Hiding Information into OOXML Documents: New
Steganographic Perspectives
Aniello Castiglione1+, Bonaventura D'Alessio1,
Alfredo De Santis1, and Francesco Palmieri2
1Dipartimento di
Informatica
University of Salerno
Salerno, Italy
{castiglione,bdalessio,ads}@dia.unisa.it
2Dipartimento di
Ingegneria dell'Informazione
Second University of Naples
Aversa (CE), Italy
francesco.palmieri@unina.it
Abstract
The simplest container of digital information is "the
file" and among the vast array of files currently
available, MS-Office files are probably the most widely
used. The "Microsoft Compound Document
File Format" (MCDFF) has often been used to host secret
information. The new format created
by Microsoft, first used with MS-Office 2007, makes use
of a new standard, the "Office Open
XML Formats" (OOXML). The benefits include that the new
format introduces the OOXML format,
which lowers the risk of information leakage, as well as
the use of MS-Office files as containers for
steganography.
In this work the authors, starting from the
classification of information hiding adapted from Bauer,
analyze four new methods for embedding data into the
OOXML file format. These methods can
be extremely useful when using MS-Office documents for
steganographic purposes. The authors,
analyzing a scenario composed of about 50.000 MS-Office
files, highlight how the proposed methods
are really helpful in real applications. An evaluation of
the limits of the proposed methods is carried
out by comparing them against the tool introduced by
Microsoft to sanitize MS-Office files. The
methods presented can be combined in order to extend the
amount of data to be hidden in a single
cover file.
Keywords:
Steganography, OOXML format, stegosystem, document steganography, microsoft
office
document,
information hiding.
+Corresponding author: Aniello Castiglione,
B Dipartimento di Informatica - Università degli Studi di Salerno, Via Ponte
don Melillo, I-84084 Fisciano (SA), Italy.
Tel: +39089969594, Email: castiglione@ieee.org, castiglione@acm.org
Journal of Wireless Mobile Networks,
Ubiquitous Computing, and Dependable Applications (JoWUA),
Vol. 2, No. 4, pp. 59-83, December 2011
[pdf]