Steganographic file system

Steganographic file systems are a kind of file system first proposed by Ross Anderson, Roger Needham, and Adi Shamir. Their paper proposed two main methods of hiding data: in a series of fixed size files originally consisting of random bits on top of which 'vectors' could be superimposed in such a way as to allow levels of security to decrypt all lower levels but not even know of the existence of any higher levels, or an entire partition is filled with random bits and files hidden in it.

In a steganographic file system using the second scheme,

Birthday Paradox

); this is compensated for by writing all files in multiple places to lessen the chance of data loss.

Advantage

While there may seem to be no point to a file system which is guaranteed to either be grossly inefficient storage space-wise or to cause data loss and corruption either from data collisions or loss of the

"rubberhose attacks", which usually work because encrypted files are distinguishable from regular files, and authorities can coerce the user until the user gives up the keys and all the files are distinguishable as regular files. However, since in a steganographic file system, the number of files are unknown and every byte looks like an encrypted byte, the authorities cannot know how many files (and hence, keys) are stored. The user has plausible deniability

— he can say there are only a few innocuous files or none at all, and anybody without the keys cannot gainsay the user.

Criticisms

Poul-Henning Kamp has criticized the threat model for steganographic file systems in his paper on GBDE,^[1] observing that in certain coercive situations, especially where the searched-for information is in fact not stored in the steganographic file systems, it is not possible for a subject to "get off the hook" by proving that all keys have been surrendered.

Other methods

Other methods exist; the method laid out before is the one implemented by

ScramDisk or the Linux loop device can do this.^{[citation needed}

]

Generally, a steganographic file system is implemented over a steganographic layer, which supplies just the storage mechanism. For example, the steganographic file system layer can be some existing MP3 files, each file contains a chunk of data (or a part of the file system). The final product is a file system that is hardly detected (depending on the steganographic layer) that can store any kind of file in a regular file system hierarchy.

TrueCrypt allows for "hidden volumes" - two or more passwords open different volumes in the same file, but only one of the volumes contains secret data.

References

^ Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE Design Document.

External links

Original paper by Anderson, Needham, et al. -(PDF file)
A MP3 Steganographic File System Approach
MagikFS - The Steganographic FileSystem
StegFS - A Steganographic File System Without Data Losing Problems
StegHide - Hiding Data Accesses in Steganographic File Systems
Xuan Zhou's Ph.D. Thesis on Steganographic File System

[1] Poul-Henning Kamp. "GBDE - GEOM Based Disk Encryption" (PDF). GBDE Design Document.

[1]

Advantage

Criticisms

Other methods

See also

References

External links