Communications of the ACM
Information Hiding: Challenges For Forensic Experts
Credit: Andrij Borys Associates / Shutterstock
Information hiding is a research domain that covers a wide spectrum of methods that are used to make (secret) data difficult to notice. Due to improvements in network defenses such techniques are recently gaining an increasing attention from actors like cybercriminals, terrorist and state-sponsored groups as they allow to store data or to cloak communication in a way that is not easily discoverble.22 There are several real-world cases that reached the attention of the public media, including the following:23,38
- the arrest of one of al Qaeda's members in Berlin with video files containing hidden information on ongoing and future terrorists' operations (2012),a
- the exfiltration of confidential data from the U.S. to Moscow by Russian spies (2010),b
- the transfer of child pornographic material by a group of pedophiles called "Shadowz Brotherhood" (2002),c and
- the planning of a terrorist attack after the September 11, 2001 attacks. A number of articles suggested that al Qaeda members used steganography to coordinate their actions (2001).d
Key Insights
In these cases, information-hiding techniques were used to hide the confidential or illegal data into innocent-looking material, for example, digital pictures.
Comments
Xianfeng Zhao
Whereas steganalysis, the technology for detecting information hiding, has been more and more widely researched and developed, this article, however, points out that information hiding is still a challenge for forensic experts. In my view, the viewpoint of the authors is right absolutely. In research, we focus on the scenarios or model in which a steganographer and a steganalyst can compete. For example, one often assumes that the former has some a priori knowledge on the latters method and parameters so that he can build a correct way in detection. Even though such a detection can verify the security of steganography better, in real-world, it is hard to correctly decide such knowledge for doing proper detection. Generally, a steganalytic system must face thousands of steganographic ways and thousands of media setting and format concurrently. Count the number of combinations! Moreover, in many cases one or several alarms provide insufficient proof for detecting a steganographer.
I am very pleased to see that CUIng Initiative is solving the problem as an international organization. And in the paper, the big difficulty of such task, which is often neglected by many sponsors and investors, is fully addressed. I hope that the organization can raise enough fund for launching an open project, in which the algorithmic interfaces are open and every people in the world can submit his or her detection module for analyzing a kind of steganography. We are doing such work in China, and we are seriously thinking about the cooperation with CUIng Initiative.
Displaying 1 comment