Hide your data, don't encrypt it

A team of boffins has come up with a new way of making sure that your sensitive data cannot be found by the dark side.

While there are those who swear by encrypting the nines out of data to prevent hackers seeing it, the problem is that it creates a big target. While you can see it, it gives something for someone to try and crack and eventually they will manage it.

Now a group of boffins has developed software  that can hide sensitive data on a hard drive without encrypting it or leaving any obvious signs that the data is present.

The system embeds secret data in existing structures on a given HDD by taking advantage of the way that file systems are designed and implemented. It breaks the file into fragments and places them individual pieces in clusters scattered around the hard drive.

The idea is the brain-child of Hassan Khan, Mobin Javed, Syed Ali Khayam and Fauzan Mirza of the University of Southern California and the National University of Science and Technology in Pakistan.

There are limits to the needle in a haystack approach. You can only store 20MB of data on a typical 160GB HDD. Not enough to hide an illegal porn collection, but good enough for most top secret documents.

The method uses a covert channel to encode the sensitive information by modifying the fragmentation patterns in the cluster distribution of an existing file. It doesn’t require storage of any additional information on the file system. Any investigator without the key cannot prove the presence of hidden information.

The authors’ system has the added advantage of allowing a user to deny that there is any hidden data on the system, as the sensitive files are not actually hidden but rather dispersed in pieces.

The research says that a cluster is chained with a consecutive cluster if the bit encountered in the message is similar to the previous bit and a cluster is chained with a non-consecutive cluster if the message bit is different from the previous message bit.

You do have to modify the starting cluster of a file in the directory entry table and the FAT structure. The method also creates a small performance degradation on a system, but not enough to be a problem.