research-article

Exploiting minification for data hiding purposes

Authors:

Wojciech MazurczykAuthors Info & Claims

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Article No.: 72, Pages 1 - 9

https://doi.org/10.1145/3407023.3409209

Published: 25 August 2020 Publication History

Abstract

Nowadays various types of data hiding techniques are used to conceal data in different types of digital content, e.g. image, video, audio, text, or even network traffic. Such methods can be utilized for nefarious purposes, for instance, for confidential data exfiltration, enabling secret communication between the infected host and attacker's server or to download additional modules of malware. From this perspective, analyzing different schemes of data hiding allows to assess the preparedness of the current defensive systems. Minification is the process of the source code manipulation while preserving its functionality. In result, the size of the source code is reduced making the transmission more efficient. In this paper we investigate whether minification of JavaScript files can be exploited for data hiding purposes. The obtained results prove that this is feasible and thus countermeasures must be adjusted to take into account such threats.

References

[1]

Sergey Bereg, Avi Levy, and I. Hal Sudborough. 2018. Constructing Permutation Arrays from Groups. Des. Codes Cryptography 86, 5 (May 2018), 1095--1111.

Digital Library

[2]

Sergey Bereg, Zevi Miller, Luis Gerardo Mojica, Linda Morales, and Ivan Hal Sudborough. 2018. Maximizing Hamming Distance in Contraction of Permutation Arrays. arXiv preprint arXiv.1804.03768 (2018).

[3]

Erik Brown, Bo Yuan, Daryl Johnson, and Peter Lutz. 2010. Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks. Rochester Institute of Technology Technical Report (2010).

[4]

K. Cabaj, L. Caviglione, W. Mazurczyk, S. Wendzel, A. Woodward, and S. Zander. 2018. The New Threats of Information Hiding: The Road Ahead. IT Professional 20, 3 (2018), 31--39.

Digital Library

[5]

L. Caviglione, M. Podolski, W. Mazurczyk, and M. Ianigro. 2017. Covert Channels in Personal Cloud Storage Services: The Case of Dropbox. IEEE Transactions on Industrial Informatics 13, 4 (2017), 1921--1931.

[6]

Wensong Chu, Charles J. Colbourn, and Peter Dukes. 2004. Constructions for Permutation Codes in Powerline Communications. Des. Codes Cryptography 32, 1-3 (May 2004), 51--64.

Digital Library

[7]

Biljana Dimitrova and Aleksandra Mileva. 2017. Steganography of Hypertext Transfer Protocol Version 2 (HTTP/2). Journal of Computer and Communications 5 (2017), 98--111.

[8]

Alex Dyatlov and Simon Castro. 2003. Exploitation of Data Streams Authorized by a Network Access Control System for Arbitrary Data Transfers: Tunneling and Covert Channels over the HTTP Protocol. Gray-World (2003).

[9]

A. El-Atawy, Q. Duan, and E. Al-Shaer. 2017. A Novel Class of Robust Covert Channels Using Out-of-Order Packets. IEEE Transactions on Dependable and Secure Computing 14, 2 (2017), 116--129.

Digital Library

[10]

K. Forest and S. Knight. 2009. Permutation-based steganographic channels. In 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009). 67--73.

[11]

Jessica Fridrich. 2009. Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press.

[12]

D. Mitropoulos, P. Louridas, V. Salis, and D. Spinellis. 2019. Time Present and Time Past: Analyzing the Evolution of JavaScript Code in the Wild. In 2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR). 126--137.

[13]

Sabine Schmidt, Wojciech Mazurczyk, Radoslaw Kulesza, Jörg Keller, and Luca Caviglione. 2018. Exploiting IP telephony with silence suppression for hidden data transfers. Computers & Security 79 (2018), 17--32.

[14]

Robert Sedgewick. 1977. Permutation Generation Methods. ACM Comput. Surv. 9, 2 (June 1977), 137--164.

Digital Library

[15]

Philippe Skolka, Cristian-Alexandru Staicu, and Michael Pradel. 2019. Anything to hide? Studying minified and obfuscated code in the web. In The World Wide Web Conference. 1735--1746.

Digital Library

[16]

Derek H Smith and Roberto Montemanni. 2012. A new table of permutation codes. Designs, Codes and Cryptography 63, 2 (2012), 241--253.

Digital Library

[17]

A. Velinov, A. Mileva, S. Wendzel, and W. Mazurczyk. 2019. Covert Channels in the MQTT-Based Internet of Things. IEEE Access 7 (2019), 161899--161915.

Cited By

Lima SMorla RRoutar JAl Hasan MXiong L(2022)JavaScript&Me, A Tool to Support Research into Code Transformation and Browser SecurityProceedings of the 31st ACM International Conference on Information & Knowledge Management10.1145/3511808.3557620(4224-4228)Online publication date: 17-Oct-2022
https://dl.acm.org/doi/10.1145/3511808.3557620
Mundt MBaier H(2022)Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK FrameworkDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_9(139-158)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_9
Rajba PMazurczyk W(2021)Data Hiding Using Code ObfuscationProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470086(1-10)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470086
Show More Cited By

Index Terms

Exploiting minification for data hiding purposes
1. Security and privacy

Recommendations

Data Hiding Using Code Obfuscation
ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Digital transformation of many companies and government administrations, now accelerated by the pandemic, provides cybercriminals an increased opportunity of incorporating various types of information hiding techniques into the malicious software and by ...
An adaptive steganographic method based on the measurement of just noticeable distortion profile

This paper presents an adaptive steganographic method based on just noticeable distortion (JND) profile measurement. According to the input requirements, our method can produce a higher quality or higher embedding capacity stego-image. In the embedding ...
Reversible data hiding scheme based on dual stegano-images using orientation combinations

This work presents a novel reversible data hiding scheme based on combinations of pixel orientations located at two steganographic images to enhance embedding capacity and preserve good visual quality. Before secret data are embedded, the proposed ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

August 2020

1073 pages

ISBN:9781450388337

DOI:10.1145/3407023

Program Chairs:
Melanie Volkamer
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)
,
Christian Wressnegger
Karlsruhe Institute of Technologie (KIT), Competence Center for Applied Security Technology (KASTEL)

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ARES 2020

ARES 2020: The 15th International Conference on Availability, Reliability and Security

August 25 - 28, 2020

Virtual Event, Ireland

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
58
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lima SMorla RRoutar JAl Hasan MXiong L(2022)JavaScript&Me, A Tool to Support Research into Code Transformation and Browser SecurityProceedings of the 31st ACM International Conference on Information & Knowledge Management10.1145/3511808.3557620(4224-4228)Online publication date: 17-Oct-2022
https://dl.acm.org/doi/10.1145/3511808.3557620
Mundt MBaier H(2022)Towards Mitigation of Data Exfiltration Techniques Using the MITRE ATT&CK FrameworkDigital Forensics and Cyber Crime10.1007/978-3-031-06365-7_9(139-158)Online publication date: 4-Jun-2022
https://doi.org/10.1007/978-3-031-06365-7_9
Rajba PMazurczyk W(2021)Data Hiding Using Code ObfuscationProceedings of the 16th International Conference on Availability, Reliability and Security10.1145/3465481.3470086(1-10)Online publication date: 17-Aug-2021
https://dl.acm.org/doi/10.1145/3465481.3470086
Rajba PMazurczyk W(2021)Information Hiding Using MinificationIEEE Access10.1109/ACCESS.2021.30771979(66436-66449)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3077197

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten