Jacksonville State University MCIS Department 700 Pelham Road North Jacksonville, AL 36265
CS570 – Advanced Computer Security Steganography – Hiding Secret Messages in Cover Files
Eric Gamess Introduction: Steganography is a science that consists of transmitting hidden secret messages in a hostile environment. It is not new, but has become important with the digital era, and differs from cryptography. In cryptography, the fact that there is a secret message is evident, but it is encrypted before being transmitted, and the security lies on the difficulty to obtain the original plaintext. In steganography, the secret message is not encrypted, but hidden in a cover message/file (text, image, sound recording, video, or anything else) that is apparently harmless. The strength of steganography relies on fooling the enemies so that they do not suspect, or they are not able to extract the hidden message. Nowadays, a hybrid scheme is often used and consists of first encrypting the secret message to be sent with a cryptographic algorithm, then hiding it inside the cover message/file that will not raise any suspicions. The combined method is very strong since it has the benefits of both strategies. That is, the enemies will need first to discover that a secret message has been embedded inside the cover message/file and extract it. Once they have the hidden message, they still need to decipher it. The cover message/file should contain a sufficient amount of redundant data. By modifying this data in such a way that the alteration is not easily noticeable, it is possible to obtain good steganography. The amount of redundant data determines how much secret information can be embedded. Steganography can also rely on human limitations when viewing or listening. For example, altering the colors of the pixels in an image can be challenging to detect, especially if they are replaced by similar colors. Least Significant Bit (LSB) is a widespread technique used with digital images, and consists in using the least significant bit, in every byte that makes up the cover image, to store the secret message. In this way, the colors of the picture are changed, but not enough to be detected by the human eye. If the color depth is 8 bits per pixel, it is possible to store one bit of the secret message for every pixel in the original image. With a color depth of 24 bits per pixel (i.e., the Reg-Green-Blue system), three bits of the secret message can be hidden for every pixel of the original image. Table 1 shows our impossibility to make the difference in colors when the least significant bits are modified in the Reg-Green-Blue system.
Original Color
Number of Modified Bits
0 bits 1 bit 1 bit 1 bit 2 bits 2 bits 2 bits 3 bits
Orange #FFA500
Pink #FFC0CB
Blue #0000FF
Table 1: Examples of Modifying the Least Significant Bits in the Red-Green-Blue System Steganography is not a new science and was already used before the digital era. Histiaeus used to shave the head of one of his slaves, tattooed a secret message on his bald head, and waited until the hair grew back, before sending

the slave to deliver the message. Others used invisible inks, which are invisible either on application or soon thereafter, and can later be made visible by some means (e.g., heating, exposing under ultraviolet light). Johannes Trithemius first used the term steganography in a book called Steganographia. The word is a combination of the Greek “steganos”, which means concealed, with “graphein”, which means writing. Installing Oracle VirtualBox: In this lab, we will work with a Debian VM done for Oracle VirtualBox. VirtualBox is a free, multi-platform hypervisor. It is an alternative to VMware Workstation Pro. Download VirtualBox from Downloads. Be sure to select the version that corresponds to your host operating system and install it on your computer. Downloading and Installing the Debian VM: Download the Debian VM as specified by the instructor. It is a ZIP file. Unzip it and put the resulting folder in your desktop. To add the new Debian VM to VirtualBox, select item “Add…” in the “Machine” menu. Browse and find the folder that you just extracted in your desktop. Inside this folder, you should see a file associated with a blue cube icon. Select this file and click the “Open” button, as shown in Figure 1. Now, you should be able to start your Debian VM.
Figure 1: Browsing in Search of the Configuration File of the VM
BMP Files: The format of a BMP file is made of four parts:
• File Header: This header is 14-byte long and has information about the type and total size of the BMP file, as well as the starting position of the bitmap data (see Table 2).
• DIB Header: There are several versions of the DIB (Device-Independent Bitmap) header. It specifies the dimensions (width and height), compression type, and color format for the bitmap.
• Color Table: This part is optional and defines as an array containing as many elements as there are colors in the bitmap.
• Bitmap Data: This part contains the actual image data, represented by consecutive rows or “scan lines” of the bitmap. The lines are scanned from the lowest to the upmost. Each scan line consists of consecutive bytes representing the pixels in the scan line, in left-to-right order.
There are several types of BMP files, according to the color depth:
• 1 bit per pixel: This format just has two colors (generally, black and white). The pixels with 0 indicate one color, while the pixels with 1 represent the other color. In this case, one byte stores the information of eight pixels.

• 2 bits per pixel: This format supports four distinct colors and stores four pixels per byte.
• 4 bits per pixel: This format supports sixteen distinct colors and stores two pixels per byte.
• 8 bits per pixel: This format supports 256 distinct colors and stores one pixel per byte.
• 16 bits per pixel: This format supports 65,536 distinct colors and stores 1 pixel per 2-byte word.
• 24 bits per pixel: This format supports 16,777,216 distinct colors and stores 1 pixel per 3-byte word. In this lab, we will focus on BMP images with a 24-bit color depth and no compression. Hence, each pixel will be represented by three bytes (Red-Green-Blue or RGB) in the actual bitmap data area. Images stored in this format do not have a color table (not required since the colors of the pixels are directly represented in the RGB system). Also, note that we will be using the BITMAPINFOHEADER type for the DIB header (see Table 3).
Name of Field Offset in
hexadecimal Size in Bytes
FileType 0000 2 A 2-character string value in ASCII to specify a BMP file type. It must be “BM” or “42 4D” in hexadecimal.
FileSize 0002 4 The total number of bytes in a BMP file.
Reserved1 0006 2 Reserved.
Reserved2 0008 2 Reserved.
PixelDataOffset 000A 4 The offset in bytes to find the start of the bitmap data aera, from the beginning of the file. In other words, it is the number of bytes between the start of the file and the first byte of the bitmap data.
Table 2: File Header for BMP Files
Name of Field Offset in
hexadecimal Size in Bytes
HeaderSize 000E 4 The size of the DIB header in bytes. It should be 40 in decimal to represent a DIB header of type BITMAPINFOHEADER.
ImageWidth 0012 4 The width of the image in pixels.
ImageHeight 0016 4 The height of the image in pixels.
Planes 001A 2 The number of color planes of the target device. Must be 1 in decimal.
BitsPerPixel 001C 2 The number of bits to represent the color of a pixel in the bitmap data. This is also known as the color depth (e.g., 1, 4, 8, 16, 24, or 32).
Compression 001E 4 The compression method to be used. It should be 0 in decimal to represent no-compression.
ImageSize 0022 4 The size of the compressed image. It should be 0 in decimal when no compression algorithm is used.
XpixelsPerMeter 0026 4 The horizontal resolution of the target device. This parameter will be adjusted by the image processing application but should be set to 0 in decimal to indicate no preference.
YpixelsPerMeter 002A 4 The vertical resolution of the target device (same as the above).
TotalColors 002E 4 The number of colors in the color table. If this is set to 0 in decimal, hence there is no color table, and the number of used colors is 2^BitsPerPixel.
ImportantColors 0032 4 The number of important colors used. Generally ignored by setting 0 in decimal as its value.
Table 3: DIB Header for 24-bit Color Depth BMP Files

To better understand the 24-bit color depth BMP format, let us consider a very small image of size 16×4, that is, with a width of sixteen pixels and a height of four pixels, as shown in Figure 2. In this example, to make it easier to understand, the sixteen pixels of each scan line have the same color. The lowest scan line is blue (#0000FF), followed by a white (#FFFFFF), green (#00FF00), and red (#FF0000) scan lines.
Figure 2: Example of a Small Image
Figure 3: Dump of the File of the Small Image
This small image will be stored in a file, as shown in Figure 3. The first five fields correspond to the file header (see Table 2):
• FileType (cyan): It is equal to (42 4D)16, for “BM”, as expected.
• FileSize (orange): It is equal to (F6 00 00 00)16 and represents the total size of the file, in bytes. Since integers are stored in files according to the Little-Endian format, the size is (00 00 00 F6)16 or 246 in decimal.
• Reserved1 (green): This field does not matter.
• Reserved2 (yellow): This field does not matter.
• PixelDataOffset (black): After inverting the order of the bytes, this field is (00 00 00 36)16 and corresponds to an offset of 54 bytes. That is, the bitmap data starts in byte #54 (the first byte is byte #0).
The following eleven fields correspond to the DIB header (see Table 3):
• HeaderSize (Gray): After inverting the order of the bytes, this field is (00 00 00 28)16 and represents the size of the DIB header in bytes. That is, 40 bytes in decimal.
• ImageWidth (Pink): It is the width of the image in pixels. After inverting the order of the bytes, the width is (00 00 00 10)16 or 16 in decimal.

• ImageHeight (Red): It is the height of the image in pixels. After inverting the order of the bytes, the height is (00 00 00 04)16 or 4 in decimal.
• Planes (White): After inverting the order of the bytes, this field is equal to (00 01)16, or 1 in decimal. Yes, it is the expected value.
• BitsPerPixel (Blue): This is the color depth. It is equal to (00 18)16 after inverting the order of the bytes, or 24 in decimal as expected.
• Compression (Green): Since there is no compression, this field is equal to zero.
• ImageSize (Cyan): Since there is no compression, this field is equal to zero.
• XpixelsPerMeter (Green): This field is zero to specify no preference.
• YpixelsPerMeter (Orange): This field is zero to specify no preference.
• TotalColors (Yellow): Since 24-bit color depth BMP images have no color table, this filed is zero as expected.
• ImportantColors (Fuchsia): This field is zero as expected. The small image of Figure 2 is stored in the file “small-image.bmp”, distributed with this lab. Figure 4 shows some useful commands. You might need to install “mediainfo” in your Debian VM from the repositories. The command “display” shows an image on an X server. You might also try “eom” (Eye of MATE), as an alternative.
file small-image.bmp mediainfo small-image.bmp od -v -t x2 -A x small-image.bmp od -v -t x1z -A x small-image.bmp hexdump -v small-image.bmp hexdump -v -C small-image.bmp xxd small-image.bmp xxd -g 1 small-image.bmp display -resize 800×200 small-image.bmp & eom small-image.bmp &
Figure 4: Useful Commands to Get Information on Images Now that you are more familiar with the concept of steganography and the format of BMP images with 24-bit color depth, it is time to make you work. To answer the following questions, you are required to specify the steps that you followed, and the commands that you used. It is always a good idea to include some screenshots in your report to support your answers. Exercise 1: A primary steganography tool will embed three fields in the bitmap data part of the cover file: (1) a 4-byte integer that represents the number of characters of the secret message, (2) a 4-byte integer that corresponds to the number of bytes in the bitmap data, and (3) the hidden message. A secret message has been embedded in the “small-image.bmp” file. The dump of the resulting file is shown in Figure 5 (the file is also distributed with this lab with the name “small-image-with-secret.bmp”). Notice that to make it easier to understand, the bytes that were affected by the inclusion of the secret messages are in italic. Also, the following command can be very useful. You are required to find the hidden message.
vbindiff small-image.bmp small-image-with-secret.bmp

Figure 5: Dump of the File of the Small Image with a Secret Message Embedded
OK, I am going to help you to start. As stated before, the first field that is inserted in the cover file is a 4-byte integer that represents the number of characters of the secret message. So, let us get the first 32 bits from the bitmap data part, as depicted in Table 4.
Byte #0 #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15
Value FE 00 00 FE 00 01 FE 01 00 FE 00 00 FE 00 00 FE
LSB 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0
Byte #16 #17 #18 #19 #20 #21 #22 #23 #24 #25 #26 #27 #28 #29 #30 #31
Value 00 00 FE 00 00 FE 00 00 FE 00 00 FE 00 00 FE 00
LSB 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Table 4: Getting the Size of the Secret Message The binary value is (00000101 00000000 00000000 00000000)2, which is (05 00 00 00)16 in hexadecimal. Since integers are stored in the Little-Endian format, the size is (00 00 00 05)16 or 5 in decimal. That is, the secret message has five characters. Hence, what is the hidden message? Exercise 2: A secret message has been embedded in the “noccalula-falls-with-secret.bmp” file, distributed with this lab. You are required to find the secret message. By the way, just for you to verify that your eyes cannot make the difference, the original file (called “noccalula-falls.bmp”) is also provided with this lab. Display thoses two files side-by-side with the tool of your preference (e.g., “display” or “eom”) and try to see the differences.

Exercise 3: Steghide is an open-source steganography tool that can hide/embed a secret file into an image file (JPEG and BMP) or an audio file (WAV and AU). There is no restriction on the format of the secret file. Steghide has many features such as (1) the compression of the secret file, (2) the encryption of the secret file, (3) the verification of integrity, and (4) the possibility to store the filename of the hidden file into the resulting file (stego file). Question 1: Check if Steghide is already installed in your VM. If it is not the case, install it from the Debian repositories and have a look at its manual. Give a list of the encryption algorithms supported by Steghide. Question 2: The capacity of a cover file is the amount of data that can be embedded in this file. What is the capacity of the “white-tiger.bmp” file? You should use a command to answer this question. Question 3: Check the content of the “secret01.txt” file. Now, hide this secret file into the “white-tiger.bmp” file. The resulting file shall be called “white-tiger-with-secret.bmp”. Do not compress, encrypt, enable checksum, or write the name of the secret file into the stego file. If we are not using any cryptographic algorithm, why Steghide is asking for a passphrase? View both files (original and stego files) side-by-side. Can you see the difference? Question 4: Remove the secret file (secret01.txt). Verify that the file was deleted. Check the information in the stego file, including details about embedded data, with “steghide –info white-tiger-with-secret.bmp”. Extract the embedded secret file from the stego file. Does it correspond to the original secret file? Question 5: You are in a private communication with one of your friends. He just sent you an email, and he attached a file called “baby-lions-with-secret.bmp”. You know that this file contains an embedded secret file and that your friend used Steghide for its creation. For better security, you and your friend always encrypt the files that you are hiding in images. Also, you did agree with him to always use the name of a city of Alabama, as a passphrase, all in lowercase letters. You are required to extract the secret file. What is the type of this file? What is the secret message? What were the cipher algorithm and mode selected by your friend to encrypt the secret file? Exercise 4: In this exercise, you are going to learn how to hide a ZIP file into an image. First, check the content of “secret03.txt” and “secret04.txt” that are distributed with this lab. Make a directory called “secrets” and move the two previous files into this directory. Create a ZIP archive called “” that corresponds to the “secrets” directory. Verify that your ZIP file was correctly created. View the “cheetah-family.jpg” file, distributed with this lab. Using the “cat” tool, enter the command below to create a new file as a copy of the “cheetah-family.jpg” file, where the “” has been hidden. This will enable “cat” to concatenate the image and ZIP files together in a new file named “cheetah-family-with-secrets.jpg”.
cat cheetah-family.jpg > cheetah-family-with-secrets.jpg
Check the size of the three files (“cheetah-family.jpg”, “”, and “cheetah-family-with- secrets.jpg”). Now, remove the “secrets” directory and the “” file. List the files in the current directory (or the appropriate directory) to verify that they were removed. Unzip the “cheetah-family-with-

secrets.jpg” file (yes, it is weird to unzip a JPEG file, but it works) with the following command. Get a new listing of the current directory and verify that the “secrets” directory, with the proper content, was extracted.
unzip cheetah-family-with-secrets.jpg
Exercise 5: The picture “jaguar-with-secret.jpg”, distributed with this lab, has a secret ZIP file embedded. It was integrated with the same process as specified in Exercise 4. Start by displaying the picture. Then, extract the hidden message or messages. What is the message?


Best Custom Essay Writing Services

Looking for unparalleled custom paper writing services? Our team of experienced professionals at is here to provide you with top-notch assistance that caters to your unique needs.

We understand the importance of producing original, high-quality papers that reflect your personal voice and meet the rigorous standards of academia. That’s why we assure you that our work is completely plagiarism-free—we craft bespoke solutions tailored exclusively for you.

Why Choose

  • Our papers are 100% original, custom-written from scratch.
  • We’re here to support you around the clock, any day of the year.
  • You’ll find our prices competitive and reasonable.
  • We handle papers across all subjects, regardless of urgency or difficulty.
  • Need a paper urgently? We can deliver within 6 hours!
  • Relax with our on-time delivery commitment.
  • We offer money-back and privacy guarantees to ensure your satisfaction and confidentiality.
  • Benefit from unlimited amendments upon request to get the paper you envisioned.
  • We pledge our dedication to meeting your expectations and achieving the grade you deserve.

Our Process: Getting started with us is as simple as can be. Here’s how to do it:

  • Click on the “Place Your Order” tab at the top or the “Order Now” button at the bottom. You’ll be directed to our order form.
  • Provide the specifics of your paper in the “PAPER DETAILS” section.
  • Select your academic level, the deadline, and the required number of pages.
  • Click on “CREATE ACCOUNT & SIGN IN” to provide your registration details, then “PROCEED TO CHECKOUT.”
  • Follow the simple payment instructions and soon, our writers will be hard at work on your paper. is dedicated to expediting the writing process without compromising on quality. Our roster of writers boasts individuals with advanced degrees—Masters and PhDs—in a myriad of disciplines, ensuring that no matter the complexity or field of your assignment, we have the expertise to tackle it with finesse. Our quick turnover doesn’t mean rushed work; it means efficiency and priority handling, ensuring your deadlines are met with the excellence your academics demand.

ORDER NOW and experience the difference with, where excellence meets timely delivery.