Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.6.1485

An effective detection method for hiding data in compound-document files  

Kim, EunKwang (Graduate School of Information Security, Korea University)
Jeon, SangJun (Graduate School of Information Security, Korea University)
Han, JaeHyeok (Graduate School of Information Security, Korea University)
Lee, MinWook (Graduate School of Information Security, Korea University)
Lee, Sangjin (Graduate School of Information Security, Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.6, 2015 , pp. 1485-1494 More about this Journal
Abstract
Traditionally, data hiding has been done mainly in such a way that insert the data into the large-capacity multimedia files. However, the document files of the previous versions of Microsoft Office 2003 have been used as cover files as their structure are so similar to a File System that it is easy to hide data in them. If you open a compound-document file which has a secret message hidden in it with MS Office application, it is hard for users who don't know whether a secret message is hidden in the compound-document file to detect the secret message. This paper presents an analysis of Compound-File Binary Format features exploited in order to hide data and algorithms to detect the data hidden with these exploits. Studying methods used to hide data in unused area, unallocated area, reserved area and inserted streams led us to develop an algorithm to aid in the detection and examination of hidden data.
Keywords
Steganography; Data hiding; Compound File Binary Format; Microsoft Office;
Citations & Related Records
연도 인용수 순위
  • Reference
1 A. M. S. Rahma, B. AbdulWahab, and A. Y. Al-Noori, "Proposed steganographic method for data hiding in Microsoft word documents structure," Al-Mansour Journal, no. 15, pp. 1-29, 2011.
2 W. Bhaya, A. Rahma, and D. Al-Nasrawi, "Text steganography based on font type in ms-word documents," Journal of Computer Science, vol. 9, no. 7, pp. 898-904, 2013.   DOI
3 http://www.mitec.cz/ssv.html
4 http://compound-file-explorer.software.informer.com/1.8/
5 Byers, S., "Information leakage caused by hidden data in published documents," IEEE Security Privacy vol. 2, no. 2, pp. 23-27, Mar. 2004.   DOI
6 http://www.yonhapnews.co.kr/bulletin/2015/03/02/0200000000AKR20150302142100009.HTML
7 T. Ngo, "Office Open XML Overview," EC MA TC45 white paper, online at http://www.ecma-international.org/news/TC45_current_work/OpenXML%20White%20Paper.pdf, last accessed April. 2011.
8 Daniel Rentz, "Microsoft Compound Document- File Format", http://www.openoffice.org/sc/compdocfileformat.pdf
9 http://www.hancom.com/forMatQna.boardIntro.do
10 Jung Heum Park, Bora Park, Sangjin Lee, Seokhie Hong, and Jong Hyuk Park, "Extraction of Residual Information in the Microsoft PowerPoint file from the Viewpoint of Digital Forensics considering PerCom Environment," The 2nd International Workshop on Web and Pervasive Security, IEEE, pp.584-589, Mar. 2008.
11 A. Castiglione, De Santis, and C. Soriente, "Taking advantages of a disadvantage : Digital forensics and steganography using document metadata," The Journal of Systems and software, vol 80, Issue 5, pp.750-764, May. 2007.   DOI
12 Hyukdon Kwon, Yeog Kim, Sangin Lee, and Jongin Lim, "A Tool for the Detection of Hidden Data in Microsoft Compound Document File Format," International Conference on Information Science and Security ICISS, p.141-146, Jan. 2008.
13 http://www.payneconsulting.com/products.
14 http://peccatte.karefil.com/software/Catalogue.
15 http://www.workshare.com
16 W. Bender, D. Gruhl, N. Morimoto, and A. Lu, "Techniques for datahiding?," IBM Syst. J., vol. 35, no. 3.4, pp. 313-336, Apr. 1996.   DOI
17 G. Sui and H. Luo, "A new steganography method based on hypertext?," in Proc. Radio Science Conf. pp. 181-184. Aug. 2004.