Security Lab 1:
Steganography and the Enemy Knows the System
Name:___________________________
Date:_____________
Introduction: Security by Design
Auguste Kerckhoffs (1835 - 1903), a Dutch linguist and cryptographer, posited a property of cryptosystems often cited in discussions of security: “a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”1 Claude Shannon has restated
Kerckhoffs’ principle with the simple phrase: “the enemy knows the
system.” These quotations succinctly summarize the principle of security by design. In general, security by design builds security into a system from its conception.
Security experts sometimes engage in a philosophical discussion about the role of secrecy in security called the security through obscurity debate. While virtually all security experts recognize the value of security by design, the merits of security through obscurity are considered controversial in the IT field. Many security experts dismiss security through obscurity
completely and yet other experts argue that the techniques of obscurity can function as a part of a defense in depth strategy.
This lab introduces you to the basic technical issues related to security by focusing on steganography, the art and science of hiding messages.
Consider the following philosophical questions when working through the exercises in this lab:
1. To what extent can secrecy or obscurity play a part in a defense in depth security strategy?
2. To what extent are all security techniques essentially security through obscurity?
1 Wikipedia. Kerckhoffs’ Principle. http://en.wikipedia.org/wiki/Kerckhoffs
Introduction: Steganography
Digital steganography exploits redundancy in compression algorithms to steal bits from a file. These stolen bits are used to store the data one intends to hide. The technique works particularly well with file formats like *.jpeg and *.mp3 because these formats utilize lossy compression techniques that assume small amounts of quality degradation. Steganalysis employs techniques to detect and reveal such hidden messages.
Exercise 1: Steganography and BMP Files
1. Examine the following files carefully: Girl_With_Pearl_Earring.bmp
and Girl_With_A_Secret.bmp.
Can you tell the difference between the files simply by looking at them?
__________________________________________________________
2. Use the program wbStego4.3open.exe to examine both files
Which file contains a secret? What is the secret?
__________________________________________________________
Exercise 2: Steganography and Copyright Protection
1. Examine the following files carefully: discex01.pdf and article1.pdf
Can you tell the difference between the files simply by looking at them?
__________________________________________________________
2. Use the program wbStego4.3open.exe to examine both files
Exercise 3: Steganalysis with jphide
1. Examine the following files carefully:
a. Girl_With_Pearl_EarringA.jpg b. Girl_With_Pearl_EarringB.jpg c. Girl_With_Pearl_EarringC.jpg d. Girl_With_Pearl_EarringD.jpg
Can you tell the difference between these files simply by looking at them?
____________________________________________________________
2. Use the program stegdetect.exe to determine which files potentially have
hidden messages. Hint: change the –S parameter to tune the scan
Which files did stegdetect find?
____________________________________________________________
3. Use the program stegbreak.exe to retrieve the hidden message in the file.
Hint: use rules.ini, wordlist.txt, wordlist2.txt, and wordlist3.txt
Which wordlist revealed the hidden message? _______________________
What was the hidden message? ____________________________________
Why did only one of the wordlists reveal the message? _________________
4. There is another hidden file in another jpeg file. Use zipMask1_2.exe to
find the message in one of the remaining files.
Which of the files concealed a file with zipMask1_2.exe? _______________
Why did stegdetect not detect this file?
____________________________________________________________
Exercise 4: *.mp3 example
1. Select a *.wav file from the sample folder
2. Write a secret message of your choice in a file called hidden.txt
3. Use encode.exe in the mp3stego application to hide your message in a
new *.mp3 file
4. Listen to both your *.wav file and your new *.mp3
Can you hear the difference between the files?
______________________________________________________
5. Use decode.exe to extract your hidden message
Exercise 5: Hide and Seek
1. Select a partner
2. Each partner should create a secret message in a text file
3. Use one of the tools from the lab to hide the message in a *.jpg file
4. Partners should exchange both the original file and the carrier file
5. Use the tools from the lab to detect and break the steganography
Were you able to detect your partner’s message? _______________
Were you able to retrieve your partner’s message? What was it?
Conclusion
In this lab, you used steganographic tools to create, detect, analyze, and extract hidden messages from a variety of multimedia files. The lab
employed steganographic tools in conjunction with encryption to hide and protect the content of a hidden message. Use your lab experience to answer the following questions:
In your opinion, did the application of steganography improve the security of the hidden message above and beyond that offered by the encryption?
Did your experience in this lab change your mind regarding the questions posed on page one of the lab? Review the references below if time permits.
References
Security through Obscurity
http://en.wikipedia.org/wiki/Security_through_obscurity
http://en.wikipedia.org/wiki/Kerckhoffs%27_principle
http://technet.microsoft.com/en-us/magazine/2008.06.obscurity.aspx
http://netsecurity.about.com/cs/generalsecurity/a/aa060103.htm
http://slashdot.org/features/980720/0819202.shtml
http://www.schneier.com/blog/archives/2008/06/security_throug_1.html
Steganography
