Open Access Open Access  Restricted Access Subscription Access

Vulnerability Exploitations Using Steganography in PDF Files


Affiliations
1 Intelligent Systems Research Center, London Metropolitan University, United Kingdom
 

This article analyses the ways malicious executable files hides with Steganography on the most used files of our daily basis such as PDF, Word, Text, and Image. It demonstrates how data is hidden and gathers innovative ways of identifying potential attacks to prevent them by engaging the safety and exploitation of files distributed online. It is concerned with infected files that can have malicious executable applications embedded, executing itself upon the opening of the original file. Several experiments are detailed exploiting gaps in PDF, email and image files in order to draw awareness to security professionals and Ethical hackers’ trainees.

Keywords

Digital Attacks, Email Security, Ethical Hacking, PDF Security, Steganography.
User
Notifications
Font Size

  • Kessler, G. And Hosmer, C. (2011). Chapter 2 – An Overview of Steganography. Available: http://www.sciencedirect.com/science/article/pii/B9780123855107000023. Last accessed 16th Feb 2020.
  • Kawaguchi, E. (2015). Applications of Steganography. Available: http://datahide.org/BPCSe/applications-e.html. Last accessed 16th Feb 2020.
  • Kwon, T. (2011). Detecting and Analyzing Insecure Component Integration. Computer Science. 1 (1), p1-146.
  • Ahn, L. And Hopper, N. (2012). Public-Key Steganography.Computer Science Dep. 1 (1), p1-18.
  • Al-Ani, Z et al. (2010). Overview: Main Fundamentals for Steganography. Available: http://arxiv.org/ftp/arxiv/papers/1003/1003.4086.pdf. Last accessed 16th Feb 2020.
  • Judge, J. (2001). Steganography: Past, Present, Future. SANS Institute InfoSec Reading Room. 2001 (1.2f), 20.
  • Indika. (2011). Difference Between Cryptography and Steganography.Available: http://www.differencebetween.com/difference-between-cryptography-and-vs-steganography/. Last accessed 16th Feb 2020.
  • Wayner, P (2009). Disappearing Cryptography. Information Hiding and Watermarking. 3rd ed. Burlington: Elsevier. p337-353.
  • Camilleri, K. (2011). A Steganographic Framework: Information hiding in the Spatial Domain using Digital Images. Available: http://thesis.klauscamilleri.com/. Last accessed 16th Feb 2020.
  • Zaidoon, K. et al. (2010). Main Fundamentals for Steganography.Journal of Computing. 3 (3), p158-163.
  • Adobe (2006). PDF Reference, sixth edition. Available: http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/pdf_reference_1-7.pdf. Last accessed 16th Feb 2020.
  • Roebuck, K. (2012). Electronic Documents: High-impact Strategies - What to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors. London: Emereo Publishing. p60-76.
  • Fletcher, A. (2009). PHP: Sending Email (Text?HTML/Attachments). Available: http://webcheatsheet.com/php/send_email_texthtml_attachment.php. Last accessed 15th May 2015.
  • Adobe (2008). Document management – Portable document format- Part 1: PDF 1.7. California: Adobe Systems Incorporated. P45-62.
  • Stevens, D. (2011). Malicious PDF Documents Explained. Security & Privacy, IEEE. 9 (1), p80-82.
  • Adobe. (2014). PDF Reference and Adobe Extensions to the PDF Specification. Available: http://www.adobe.com/devnet/pdf/pdf_reference.html. Last accessed 16th Feb 2020.
  • Borders, K. (2013). Steganography in PDF Files. Available: http://stackoverflow.com/questions/16111471/steganography-in-pdf-files. Last accessed 16th Feb 2020.
  • Stolfo, S. et al. (2013). Research in Attacks, Intrusions, and Defenses. New York: Portland State University. p204-223.
  • Srndic, N. And Laskov, P. (2013). Detection of Malicious PDF Files Based on Hierarchical Document Structure. Internet Society. 1 (1), p1-18.
  • Lai, Yin. And Tsai, Wen. (2013). Covert Communication Via Pdf Files By New Data Hiding Techniques. National Chiao Tung University Journal. 1 (1), p1-6.
  • FreeMyPDF. (2015). Removing Passwords and Restrictions from PDF. Available: http://freemypdf.com/. Last accessed 16th Feb 2020.
  • W3C. (2012). PDF Techniques for WCAG 2.0. Available: http://www.w3.org/TR/WCAG20-TECHS/pdf.html. Last accessed 16th Feb 2020.
  • Jackson, J. et al. (2003). Blind Steganography Detection Using a Computational Immune System: A Work in Progress. International Journal of Digital Evidence. 4 (1), p1-19.
  • PDFlib. (2012). Extensible Metadata Platform (XMP). Available: http://www.pdflib.com/knowledge-base/xmp-metadata/. Last accessed 16th Feb 2020.
  • Richer, P. (2003). Steganalysis: Detecting hidden information with computer forensic analysis. SANS Institute InfoSec Reading Room. 1 (1.4b), p1-13.
  • Partington, T. (2007). Computer Forensics: Final Report. Software Engineering. 1 (1), p1-46
  • Wee, C. (2014). Analysis of hidden data in NTFS file system . Edith Cowan University Journal. 1 (1), p1-21.
  • Wikipedea. (2015). Steganography tools. Available: http://en.wikipedia.org/wiki/Steganography_tools. Last accessed 16th Feb 2020.
  • Rosenthol, L. (2001). Using XML and PDF Together, why do not necessarily have to choose. Available: http://www.planetpdf.com/planetpdf/pdfs/pdf2k/01W/rosenthol_xmlpdf.pdf. Last accessed 16th Feb 2020.
  • Walker, F. And Thoma, G. (2007). A SOAP-Based Tool for User Feedback and Analysis. National Library of Medicine. 1 (1), p1-10
  • Zhong, S. et al. (2007). Data Hiding in a Kind of PDF Texts for Secret Communication. International Journal of Network Security. 4 (1), p17-23.

Abstract Views: 362

PDF Views: 1




  • Vulnerability Exploitations Using Steganography in PDF Files

Abstract Views: 362  |  PDF Views: 1

Authors

Istteffanny Isloure Araujo
Intelligent Systems Research Center, London Metropolitan University, United Kingdom
Hassan Kazemian
Intelligent Systems Research Center, London Metropolitan University, United Kingdom

Abstract


This article analyses the ways malicious executable files hides with Steganography on the most used files of our daily basis such as PDF, Word, Text, and Image. It demonstrates how data is hidden and gathers innovative ways of identifying potential attacks to prevent them by engaging the safety and exploitation of files distributed online. It is concerned with infected files that can have malicious executable applications embedded, executing itself upon the opening of the original file. Several experiments are detailed exploiting gaps in PDF, email and image files in order to draw awareness to security professionals and Ethical hackers’ trainees.

Keywords


Digital Attacks, Email Security, Ethical Hacking, PDF Security, Steganography.

References





DOI: https://doi.org/10.22247/ijcna%2F2020%2F193270