Java程序辅导

Blossom—Hands-­on	
  exercises	
  for	
  computer	
  forensics	
  and	
  security	
  
	
  
Copyright:	
  The	
  development	
  of	
  this	
  document	
  is	
  funded	
  by	
  Higher	
  Education	
  of	
  Academy.	
  Permission	
  is	
  granted	
  
to	
  copy,	
  distribute	
  and	
  /or	
  modify	
  this	
  document	
  under	
  a	
  license	
  compliant	
  with	
  the	
  Creative	
  Commons	
  
Attribution-­NonCommercial-­ShareAlike	
  3.0	
  Unported	
  License.	
  To	
  view	
  a	
  copy	
  of	
  this	
  license,	
  visit	
  
http://creativecommons.org/licenses/by-­nc-­sa/3.0/.	
  	
  
 
 
 
 
Steganography & Steganalysis 
 
BLOSSOM 
Manchester Metropolitan University 
(Funded by Higher Education Academy) 
l.han@mmu.ac.uk 
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
	
  
Blossom—Hands-­on	
  exercises	
  for	
  computer	
  forensics	
  and	
  security	
  
1. Learning Objectives 	
  
This lab aims to understand and learn Steganography & Steganalysis 
2. Preparation 
1) Under Linux environment 
2) Some files that you will need from 
/home/user/BlossomFiles/Steganography: 
• 'bmp_24.bmp' 
• 'bmp_24INPLAINVIEW.bmp' 
• 'Instegrity.zip' 
3) Some documents that you may need to refer to: 
• 'Virtual-MachineGuide.pdf' 
• ‘Linux-Guide.pdf’ 
• ‘BLOSSOM-UserGuide.pdf’ 
3. Tasks 
 Setup & Installation: 
• Start a single virtual machine as you have done with previous 
exercises (see Virtual Machine Guide) 
 
# kvm -cdrom /var/tmp/BlossomFiles/blossom-0.98.iso -m 512 -net 
nic,macaddr=52:54:00:12:34:57 -net vde -name node-one 
 
• Before undertaking these tasks, the package libcommons-math-java 
must be set up correctly. In order to do this, we must use the following 
commands within the terminal: 
 
#CLASSPATH=CLASSPATH:/usr/share/java/commons-math.jar 
#export CLASSPATH 
 
• The file 'Instegrity.zip' must be extracted using unzip: 
 
#unzip Instegrity.zip 
 
 
 
 
 
 
 
 
 
Blossom—Hands-­on	
  exercises	
  for	
  computer	
  forensics	
  and	
  security	
  
 
Task 1 Steganography 
1.1 Steganography is the concept of hiding messages within a cover-
medium in such a way that arouses no suspicion to the existence of the 
message at all. The main use for Steganography is for secret 
communication between two parties, preventing an external third party 
from noticing anything out of the ordinary in the content of their 
communications. 
Three things are required in order to allow for the use of 
Steganography. The cover-medium, such as an image which can be 
used to hide the data, the data that is to be hidden, and the key used to 
hide the data, which in the context of Steganography is some sort of 
variation on an embedding algorithm. 
The program that will be used to demonstrate the concept of 
Steganography is called Instegrity and it is a Jython & Java based 
development. Run it by using the following command: 
# jython StegDetect.py 
This will start the graphical interface, which uses a very simple menu 
bar depicting the various sections of functionality, such as the image 
file readers and the steganography encoders. 
1.2 First of all, we must load in a cover-image for text to be embedded 
inside. To do this, select the option 'Select Cover-image' under the 
'Image File Readers' menu. We will now be presented with a file 
chooser prompt, so we navigate to the file 'bmp_24.bmp' and select it. 
The image will be displayed on the right side of the interface, and 
underneath this will be a text box. Enter a message in to the text box, 
and then select 'Encode Text Sequentially' from the 'Steganography 
Encoding' menu. Another file chooser will appear, save the file and be 
sure to append the file extension '.bmp' after the file name. 
1.3 Now that the text has been embedded within the image, we can also 
recover the text from it using the same program. Select 'Select Stego-
image' from 'Image File Readers', and open the file that was created 
from the previous task which should now appear on the left hand side 
of the interface. After the file has been loaded in to the program, select 
'Decode Text Sequentially' option from 'Steganography Encoding', and 
this should return the text that was embedded in the previous task. 
In order to discover the presence of Steganography, we must use a 
process called Steganalysis. Before going on to the Steganalysis task, 
it is important to note that the way in which this program embeds 
information is by a process called Least Significant Bit (LSB) Insertion, 
which replaces the LSB values of each pixel in the image with a bit 
representing a part of the hidden message. 
Blossom—Hands-­on	
  exercises	
  for	
  computer	
  forensics	
  and	
  security	
  
Question: Is there any visible difference between the cover-image 
and the stego-image? And why is there or isn’t there a difference? 
Task 2 Steganalysis - Visual Attack 
2.1 Steganalysis is the process of detecting messages hidden using 
Steganography and can be performed in multiple ways; the two ways 
that are used by the program we are using are known as the Visual 
Attack, and the Chi-Square Attack. 
 
The Visual Attack is one of the more simple methods of steganalysis, 
and it works by viewing the Least Significant Bit (LSB) plane of the 
image either with the Stego-Image being the only image available to 
view, or alongside the Cover-Image before anything was embedded 
within it as to provide a comparison. This attack is generally based on 
requiring the cover-image to allow for a comparison since occasionally 
the LSB plane of an image can display no irregularities even when 
steganography is present. 
 
Go through the process of embedding text within an image again, but 
this time we will embed a large fragment of text, so that the results of 
the attack will be significantly more visible. After this, clear the image 
readers using the 'Clear Image Readers' option from the 'Image File 
Readers' menu. 
 
2.2 Select the images respectively, with the stego-image being the image 
created with a large amount of text hidden within, and the cover-image 
being the initial 'bmp_24.bmp' file. After both of these have been 
loaded in to the program, select the option 'Visual Attack: Stego and 
Cover Comparison' from the menu 'Steganalysis Attacks'. The result of 
this should show a significant amount of image noise on the stego-
image, with the cover-image looking no different at all. This allows us to 
conclude that there is hidden content within the image. 
 
Question: After viewing the difference in image noise at the lowest 
bit plane, what can be concluded about the location of the hidden 
message within the image? 
 
2.3 Under the 'Steganography Encoding' menu, there is a function called 
'Encode Text Pseudorandomly'. This basically randomly generates 
pixel locations within the image to store each bit relating to the hidden 
message, and is a form of added security for steganography encoding. 
Encode text pseudo-randomly within the image 'bmp_24.bmp' and then 
perform a visual attack on it, and take note of the scattered noise 
around the image. 
 
Question: What benefits to security would pseudo-randomly 
generating pixel locations provide? 
Blossom—Hands-­on	
  exercises	
  for	
  computer	
  forensics	
  and	
  security	
  
 
Task 3 Steganalysis - Chi Square Attack 
3.1 The Chi-Square Attack is a form of statistical steganalysis that makes 
use of statistical facts of certain methods of steganography encoding. 
Without delving in to too much detail, the basic concept is to use the 
statistical test known as the “Chi Square Test” to compare two different 
sets of values from the stego-image. Due to the statistical nature of the 
attack, the results are not always 100% accurate and can only really be 
used as guidelines during an investigation. 
 
For this task, we will simply analyse a stego-image that has already 
been created using a completely different piece of software called 
InPlainView, and the reason for this is that the steganography encoding 
algorithms included within Instegrity actually bypass the Chi-Square 
Attack, referencing back to the statistical nature of the attack. 
 
3.2 Load in the image file ‘bmp_24INPLAINVIEW.bmp’ to the program, and 
then select the ‘Chi-Square Attack’ option from the ‘Steganalysis 
Attacks’ menu. This should display a graphical representation of the 
image analysis at the bottom of the interface. 
 
If there is no steganography present in the image, then the red line 
should be a constant line across the bottom of the graph, reading at a 
consistent 0 on the Y-Axis; however, as there is data embedded within 
the image, the red line is at the top of the graph and eventually stoops 
down to the bottoms of the graph. 
 
An important fact to note about this analysis is that each number at the 
bottom of the graph represents 1kb of data. The red line staying at 1 for 
8kb means that there is likely 8kb of hidden data within the image. 
 
Question: What would some advantages be of using a statistical 
method of steganalysis?