Researchers Hide Files On Unencrypted Disks

A new application can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present, according to the academic researchers who developed it.

The new technique would allow organisations to safely conceal about 20 MB of private information, on a typical 160 GB, hard disk from unauthorised users.

Data Hidden In Plain View

The new software uses “steganography”, the process of hiding information in plain sight, according to researchers from the University of Southern California and the National University of Science and Technology in Pakistan. The technique exploits the way the operating system normally splits up file data in numerous small chunks, called clusters, and writes them wherever there is free space on the hard drive.

Hassan Khan, Mobin Javed, Syed Ali Khayam and Fauzan Mirza collaborated on the paper, “Designing a Cluster-Based Covert Channel to Evade Disk Investigation and Forensics.” Khan and his colleagues claimed the process hid data so effectively that it would be “unreasonably complex” for a third-party to detect it.

The method employs a “covert channel” to encode sensitive information. Instead of the operating system writing small pieces of the file in random areas on the hard drive, the software chooses the positions according to a secret code. The person who wants to access the file needs to know the key to figure out where the fragments were written and re-assemble the clusters accordingly.

“We present a new, plausible deniability approach to store sensitive information on a cluster-based filesystem,” the researchers wrote in the paper.

The process does not leave behind any information about what it did, so anyone looking at the hard disk drive cannot see the hidden information or even be able to tell it exists, the researchers claimed. The hard drive would look like any other moderately fragmented drive.

Windows 7 And Defrag Drawbacks

Currently, users interested in protecting data generally wind up using encryption software. However, existing cryptographic methods generally leave behind some indicators that that the file has been encrypted. Attackers know there is something hidden and can try to use other methods to obtain the secret key to access the data.

Other existing methods involve adding pixels in digital images or changing the transmission timing of network packets. These are all well-known techniques and easily detected, the researchers said.

“An investigator without the key cannot prove the presence of hidden information,” the authors wrote.

The researchers tested the process on a FAT32 file system, which is accessible by the Windows operating system, Mac OS X and all major Linux distributions. The researchers envisioned using the software to write data onto a portable USB drive. The program will not work to hide data on a Windows 7 laptop, for example, because the operating system cannot be installed on FAT32.

The covert channel approach may cause a small performance degradation on the system but the developers claimed it was not enough to be an issue. If the drive is defragmented, the “hidden” file will no longer be accessible.