A Crypto-Steganography Approach for Hiding Ransomware within HEVC Streams in Android IoT Devices

Iman Almomani; Aala Alkhayer; Walid El-Shafai

doi:10.3390/s22062281

A Crypto-Steganography Approach for Hiding Ransomware within HEVC Streams in Android IoT Devices

Sensors (Basel). 2022 Mar 16;22(6):2281. doi: 10.3390/s22062281.

Authors

Iman Almomani^{1

2}, Aala Alkhayer¹, Walid El-Shafai^{1

3}

Affiliations

¹ Security Engineering Lab, Computer Science Department, Prince Sultan University, Riyadh 11586, Saudi Arabia.
² Computer Science Department, King Abdullah II School of Information Technology, The University of Jordan, Amman 11942, Jordan.
³ Department of Electronics and Electrical Communications Engineering, Faculty of Electronic Engineering, Menoufia University, Menouf 32952, Egypt.

Abstract

Steganography is a vital security approach that hides any secret content within ordinary data, such as multimedia. This hiding aims to achieve the confidentiality of the IoT secret data; whether it is benign or malicious (e.g., ransomware) and for defensive or offensive purposes. This paper introduces a hybrid crypto-steganography approach for ransomware hiding within high-resolution video frames. This proposed approach is based on hybridizing an AES (advanced encryption standard) algorithm and LSB (least significant bit) steganography process. Initially, AES encrypts the secret Android ransomware data, and then LSB embeds it based on random selection criteria for the cover video pixels. This research examined broad objective and subjective quality assessment metrics to evaluate the performance of the proposed hybrid approach. We used different sizes of ransomware samples and different resolutions of HEVC (high-efficiency video coding) frames to conduct simulation experiments and comparison studies. The assessment results prove the superior efficiency of the introduced hybrid crypto-steganography approach compared to other existing steganography approaches in terms of (a) achieving the integrity of the secret ransomware data, (b) ensuring higher imperceptibility of stego video frames, (3) introducing a multi-level security approach using the AES encryption in addition to the LSB steganography, (4) performing randomness embedding based on RPS (random pixel selection) for concealing secret ransomware bits, (5) succeeding in fully extracting the ransomware data at the receiver side, (6) obtaining strong subjective and objective qualities for all tested evaluation metrics, (7) embedding different sizes of secret data at the same time within the video frame, and finally (8) passing the security scanning tests of 70 antivirus engines without detecting the existence of the embedded ransomware.

Keywords: AES; HEVC; IoT; LSB; antivirus; confidentiality and integrity; embedding; encryption; multi-level security; multimedia steganography; quality assessment; ransomware hiding.

Grants and funding

SEED-CCIS-2021-84/Prince Sultan University