ie8 fix

Storage Bits

Robin Harris
Home / News & Blogs / Storage Bits

Hiding data in plain sight on a disk

By | May 16, 2011, 7:27am PDT

Summary: A researchers have developed a new way to hide data on a disk drive: structure disk clusters to encode data. Here’s how it works.

Researchers have developed a new way to hide data on a disk drive: structure disk clusters to encode data. Here’s how it works.

Disk clusters
In a FAT file system a cluster (or allocation unit) is a group of consecutive disk sectors the file system allocates to store a file. The number of sectors in a cluster is a power of 2.

You don’t worry about clusters because they are handled by the file system. But they can be manipulated to hide data in plain sight, the definition of steganography.

A cluster can be a single sector or many sectors. The file system uses clusters to reduce the overhead required to keep track of disk capacity.

A single file can be stored in contiguous sectors or non-contiguous sectors. That’s the key to encoding hidden data.

Why not simply encrypt the data using available tools? Because encrypted files are easily detected and may cause suspicion.

The encoding process
Computer scientists at the University of Southern California, working with colleagues at National University of Science and Technology in Islamabad, Pakistan, realized that if the clusters were manipulated to be contiguous or non-contiguous, data could be encoded.

To hide a binary message, a cluster is kept with a contiguous cluster if the bit in the message is the same as the prior bit. If a the next cluster is non-contiguous the message bit is different from the prior message bit.

Using this basic mechanism a variety of encoding schemes can be designed to improve both the data capacity and the encoded data access times.

Of course, one wants to encode in a way that does not draw attention to the attempt. With modern background defrag in Windows 7 and OS X a heavily-fragmented file system could look suspicious.

On a 160GB disk, 4kb cluster size, 25% allocated and 2% file fragmentation the researchers calculate that a 20MB file could be invisibly encoded.

The Storage Bits take
Given that a possible majority of the US Supreme Court believes that Americans have no privacy rights, it falls to liberty-loving citizens to arm themselves with the tools needed to carve out their own private (cyber)space.

Those who worry more about their own skins than they do the death of liberty will object that such technology could be used by bad guys to do bad things. But any tool can be used destructively.

In another decade it will be feasible to gather and store incredibly detailed records of your life - where you go, what you eat, where you surf, who you meet and, by analysis, what you think and believe - so the threat to individual liberty has never been greater. We need tools like this to ensure that the free flow of information is never entirely cut off.

And so do the folks in other countries fighting much more repressive governments than our own.

Comments welcome, of course. Get a pdf of Designing a cluster-based covert channel to evade disk investigation and forensics by Hassan Khan, Mobin Javed, Syed Ali Khayam and Fauzan Mirza here.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Storage Bits”

Topics

Disk, File System, Robin Harris

Robin Harris has been messing with computers for over 30 years and selling and marketing data storage for over 20 in companies large and small.

Disclosure

Robin Harris

Robin Harris is a president of TechnoQWAN, a consulting and analyst firm in northern Arizona. He also writes StorageMojo.com, a blog which accepts advertising from companies in the storage industry, and has a 25 year history with IT vendors. He has many industry contacts, many of whom are friends and all of whom he has opinions about. Robin has relationships with many companies in the technology industry. Every company he writes about may have sought to influence his opinion through carefully-crafted marketing messages and self-serving white papers, gifts ranging from desk calendars, t-shirts, lunches and trips as well as analyst or consulting assignments. He also invests in some technology companies. He may accept payment for services in stock as well. Robin discloses financial investments in or client relationships with companies named in Storage Bits. To help readers sort out the gold from the dross in his writings, Robin tries to communicate his reasons as clearly as he can. If you agree, you are intelligent and discerning. If you disagree, well, you disagree. In all cases, Robin encourages readers to subject everything they read, see or hear on the internet or from politicians to some simple questions: * What assumptions are implicit in the world view and judgments of the author? * What, if any, is the factual basis for the opinions the author expresses? * Is it reasonable, logical and clear? Your critical faculties: use ‘em or lose ‘em!

Biography

Robin Harris

Harris has been messing with computers for over 30 years and selling and marketing data storage for over 20 in companies large and small. He introduced a couple of multi-billion dollar storage products (DLT, the first Fibre Channel array) to market, as well as a many smaller ones. Earlier he spent 10 years marketing servers and networks. After leaving corporate life he founded TechnoQWAN, a consulting and analyst firm. He also developed StorageMojo into one of the top storage industry blogs.

Robin writes, consults, coaches and lives among the mountains of northern Arizona.

25
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Hiding data in plain sight on a disk
indaymandra 18th Oct
@aep528 hahaha that is so true. hilarious comment there bro that is so cool. I really am glad to read your post. pacquiao vs marquez 3 - watch pacquiao vs marquez 3
View in thread
0 Votes
+ -
it's weak
Linux Geek 16th May 2011
it's a lot easier to 'crack it' that other encryption schemes especially on a small disk. And you still need a key to define the order of the sectors in each cluster. The only upside is that you need it to do it at the driver level not user level.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
Robin Harris 16th May 2011
Yes, you do need a key to get the data off the disk, along with the required software.

But you can encrypt the data before writing it - so it would not only be invisible, but if someone DID figure out that you had hidden data, they would still need to decrypt it.

Robin
0 Votes
+ -
RE: Hiding data in plain sight on a disk
aep528 16th May 2011
"Given that a possible majority of the US Supreme Court believes that Americans have no privacy rights"

Can you please point out where in the Constitution the "right to privacy" is guaranteed? No, I thought not. And please don't reference the 4th Amendment - it doesn't protect your privacy, and it doesn't protect you from any type of "public" observation, whether it's walking down the street or posting something on a web site.
0 Votes
+ -
It's not
Rick_R Updated - 16th May 2011
@aep528

Actually, "the right to privacy" claim arose when a Boston Globe reporter crashed a party given by the head of a major Boston law firm and wrote about it. That lawyer and his partner both graduated from Harvard Law and (if I recall correctly) they graduated #1 and #2 in their class (which means they automatically become pretty influential in the legal community). The guy who did not give the party wrote a law review article claiming there was a right to privacy. From there it took off.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
timspublic1@... 16th May 2011
@aep528 Are you just a troll. 14th. Maybe read before looking stupid.
0 Votes
+ -
WOW
Tim Patterson 16th May 2011
@aep528

Talk about an enabler for the police-state!
0 Votes
+ -
RE: Hiding data in plain sight on a disk
jasonhawk 24th Aug
Thanks for sharing this information, keep up the good work. buy essay | Buy Assignment | Buy coursework | Buy Dissertation | Buy Thesis
0 Votes
+ -
RE: Hiding data in plain sight on a disk
Janice02x1 Updated - 18th Oct
@Tim Patterson well i really have to agree on what you just said there. You are absolutely right on everything that you said except one. the sims social cheats - mafia wars 2 cheats - mafia wars 2 cheats - the sims social cheats
0 Votes
+ -
RE: Hiding data in plain sight on a disk
Robin Harris 16th May 2011
@aep528
Maybe you should read the Constitution before you tell others what it says. Start with the 9th Amendment:

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

This amendment was designed to answer the charge - now being made by some of the Supremes - that the Bill of Rights would limit rights because unenumerated rights would be ignored.

Thomas Scalia et. al. ignore the 9th because it doesn't square with their "original intent" fantasy reading of the Constitution. But it's there; James Madison wrote it; and he did so for the very reason that you embody: foolish people taking the narrowest possible reading.

Robin
0 Votes
+ -
Please explain that "Thomas, Scalia" reference...
adornoe@... 18th May 2011
because, you're specifically pointing to conservative judges and not mentioning any others. Also, specify how and when Thomas and Scalia have any problems with the 9th amendment. Those judges, and more inclusively, conservative judges, are the ones who most closely observe and support the constitution as intended by the writers of the constitution. It's the liberals who would like to redefine the constitution, and if they're not successful at that, they'd like to reinterpret everything in it in order to undo any restrictions on government power.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
indaymandra 18th Oct
@aep528 hahaha that is so true. hilarious comment there bro that is so cool. I really am glad to read your post. pacquiao vs marquez 3 - watch pacquiao vs marquez 3
0 Votes
+ -
RE: Hiding data in plain sight on a disk
steve_schaub@... 18th May 2011
On "Original Intent" - even a cursory reading of the Constitution shows that the intent was to define and limit the power of the Federal government. The Founding Fathers rightly feared an all-powerful police-state as should we. Or as someone once parodied: "We have met the enemy, and he is us"!
0 Votes
+ -
RE: Hiding data in plain sight on a disk
padmalakshmi 18th Aug
Why not simply encrypt the data using available tools? Because encrypted files are easily detected and may cause suspicion. Almeda University | Nation High School | International Accreditation Organization
0 Votes
+ -
RE: Hiding data in plain sight on a disk
Janice02x1 Updated - 29th Aug
why not just copy them on a blank disk or external drive? pacquiao vs marquez 3 tickets pacquiao vs marquez tickets But this way of hiding data is really something else and I can now think of a lot of ways where this type of technology can be better put to use.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
neo61322 7th Sep
This is an excellent article. The following publish supplies genuinely high quality info. My spouse and i?meters bound to check in it. Truly extremely helpful points are given listed here. Many thanks a great deal. Carry on favorable functions. vintage snapback hats best solid state drive
0 Votes
+ -
RE: Hiding data in plain sight on a disk
MAGENs 7th Sep
This is a really good read for me. Must admit that you are one of the best bloggers I have ever read. Thanks for posting this informative article. baby gifts for boys baby gifts for girls
0 Votes
+ -
RE: Hiding data in plain sight on a disk
MACKENZI 10th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Hiding data in plain sight on a disk
MARAGARET 11th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Hiding data in plain sight on a disk
RHIANNONA 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Hiding data in plain sight on a disk
SATURNINA 13th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Hiding data in plain sight on a disk
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
CLAUDET 25th Sep
This is my first visit to z d n e t site. Thanks a lot and keep sharing the information. Keep updating the information for all of us.how can i clean up, because i don???t know why it seems my skeen has to fat i get the glasses dirty every day.i search y a h o o Very good quality indeed. I surely recommend it. The template used in their site is also great.
0 Votes
+ -
RE: Hiding data in plain sight on a disk
MEJIAHA 29th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Hiding data in plain sight on a disk
soskert 10th Oct
Thats really cool. Always nicer to take the bold approach and hide things in plain site. And the conversion rate is crazy too, 20mb on a 160gb hard drive. That is alot of hidden data. I suppose this can work on any form of data storage.
sam - seo tips
0 Votes
+ -
RE: Hiding data in plain sight on a disk
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix