Steganographic file system
Encyclopedia
Steganographic file systems are a kind of file system
first proposed by Ross Anderson, Roger Needham
, and Adi Shamir
. Their paper proposed two main methods of hiding data: in a series of fixed size files originally consisting of random bits on top of which 'vectors' could be superimposed in such a way as to allow levels of security to decrypt all lower levels but not even know of the existence of any higher levels, or an entire partition is filled with random bits and files hidden in it.
In a steganographic file system using the second scheme, file
s are not merely stored, nor stored encrypted
, but the entire partition
is randomized - encrypted files strongly resemble randomized sections of the partition, and so when files are stored on the partition, there is no easy way to discern between meaningless gibberish and the actual encrypted files. Furthermore, locations of files are derived from the key for the files, and the locations are hidden and available to only programs with the passphrase. This leads to the problem that very quickly files can overwrite each other (because of the Birthday Paradox
); this is compensated for by writing all files in multiple places to lessen the chance of data loss.
(in addition to being a complex system, and for having poor read/write performance), performance was not the goal of StegFS. Rather, StegFS is intended to thwart "rubberhose attacks"
, which usually work because encrypted files are distinguishable from regular files, and authorities can coerce the user until the user gives up the keys and all the files are distinguishable as regular files. However, since in a steganographic file system, the number of files are unknown and every byte looks like an encrypted byte, the authorities cannot know how many files (and hence, keys) are stored. The user has plausible deniability
— he can say there are only a few innocuous files or none at all, and anybody without the keys cannot gainsay the user.
has criticized the threat model for steganographic file systems in his paper on GBDE
, observing that in certain coercive situations, especially where the searched for information is in fact not stored in the steganographic file systems, it is not possible for a subject to "get off the hook" by proving that all keys have been surrendered.
, but it is possible to steganographically
hide data within image or audio files- ScramDisk
or the Linux loop device
can do this.
Generally, a steganographic file system is implemented over a steganographic layer, which supplies just the storage mechanism. For example, the steganographic file system layer can be some existing MP3 files, each file contains a chunk of data (or a part of the file system). The final product is a file system that is hardly detected (depending on the steganographic layer) that can store any kind of file in a regular file system hierarchy.
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
first proposed by Ross Anderson, Roger Needham
Roger Needham
Roger Michael Needham, CBE, FRS, FREng was a British computer scientist.-Early life:He attended Doncaster Grammar School for Boys in Doncaster ....
, and Adi Shamir
Adi Shamir
Adi Shamir is an Israeli cryptographer. He is a co-inventor of the RSA algorithm , a co-inventor of the Feige–Fiat–Shamir identification scheme , one of the inventors of differential cryptanalysis and has made numerous contributions to the fields of cryptography and computer...
. Their paper proposed two main methods of hiding data: in a series of fixed size files originally consisting of random bits on top of which 'vectors' could be superimposed in such a way as to allow levels of security to decrypt all lower levels but not even know of the existence of any higher levels, or an entire partition is filled with random bits and files hidden in it.
In a steganographic file system using the second scheme, file
Computer file
A computer file is a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage. A file is durable in the sense that it remains available for programs to use after the current program has finished...
s are not merely stored, nor stored encrypted
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, but the entire partition
Disk partitioning
Disk partitioning is the act of dividing a hard disk drive into multiple logical storage units referred to as partitions, to treat one physical disk drive as if it were multiple disks. Partitions are also termed "slices" for operating systems based on BSD, Solaris or GNU Hurd...
is randomized - encrypted files strongly resemble randomized sections of the partition, and so when files are stored on the partition, there is no easy way to discern between meaningless gibberish and the actual encrypted files. Furthermore, locations of files are derived from the key for the files, and the locations are hidden and available to only programs with the passphrase. This leads to the problem that very quickly files can overwrite each other (because of the Birthday Paradox
Birthday paradox
In probability theory, the birthday problem or birthday paradox pertains to the probability that, in a set of n randomly chosen people, some pair of them will have the same birthday. By the pigeonhole principle, the probability reaches 100% when the number of people reaches 366. However, 99%...
); this is compensated for by writing all files in multiple places to lessen the chance of data loss.
Advantage
While there may seem to be no point to a file system which is guaranteed to either be grossly inefficient storage space-wise or to cause data loss and corruption either from data collisions or loss of the keyKey (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
(in addition to being a complex system, and for having poor read/write performance), performance was not the goal of StegFS. Rather, StegFS is intended to thwart "rubberhose attacks"
Rubber-hose cryptanalysis
In cryptography, rubber-hose cryptanalysis is the extraction of cryptographic secrets from a person by coercion or torture, in contrast to a mathematical or technical cryptanalytic attack....
, which usually work because encrypted files are distinguishable from regular files, and authorities can coerce the user until the user gives up the keys and all the files are distinguishable as regular files. However, since in a steganographic file system, the number of files are unknown and every byte looks like an encrypted byte, the authorities cannot know how many files (and hence, keys) are stored. The user has plausible deniability
Plausible deniability
Plausible deniability is, at root, credible ability to deny a fact or allegation, or to deny previous knowledge of a fact. The term most often refers to the denial of blame in chains of command, where upper rungs quarantine the blame to the lower rungs, and the lower rungs are often inaccessible,...
— he can say there are only a few innocuous files or none at all, and anybody without the keys cannot gainsay the user.
Criticisms
Poul-Henning KampPoul-Henning Kamp
Poul-Henning Kamp is a Danish FreeBSD developer, responsible for implementation of the widely used MD5 password hash algorithm, a vast quantity of systems code, including the FreeBSD GEOM storage layer, GBDE cryptographic storage transform, part of the UFS2 file system implementation, FreeBSD...
has criticized the threat model for steganographic file systems in his paper on GBDE
GBDE
GBDE, standing for GEOM Based Disk Encryption, is a block device-layer disk encryption system written for FreeBSD, initially introduced in version 5.0. It is based on the GEOM disk framework. GBDE was designed and implemented by Poul-Henning Kamp and Network Associates Inc...
, observing that in certain coercive situations, especially where the searched for information is in fact not stored in the steganographic file systems, it is not possible for a subject to "get off the hook" by proving that all keys have been surrendered.
Other methods
Other methods exist; the method laid out before is the one implemented by StegFSStegFS
StegFS is a free file system for Linux. It is licensed under the GPL. It was principally developed by Andrew D. McDonald and Markus G. Kuhn. It is a steganographic file system based on the ext2 filesystem....
, but it is possible to steganographically
Steganography
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
hide data within image or audio files- ScramDisk
Scramdisk
Scramdisk is a free On-the-fly encryption program for Windows 95, Windows 98, and Windows Me. A non-free version was also available for Windows NT....
or the Linux loop device
Loop device
In Unix-like operating systems, a loop device, vnd , or lofi is a pseudo-device that makes a file accessible as a block device....
can do this.
Generally, a steganographic file system is implemented over a steganographic layer, which supplies just the storage mechanism. For example, the steganographic file system layer can be some existing MP3 files, each file contains a chunk of data (or a part of the file system). The final product is a file system that is hardly detected (depending on the steganographic layer) that can store any kind of file in a regular file system hierarchy.
See also
- SteganographySteganographySteganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity...
- Steganography toolsSteganography toolsA steganography software tool implements a subset of the most general digital steganography process, allowing users to insert and extract hidden data into and from carrier files.-Architecture:...
- BPCS-SteganographyBPCS-SteganographyBPCS-Steganography is a type of digital steganography. Digital steganography can hide confidential data very securely by embedding them into some media data called "vessel data." The vessel data is also referred to as "carrier, cover, or dummy data"...
- Filesystem-level encryptionFilesystem-level encryptionFilesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself...
- OZONEOZONEOZONE is an object-oriented operating system written in the C programming language. Almost everything in the kernel is an object to which can be assigned logical names....
- an OS featuring a steganographic file system implementation
External links
- Original paper by Anderson, Needham, et al. -(gzipGzipGzip is any of several software applications used for file compression and decompression. The term usually refers to the GNU Project's implementation, "gzip" standing for GNU zip. It is based on the DEFLATE algorithm, which is a combination of Lempel-Ziv and Huffman coding...
ped PostScriptPostScriptPostScript is a dynamically typed concatenative programming language created by John Warnock and Charles Geschke in 1982. It is best known for its use as a page description language in the electronic and desktop publishing areas. Adobe PostScript 3 is also the worldwide printing and imaging...
file) - A MP3 Steganographic File System Approach
- MagikFS - The Steganographic FileSystem
- StegFS - A Steganographic File System Without Data Losing Problems
- StegHide - Hiding Data Accesses in Steganographic File Systems
- Xuan Zhou's Ph.D. Thesis on Steganographic File System