• International journal of advanced smart convergence
• /
• v.12 no.1
• /
• pp.149-156
• /
• 2023

OOXML-based MS-Office digital files are extensively utilized by businesses and organizations worldwide. However, OOXML-based MS-Office digital files are vulnerable to forgery and corruption attack by including hidden suspicious information, which can lead to activating malware or shell code being hidden in the file. Such malicious code can cause a computer system to malfunction or become infected with ransomware. To prevent such attacks, it is necessary to analyze and detect the corruption of OOXML-based MS-Office files. In this paper, we examine the weaknesses of the existing OOXML-based MS-Office file structure and analyzes how concealment and forgery are performed on MS-Office digital files. As a result, we propose a system to detect hidden data effectively and proactively respond to ransomware attacks exploiting MS-Office security vulnerabilities. Proposed system is designed to provide reliable and efficient detection of hidden data in OOXML-based MS-Office files, which can help organizations protect against potential security threats.

• The KIPS Transactions:PartC
• /
• v.19C no.4
• /
• pp.215-224
• /
• 2012

Today, individuals and businesses are a lot of paperwork through a computer. So many documents files are creating to digital type. And the digital type files are copied, moved by various media such as USB, E-mail and so on. A careful analysis of these digital materials can be tracked that occurred during the document editing work history. About these research are on the compound document file format, but has not been studied about the new OOXML format that how to analyze linkages between different document files, tracking an internal order, finding unsaved file for identify the process of creating the file. Future, the use of OOXML format digital documents will further increase, these document work history traceability in digital forensic investigation would be a big help. Therefore, this paper on the new OOXML format(has a forensic viewpoint) will show you how to track the internal order and analyze linkages between the files.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.489-499
• /
• 2017

MS office is a office software which is widely used in the world. The OOXML format has been applied to the document structure from MS office 2007 to the newest version. In this regard, the method of data concealing, which is a representative anti-forensic act has been researched and developed, so the method of detecting concealed data is very important to the digital forensic investigation. In this paper, we present an improved data concealing method bypassing the previewers detecting methods for OOXML formatted MS office documents. In addition, we show concealment of the internal data like sheets and slides for MS office 2013 Excel and PowerPoint, and suggest an improved detecting algorithm against this data concealing.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.429-442
• /
• 2020

The proportion of attacks via office documents is increasing in recent incidents. Although the security of office applications has been strengthened gradually, the attacks through the office documents are still effective due to the sophisticated use of social engineering techniques and advanced attack techniques. In this paper, we propose a method for detecting malicious OOXML(Office Open XML) documents and a framework for detection. To do this, malicious files used in the attack and benign files were collected from the malicious code repository and the search engine. By analyzing the malicious code types of collected files, we identified six "suspicious object" elements that are meaningful in determining whether they are malicious in a document. In addition, we implemented an OOXML document-based malware detection framework based on the detection method to classify the collected files and found that 98.45% of malicious filesets were detected.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.193-206
• /
• 2024

In tandem with the advancements in the digital era, the significance of digital data has escalated, necessitating an increased focus on digital forensics investigations. However, the process of collecting and analyzing digital evidence faces significant challenges, such as the unidentifiability of damaged files due to issues like media corruption and anti-forensic techniques. Moreover, the technological limitations of existing tools hinder the recovery of damaged files, posing difficulties in the evidence collection process. This paper aims to propose solutions for the recovery of corrupted MS Office files commonly used in digital data creation. To achieve this, we analyze the structure of MS Office files in the OOXML format and present a novel approach to overcome the limitations of current recovery tools. Through these efforts, we aim to contribute to enhancing the quality of evidence collection in the field of digital forensics by efficiently recovering and identifying damaged data.

• Proceedings of the KAIS Fall Conference
• /
• 2009.05a
• /
• pp.469-472
• /
• 2009

본 논문에서는 권한이 없는 불법적인 이용자로부터의 전자문서 유출을 사전에 차단하기 위한 문서관리 시스템을 제안한다. 이를 위해 각 문서를 OOXML을 이용하여 페이지별로 분리하고 분리한 페이지에 대하여 각각의 대칭키로 암호화하여 저장한다. 암호화된 문서의 복호화를 위해 각각의 대칭키를 랜덤하게 생성한 OTP로 암호화하여 서버의 개인키로 전자서명 한 후 사용자의 공개키로 암호화하여 전송한다. 사용자는 자신의 개인키를 이용하여 대칭키를 획득하여 문서를 복호화하여 열람할 수 있다.

• Journal of Internet of Things and Convergence
• /
• v.9 no.6
• /
• pp.1-9
• /
• 2023

Malware files containing concealed malicious scripts have recently been identified within MS Office documents frequently. In response, this paper describes the design and implementation of a system that automatically detects malicious digital files using machine learning techniques. The system is proficient in identifying malicious scripts within MS Office files that exploit the OLE VBA macro functionality, detecting malicious scripts embedded within the CDH/LFH/ECDR internal field values through OOXML structure analysis, and recognizing abnormal CDH/LFH information introduced within the OOXML structure, which is not conventionally referenced. Furthermore, this paper presents a mechanism for utilizing the VirusTotal malicious script detection feature to autonomously determine instances of malicious tampering within MS Office files. This leads to the design and implementation of a machine learning-based integrated software. Experimental results confirm the software's capacity to autonomously assess MS Office file's integrity and provide enhanced detection performance for arbitrary MS Office files when employing the optimal machine learning model.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.26 no.6
• /
• pp.20-28
• /
• 2008

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.34 no.12B
• /
• pp.1407-1417
• /
• 2009

We propose a e-document management system that can provide segmented page information on a document according to different levels of authority from access control environment. The proposed system creates hierarchy identifier using a one-way hash chain and therefore does not need to own key information for all users as in existing system. Also by creating group keys by compounding hash chain hierarchy identifier with randomly formed group identifier, the system can flexibly respond to dynamic changes from group member movements while at the same time resolving the problems of key formation and management in document encoding technique using symmetric key for each page. Lastly as a result of comparative analysis through an experiment with existing e-document management systems, the proposed system showed superiority in the efficiency of encoding and decoding document and the speed of encoding and decoding by the pages.