Boffins devise way to hide secret data on hard drives
Technique evades forensics investigations
Computer scientists have developed software that hides sensitive data on hard drive, without the use of encryption, by controlling the precise disk locations containing the file's data fragments.
The application, which the academic researchers said they would release as open-source software, makes use of steganography, or the ancient art of hiding secret information in plain sight. The technique has long been employed to keep sensitive data out of the hands of adversaries. The use of encryption, by contrast, is easy to detect, tipping off adversaries that a hard drive or other piece of media contains information considered secret.
The software ensures that individual disk clusters that store the sensitive data fragments are positioned in a way predetermined by their code. A person who later wants to read the secret information uses the same application to reassemble the file. The inventors said their method makes it possible to stealthily store a 20-megabyte message on a 160-gigabyte portable hard drive.
“We have presented a novel data security mechanism, a filesystem-based covert channel which allows a user to evade disk forensics by securely hiding data in a removable or permanent mass storage device,” the researchers wrote in their paper, titled Designing a cluster-based covert channel to evade disk investigation and forensics. “Information is hidden in a manner such that an investigator is unable to positively prove the existence of hidden data.”
The researchers, from the University of Southern California in Los Angeles and the National University of Science and Technology in Islamabad, Pakistan, said the technique may cause only small performance degradations. In some cases, the approach requires the data to be hidden through the use of a secret shared between the sender and recipient. ®
"if you encrypt, then you obviously must be up to no good"
Ah, so that's why they're always losing un-encrypted data!
Thats not how the hidden volumes work. When you mount the outer "safe" volume you see the WHOLE of the encrypted space. So this means the oute volume + hidden volume. You have thresholds between the two where you can store files, once you go over the size of the outer volume you overwrite the hidden volume and break it.
Unless you mount the hidden volume you cannot see it. It is just a block of encrypted data that is contained within the outer volume.
This ain't new ... it's basically a variation of something like "first letter of every word spells out the real message" ... or "third letter on every odd page in book" etc .... plenty of prior art.