Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE CATHOLIC UNIVERSITY OF AMERICA School of Engineering / Department of Electrical Engineering and Computer Science A Non-Algorithmic File-Type Independent.

Published byAmice Bryan Modified over 6 years ago

Similar presentations

Presentation on theme: "THE CATHOLIC UNIVERSITY OF AMERICA School of Engineering / Department of Electrical Engineering and Computer Science A Non-Algorithmic File-Type Independent."— Presentation transcript:

1 THE CATHOLIC UNIVERSITY OF AMERICA School of Engineering / Department of Electrical Engineering and Computer Science A Non-Algorithmic File-Type Independent Method for Hiding Persistent Data in Files Maha Sabir, M.Sc. Dr. Jim Jones, Ph.D. Dr. Hang Liu, Ph.D. April 20, 2017

2 Outline Background Motivation Statement of the problem Objectives
Related Work Methodology Results & Discussion Conclusion & Future work References

3 Anti-forensics Techniques
Background Anti-forensics Techniques Data Hiding Trail Obfuscation Data Destruction

4 Non-Algorithmic File Data Hiding
Background Data Hiding Non-Algorithmic File Data Hiding Steganography Cryptography

5 Definition of Terms Watermarking vs. Tagging Stealthy Non-Algorithmic
File-Type Independent LSB

6 Motivation Protecting digital data and sensitive contents by stealthy tagging (stealthy watermarking). Trying to know where Anti-forensic techniques may try to hide data so that we know where to look.

7 Statement of the Problem
Key Questions: Can we hide data in files that is persistent, benign, recoverable and stealthy? 1) Which tags will survive and under what conditions? 2) Are there specific locations in a file where you can store and preserve tags?

8 Objectives Develop a file-type independent methodology to:
Identify unique file locations for hiding stealthy watermark tags that are persistent and benign. Test watermarks for persistence and document survivability. Applications: For data protectors, investigators, and forensic examiners to trace digital evidence. Foundation for techniques to find hidden data.

9 Related Work 1/2 1. Microsoft Word OOXML File Format
The Structure of an OOXML format document The Directory Structure of a “sample.docx”

10 Related Work 2/2 2. Hiding Data in Files 1) Cantrell & Dampier (2004)
Hiding data in files e.g. html files and early binary MS office files Any space with at least two hexadecimal zeroes Some file dead spaces are not suitable for data hiding. 2) Garfinkel and Migletz (2009) Encrypting data in content parts of the zip file archive Hiding data in XML comments. 3) Castiglione et al., (2011) Hiding data in OOXML file zip archives and evaluated steganographic methods like altering zip compression algorithm, office macros, zero dimension image, and revision identifier values.

11 Limitations of Prior Work
Based on understanding and altering the internal structure of the files, hence each technique would only work on one file type. Based on algorithmic data hiding (e.g., LSB for steganography), which is detectable, changes the carrier file, and is file type dependent.

12 File Dead Space Finding File dead space, which we define as a region of a raw file that may changed without corrupting the file. Searching for a string of 16 or more consecutive 0x00 File dead space

13

14 File dead spaces(count)
Dataset Description Measure File size (KB) File dead spaces(count) Maximum 9,495 153 Minimum 10 5 Average 210 8 Median 30.32 5.00 Standard Deviation 849.38 12.25 Correlation (R) 0.318

15

16 Tagging Files and Survivability Testing
16 byte string written to all the dead spaces of each file. For dead spaces > 16 bytes, tag both at the beginning and middle The first three dead spaces at: [Content_Type].xml _rel/.rels word/_rel/document.xml.rels Are stable and do not change when performing different operations

17 Descriptions of the Tests
Test Name 1 Copy on device 2 Copy off device 3 Open/Close/No Modify/No Save 4 Open/Save/Close/No Modify 5 Open/Modify/Close/No Save 6 Open/Modify/Save/Close 7 Open/Modify/Terminate

18

19 Results & Discussion 2/2 It is possible to hide persistent data in file dead space of DOCX (OOXML) files, in the first three file dead spaces of the documents All hidden data in file dead space persists when operations like opening, closing, terminating, copying and saving Tags in zip file archive in OOXML format do not survive when documents are modified and saved. Files have several internal dead spaces.

20 Conclusion & Future Work
It is possible to empirically find locations suitable for storing data with no clue of the files internal structure Locations can survive many but not all operations Editing a docx file proved destructive to inserted data Other operations have no effect on the tag or the document Extend to different file types video, image, pdf, ...

21 References Beer, R. de., Stander, A., & Belle, J. (2015). Anti-Forensics: A Practitioner Perspective. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 4(2), 390–403. Cantrell, G., & Dampier, D. D. (2004). Experiments in hiding data inside the file structure of common office documents: a stegonography application. In Proceedings of the 2004 international Symposium on information and Communication Technologies (pp. 146–151). Trinity College Dublin. Castiglione, A., D’Alessio, B., De Santis, A., & Palmieri, F. (2011). Hiding Information into OOXML Documents: New Steganographic Perspectives. Journal of Wireless Mobile Networks Ubiquitous Computing and Dependable Applications, 2(4), 59–83. Fu, Z., Sun, X., & Xi, J. (2015). Digital forensics of Microsoft Office documents to prevent covert communication. Journal of Communications and Networks, 17(5), 525–533 Garfinkel, S. L., & Migletz, J. J. (2009). New XML-Based Files: Implications for Forensics. IEEE Security Privacy. 7(2), 38–44. Jain, A., & Chhabra, G. S. (2014). Anti-forensics techniques: An analytical review. In 2014 Seventh International Conference on Contemporary Computing (IC3) (pp. 412–418). Kessler, G. C. (2007). Anti-forensics and the digital investigator. In Proceedings of the 5th Australian Digital Forensics Conference (p. 1). Mt Lawley, Western Australia, Edith Cowan University.

22 Q & A

Download ppt "THE CATHOLIC UNIVERSITY OF AMERICA School of Engineering / Department of Electrical Engineering and Computer Science A Non-Algorithmic File-Type Independent."

Similar presentations

PhishZoo: Detecting Phishing Websites By Looking at Them

PhishZoo: Detecting Phishing Websites By Looking at Them
Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.

Steganograp hy By : Uday Deep Singh (IT-2 / 7 th Sem) “The Art Of Hiding Content In Images” 1.
Information Hiding: Watermarking and Steganography

Information Hiding: Watermarking and Steganography
A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.

A New Scheme For Robust Blind Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Mar 5, 2002 Department.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #26 Emerging Technologies.
Tools for Text Review. Algorithms The heart of computer science Definition: A finite sequence of instructions with the properties that –Each instruction.

Tools for Text Review. Algorithms The heart of computer science Definition: A finite sequence of instructions with the properties that –Each instruction.
Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.

Fundamentals of Computer Forensics Fundamentals of Computer Forensics by Jim Bates,published Feb 1997, International Journal of Forensic Computing “…This.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Overview of Digital Stenography

Overview of Digital Stenography
Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.

Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.
RFID Object Localization Gabriel Robins and Kirti Chawla Department of Computer Science University of Virginia

RFID Object Localization Gabriel Robins and Kirti Chawla Department of Computer Science University of Virginia
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
Covert Channels John Dabney. Covert Channels   “... any communication channel that can be exploited by a process to transfer information in a manner.

Covert Channels John Dabney. Covert Channels   “... any communication channel that can be exploited by a process to transfer information in a manner.
Exploring Steganography: Seeing the Unseen Neil F. Johnson Sushil Jajodia George Mason University.

Exploring Steganography: Seeing the Unseen Neil F. Johnson Sushil Jajodia George Mason University.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Review for Final Exam November 19, 2010.
UC Santa Cruz Providing High Reliability in a Minimum Redundancy Archival Storage System Deepavali Bhagwat Kristal Pollack Darrell D. E. Long Ethan L.

UC Santa Cruz Providing High Reliability in a Minimum Redundancy Archival Storage System Deepavali Bhagwat Kristal Pollack Darrell D. E. Long Ethan L.
Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,

Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
Steganography Steganography refers to any methodology used to hide a message (including text, sound, or picture) in a separate file. Most commonly text.

Steganography Steganography refers to any methodology used to hide a message (including text, sound, or picture) in a separate file. Most commonly text.
Watermarking University of Palestine Eng. Wisam Zaqoot May 2010.

Watermarking University of Palestine Eng. Wisam Zaqoot May 2010.
Introduction to Multimedia Security Topics Covered in this Course Multimedia Security.

Introduction to Multimedia Security Topics Covered in this Course Multimedia Security.

Similar presentations

Ads by Google