Stego file system (Was: Inaccurate study)u

Richard Watts Richard.Watts at cl.cam.ac.uk
Mon, 6 Apr 1998 00:15:19 +0100 

On Mon 6 April 1998, Julian Assange
<proff@iq.org> wrote:

>>  I haven't read the paper terribly thoroughly yet, but surely another
>> way of doing this is simply to hide one or more encrypted filesystems
>> in the free block list of a standard filesystem ? (and another inside
>> that if you want another level).
>> 
>>  Given some known plaintext, there's the standard attack of searching
>> through the space of possible filesystems until you get to one which
>> gives valid information, but I don't think that's likely to be 
>> practical.
>
>It's actually far more complicated than this. Don't forget that
>magnetic drives record far, far more than you want them too. i.e
>previous over-written "layers" of information (which can be got at
>with stm techniques), relative magnetic domain leakage into unused
>areas, relative field strength surface areas, and chemical changes
>in the recording surface in response to magnetic changes (writes)
>can all be used to show that "other" areas of the drive have been
>used.

 Indeed. Sorry: I was attempting to emulate Ross's construction
rather than worry about a practical implementation, which would
obviously have to worry about this kind of thing. I'm not 
convinced that these issues are any different for hiding 
an fs in the free block area and a dedicated stego filesystem
(though you might have to constantly move non-steganographic
data around to avoid the fact that free blocks are expected not
to be accessed).

 In fact, I suspect the best attack on such a stego filesystem would
be to do a search, impound the computer for a bit, put a bit of binary
knowledge in the executable and standard compiler to leak stego key,
claim you found nothing, and then give it back to the subject. As long
as the system finds a way to leak the key (TEMPEST ?) and doesn't
reinstall all his system software (which may be difficult to do
without overwriting some of his data), you've got him. Either that or
simply break in and connect his monitor output to a narrow-band
spread-spectrum transmitter operating in the monitor's EMF noise band
:-).

>
>It's a bit unfortunate Ross didn't address this issues in the second
>half of his paper (which was otherwise pretty good). Marutukku uses
>a block-swaping/re-encrypting algorithm to prevent these kind of
>magneto-statistical attacks, but the issue is so complex to deal
>with *efficiently*, that I'm unable to prove Marutukku's effectiveness
>against such an attack. 

 True. I presume this stuff is all on http://www.underground.org ?
(that site appears to be down right now - no route to host - so I'm
afraid I can't check).

> It maybe possible that a decent STM jocky
>can say things like "there have been n writes to the portion of
>disk representing this part of the cryptographically deniable
>file-system in the last y seconds" leading to an observation like:
>"we are 67% confident that the magnetic media in question recently
>contained data not revealed by the divulged key(s)" -- not confident
>enough for beyond a reasonable doubt, but perhaps confident enough
>for continued beatings.

 Indeed: it would certainly ruin any defence on the balance of
probabilities.


Richard.