HW 6 – Steganography and Steganalysis
CSIS 3700
Objective:
Test steganography and steganalysis tools.
Overview:
You will use two steganography tools to embed messages in some other type of file, and two steganalysis tools to try to detect the embedded messages.
Pre-Lab:
You may run the steganography tools in a Windows VM, on your local machine, or on Caine, depending on what specific tool you’re using.
A basic Windows 10 VM is in the folder ………
The Caine VM is in the folder G:\GlenSagers\CSIS 3700 and at https://drive.google.com/file/d/1AqV3tmLblKGXn1vL9jIoZgqT2AnyVmzd/view?usp=sharing
Credentials – User: student, Pass: AB12cd34
Procedure:
Part 1 – Embedding Messages
Choose two steganography tools from the PowerPoint for this week. For each tool, find a carrier image of your choice. I’d suggest somewhere between 100 kB and 3 MB in size. If you use an audio tool, find a suitable file for the tool in whatever formats it can use.
1. Make two copies of carrier file and give them names that let you remember what they are, you’ll have four total files at this point. Put them all in the same directory. Open a command prompt, and run dir to show the size of the files in bytes.
(1 pt) SCREENSHOT OF THE FOUR FILE SIZES IN COMMAND PROMPT
2. For each application, embed the following payload messages, taking screenshots as noted below.
a. A short piece of text that you choose, no more than 100 characters = 100 bytes
b. The text of Lincoln’s Gettysburg address – available on Wikipedia = 1.5 kilobytes
c. You will end up with four files with embedded text, two from each tool.
(2 pts) SCREENSHOT(S) OF FIRST STEGANOGRAPHY TOOL EMBEDDING YOUR SHORT MESSAGE
(2 pts) SCREENSHOT(S) OF FIRST STEGANOGRAPHY TOOL EMBEDDING GETTYSBURG ADDRESS
(2 pts) SCREENSHOT(S) OF SECOND STEGANOGRAPHY TOOL EMBEDDING YOUR SHORT MESSAGE
(2 pts) SCREENSHOT(S) OF SECOND STEGANOGRAPHY TOOL EMBEDDING GETTYSBURG ADDRESS
3. Run a second directory listing showing the file sizes after modification.
(1 pt) SCREENSHOT OF THE FOUR FILE SIZES IN COMMAND PROMPT AFTER STEGANOGRAPHY
(4 pts) Is there a difference in file size? Could you detect that there is, respectively, 100 bytes and 1.5 kbytes of text in each image? ___________________________________________________
4. Last, open each file in its respective tool, and show via screenshots that the payload data can be read from the carrier file.
(1 pt) SCREENSHOT(S) OF FIRST STEGANOGRAPHY TOOL REVEALING YOUR SHORT MESSAGE
(1 pt) SCREENSHOT(S) OF FIRST STEGANOGRAPHY TOOL REVEALING GETTYSBURG ADDRESS
(1 pt) SCREENSHOT(S) OF SECOND STEGANOGRAPHY TOOL REVEALING YOUR SHORT MESSAGE
(1 pt) SCREENSHOT(S) OF SECOND STEGANOGRAPHY TOOL REVEALING GETTYSBURG ADDRESS
Part 2 – Steganalysis
1. Use the McAfee online steganlysis tool and one other tool listed in this week’s PowerPoint to check all four files for embedded messages.
2. Show via screenshots what each tool finds for each of the four files.
(2 pt) SCREENSHOT(S) OF MCAFEE WEBSITE RESULTS FOR SHORT MESSAGE FROM FIRST STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF MCAFEE WEBSITE RESULTS FOR GETTYSBURG ADDRESS FROM FIRST STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF MCAFEE WEBSITE RESULTS FOR SHORT MESSAGE FROM SECOND STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF MCAFEE WEBSITE RESULTS FOR GETTYSBURG ADDRESS fROM SECOND STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF SECOND STEGANALYSIS TOOL RESULTS FOR SHORT MESSAGE FROM FIRST STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF SECOND STEGANALYSIS TOOL RESULTS FOR GETTYSBURG ADDRESS FROM FIRST STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF SECOND STEGANALYSIS TOOL RESULTS FOR SHORT MESSAGE FROM SECOND STEGANOGRAPHY TOOL
(2 pt) SCREENSHOT(S) OF SECOND STEGANALYSIS TOOL RESULTS FOR GETTYSBURG ADDRESS FROM SECOND STEGANOGRAPHY TOOL
(6 pts) Conclusion:
In your opinion, how useful would the two tools you tested be in sending messages that could not be detected forensically? Take into account both the steganography results and the results of the steganalysis.
Submit this document on Canvas.