Periodic Reporting for period 1 - UNCOVER (Development of an efficient steganalysis framework for uncovering hidden data in digital media.)
Berichtszeitraum: 2021-05-01 bis 2022-10-31
Criminals and terrorists use more and more data hiding methods (steganography) for concealing incriminating information in innocent-looking digital media files such as images, video, audio, and text files. To carry out a full investigation into criminal and terrorist activities, Law Enforcement Agencies (LEAs) currently use available (commercial) tools to detect such hidden information in collected digital data. However, these tools detect only a limited number of hiding methods, are slow, and offer no indication of confidence. Moreover, many commercial tools lag a decade behind the scientific state-of-the-art.
Driven by the needs of end-users, UNCOVER's main objective is to fill existing gaps in the ability of LEAs for detecting the presence of hidden information (i.e. steganalysis). Within UNCOVER, the partners are committed to push forward steganalysis research and to substantially increase the technological autonomy of LEAs in the field of digital media steganalysis. The developed detection and investigation tools will be integrated into a flexible and user-friendly platform.
End-users play a key role throughout the project cycle and regular feedback cycles with LEAs, forensics institutes and external stakeholders will ensure that the developed solutions can be integrated into the daily criminal investigation pipeline of LEAs. With its consortium of 22 partners including LEAs, forensic institutes, leading researchers working at universities and research institutions, as well as industrial companies, UNCOVER sets out to outperform available steganalysis solutions in terms of performance, usability, operational needs, privacy protection, and chain-of-custody considerations.
Project Objectives
UNCOVER partners aim to join forces to achieve the following objectives:
1. Advance the scientific state-of-the-art in steganalysis, bridging across the various technical areas of expertise involved.
2. Develop, test and evaluate solutions for real-life LEA problems, based on their end-user requirements and expectations.
3. Analyse and implement proper solutions for any relevant security, ethical, legal and privacy related concerns.
4. Develop and implement interdisciplinary technical capabilities, capacity and community building.
5. Engage and collaborate with any other relevant ongoing projects and initiatives.
Driven by the needs of end-users, UNCOVER's main objective is to fill existing gaps in the ability of LEAs for detecting the presence of hidden information (i.e. steganalysis). Within UNCOVER, the partners are committed to push forward steganalysis research and to substantially increase the technological autonomy of LEAs in the field of digital media steganalysis. The developed detection and investigation tools will be integrated into a flexible and user-friendly platform.
End-users play a key role throughout the project cycle and regular feedback cycles with LEAs, forensics institutes and external stakeholders will ensure that the developed solutions can be integrated into the daily criminal investigation pipeline of LEAs. With its consortium of 22 partners including LEAs, forensic institutes, leading researchers working at universities and research institutions, as well as industrial companies, UNCOVER sets out to outperform available steganalysis solutions in terms of performance, usability, operational needs, privacy protection, and chain-of-custody considerations.
Project Objectives
UNCOVER partners aim to join forces to achieve the following objectives:
1. Advance the scientific state-of-the-art in steganalysis, bridging across the various technical areas of expertise involved.
2. Develop, test and evaluate solutions for real-life LEA problems, based on their end-user requirements and expectations.
3. Analyse and implement proper solutions for any relevant security, ethical, legal and privacy related concerns.
4. Develop and implement interdisciplinary technical capabilities, capacity and community building.
5. Engage and collaborate with any other relevant ongoing projects and initiatives.
Management
Beside the coordination tasks, we produced several guides on Security, Data management, etc. and impact assessments on personal data and ethical, social and legal issues.
User requirements and system design
In-depth discussions and analysis resulted in a list of LEAs User Requirement (URs). The theoretical framework to implement CoC and auditing methods was proposed.
The high-level design for the platform was developed, based on tool categorization and micro-service tool isolation.
Collecting and characterising steganographic tools
We created the largest collection of stego tools and defined the research methodologies.
A strategy to develop new methods for automatic detection and analysis of stego tools was developed.
Extraction and generation of information dedicated to aiding steganalysis
We developed tools for the retrieval of information: 1) identify and design relevant tools and approaches for stego-pair search; 2) develop a methodology that will lead to the identification of traces left by stego tools; 3) construct a dataset to train and evaluate tools.
Development of an operational steganalysis toolbox
We developed steganalysis methods that can be directly used by LEAs or be the next building blocks of operational steganalysis over 5 years.
The CSM problem was dealt with to point out the different processes that create it and to work on methods to mitigate it.
Several detectors have provided efficient ways to handle small false positive rates.
Platform development and tools integration
We designed the system platform and included the deployment and the computing requirements.
The microservice-based architecture of the platform was presented to the partners for feedback.
The main modules and the proposed interfaces of the platform were also presented in a demo.
Validation, Testing and Evaluation
We created the list of test cases and scenarios, and reached a consensus on the methodology and test sets to apply for the evaluation of individual tools and the platform.
Dissemination, Exploitation and Training
We set up and used different channels and project identity kits to communicate to diverse audiences.
Academics research results were presented at conferences and published.
We drafted an individual and consortium-wide exploitation plans.
Beside the coordination tasks, we produced several guides on Security, Data management, etc. and impact assessments on personal data and ethical, social and legal issues.
User requirements and system design
In-depth discussions and analysis resulted in a list of LEAs User Requirement (URs). The theoretical framework to implement CoC and auditing methods was proposed.
The high-level design for the platform was developed, based on tool categorization and micro-service tool isolation.
Collecting and characterising steganographic tools
We created the largest collection of stego tools and defined the research methodologies.
A strategy to develop new methods for automatic detection and analysis of stego tools was developed.
Extraction and generation of information dedicated to aiding steganalysis
We developed tools for the retrieval of information: 1) identify and design relevant tools and approaches for stego-pair search; 2) develop a methodology that will lead to the identification of traces left by stego tools; 3) construct a dataset to train and evaluate tools.
Development of an operational steganalysis toolbox
We developed steganalysis methods that can be directly used by LEAs or be the next building blocks of operational steganalysis over 5 years.
The CSM problem was dealt with to point out the different processes that create it and to work on methods to mitigate it.
Several detectors have provided efficient ways to handle small false positive rates.
Platform development and tools integration
We designed the system platform and included the deployment and the computing requirements.
The microservice-based architecture of the platform was presented to the partners for feedback.
The main modules and the proposed interfaces of the platform were also presented in a demo.
Validation, Testing and Evaluation
We created the list of test cases and scenarios, and reached a consensus on the methodology and test sets to apply for the evaluation of individual tools and the platform.
Dissemination, Exploitation and Training
We set up and used different channels and project identity kits to communicate to diverse audiences.
Academics research results were presented at conferences and published.
We drafted an individual and consortium-wide exploitation plans.
Progress
The UNCOVER platform is (assumedly) the first cloud-native framework able to operate a workflow of steganalysis tools and has contributed to the creation of the largest collection of steganographic software.
The retrieval of forensic information, the search of media pairs, the finding of traces left in the host system and the construction of databases will improve the performance in steganalysis.
The information gathered in the analysis of stego tools contributes to the development of forensic detectors and pre-processors, improving the LEAs’ capability to detect steganography in real cases in the future.
We will provide ready-to-use images of existing stego tools usable without installation and resolving dependencies. The evaluations criteria set ensure it will be forensically usable.
The work performed: 1) helped to advance LEAs’ understanding of the steganalysis limitations they currently experience; 2) raised awareness to the need to create ethics, legal, and privacy related requirements and practices, and the benefits of an “automated all digital” Chain of Custody.
Results
We will deliver a fully functional platform for the partners to operate in a scalable way.
The central database will be updated with new stego tools and we expect to deliver more detectors and forensic information retrieval tools to improve the ones already available.
The evaluation set and methodology partners will be distributed to all LEAs partners. This will be used to evaluate all detection tools within the project.
We aim to achieve a single uniform CoC framework which will allow working with both a platform driven steganalysis approach as well as command line driven toolsets.
We will build up a broader network within the steganalysis community and the LEAs to promote the developed steganalysis tools: 1) a steganalysis contest will happen; 2) Training material will be developed and presented in dedicated webinars and workshop; 3) active collaboration with other EU-funded projects working with LEAs was established and will result in collaborative actions.
Impacts
The development of steganalysis methods which are close to an operational context will contribute to increase European sovereignty in steganalysis.
Some of the developed tools can also be applied in other scenarios and solutions, strengthening companies’ knowledge and portfolio.
The information and capabilities gathered will be used to develop specific steganalysis tools, which will increase European LEAs' capabilities to detect steganography and prevent/reduce criminal and terrorist threats.
The results of the CoC task may help create and promote a secure, tamper-resistant and court-proof digital evidence processing framework that can be trusted and relied upon by any party participating in the overall judicial process.
The UNCOVER platform is (assumedly) the first cloud-native framework able to operate a workflow of steganalysis tools and has contributed to the creation of the largest collection of steganographic software.
The retrieval of forensic information, the search of media pairs, the finding of traces left in the host system and the construction of databases will improve the performance in steganalysis.
The information gathered in the analysis of stego tools contributes to the development of forensic detectors and pre-processors, improving the LEAs’ capability to detect steganography in real cases in the future.
We will provide ready-to-use images of existing stego tools usable without installation and resolving dependencies. The evaluations criteria set ensure it will be forensically usable.
The work performed: 1) helped to advance LEAs’ understanding of the steganalysis limitations they currently experience; 2) raised awareness to the need to create ethics, legal, and privacy related requirements and practices, and the benefits of an “automated all digital” Chain of Custody.
Results
We will deliver a fully functional platform for the partners to operate in a scalable way.
The central database will be updated with new stego tools and we expect to deliver more detectors and forensic information retrieval tools to improve the ones already available.
The evaluation set and methodology partners will be distributed to all LEAs partners. This will be used to evaluate all detection tools within the project.
We aim to achieve a single uniform CoC framework which will allow working with both a platform driven steganalysis approach as well as command line driven toolsets.
We will build up a broader network within the steganalysis community and the LEAs to promote the developed steganalysis tools: 1) a steganalysis contest will happen; 2) Training material will be developed and presented in dedicated webinars and workshop; 3) active collaboration with other EU-funded projects working with LEAs was established and will result in collaborative actions.
Impacts
The development of steganalysis methods which are close to an operational context will contribute to increase European sovereignty in steganalysis.
Some of the developed tools can also be applied in other scenarios and solutions, strengthening companies’ knowledge and portfolio.
The information and capabilities gathered will be used to develop specific steganalysis tools, which will increase European LEAs' capabilities to detect steganography and prevent/reduce criminal and terrorist threats.
The results of the CoC task may help create and promote a secure, tamper-resistant and court-proof digital evidence processing framework that can be trusted and relied upon by any party participating in the overall judicial process.