity strength respectively the mathematical interpretation is MS = t x CS. To sustain imperceptibility and robustness in fabrication, the intensity of t is attuned to control white noise. To justify, the density estimation is compared between the original and authenticated images as in figure 8.
Figure 8 shows a negligible difference between the original and the authenticated images.
Copy Attack: A copy of the authenticated image and the original image may be available to an intruder. If compared, the two files will be different. But as one of the shares is held by an intended receiver, it is never possible for an attacker to destroy the hidden information. The procedure during authentication is internal. Even if the authenticated images are hacked by an intruder bit error is incorporated, Hamming 1 – bit error detection and correction technique can easily rectify it. Also, a similar symmetric key cannot be generated by an intruder which helps to resist copy attack. In addition, the cover image also varies and hence restricts protocol attack.
Collusion Attack: The attacker may have an intention to destroy the content of a document by combining the copies of it. But in the proposed algorithm, the embedding position is pseudo- random in every context and so whatever may be the number of authenticated images, combining them all will not help to decipher the sensitive portion. The average technique implemented on the multiple copies of the same authenticated image is g(x, y) = f(x, y) + n(x, y), where f(x, y) is the original, g(x, y) is the noisy image and n(x, y) is the amount of noise added. In this algorithm g(x, y) will never converge to f(x, y) and n(x, y) not having the value “0”. The authenticated users are only privileged to authenticate the presence of an intruder.
Normalized-Cross correlation (NCC): The intensity variation is checked between the original and authenticated images. A value close to 1 justifies the closeness of extracted sensitive data to the actual signal. Table 3 shows the NCC value of the extracted sensitive data after certain attacks.
The proposed method emphasizes introducing a low-cost device to capture and preserve the presence of an unwanted person in unattended mode and also to establish the presence of the intruder. The key factors are:
Hence, the efficacy lies in lost cost devices, improved robustness, secured hiding and low visual artifacts. But, this algorithm can be further extended to include the following:
CONFLICT OF INTEREST
The authors declare no conflict of interest.
The author(s) expresses their deep sense of gratitude towards all the faculty and staff members of the Department of Engineering & Technological Studies, University of Kalyani, West Bengal, India, for their kind cooperation and support in connection with carrying out this research work.
Ritesh Mukherjee is associated with C-DAC (Centre for Development of Advanced Computing), Kolkata, India as an Associate Director. He has 22 years of experience in software solution development in the area of large databases, data warehousing, Web technologies, Mobile Computing, etc. He has contributed to more than 15 projects, the release of 7 solutions and 3 products. He has 14 research papers in various journals, and conferences, 3 copyrights, 1 Indian, and 1 US patent.
Anirban Goswami is currently working as Asst. Professor and Asst. Registrar in Techno India (An Engineering College under the Maulana Abul Kalam Azad University of Technology), Kolkata, West Bengal, India. He has more than 22 years of teaching experience He had contributed in more to 10 graduate-level projects and has 15 international conferences and 6 international journal publications. He did his Ph. D. from the Faculty of Engineering, Technology & Management, University of Kalyani.
Soumit Chowdhury is presently working as an Assistant Professor of Computer Science & Engineering, in the Govt. College of Engineering & Ceramic Technology, Kolkata, India. He has more than 16 years of teaching experience in different engineering colleges and has published 18 research papers in different National, International Journals and Conferences. He has also successfully supervised one UGC- funded research project as a Principal Investigator and did his Ph. D. in Engineering from the University of Kalyani.
Nabin Ghoshal is currently attached with the Department of Engineering & Technological Studies, University of Kalyani, Kalyani, West Bengal. He is sincerely involved with Teaching and Research work. His research areas are Steganography, Watermarking, Security, Bio-metric steganography, Visual Cryptography, Visual Cryptography through Steganography, Copyright protection, and authentication (Audio & Video). He received his Ph. D. in Computer Science & Engineering from the University of Kalyani in 2011. Dr. Ghoshal has 55 research papers in various international journals and national and international conferences. He wrote a book in his research area. Dr. Ghoshal attended many national and international conferences in India and abroad.