05-02-2013, 12:32 PM
Information Hiding in SOAP Messages: A Steganographic Method for
Web Services
Information Hiding.pdf (Size: 1.16 MB / Downloads: 29)
Abstract
Digital steganography is the art and science of
hiding communications; a steganographic system
thus embeds secret data in public cover media so as
not to arouse an eavesdropper’s suspicion. Hence, it
is a kind of covert communication and information
security. There are still very limited methods of
steganography to be used with communication
protocols, which represent unconventional but
promising steganography mediums. In this paper, we
discuss and analyze a number of steganographic
studies in text, XML as well as SOAP messages.
Then, we propose a novel steganography method to
be used for SOAP messages within Web services
environments. The method is based on rearranging
the order of specific XML elements according to a
secret message. This method has a high
imperceptibility; it leaves almost no trail because of
using the communication protocol as a cover
medium, and since it keeps the structure and size of
the SOAP message intact. The method is empirically
validated using a feasible scenario so as to indicate
its utility and value.
Introduction
Secure and secret communication methods are
needed for transmitting messages over the Internet.
Cryptography scrambles the message so that it
cannot be understood. However, it makes the
message suspicious enough to attract eavesdropper’s
attention. Additionally, due to increasing of
computers capabilities and cipher texts availability,
cryptographic techniques could be vulnerable.
However, this vulnerability can be reduced
significantly using steganography, which is a method
of covert communication and information security.
Unlike encryption, steganography hides the even
existence of secret information rather than hiding its
meaning only. Thus, steganography is the art of
hiding secret messages within other innocuouslooking
cover files (i.e. images, audio, video, and
text files) so that it cannot be observed.
Consequently, steganography aims to hide the very
existence of communication by embedding messages
within other cover objects.
Related Work
There is a relatively small number of text
steganography studies in comparison to that of image
video, and audio based steganography. This might be
due to the lack of redundancy in text files [8].
Por and Delina [9] improved the open space
method proposed by [5]. Therefore, they proposed a
hybrid steganography method for text by combining
both inter-word spacing and inter-paragraph spacing
methods. Thus, whitespaces between words and
paragraphs in right-justification of text are used for
data hiding in order to increase the embedding
capacity. However, the cover text was dynamically
generated according to the size of the secret message.
Shirali-Shahreza [10] proposed a new
steganography method for texts. This method is
based on the different spelling of some words in
English between UK and US. For example, “centre”
has different terms in UK (centre) and US (center).
The model proposed in [11] defines a text
steganography method based on substituting the
words which have different terms in UK and US. For
example, (Gas) has different terms in UK (Petrol)
and US (Gas).
Information Hiding in SOAP Messages
The SOAP protocol is designed to enable the
exchange of structured information (i.e. SOAP
messages) over a variety of underlying protocols in
decentralized and distributed environments. This
lightweight protocol uses XML technologies to
define a messaging framework that is independent of
any specific programming languages or
implementation semantics [6].
A SOAP message is an XML document, which
consists mainly of “envelope, header, body and fault
elements, as shown in (Figure 1). The “Envelope” is
the root element that defines the XML document as a
SOAP message. Also, it indicates the start and the
end of the message. Application specific information
(like security, reliability, etc) is usually defined
within the optional “Header” element. Additionally,
headers may contain commands to SOAP processors
either to understand these headers or to reject the
SOAP message. However, the actual data is defined
within the required “Body” element. Thus,
mandatory information that must be delivered to the
intended recipient should be included within the
body part of SOAP message. The optional “Fault”
element is used to identify error messages. If an error
occurs during SOAP processing, a SOAP fault
element will be emerge in the body of the message.
Then, the sender of the SOAP message will get the
fault response returned.
Conclusion
In this paper, we have provided a communication
protocol-based steganography method that
manipulates the SOAP protocol. This method
monitors a SOAP message just after its serialization
in the sender endpoint and before it is sent. It
analyzes the SOAP elements and embeds a secret
message accordingly by rearranging the order of the
contents and attributes of specific elements in a
SOAP message, where every permutation represents
a specific symbol according to a secret key shared
between the sender and the receiver. As a result, the
provided method has a high resistance against
detection since it uses the communication protocol as
a cover medium rather than the traditional digital
files. Furthermore, the stego SOAP message has the
same size of the original message. The method is
tested and validated using a feasible scenario so as to
demonstrate its utility and applicability.