Skip to main content
SpringerLink
Log in
Book cover

Transactions on Data Hiding and Multimedia Security X pp 92–105Cite as

Permutation Steganography in FAT Filesystems

  • Chapter
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((TDHMS,volume 8948))

Abstract

It is easy to focus on elaborate steganographic schemes and forget that even straightforward ones can have a devastating impact in an enterprise setting, if they allow information to be exfiltrated from the organization.

To this end, we offer a cautionary tale: we show how messages may be hidden in FAT filesystems using the permutation of filenames, a method that allows a hidden message to be embedded using regular file copy commands. A straightforward scheme, but effective. Our experiments on seven different platforms show that the existence of the hidden message is obscured in practice in the vast majority of cases.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    And an unhealthy obsession with least-significant bits.

  2. 2.

    One caveat for recovery is that the filenames must be unique, but that is implied by FAT filesystem semantics.

  3. 3.

    Interestingly, a white paper on steganography in archive files noted the ‘arbitrary order’ of files in a ZIP archive [10], but failed to make the connection to permutations.

  4. 4.

    Highlighting the problems with real-world devices and FAT filesystems, the camera’s clock has never been able to retain the correct time, and 672 of the 752 images claim to be from December 31, 1979.

References

  1. Caraman, P. (trans.): The Hunted Priest: Autobiography of John Gerard. Fontana (1959)

    Google Scholar 

  2. Macaulay, G.C. (trans.): The History of Herodotus, vol. 2. Macmillan, London (1890)

    Google Scholar 

  3. Johnson, N.F., Duric, Z., Jajodia, S.: Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Kluwer, Boston (2001)

    Book  Google Scholar 

  4. Katzenbeisser, S., Petitcolas, F.A.P. (eds.): Information Hiding: Techniques for Steganography and Digital Watermarking. Artech House, Norwood (2000)

    Google Scholar 

  5. Wayner, P.: Disappearing Cryptography, 2nd edn. Morgan Kaufmann, New York (2002)

    Google Scholar 

  6. Duncan, R. (ed.): The MS-DOS Encyclopedia. Microsoft Press, Redmond (1988)

    Google Scholar 

  7. Laisant, C.A.: Sur la numération factorielle, application aux permutations. Bulletin de la Société Mathématique de France 16, 176–183 (1888)

    MATH  MathSciNet  Google Scholar 

  8. Lehmer, D.H.: Teaching combinatorial tricks to a computer. In: 10th Symposium in Applied Mathematics of the American Mathematical Society, pp. 179–193 (1960). Symposium was actually held in 1958

    Google Scholar 

  9. Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, 3rd edn., vol. 2. Addison Wesley (1998)

    Google Scholar 

  10. Reversing Labs: Hiding in the familiar: Steganography and vulnerabilities in popular archives formats. (http://www.reversinglabs.com/sites/default/files/pictures/NyxEngine_BlackH (Accessed 14 March 2014)

  11. Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics - Doklady 10, 707–710 (1966). Translation

    MathSciNet  Google Scholar 

  12. Carrier, B.: File System Forensic Analysis. Addison-Wesley, Reading (2005)

    Google Scholar 

  13. Jiang, A., Schwartz, M., Bruck, J.: Error-correcting codes for rank modulation. In: IEEE International Symposium on Information Theory, pp. 1736–1740 (2008)

    Google Scholar 

  14. Chakinala, R.C., Kumarasubramanian, A., Manokaran, R., Noubir, G., Rangan, C.P., Sundaram, R.: Steganographic communication in ordered channels. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 42–57. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Eidenbenz, R., Locher, T., Wattenhofer, R.: Hidden communication in P2P networks steganographic handshake and broadcast. In: Proceedings IEEE INFOCOM 2011, pp. 954–962 (2011)

    Google Scholar 

  16. Forest, K., Knight, S.: Permutation-based steganographic channels. In: Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 67–73 (2009)

    Google Scholar 

  17. Rudebusch, W.G.: Permutation steganography in many systems. Master’s thesis, University of Nevada, Reno (2011)

    Google Scholar 

  18. Mosunov, A., Sinha, V., Crawford, H., Aycock, J., de Castro, D.M.N., Kumari, R.: Assured supraliminal steganography in computer games. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 245–259. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  19. Tapiador, J.M., Hernandez-Castro, J.C., Alcaide, A., Ribagorda, A.: On the distinguishability of distance-bounded permutations in ordered channels. Trans. Info. For. Sec. 3, 166–172 (2008)

    Article  Google Scholar 

  20. Anderson, R., Needham, R., Shamir, A.: The steganographic file system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 73–82. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  21. McDonald, A.D., Kuhn, M.G.: StegFS: A steganographic file system for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000)

    Google Scholar 

  22. Pang, H., Tan, K.L., Zhou, X.: StegFS: a steganographic file system. In: 19th International Conference on Data Engineering 2003, pp. 657–667 (2003)

    Google Scholar 

  23. Niu, X., Li, Q., Wang, W., Wang, Y.: G bytes data hiding method based on cluster chain structure. Wuhan University J. Nat. Sci. 18, 443–448 (2013)

    Article  Google Scholar 

  24. Srinivasan, A., Wu, J.: Duplicate file names-a novel steganographic data hiding technique. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part IV. CCIS, vol. 193, pp. 260–268. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  25. Thompson, I., Monroe, M.: FragFS: An advanced data hiding technique. Presentation at BlackHat Federal (2006)

    Google Scholar 

  26. Shu-fen, L., Sheng, P., Xing-yan, H., Lu, T.: File hiding based on FAT file system. In: IEEE International Symposium on IT in Medicine Education, ITIME 2009, vol. 1, pp. 1198–1201 (2009)

    Google Scholar 

  27. Khan, H., Javed, M., Khayam, S.A., Mirza, F.: Designing a cluster-based covert channel to evade disk investigation and forensics. Comput. Secur. 30, 35–49 (2011)

    Article  Google Scholar 

  28. Srinivasan, A., Stavrou, A., Nazaraj, S.T.: HideInside - a novel randomized & encrypted antiforensic information hiding. In: Proceedings of the 2013 International Conference on Computing, Networking and Communications (ICNC), ICNC 2013, pp. 626–631. IEEE Computer Society, Washington, DC (2013)

    Google Scholar 

  29. The grugq: The art of defiling - defeating forensic analysis on Unix file systems. Presentation at BlackHat Asia (2003)

    Google Scholar 

  30. Savoldi, A., Gubian, P.: Data hiding in SIM/USIM cards: A steganographic approach. In: Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2007, pp. 86–100. IEEE Computer Society, Washington, DC (2007)

    Google Scholar 

  31. Savoldi, A., Gubian, P.: SIM and USIM filesystem: A forensics perspective. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC 2007, pp. 181–187. ACM, New York (2007)

    Google Scholar 

  32. Davis, J., MacLean, J., Dampier, D.: Methods of information hiding and detection in file systems. In: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2010, pp. 66–69. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  33. Huebner, E., Bem, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Invest. 3, 211–226 (2006)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by a grant from TELUS Communications. Thanks to the anonymous referees for suggestions that helped improve the paper.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., Calgary, AB, T2N 1N4, Canada

    John Aycock & Daniel Medeiros Nunes de Castro

Authors
  1. John Aycock
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniel Medeiros Nunes de Castro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to John Aycock .

Editor information

Editors and Affiliations

  1. New Jersey Institute of Technology, Newark, New Jersey, USA

    Yun Q. Shi

A Test Details

A Test Details

  • Linux

    Linux Mint 16 Petra Cinnamon, Nemo version 2.0.8, ls from GNU coreutils 8.20.

  • Mac OS

    Mac OS X 10.9.1 (13B42).

  • Windows

    Windows 7 Home Premium.

  • Android cell phone

    Samsung SIII, model SGH-I747M, Android 4.3. Baseband version I747MVLUEMK5,

    kernel 3.0.31-2140838 (from Nov 19, 2013 - 19:35:04), build number JSS15J.I747MVLUEMK5.

  • Android tablet

    Motorola Xoom WiFi, model MZ604 (Canada), Android 4.0.3. Kernel 2.6.39.4-0008-gca76b41, build number I.7.1-34.

  • Camera 1

    Sony Cyber-shot DSC-H10.

  • Camera 2

    Camera Canon EOS Rebel T3i.

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Aycock, J., de Castro, D.M.N. (2015). Permutation Steganography in FAT Filesystems. In: Shi, Y. (eds) Transactions on Data Hiding and Multimedia Security X. Lecture Notes in Computer Science(), vol 8948. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46739-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-46739-8_6

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-46738-1

  • Online ISBN: 978-3-662-46739-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation