Advanced Password Authentication Protection by Hybrid Cryptography & Audio Steganography

Abstract

Data transmission in public communication system is not safe since of interception and improper manipulation by attacker. So, the attractive solution for these problems is to design high secure system that reduce the ability of attacker from getting sensitive information such as (account ID, passwords, etc.). The best way is combine two high secure techniques: steganography technique, which is the method of hiding any secret information like data, password and image behind any cover file and cryptography, which is convert the data to unreadable data. This paper suggests a crypto-stego authentication method to provide a highly secured authentication. The proposed method is utilized audio steganography and AES Cryptography. The authentication key (password) is spilt to two parts, the first half is used as input text to stego-crypto process while the second half used as crypto key. The crypto key is encrypted using HMAC-SHA256 hash algorithm and sent to server while the second half has encrypted with AES that ciphered with random xor cipher algorithm then embedding in wave audio by used Least Significant Bit (LSB) algorithm then streamed to server. This method can trick the attacker to focused on hashed value that appears with streaming data while the part of key hided within the cover file.