20-CS-5156 Security Vulnerability Assessment Spring 2020
Lab 6

Authentication, Availability, Confidentiality, Integrity, Defense Principles, Intrusion Detection, Attack vectors, more

 
Find hidden messages in image files

Background
People hide messages in images for a lot of reasons. In this lab we will see if you can find hidden messages in images that are presented on the course webpage.

Lab
The right margin of the course webpage contains 6 images with the following filenames: erc2.jpg, mainstreet.jpg, erdos.jpg, nit3-3.jpg, loncampus.png, and bigO.jpg. One of those image files does not have a hidden message. The other 5 images do. Your task is to determine which file has no hidden message and the hidden message in each of the other files. All hidden messages are short: no more than a sentence long. You can use any tool you wish to find the messages and to find the file with none.

Submit a list that looks like the following, except the messages and procedures stated below for finding messages and analysing files may not be correct for the associated image file:

  erc2.jpg:
    message:   how about that
    procedure: I took a close look with my brand new glasses that give me
               20/20 vision

  mainstreet.jpg:
    message:   roses are blue and violets are red!
    procedure: I was able to decrypt using steghide with the following
               command line:
                 steghide extract -sf mainstreet.jpg -xf whoa.txt
               and whoa.txt contains the hidden message

  erdos.jpg
    message:   none
    procedure: I applied steganalysis.exe, which is a windows program, using
               the following procedure: double click the steganalysis icon
               on the desktop, drop the file menu, select "Open", select
               erdos.jpg, drop the analysis menu, select "Hail Mary."  The
               results window indicates a high probability of no embedded
               file or text.
...
This is not a group project. Use Blackboard for submission. You get 3 brownies for each correct answer for a maximum of 18!

In case you did not know, you need to download the images and work on them locally.