Abstract
Information hiding techniques have been recently getting increased attention from the security community. This is because attackers often apply a variety of data hiding methods to exfiltrate confidential information, enable covert transfers between the compromised victim's machine and an attacker-operated infrastructure, or stealthily transmit additional malicious tools. Furthermore, such data concealment can be realized using different types of carriers, for instance, digital images, video, audio, text, or network traffic. Therefore, by carefully inspecting various data hiding methods, it is possible to assess the implications that such threats cause and to evaluate the preparedness of the existing defensive solutions. Minification is a popular mean for source code size reduction while preserving its complete functionality. In effect, the data transfer can be realized in a more efficient manner. Considering the above, in this paper, we systematically evaluate if the minification process can be effectively used for secret data transfer. The performed extensive experimental evaluation and obtained results indicate that the threat is real, thus countermeasures need to be adjusted accordingly.
Highlights
Information hiding techniques are currently being increasingly utilized by cyber criminals and, as a consequence, they are drawing the attention of security professionals, too [6]
Data hiding embraces a broad spectrum of methods starting from cloaking bits within digital media content [14] or file systems [22] to less evident utilization, for instance, when the network traffic from services like IP telephony [26], cloud storage [7], or from networking environments like Internet of Things [29] and Industrial Control Systems [15] is used for this purpose
In information hiding, there is a standard set of properties which constitutes a baseline for the method assessment: robustness, stealthiness, and data hiding capacity
Summary
Information hiding techniques are currently being increasingly utilized by cyber criminals and, as a consequence, they are drawing the attention of security professionals, too [6] Such methods are gaining popularity among attackers as they want to remain undetected by defensive systems for as long as possible. Minification (a.k.a. minimization) is nowadays one of the most important techniques used to perform web content optimization with the aim to decrease the websites’ size while in transit It is accomplished by eliminating redundancy in the source code of interpreted markup or programming languages. That is why this research is devoted to determine whether minification of JavaScript files can be exploited to covertly transfer secrets between a web server and a web client In our opinion, such a study is required because, as presented in [20], each day the volume of the JavaScript code transferred from Alexa’s Top 10,000 websites is ca.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
