Hiding data in plain sight on a disk

Hiding data in plain sight on a disk

Summary: A researchers have developed a new way to hide data on a disk drive: structure disk clusters to encode data. Here's how it works.

SHARE:
TOPICS: Hardware
15

Researchers have developed a new way to hide data on a disk drive: structure disk clusters to encode data. Here's how it works.

Disk clusters In a FAT file system a cluster (or allocation unit) is a group of consecutive disk sectors the file system allocates to store a file. The number of sectors in a cluster is a power of 2.

You don't worry about clusters because they are handled by the file system. But they can be manipulated to hide data in plain sight, the definition of steganography.

A cluster can be a single sector or many sectors. The file system uses clusters to reduce the overhead required to keep track of disk capacity.

A single file can be stored in contiguous sectors or non-contiguous sectors. That's the key to encoding hidden data.

Why not simply encrypt the data using available tools? Because encrypted files are easily detected and may cause suspicion.

The encoding process Computer scientists at the University of Southern California, working with colleagues at National University of Science and Technology in Islamabad, Pakistan, realized that if the clusters were manipulated to be contiguous or non-contiguous, data could be encoded.

To hide a binary message, a cluster is kept with a contiguous cluster if the bit in the message is the same as the prior bit. If a the next cluster is non-contiguous the message bit is different from the prior message bit.

Using this basic mechanism a variety of encoding schemes can be designed to improve both the data capacity and the encoded data access times.

Of course, one wants to encode in a way that does not draw attention to the attempt. With modern background defrag in Windows 7 and OS X a heavily-fragmented file system could look suspicious.

On a 160GB disk, 4kb cluster size, 25% allocated and 2% file fragmentation the researchers calculate that a 20MB file could be invisibly encoded.

The Storage Bits take Given that a possible majority of the US Supreme Court believes that Americans have no privacy rights, it falls to liberty-loving citizens to arm themselves with the tools needed to carve out their own private (cyber)space.

Those who worry more about their own skins than they do the death of liberty will object that such technology could be used by bad guys to do bad things. But any tool can be used destructively.

In another decade it will be feasible to gather and store incredibly detailed records of your life - where you go, what you eat, where you surf, who you meet and, by analysis, what you think and believe - so the threat to individual liberty has never been greater. We need tools like this to ensure that the free flow of information is never entirely cut off.

And so do the folks in other countries fighting much more repressive governments than our own.

Comments welcome, of course. Get a pdf of Designing a cluster-based covert channel to evade disk investigation and forensics by Hassan Khan, Mobin Javed, Syed Ali Khayam and Fauzan Mirza here.

Topic: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • it's weak

    it's a lot easier to 'crack it' that other encryption schemes especially on a small disk. And you still need a key to define the order of the sectors in each cluster. The only upside is that you need it to do it at the driver level not user level.
    Linux Geek
  • RE: Hiding data in plain sight on a disk

    Yes, you do need a key to get the data off the disk, along with the required software.

    But you can encrypt the data before writing it - so it would not only be invisible, but if someone DID figure out that you had hidden data, they would still need to decrypt it.

    Robin
    Robin Harris
  • RE: Hiding data in plain sight on a disk

    "Given that a possible majority of the US Supreme Court believes that Americans have no privacy rights"

    Can you please point out where in the Constitution the "right to privacy" is guaranteed? No, I thought not. And please don't reference the 4th Amendment - it doesn't protect your privacy, and it doesn't protect you from any type of "public" observation, whether it's walking down the street or posting something on a web site.
    aep528
    • It's not

      @aep528 <br><br>Actually, "the right to privacy" claim arose when a Boston Globe reporter crashed a party given by the head of a major Boston law firm and wrote about it. That lawyer and his partner both graduated from Harvard Law and (if I recall correctly) they graduated #1 and #2 in their class (which means they automatically become pretty influential in the legal community). The guy who did not give the party wrote a law review article claiming there was a right to privacy. From there it took off.
      Rick_R
    • RE: Hiding data in plain sight on a disk

      @aep528 Are you just a troll. 14th. Maybe read before looking stupid.
      timspublic1@...
    • WOW

      @aep528

      Talk about an enabler for the police-state!
      Tim Patterson
      • RE: Hiding data in plain sight on a disk

        Thanks for sharing this information, keep up the good work. <a href="http://www.writinghelp.co.uk/essay/">buy essay</a> | <a href="http://www.writinghelp.co.uk/assignment/">Buy Assignment</a> | <a href="http://www.writinghelp.co.uk/coursework/">Buy coursework</a> | <a href="http://www.writinghelp.co.uk/dissertation/">Buy Dissertation</a> | <a href="http://www.writinghelp.co.uk/thesis/">Buy Thesis</a>
        jasonhawk
      • RE: Hiding data in plain sight on a disk

        @Tim Patterson well i really have to agree on what you just said there. You are absolutely right on everything that you said except one. <a href="http://www.thesimssocialcheatsx.com/">the sims social cheats</a> - <a href="http://www.mafiawars2cheatsguide.org/">mafia wars 2 cheats</a> - <a href="http://www.hackcentral101.org/mafia-wars-2-cheats/">mafia wars 2 cheats</a> - <a href="http://www.hackcentral101.org/the-sims-social-cheats/">the sims social cheats</a>
        Janice02x1
    • RE: Hiding data in plain sight on a disk

      @aep528
      Maybe you should read the Constitution before you tell others what it says. Start with the 9th Amendment:

      <i>The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people. </i>

      This amendment was designed to answer the charge - now being made by some of the Supremes - that the Bill of Rights would <i>limit</i> rights because unenumerated rights would be ignored.

      Thomas Scalia et. al. ignore the 9th because it doesn't square with their "original intent" fantasy reading of the Constitution. But it's there; James Madison wrote it; and he did so for the very reason that you embody: foolish people taking the narrowest possible reading.

      Robin
      Robin Harris
      • Please explain that &quot;Thomas, Scalia&quot; reference...

        because, you're specifically pointing to conservative judges and not mentioning any others. Also, specify how and when Thomas and Scalia have any problems with the 9th amendment. Those judges, and more inclusively, conservative judges, are the ones who most closely observe and support the constitution as intended by the writers of the constitution. It's the liberals who would like to redefine the constitution, and if they're not successful at that, they'd like to reinterpret everything in it in order to undo any restrictions on government power.
        adornoe
    • RE: Hiding data in plain sight on a disk

      @aep528 hahaha that is so true. hilarious comment there bro that is so cool. I really am glad to read your post. <a href="http://www.pacquiaovsmarquezfight.net/">pacquiao vs marquez 3</a> - <a href="http://www.pacquiaovsmarquezfight.net/2011/09/watch-pacquiao-vs-marquez-3-online.html">watch pacquiao vs marquez 3</a>
      indaymandra
  • RE: Hiding data in plain sight on a disk

    On "Original Intent" - even a cursory reading of the Constitution shows that the intent was to define and limit the power of the Federal government. The Founding Fathers rightly feared an all-powerful police-state as should we. Or as someone once parodied: "We have met the enemy, and he is us"!
    steve_schaub@...
    • RE: Hiding data in plain sight on a disk

      Why not simply encrypt the data using available tools? Because encrypted files are easily detected and may cause suspicion. <a href="http://quickuniversitydegrees.com/?p=53">Almeda University</a> | <a href="http://nationhighschoolbuzz.wordpress.com/2011/04/20/nation-study-home-high-school-diploma/">Nation High School</a> | <a href="http://www.iao.org/iao/accreditation-overview.asp">International Accreditation Organization</a>
      padmalakshmi
  • RE: Hiding data in plain sight on a disk

    why not just copy them on a blank disk or external drive? <a style="text-decoration: none; color: black;" href="http://www.pacquiaovsmarqueztickets.org/buy-pacquiao-vs-marquez-3-tickets-online/">pacquiao vs marquez 3 tickets</a> <a style="text-decoration: none; color: black;" href="http://www.pacquiaovsmarqueztickets.org/">pacquiao vs marquez tickets</a> But this way of hiding data is really something else and I can now think of a lot of ways where this type of technology can be better put to use.
    Janice02x1
  • RE: Hiding data in plain sight on a disk

    Thats really cool. Always nicer to take the bold approach and hide things in plain site. And the conversion rate is crazy too, 20mb on a 160gb hard drive. That is alot of hidden data. I suppose this can work on any form of data storage.
    sam - <a href="http://smuggecko.com">seo tips</a>
    soskert