8/13/2019 Covert Fs Presenttion

1/15

Web Based Covert File System

8/13/2019 Covert Fs Presenttion

2/15

The use of social media is growing exponentially.

Personal information is exposed at mass media scale.

Mass media and personal communication roles are hard to

separate.

Need of Legitimate and covert communication.

The Internet:Personal and Mass Media

8/13/2019 Covert Fs Presenttion

3/15

8/13/2019 Covert Fs Presenttion

4/15

Covert FS: A High Level View

1. Motivated by two applications-

Store personal data anywhere ,anytime access.

Covert communication through media sharing.

2. Plausible deniability-

Intent of hiding secret information .

Intent of sharing hidden content with other users.

Share as well as access it anytime.

3. Undetectable by service provider-

Steganalysis.

Access traffic analysis.

8/13/2019 Covert Fs Presenttion

5/15

Covert FS: A Closer View

File blocks are mapped to photos one to one.

I-node blocks stored in photos .

Photo names are user defined .Unlimited name space

Safe hiding capacity is about 10% of actual photo size.

8/13/2019 Covert Fs Presenttion

6/15

Mounting the File System

User account verification .

Mounting of Hidden File system on the local file system.

Photos containing hidden file system are maintained on local

image cache.

8/13/2019 Covert Fs Presenttion

7/15

Simple Mapping

I-nodes and data blocks identified by photo names.

Name of the photo containing root i-node maps to

special value when hashed with stegokey.

8/13/2019 Covert Fs Presenttion

8/15

Locating the Latest Allocation Map

Embed forward pointers in the

allocation mapThe name of the photo to carry the

next version of allocation map

next name

Follow the chain to retrieve the latest

allocation map.

If next name not found, current photo

contains the latest allocation map

Photos are garbage-collected in

FIFO order.

8/13/2019 Covert Fs Presenttion

9/15

Covert FS -example -

8/13/2019 Covert Fs Presenttion

10/15

Suspicious Hotspot Patterns

File access patterns may generate photo access patterns unusual to

photo sharing.

Problem: photos containing metadata are repeatedly accessed create

common photo access prefixes.

Solution: local cache for previously accessed photos

8/13/2019 Covert Fs Presenttion

11/15

Diffusing Hotspot Patterns

Introduce forward pointers for i-nodes and directories. Retrieve the most recent file and parent directory i-

nodes .

Using forward pointers if possible

Starting from the latest allocation map when

chains are lost.

8/13/2019 Covert Fs Presenttion

12/15

File Sharing and allocation Map

Selective sharing enabled by the user.

A share is subtree with a separate stego key and allocation map.

Stego keys are stored in the directory i-node of the share or

inherited from the parent i-node.

8/13/2019 Covert Fs Presenttion

13/15

Media Service Adversary Action-

Transforming Photos

Media service can apply transformations to photos

Renaming PhotosMedia service can provide its own names when photos are

uploaded

Limiting Network TrafficMedia Service can limit the number of photos that can

be uploaded or downloaded in a given window of time

8/13/2019 Covert Fs Presenttion

14/15

8/13/2019 Covert Fs Presenttion

15/15