Slashdot Mirror
New Tool Hides Data In Plain Sight On HDDs
Trailrunner7 writes "A group of researchers has developed a new application that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present. The new steganography system relies on the old principle of hiding valuables in plain sight. Developed by a group of academic researchers in the US and Pakistan, the system can be used to embed secret data in existing structures on a given HDD by taking advantage of the way file systems are designed and implemented. The software does this by breaking a file to be hidden into a number of fragments and placing the individual pieces in clusters scattered around the hard drive."
They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty. Sounds like a disaster to me, all you need to do is to use the disk, just defrag it and your hidden data is gone.
Yeah that was my thought too. Although you could consider defrag to be a secure destruct mechanism... ;)
Just because you're encoding the information in the fragmentation patterns of the underlying filesystem it doesn't mean you're not engaging in encryption. The encryption is the key input to the algorithm to identify how to turn that apparently random pattern back into plaintext - otherwise we'd be able to say, "OK, let's check he's not using this method," without any secrets.
tl;dr Steganography is useless without encryption.
Yeah that was my thought too. Although you could consider defrag to be a secure destruct mechanism... ;)
That's the beauty of this sort of thing. Not for storing your routine Porn^HDocuments, but for really sensitive stuff that can be destroyed quickly and 'innocently'.
"Well, sir, the computer was running a bit slow, so I defragged it yesterday. Is that a problem?"
Faster! Faster! Faster would be better!
I thought the same thing at first, but in all fairness 20 MB of critical data can go a long way.
Hiding stuff doesn't have to mean hiding video. A .pdf file can be all you want to hide in some cases, and you might want to do so without attracting attention with cryptography.
Let's just say this could have its uses.
Especially since I don't know of another steganography FS that is being maintained ? (RubberhoseFS was a nice idea)
No wit here.
yeah, but unlike NTFS, this is supposed to allow you to read that data in the future
Yes because text files and VGA/SVGA/XGA quality images are large files sizes...
If it can work in the filesystem, it can work theoretically at the network packet level...
Wow, isn't that useful.
It rather depends on what is in that 20MB. How many diplomatic cables would fit into 20MB? Or 200MB, since 2TB drives are commodities now.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
You get very little data to store, but this looks like it will be secure and, for a change, really hard or impossible to detect.
Of course a dead giveaway is the access software needed, so this works only for hiding data that the holder cannot access. That and the low data volume (20MB in 160GB are given as example) limits the usefulness to a nice but very academic idea.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Of course; valid point taken. Knee-jerk reaction on my part.
Did you say "insightful" or "inciteful"?
Doesn't TrueCrypt's plausible deniability get the same effect without depending on a loose file system hack?
This comment may contain speech figures. Reader discretion is advised.
Moreover, the channel provides two-fold plausible deniability so that an investigator without the key cannot prove the presence of hidden information,"
So what encryption scheme are they using before storing the data? I didn't find it in the article. Hopefully not something as dumb as XOR using the "key" or using the key as a step size when encoding or something like that.
Unless they encrypt the data before encoding the fragmentation,a glance at the frag pattern will show a distinct and obvious pattern based on the stored data. If the data is UTF-8 text using non-ascii glyphs, its gonna be pretty obvious when every other byte is a UTF-8 shift header thingy. If its plain ole ascii text its going to be pretty obvious the 8th bit is almost always 0. If the data is semi-packetized like video frames, its gonna be pretty obvious. If the data is stored emails with semi-known plaintext headers, its gonna be pretty obvious. Theres only so many ways to encode 1 and 0 into the frag pattern so playing games like encoding it backwards isn't going to help.
I'm guessing its not going to be plausibly deniable at all... The other part of the deniability problem is how to deny the presence of the decryption tools in the filesystem, or in unused blocks of the FS. Hmm. You could delete the tools, and then defrag the hard drive to sorta-wipe it. Oh wait...
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
"A group of researchers I has developed a new think application that can hide this sensitive data is on a hard drive a without encrypting it bunch or leaving any of obvious signs that the data is crap present."
Have gnu, will travel.
What sort of thought process leads to a stupid comment like this? Somebody creates a new plastic: "Congratulations, you've reinvented polymerization!" Somebody makes a better and faster computer chip: "Congratulations, you've reinvented computing!"
Everything is built on something else. For most of us, that's obvious. I guess not for some. For you, new ideas must leap fully formed from a different universe accompanied by a huge explosion in order to be interesting, I guess.
They hide data by splitting it into small pieces, writing it to disk in random order and marking that sector empty. Sounds like a disaster to me, all you need to do is to use the disk, just defrag it and your hidden data is gone.
This is called fragility, and depending on context, is a desired feature.
Know how I know you did not read the article? This method is rearranging existing data so the FAT itself holds the data. This is not including the data at the end of a cluster, or putting it in empty clusters.
If you want to encode a 0, put the first block at an even numbered sector. If you want to encode a 1, put it at an odd numbered sector. There are other ways to do it, but that's just one example.
There is no data on the drive itself to analyze, it's all in the fragmentation of the FAT.
Wow. :)
You took criticism constructively and then admitted you were wrong and moved on with your life?
You do not belong here. Move along.
Why is it so hard to only have politicians for a few years, then have them go away?
No they do not. You just totally invented that.
I know this is Slashdot and not reading TFA is a rite of passage, but at least don't try to "inform" when you have no idea about something.
None of the secret data is written to disk at all. As the researchers explain clearly (they're quoted in TFA), the data is encoded in the pattern of cluster allocations used for storing the non-hidden files already present on the drive. They even describe the RLE-based algorithm used for cluster-chain encoding. The size of existing files remains the same, the amount of disk space used and unused in the filestore remains the same, and the contents of all the files remain the same after this process.
So your explanation couldn't be more wrong. And the moderators who gave you a +5 Informative failed to understand the method as well.
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
fuck religious people in general
Can I start with the cute ones, please?
Quidnam Latine loqui modo coepi?
Yes. He did actually have a productive life as a white-hat hacker (he was one of the first famous Australian hackers; he was arrested and given a slap on the wrist at age 20 for breaking into telecommunications networks) and FOSS developer before becoming a media celebrity.
Assange has actually contributed many small interesting projects; IIRC he wrote nntpcache & surfraw, as well as rubberhose ...
I'd tell a UDP joke, but you may not get it. I'd tell a TCP joke, but I'd have to keep repeating it until you got it.
Look at copyright and patenting lawsuits and you will realize that he is not alone. We used to stand on the shoulders of giants. Nowadays these giants ask so much rent you can't stand on their shoulders.
Even if standing on their shoulders would mean you could drag them out of the pit, they rather get money then be saved.
Don't fight for your country, if your country does not fight for you.