Friday, May 13, 2011

Data Security

Hide Files Within Files for Better Data Security: Using Executable

Program Files to Hide Data With Steganography


A new approach to hiding data within executable computer program files could make it almost impossible to detect hidden documents, according to a report in the International Journal of Internet Technology and Secured Transactions.

Steganography is a form of security through obscurity in which information is hidden within an unusual medium. An artist might paint a coded message into a portrait, for instance, or an author embed words in the text. A traditional paper watermark is a well-known example of steganography in action. At first glance, there would appear to be nothing unusual about the work, but a recipient aware of the presence of the hidden message would be able to extract it easily. In the computer age, steganography has become more of a science than an art.

Those intent on hiding information from prying eyes can embed data in the many different file types that are ostensibly music files (mp3), images (jpeg), video (mpeg4) or word-processing documents. Unfortunately, there is a limit to how much hidden data can be embedded in such files without it becoming apparent that something is hidden because the file size increases beyond what one might expect to see for a common music or video file, for instance. A five minute music file in mp3 format and the widespread sampling rate of 128 kilobits per second, for instance, is expected to be about 5 megabytes in size. Much bigger and suspicions would be aroused as to the true nature of the file, examination with widely available mp3-tagging software would reveal something amiss with the file's contents. The same could be said for almost all other file types.

However, one group of files that vary enormously in size and are usually rather difficult to examine in detail because they comprise of compiled computer code are executable, or exe, files. These files tend to contain lots of what might be described as "junk data" of their own as well as internal programmer notes and identifiers, redundant sections of code and infuriatingly in some senses coding "bloat." All of this adds up to large and essentially random file sizes for exe files. As such, it might be possible to embed and hide large amounts of data in encoded form in an exe file without disrupting the file's ability to be executed, or run, as a program but crucially without anyone discovering that the exe file has a dual function.

Computer scientists Rajesh Kumar Tiwari of the GLNA Institute of Technology, in Mathura and G. Sahoo of the Birla Institute of Technology, in Mesra, Ranchi, India, have developed just such an algorithm for embedding hidden data in an executable file. They provide details in the International Journal of Internet Technology and Secured Transactions. The algorithm has been built into a program with graphical user interface that would take a conventional exe file and the data to be hidden as input and merge the two producing a viable exe file with a hidden payload. The technology could be used on smart phones, tablet PCs, portable media players and any other information device on which a user might wish to hide data.