Abstract
It is easy to focus on elaborate steganographic schemes and forget that even straightforward ones can have a devastating impact in an enterprise setting, if they allow information to be exfiltrated from the organization.
To this end, we offer a cautionary tale: we show how messages may be hidden in FAT filesystems using the permutation of filenames, a method that allows a hidden message to be embedded using regular file copy commands. A straightforward scheme, but effective. Our experiments on seven different platforms show that the existence of the hidden message is obscured in practice in the vast majority of cases.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
And an unhealthy obsession with least-significant bits.
- 2.
One caveat for recovery is that the filenames must be unique, but that is implied by FAT filesystem semantics.
- 3.
Interestingly, a white paper on steganography in archive files noted the ‘arbitrary order’ of files in a ZIP archive [10], but failed to make the connection to permutations.
- 4.
Highlighting the problems with real-world devices and FAT filesystems, the camera’s clock has never been able to retain the correct time, and 672 of the 752 images claim to be from December 31, 1979.
References
Caraman, P. (trans.): The Hunted Priest: Autobiography of John Gerard. Fontana (1959)
Macaulay, G.C. (trans.): The History of Herodotus, vol. 2. Macmillan, London (1890)
Johnson, N.F., Duric, Z., Jajodia, S.: Information Hiding: Steganography and Watermarking - Attacks and Countermeasures. Kluwer, Boston (2001)
Katzenbeisser, S., Petitcolas, F.A.P. (eds.): Information Hiding: Techniques for Steganography and Digital Watermarking. Artech House, Norwood (2000)
Wayner, P.: Disappearing Cryptography, 2nd edn. Morgan Kaufmann, New York (2002)
Duncan, R. (ed.): The MS-DOS Encyclopedia. Microsoft Press, Redmond (1988)
Laisant, C.A.: Sur la numération factorielle, application aux permutations. Bulletin de la Société Mathématique de France 16, 176–183 (1888)
Lehmer, D.H.: Teaching combinatorial tricks to a computer. In: 10th Symposium in Applied Mathematics of the American Mathematical Society, pp. 179–193 (1960). Symposium was actually held in 1958
Knuth, D.E.: The Art of Computer Programming: Seminumerical Algorithms, 3rd edn., vol. 2. Addison Wesley (1998)
Reversing Labs: Hiding in the familiar: Steganography and vulnerabilities in popular archives formats. (http://www.reversinglabs.com/sites/default/files/pictures/NyxEngine_BlackH (Accessed 14 March 2014)
Levenshtein, V.I.: Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics - Doklady 10, 707–710 (1966). Translation
Carrier, B.: File System Forensic Analysis. Addison-Wesley, Reading (2005)
Jiang, A., Schwartz, M., Bruck, J.: Error-correcting codes for rank modulation. In: IEEE International Symposium on Information Theory, pp. 1736–1740 (2008)
Chakinala, R.C., Kumarasubramanian, A., Manokaran, R., Noubir, G., Rangan, C.P., Sundaram, R.: Steganographic communication in ordered channels. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 42–57. Springer, Heidelberg (2007)
Eidenbenz, R., Locher, T., Wattenhofer, R.: Hidden communication in P2P networks steganographic handshake and broadcast. In: Proceedings IEEE INFOCOM 2011, pp. 954–962 (2011)
Forest, K., Knight, S.: Permutation-based steganographic channels. In: Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS), pp. 67–73 (2009)
Rudebusch, W.G.: Permutation steganography in many systems. Master’s thesis, University of Nevada, Reno (2011)
Mosunov, A., Sinha, V., Crawford, H., Aycock, J., de Castro, D.M.N., Kumari, R.: Assured supraliminal steganography in computer games. In: Kim, Y., Lee, H., Perrig, A. (eds.) WISA 2013. LNCS, vol. 8267, pp. 245–259. Springer, Heidelberg (2014)
Tapiador, J.M., Hernandez-Castro, J.C., Alcaide, A., Ribagorda, A.: On the distinguishability of distance-bounded permutations in ordered channels. Trans. Info. For. Sec. 3, 166–172 (2008)
Anderson, R., Needham, R., Shamir, A.: The steganographic file system. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 73–82. Springer, Heidelberg (1998)
McDonald, A.D., Kuhn, M.G.: StegFS: A steganographic file system for Linux. In: Pfitzmann, A. (ed.) IH 1999. LNCS, vol. 1768, pp. 463–477. Springer, Heidelberg (2000)
Pang, H., Tan, K.L., Zhou, X.: StegFS: a steganographic file system. In: 19th International Conference on Data Engineering 2003, pp. 657–667 (2003)
Niu, X., Li, Q., Wang, W., Wang, Y.: G bytes data hiding method based on cluster chain structure. Wuhan University J. Nat. Sci. 18, 443–448 (2013)
Srinivasan, A., Wu, J.: Duplicate file names-a novel steganographic data hiding technique. In: Abraham, A., Mauri, J.L., Buford, J.F., Suzuki, J., Thampi, S.M. (eds.) ACC 2011, Part IV. CCIS, vol. 193, pp. 260–268. Springer, Heidelberg (2011)
Thompson, I., Monroe, M.: FragFS: An advanced data hiding technique. Presentation at BlackHat Federal (2006)
Shu-fen, L., Sheng, P., Xing-yan, H., Lu, T.: File hiding based on FAT file system. In: IEEE International Symposium on IT in Medicine Education, ITIME 2009, vol. 1, pp. 1198–1201 (2009)
Khan, H., Javed, M., Khayam, S.A., Mirza, F.: Designing a cluster-based covert channel to evade disk investigation and forensics. Comput. Secur. 30, 35–49 (2011)
Srinivasan, A., Stavrou, A., Nazaraj, S.T.: HideInside - a novel randomized & encrypted antiforensic information hiding. In: Proceedings of the 2013 International Conference on Computing, Networking and Communications (ICNC), ICNC 2013, pp. 626–631. IEEE Computer Society, Washington, DC (2013)
The grugq: The art of defiling - defeating forensic analysis on Unix file systems. Presentation at BlackHat Asia (2003)
Savoldi, A., Gubian, P.: Data hiding in SIM/USIM cards: A steganographic approach. In: Proceedings of the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2007, pp. 86–100. IEEE Computer Society, Washington, DC (2007)
Savoldi, A., Gubian, P.: SIM and USIM filesystem: A forensics perspective. In: Proceedings of the 2007 ACM Symposium on Applied Computing, SAC 2007, pp. 181–187. ACM, New York (2007)
Davis, J., MacLean, J., Dampier, D.: Methods of information hiding and detection in file systems. In: Proceedings of the 2010 Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, SADFE 2010, pp. 66–69. IEEE Computer Society, Washington, DC (2010)
Huebner, E., Bem, D., Wee, C.K.: Data hiding in the NTFS file system. Digital Invest. 3, 211–226 (2006)
Acknowledgments
This work was supported by a grant from TELUS Communications. Thanks to the anonymous referees for suggestions that helped improve the paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Test Details
A Test Details
-
Linux
Linux Mint 16 Petra Cinnamon, Nemo version 2.0.8, ls from GNU coreutils 8.20.
-
Mac OS
Mac OS X 10.9.1 (13B42).
-
Windows
Windows 7 Home Premium.
-
Android cell phone
Samsung SIII, model SGH-I747M, Android 4.3. Baseband version I747MVLUEMK5,
kernel 3.0.31-2140838 (from Nov 19, 2013 - 19:35:04), build number JSS15J.I747MVLUEMK5.
-
Android tablet
Motorola Xoom WiFi, model MZ604 (Canada), Android 4.0.3. Kernel 2.6.39.4-0008-gca76b41, build number I.7.1-34.
-
Camera 1
Sony Cyber-shot DSC-H10.
-
Camera 2
Camera Canon EOS Rebel T3i.
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Aycock, J., de Castro, D.M.N. (2015). Permutation Steganography in FAT Filesystems. In: Shi, Y. (eds) Transactions on Data Hiding and Multimedia Security X. Lecture Notes in Computer Science(), vol 8948. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46739-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-46739-8_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46738-1
Online ISBN: 978-3-662-46739-8
eBook Packages: Computer ScienceComputer Science (R0)