April 26, 2011 at 15:53Steganography through file fragmentation
A relatively new method of steganography was tested by Hassan Khan from the University of Southern California with colleagues ( scientific work ). The idea is that the file clusters are located on the disk in a special way, so that a special decoder program can decode the hidden message, and an outside observer will not even guess that there is some kind of message.
The algorithm works very simply. If neighboring clusters of the file are nearby, then binary 1 is counted, if not nearby - then 0. It turns out that this method can hide one bit in one cluster, and on a 160-gigabyte HDD of medium occupancy with normal fragmentation, a 20-megabyte message is placed.
Researchers argue that finding hidden information in such an array is “unreasonably difficult” for a potential adversary. In principle, one can agree with this, especially if other standard cryptography methods are used in the algorithm. For example, the message can be encrypted, and the cluster reading method can be carried out according to a secret algorithm. Fragmentation of files on the hard disk is carried out in a “random” way, and it is impossible to say by the pattern of clusters that someone intentionally placed them in this order.
Of course, the most logical way to hide messages in the most fragmented files. According to statistics, these are files with the extension .log, .data and .hdm.
Of course, a secret message can only be decrypted if the cluster pattern has remained untouched since the message was encrypted. In other words, if you connect the HDD to the computer and load the OS from it, the message may be lost, since the operating system modifies the contents of the hard disk during its operation.
In addition, this method is inferior to the standard methods of steganography on the Internet (the introduction of hidden messages in photos on free hosting, in files on torrents, etc.), because it requires the transfer of physical media. Perhaps this is the weakest point of this method. Still, transferring files over the Internet is much more convenient.
The cryptography method through the file system is well known, but most previous systems (for example, the file systemStegFS ) involves writing random or encrypted information to disk. Nothing is recorded here, the positions of clusters on the disk are simply analyzed.
Hassan Khan promises to release the developed program under a free open source license.
The algorithm works very simply. If neighboring clusters of the file are nearby, then binary 1 is counted, if not nearby - then 0. It turns out that this method can hide one bit in one cluster, and on a 160-gigabyte HDD of medium occupancy with normal fragmentation, a 20-megabyte message is placed.
Researchers argue that finding hidden information in such an array is “unreasonably difficult” for a potential adversary. In principle, one can agree with this, especially if other standard cryptography methods are used in the algorithm. For example, the message can be encrypted, and the cluster reading method can be carried out according to a secret algorithm. Fragmentation of files on the hard disk is carried out in a “random” way, and it is impossible to say by the pattern of clusters that someone intentionally placed them in this order.
Of course, the most logical way to hide messages in the most fragmented files. According to statistics, these are files with the extension .log, .data and .hdm.
Of course, a secret message can only be decrypted if the cluster pattern has remained untouched since the message was encrypted. In other words, if you connect the HDD to the computer and load the OS from it, the message may be lost, since the operating system modifies the contents of the hard disk during its operation.
In addition, this method is inferior to the standard methods of steganography on the Internet (the introduction of hidden messages in photos on free hosting, in files on torrents, etc.), because it requires the transfer of physical media. Perhaps this is the weakest point of this method. Still, transferring files over the Internet is much more convenient.
The cryptography method through the file system is well known, but most previous systems (for example, the file systemStegFS ) involves writing random or encrypted information to disk. Nothing is recorded here, the positions of clusters on the disk are simply analyzed.
Hassan Khan promises to release the developed program under a free open source license.