Steganography through file fragmentation
A relatively new method of steganography was tested by Hassan Khan from the University of Southern California with colleagues ( scientific work ). The idea is that the file clusters are located on the disk in a special way, so that a special program-decoder can decode the hidden message, and the outsider will not even guess that there is some message here.
The algorithm works very simply. If neighboring file clusters are nearby, then binary 1 counts, if not nearby, then 0. It turns out that this method can hide one bit in one cluster, and a 20-megabyte message is placed on a 160-gigabyte medium-sized HDD with normal fragmentation.
The researchers argue that finding hidden information in such an array is “unreasonably difficult” for a potential adversary. In principle, one can agree with this, especially if other standard cryptography methods are used in the algorithm. For example, a message can be encrypted, and the method of reading clusters can be carried out using a secret algorithm. Fragmentation of files on the hard disk is carried out in a “random” way, and it is impossible to say from the pattern of clusters that someone deliberately placed them in that order.
Of course, it is most logical to hide messages in the most fragmented files. According to statistics, such are files with the .log, .data and .hdm extensions.
')
Of course, a secret message can only be decrypted if the cluster pattern has remained intact since the moment the message was encrypted. In other words, if you connect the HDD to a computer and load an OS from it, the message may be lost, since the operating system modifies the contents of the hard disk during its operation.
In addition, this method is inferior to the standard methods of steganography on the Internet (the introduction of hidden messages in photos on free hosting, files on torrents, etc.), because it requires the transfer of physical media. Perhaps this is the weakest point of this method. Still, file transfer via the Internet is much more convenient.
The file system cryptography method is well known, but most of the previous systems (for example, the StegFS file system) write random or encrypted information to a disk. Here, nothing is recorded, just analyzes the positions of the clusters on the disk.
Hassan Khan promises to release the developed program under a free license with open codes.
The algorithm works very simply. If neighboring file clusters are nearby, then binary 1 counts, if not nearby, then 0. It turns out that this method can hide one bit in one cluster, and a 20-megabyte message is placed on a 160-gigabyte medium-sized HDD with normal fragmentation.
The researchers argue that finding hidden information in such an array is “unreasonably difficult” for a potential adversary. In principle, one can agree with this, especially if other standard cryptography methods are used in the algorithm. For example, a message can be encrypted, and the method of reading clusters can be carried out using a secret algorithm. Fragmentation of files on the hard disk is carried out in a “random” way, and it is impossible to say from the pattern of clusters that someone deliberately placed them in that order.
Of course, it is most logical to hide messages in the most fragmented files. According to statistics, such are files with the .log, .data and .hdm extensions.
')
Of course, a secret message can only be decrypted if the cluster pattern has remained intact since the moment the message was encrypted. In other words, if you connect the HDD to a computer and load an OS from it, the message may be lost, since the operating system modifies the contents of the hard disk during its operation.
In addition, this method is inferior to the standard methods of steganography on the Internet (the introduction of hidden messages in photos on free hosting, files on torrents, etc.), because it requires the transfer of physical media. Perhaps this is the weakest point of this method. Still, file transfer via the Internet is much more convenient.
The file system cryptography method is well known, but most of the previous systems (for example, the StegFS file system) write random or encrypted information to a disk. Here, nothing is recorded, just analyzes the positions of the clusters on the disk.
Hassan Khan promises to release the developed program under a free license with open codes.
Source: https://habr.com/ru/post/118162/
All Articles