StegoShield: Building a Secure Image Steganography App with LSB, XOR, and Docker
StegoShield: Building a Secure Image Steganography App with LSB, XOR, and Docker
Introduction
Objectives of Part 1
The primary objective of Part 1 is to develop and test the StegoShield application locally before containerization. This includes:
- Setting up a Python virtual environment and installing dependencies.
- Implementing core logic: XOR encryption/decryption and LSB bit embedding/extraction using OpenCV and NumPy.
- Building a Streamlit web interface with file upload, message/key input, mode selection (Encode/Decode), and image preview.
- Testing encoding and decoding flows with sample images to ensure zero visible distortion and correct message retrieval.
Objectives of Part 2
The objective of Part 2 is to containerize the application into a single, reproducible Docker image. This involves:
- Creating a Dockerfile based on python:3.11-slim.
- Installing system dependencies (libgl1, libglib2.0-0) required for OpenCV.
- Copying application code and Python packages.
- Building and running the container independently to verify functionality at localhost:8501.
Objectives of Part 3
The final objective is to orchestrate the containerized app using Docker Compose for enhanced reliability and persistence. This includes:
- Defining services, ports, volumes, health checks, auto-restart policies, and isolated networks.
- Enabling persistent file storage for uploaded images.
- Testing health monitoring, restart resilience, and network isolation using docker-compose up -d and docker-compose ps.
Names of the containers involved and download links
This project uses official base images and a custom-built application image:
- python:3.11-slim: Lightweight Python runtime for the application. Download Link: https://hub.docker.com/_/python
- nginx:alpine (optional): For reverse proxy/load balancing in future scaling. Download Link: https://hub.docker.com/_/nginx
- Custom: stegoshield – Local build using docker build -t stegoshield .
Other software involved and purpose
| Tool | Purpose | Version |
|---|---|---|
| Python | Core scripting, encryption, and steganography logic | 3.11+ |
| Streamlit | Interactive web UI framework for upload, preview, and result display | Latest |
| OpenCV | Image pixel manipulation, array access for LSB operations | Headless |
| NumPy | Efficient array operations and bit-level processing | Latest |
| Pillow | Image format support (PNG, JPG, etc.) and I/O handling | Latest |
| Docker Desktop | Container runtime for building and running isolated environments | N/A |
| Docker Compose | Orchestrates multi-container setup with volumes, networks, and health checks | 3.8+ |
| Visual Studio Code | IDE for development and debugging | N/A |
| Git | Version control and code management | N/A |
libgl1, libglib2.0-0 | System-level dependencies required for OpenCV in headless mode | N/A |
Overall architecture diagrams and explanations
Text Description of the Flow:
Architecture Explanation:
The system follows a three-tier architecture within a Docker container. The presentation layer is a web browser interacting with Streamlit (port 8501) for UI rendering, file upload, and session management. The application layer validates inputs and orchestrates data flow. The processing layer performs XOR encryption, LSB embedding/extraction, and pixel manipulation using OpenCV, NumPy, and Pillow. All tiers run inside the stegoshield container, ensuring isolation.
Docker Compose adds infrastructure resilience via named volumes (/app/uploads) for file persistence, an isolated bridge network, health checks (curl /_stcore/health), and auto-restart (unless-stopped). This design ensures the app survives crashes, maintains uploaded files, and self-monitors — ideal for production-like deployments.
Procedure — Part 1 (Application Development & Local Testing)
- Created project: mkdir StegoShield && cd StegoShield
- Set up venv: python3 -m venv venv && source venv/bin/activate
- Installed packages: pip install streamlit opencv-python-headless pillow numpy
- Generated requirements.txt: pip freeze > requirements.txt
- Implemented stegno.py with XOR + LSB logic
- Built Streamlit UI: upload, mode selection, previews
- Tested locally: streamlit run stegno.py
Screenshots:
- Home page
- Image upload
- Encode mode
- Decode success
Procedure — Part 2 (Docker Containerization)
- Created Dockerfile in project root
- Set base: FROM python:3.11-slim
- Installed system deps: libgl1, libglib2.0-0
- Copied requirements.txt and installed packages
- Copied app code
- Exposed port 8501 and set CMD for Streamlit
- Built image: docker build -t stegoshield .
- Ran container: docker run -d -p 8501:8501 stegoshield
- Tested at http://localhost:8501
Screenshots:
- Docker build success
- Container running
- App in browser
Procedure — Part 3 (Docker Compose Orchestration and uploading to Docker hub)
- Created docker-compose.yaml in root
- Defined app service with build context, ports, volume, healthcheck, restart, network
- Defined named volume uploads and bridge network stegonet
- Launched: docker-compose up -d
- Checked status: docker-compose ps
- Tested health, restart, and persistence
- docker-compose ps
- Health check pass
- Volume persistence
Pushing to Docker Hub
Step 1: Log in to Docker Hub
Use the Docker CLI to authenticate with your Docker Hub account.
Bash: docker login
Step 2: Tag the Local Images
Tag your local images with your Docker Hub username and repository name. Replace your-dockerhub-username with your actual username.
Bash:
docker stegoshield ashdyl17 /stegoshield:latest
Step 3: Push the Images to Docker Hub
Push the tagged images to the remote repository.
Bash:
docker push ashdyl17/stegoshield:latest
Step 4: Verify on Docker Hub
Navigate to your Docker Hub profile in a web browser to confirm that both repositories (taskzen-backend and taskzen-frontend) have been created and contain the latest tag.
Modifications done to containers after downloading
The python:3.11-slim base image was modified step-by-step to create the custom stegoshield image:
- Base Image Selection: Used python:3.11-slim for minimal size and security.
- System Dependencies: Added libgl1 and libglib2.0-0 via apt-get for OpenCV support in headless mode.
- Python Packages: Installed requirements.txt (Streamlit, OpenCV, NumPy, Pillow) with --no-cache-dir to reduce image size.
- Application Code: Copied entire project (including stegno.py) into container.
- Runtime Configuration: Exposed port 8501 and set CMD to run Streamlit on 0.0.0.0.
- Orchestration Enhancements: Added healthcheck, volume mount, restart policy, and isolated network in docker-compose.yaml.
GitHub link / Docker Hub link of modified containers
Outcomes of the project
- Fully functional steganography web app with encode/decode modes.
- Zero visible distortion in output images.
- Docker image size: ~270 MB.
- Startup time: <3 seconds.
- 100% test pass rate across local, container, and orchestrated runs.
- Dual-layer security: XOR + LSB.
- Persistent uploads, health monitoring, auto-restart, and network isolation via Docker Compose.
- Live deployment: https://stegoshield.streamlit.app/
- Mastered Docker best practices and DevOps orchestration.
Conclusion
StegoShield successfully delivers a secure, containerized steganography tool that combines encryption and concealment for robust data hiding. From local development to orchestrated deployment, this DA3 showcases a complete DevOps pipeline — reproducible, resilient, and production-ready. The use of Docker Compose ensures high availability and data persistence, while the Streamlit UI makes it accessible to non-technical users. This project lays a strong foundation for future enhancements like AES encryption, audio/video steganography, and CI/CD integration.
References
- C. Adak, “Robust Steganography Using LSB-XOR,” arXiv:1312.5417, 2013.
- A. K. Sahu and G. Swain, “High Capacity LSB Steganography,” ResearchGate, 2016.
- S. Werli, “Image Steganography with Python,” Medium, 2023.
- A. Sharma and S. Singh, “LSB Replacement through XOR,” ResearchGate, 2019.
Comments
Post a Comment