A NON-ALGORITHMIC FILE-TYPE INDEPENDENT METHOD FOR HIDING PERSISTENT DATA IN FILES.

Digital content is most often stored in files, which may be thought of as structured containers for data. This structure facilitates the processing and rendering of the data for human or machine consumption, and also enables the storage of metadata related to the stored content. A side effect of this structured container approach is that the stored file contains more information, sometimes much more, than the actual data that is rendered or available to the receiving human or machine. Additionally, these structures have gaps and other areas where additional data may be stored, unknown to the file owner or subsequent processor. In this paper we propose and test a nonalgorithmic and file-type independent approach for hiding persistent and stealthy data in files. This approach may be used to surreptitiously tag files for attribution or tracing purposes, as well as to search for data hidden in existing files. Our approach is not algorithmic like steganography and cryptography. Rather, we take a black box approach to find candidate hiding locations, then we test each of these locations for file integrity and persistence. For our tests, we hid data in MS Word documents using the Office Open Extensible Markup Language (OOXML) format, although our work easily generalizes to other formats. We found multiple locations which allowed for the persistent and benign storage of additional data under various usage scenarios. The main contributions of this paper are: a methodology for identifying conditions favorable for hiding benign and persistent data in arbitrary file types, a methodology for testing these conditions, and empirical results using OOXML formatted files. [ABSTRACT FROM AUTHOR]