Conventional privacy-enforcement mechanisms, such as encryption-based ones, are frequently used to prevent third-party eavesdroppers to intercept confidential information exchanged between two or more parties. However, the use of such mechanisms can be perceivable and it alerts the involved intercepting entities that could devote some effort in trying to remove the protection, eg, by cracking the encryption keys used or by exploiting the vulnerabilities of the technological solution used to protect the data. Sometimes, from the security point of view, avoiding to draw the attention or suspect to intermediate intercepting entities, may be better than protecting a data in a conventional manner. In such direction, one of the most effective approaches is hiding the secret information to be exchanged inside other data, through steganographic techniques. In this work, we exploit, for this specific purpose, the hierarchical structure of a compressed archive, as well as the algorithms and parameters used to create and maintain such archive. It is important to point out that, by doing this, the secret information is in no way semantically related to the contents of the compressed archive. This can be extremely useful in many cloud-based situations where several confidential data is moved across multiple independent data center, which are under the control of different and not always fully trusted authorities. The effectiveness of this proposal has been assessed by using a properly designed and implemented prototype, where extensive tests have been performed within the context of a proof-of-concept.
Compression-based steganography
Carpentieri B.;Castiglione A.;De Santis A.;Palmieri F.;Pizzolante R.
2020-01-01
Abstract
Conventional privacy-enforcement mechanisms, such as encryption-based ones, are frequently used to prevent third-party eavesdroppers to intercept confidential information exchanged between two or more parties. However, the use of such mechanisms can be perceivable and it alerts the involved intercepting entities that could devote some effort in trying to remove the protection, eg, by cracking the encryption keys used or by exploiting the vulnerabilities of the technological solution used to protect the data. Sometimes, from the security point of view, avoiding to draw the attention or suspect to intermediate intercepting entities, may be better than protecting a data in a conventional manner. In such direction, one of the most effective approaches is hiding the secret information to be exchanged inside other data, through steganographic techniques. In this work, we exploit, for this specific purpose, the hierarchical structure of a compressed archive, as well as the algorithms and parameters used to create and maintain such archive. It is important to point out that, by doing this, the secret information is in no way semantically related to the contents of the compressed archive. This can be extremely useful in many cloud-based situations where several confidential data is moved across multiple independent data center, which are under the control of different and not always fully trusted authorities. The effectiveness of this proposal has been assessed by using a properly designed and implemented prototype, where extensive tests have been performed within the context of a proof-of-concept.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
