• PDF / 2,403,465 Bytes
• 17 Pages / 430 x 660 pts Page_size
• 106 Downloads / 254 Views

DOWNLOAD

REPORT

Abstract. A continuously-observable steganographic file system allows to remotely store user files on a raw storage device; the security goal is to offer plausible deniability even when the raw storage device is continuously monitored by an attacker. Zhou, Pang and Tan have proposed such a system in [7] with a claim of provable security against traffic analysis. In this paper, we disprove their claims by presenting traffic analysis attacks on the file update algorithm of Zhou et al. Our attacks are highly effective in detecting file updates and revealing the existence and location of files. For multi-block files, we show that two updates are sufficient to discover the file. One-block files accessed a sufficient number of times can also be revealed. Our results suggest that simple randomization techniques are not sufficient to protect steganographic file systems from traffic analysis attacks.

1

Introduction

The goal of a steganographic file system is to protect the user from compulsion attacks, where the user is forced to hand over file decryption keys under the threat of legal sanctions or physical intimidation. In order to achieve this goal, the steganographic file system must conceal the files it stores, so that the user can plausibly deny their very existence. Several proposals in the literature provide plausible deniability to the user against attackers that take one or more snapshots of the raw storage. To the best of our knowledge, the proposal by Zhou et al. [7] is the only one that claims to resist attackers who can continuously monitor accesses to the storage. It relies on dummy updates and relocations of data that are supposed to conceal accesses to the hidden files. Zhou et al. [7] present two separate mechanisms for reading and updating files; we present traffic analysis attacks which are effective against the file update mechanism. Our attacks succeed in revealing the existence and location of hidden files, depriving the user of plausible deniability. We describe the theory behind the attacks, and the impact of the system’s parameters on their effectiveness. We have also simulated the attacks, and obtained empirical results that confirm our theoretical analysis. T. Furon et al. (Eds.): IH 2007, LNCS 4567, pp. 220–236, 2007. c Springer-Verlag Berlin Heidelberg 2007 

Traffic Analysis Attacks on a Continuously-Observable Steganographic FS

221

The rest of this paper is organized as follows: in Sect. 2, we summarize previous work on steganographic file systems. Section 3 describes the update algorithm of [7]. Section 4 explains theoretically how to attack the system. The empirical results of our implementation are presented in Sect. 5. We present our conclusions in Sect. 6, where we also suggest lines for future research. Finally, Appendix A shows the attack algorithms that have been used in our implementation.

2

Related Work

The concept of a steganographic file system was first proposed by Anderson, Needham and Shamir in [1] together with two implementations. The first approach consists of hiding the information in cover files such that it

Recommend Documents

File System

190 74 17MB

Bitcoin Blockchain Steganographic Analysis

213 93 39MB

SAN File System

157 78 2MB

Windows File System Troubleshooting

163 92 9MB

Shared-Disk File System

150 85 2MB

File-aware P2P traffic classification: An aid to network management

187 64 1MB

Investigation of Cyber Attacks on a Water Distribution System

142 91 39MB

File Management Based on Decision System in Human Resource Optimization

199 91 48MB

Traffic analysis

167 57 6KB

Sandbox security model for Hadoop file system

188 31 1MB

A Data-Integration Analysis on Road Emissions and Traffic Patterns

166 63 83MB

File Forgery Detection Using a Weighted Rule-Based System

192 61 23MB