METHODS AND ALGORITHMS FOR PROTECTING FILE METADATA IN INFORMATION AND COMMUNICATION SYSTEMS
Keywords:
File metadata, Information security, Cryptographic algorithms, Information and communication systemsAbstract
File metadata is a critical component of modern information and communication systems, enabling efficient data management and interoperability. However, metadata often contains sensitive information that may cause confidentiality and privacy risks. Although content-level security has been widely studied, metadata protection remains insufficiently addressed. This paper proposes a cryptographic approach to file metadata protection based on structured metadata classification and selective encryption. Symmetric and asymmetric algorithms are applied to ensure confidentiality, integrity, and controlled access to sensitive metadata during storage and transmission. Experimental evaluation shows that the proposed methods provide strong security guarantees with minimal computational and storage overhead. Comparative results indicate that the proposed approach is more secure and reliable than traditional metadata removal and obfuscation techniques, demonstrating its applicability in electronic government and corporate information systems.
References
T. Gilliland, Introduction to Metadata, 3rd ed., Getty Research Institute, Los Angeles, CA, USA, 2016.
DCMI, “Dublin Core Metadata Element Set, Version 1.1,” Dublin Core Metadata Initiative, 2012.
Available: https://www.dublincore.org/specifications/dublin-core/dces/
W3C, “Extensible Markup Language (XML) 1.0 (Fifth Edition),” World Wide Web Consortium, 2008. Available: https://www.w3.org/TR/xml/
Adobe Systems Inc., “Adobe Extensible Metadata Platform (XMP) Specification,” Adobe, 2020. Available: https://www.adobe.com/devnet/xmp.html
S. L. Garfinkel, “Information leakage from documents and their metadata,” IEEE Security & Privacy, vol. 2, no. 3, pp. 38–46, 2004, doi: 10.1109/MSP.2004.1291311.
C. V. Wright, S. E. Coull, and F. Monrose, “Traffic analysis of encrypted messaging services,” Proceedings of the 23rd USENIX Security Symposium, pp. 363–379, 2014.
European Union, “Regulation (EU) 2016/679 (General Data Protection Regulation),” Official Journal of the European Union, L119, pp. 1–88, 2016.
ENISA, Privacy and Data Protection by Design – From Policy to Engineering, European Union Agency for Cybersecurity, 2015.
ISO/IEC 15489-1, Information and Documentation — Records Management — Part 1: Concepts and Principles, International Organization for Standardization, Geneva, 2016.
N. Provos and P. Honeyman, “Hide and seek: An introduction to steganography,” IEEE Security & Privacy, vol. 1, no. 3, pp. 32–44, 2003, doi: 10.1109/MSECP.2003.1203220.
W. Klas and M. Halshofer, “Metadata management and security in digital information systems,” International Journal on Digital Libraries, vol. 12, no. 2–3, pp. 69–90, 2011, doi: 10.1007/s00799-011-0073-6.
DCMI, “Dublin Core™ Metadata Element Set, Version 1.1,” Dublin Core Metadata Initiative, 2012.Available: https://www.dublincore.org/specifications/dublin-core/dces/
W3C, “Extensible Markup Language (XML) 1.0 (Fifth Edition),” World Wide Web Consortium, 2008. Available: https://www.w3.org/TR/xml/
Adobe Systems Incorporated, “Adobe Extensible Metadata Platform (XMP),” Adobe Developer Documentation, 2020. Available: https://www.adobe.com/devnet/xmp.html
Adobe Systems Incorporated, XMP Specification Part 1: Data Model, Serialization, and Core Properties, Adobe, 2020. Available: https://www.adobe.com/content/dam/acom/en/devnet/xmp/pdfs/XMP_Specification_Part1.pdf
S. L. Garfinkel, “Information leakage caused by hidden data in published documents,” Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES), pp. 1–10, 2003.
C. V. Wright, S. E. Coull, F. Monrose, and M. K. Reiter, “A cryptographic airbag for metadata: Protecting business records against unwarranted seizure,” Proceedings of the 8th USENIX Workshop on Free and Open Communications on the Internet (FOCI), USENIX Association, 2018.
European Union, “Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation),” Official Journal of the European Union, L119, pp. 1–88, 2016. Available: https://eur-lex.europa.eu/eli/reg/2016/679/oj
F. Temmermans, J. Ascenso, and T. Ebrahimi, “The JPEG privacy and security framework,” EURASIP Journal on Image and Video Processing, vol. 2017, no. 1, pp. 1–18, 2017.
JPEG Committee (ISO/IEC JTC 1/SC 29/WG 1), “JPEG Systems: Privacy and Security—JUMBF Ecosystem Overview,” ISO/IEC Technical Report, 2020.
Coalition for Content Provenance and Authenticity (C2PA), C2PA Technical Specification, Version 1.3, 2023. Available: https://c2pa.org/specifications/
N. Fotos, Specification and Implementation of Metadata for Secure Multimedia Content, Master’s Thesis, National Technical University of Athens, 2019.
Microsoft Corporation, “Remove hidden data and personal information by inspecting documents,” Microsoft Support Documentation, 2022. Available: https://support.microsoft.com/
T. Petit et al., “MAT2 – Metadata Anonymisation Toolkit,” GitHub Repository, 2023. Available: https://github.com/tpet/mat2
P. Harvey, ExifTool User Guide, Version 12.x, 2023. Available: https://exiftool.org/
N. Kagalovsky, “Metadata in Information Systems: Concepts, Structure, and Applications,” Programming and Computer Software, vol. 43, no. 1, pp. 1–9, 017.
M. Halshofer and W. Klas, “A Survey of Metadata Systems and Their Security Challenges,” International Journal on Digital Libraries, vol. 12, no. 2–3, pp. 69–90, 2011.
