轻量级文件隐藏技术
|
摘要
在当今这样一个信息和网络化的社会里,各种大容量存储设备也已经广泛地应用于社会的各个领域,如政府机关、学校学术机构、商业公司、个人用户等。对于不同计算机用户,尤其是前三类计算机用户,存储介质中保存的重要数据信息的保密性是最为关心的问题。一旦存有重要数据的存储设备丢失、被盗窃,如何最大程度的阻止试图读取这些设备的非法用户获取核心保密数据是现代存储技术所最为注重的课题之一。
众多主流文件系统中,NTFS文件系统(New Technology File System新技术文件系统)随着新一代微软视窗操作系统的普及而被广泛应用于绝大部分的个人电脑上。本文将介绍一种NTFS文件系统上的数据隐藏方法,该方法利用NTFS文件系统的数据组织结构特性,通过适当修改该文件系统的数据块指针,从而在保证不影响本地文件系统性能,数据可靠性的前提下,提出一种时间和空间效率皆最优的数据隐藏方法。同时本文还将介绍一种轻量级数据块随机置换的方法,结合上述数据隐藏方法,将最大程度的保护用户敏感数据的同时不会产生太多的系统运算开销。
Mess storage devices permeate in our modern society, such as government, academic organization, business area and individuals. To various computer users, especially the first three, security and safety of the sensitive data stored on the storage media is the key issue. After loss of devices with important data, the way to protect sensitive data against aggression from illegal user is gaining more and more concern in modern storage technology field.
Among various mainstream file system, NTFS (New Technology File System) is widely equipped on personal computer because of popularity of Microsoft Windows Operation system. This paper will introduce a new data concealment scheme based on NTFS. This method takes advantage of the way NTFS organizes files. Combining random data scrambling algorithm with tiny modification on data block points of the file system, a new data concealment scheme is proposed which has optimized time and space efficiency. Hence, this scheme provides strong sensitive data protection ability while only occurs little computation penalty.
众多主流文件系统中,NTFS文件系统(New Technology File System新技术文件系统)随着新一代微软视窗操作系统的普及而被广泛应用于绝大部分的个人电脑上。本文将介绍一种NTFS文件系统上的数据隐藏方法,该方法利用NTFS文件系统的数据组织结构特性,通过适当修改该文件系统的数据块指针,从而在保证不影响本地文件系统性能,数据可靠性的前提下,提出一种时间和空间效率皆最优的数据隐藏方法。同时本文还将介绍一种轻量级数据块随机置换的方法,结合上述数据隐藏方法,将最大程度的保护用户敏感数据的同时不会产生太多的系统运算开销。
Mess storage devices permeate in our modern society, such as government, academic organization, business area and individuals. To various computer users, especially the first three, security and safety of the sensitive data stored on the storage media is the key issue. After loss of devices with important data, the way to protect sensitive data against aggression from illegal user is gaining more and more concern in modern storage technology field.
Among various mainstream file system, NTFS (New Technology File System) is widely equipped on personal computer because of popularity of Microsoft Windows Operation system. This paper will introduce a new data concealment scheme based on NTFS. This method takes advantage of the way NTFS organizes files. Combining random data scrambling algorithm with tiny modification on data block points of the file system, a new data concealment scheme is proposed which has optimized time and space efficiency. Hence, this scheme provides strong sensitive data protection ability while only occurs little computation penalty.
引文
[1]邹恒明,有备无患:信息系统之灾难应对,机械工业出版社,2009,1月.
[2]邹恒明,计算机的心智:操作系统之哲学原理,机械工业出版社,2009,4月.
[3]休林、邹恒明,计算机系统设计与结构,电子工业出版社.
[4]钱枫、邹恒明,算法概论,机械工业出版社,2009,1月.
[5]史茜,最小侵入式数据隐藏系统的设计与实现,上海交通大学:软件工程,2008.
[6] Harlan Carvey,Windows Forensics and Incident Recovery.
[7] Brian Carrier,File System Forensic Analysis.
[8] ANDERSON, R., NEEDHAM, R., AND SHAMIR, A. The Steganographic File System. In Proceedings of the Information Hiding Workshop, April (1998), Springer.
[9] Daniel Dickerman, Advanced Data Carving.
[10] Bairavasundaram. Analyzing the effects of disk-pointer corruption. In DSN With FTCS and DCC, 2008.
[11] CZESKIS, A., HILAIRE, D., KOSCHER, K., GRIBBLE, S.,KOHNO, T., AND SCHNEIER, B. Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications. USENIX HotSec 08’(2008).
[12] HAND, S., AND ROSCOE, T. Mnemosyne: Peer-to-peer steganographic storage. In Proc. of IPTPS (2002), vol. 56, Springer.
[13] GANG, L. On the data hiding theory and multimedia content security applications. PhD thesis, New Jersey Institute of Technology, Newark, NJ, USA, 2002. Adviser-Ali N. Akansu.
[14] GARFINKEL, S. Carving contiguous and fragmented files with fast object validation. Digital investigation (1991).
[15] GRAF, F., AND WOLTHUSEN, S. A Capability-Based Transparent Cryptographic File System. In Proceedings of the 2005 International Conference on Cyberworlds (2005), IEEE Computer Society Washington, DC, USA, pp. 101–108.
[16] S.L. Garfinkel. Carving contiguous and fragmentedˉles with fast objectvalidation. Digital investigation, 1991.
[17] NTFS.com. NTFS.com, http://www.ntfs.com.
[18] NTFS-3G, http://www.tuxera.com/community/ntfs-3g-download/.
[19] Crypto Plus Plus, www.cryptopp.com.
[20] Mark Russinovich, Inside Win2K NTFS, Part 1, Microsoft Developer Network. http://msdn2.microsoft.com/en-us/library/ms995846.aspx. Retrieved 2008-04-18.
[21] Custer, Helen (1994). Inside the Windows NT File System. Microsoft Press.
[22] Nagar, Rajeev (1997). Windows NT File System Internals: A Developer's Guide. O'Reilly.
[23] HARTUNG, F., AND GIROD, B. Digital watermarking of raw and compressed video. In Proc. European EOS/SPIE Symposium on Advanced Imaging and Network Technologies (1996), vol. 2952, pp. 205–213.
[24] KUKOL, P., AND GRAY, J. Sequential File Programming Patterns and Performance with .NET. Arxiv preprint cs.PF/0502012 (2005).
[25] LIU, T., AND TSAI, W. A New Steganographic Method for Data Hiding in Microsoft Word Documents by a Change Tracking Technique. Information Forensics and Security, IEEE Transactions on 2, 1 (2007), 24–30.
[26] MCDONALD, A., AND KUHN, M. StegFS: A Steganographic File System for Linux. LECTURE NOTES IN COMPUTER SCIENCE (2000), 463–471.
[27] MICROSOFT CORPORATION. Encrypting file system (efs) for windows 2000. http://www.microsoft.com/windows2000/techinfo/.
[28] MICROSOFT HELP AND SUPPORT. How to Cause ScanDisk for Windows to Retest Bad Clusters. http://support.microsoft.com/?kbid=127055.
[29] NI, Z. Image data hiding. PhD thesis, NEW JERSEY INSTITUTE OF TECHNOLOGY, 2005.
[30] PANG, H., TAN, K., AND ZHOU, X. StegFS: a steganographic file system. In Data Engineering, 2003. Proceedings. 19th International Conference on (2003), pp. 657–667.
[31] PGPI PROJECT GROUP. Pgpdisk. http://www.pgpi.org/products/pgpdisk/.
[32] ROGAWAY, P. Efficient instantiations of tweakable blockciphers and remnements to modes OCB and PMAC. In ASIACRYPT (2004), Springer, pp. 16–31.
[33] TRUECRYPT FOUNDATION. Turecrypt - free open-source on-the-fly disk encryption software. http://www.truecrypt.org.
[34] VMWARE INC. Vmware official site. http://www.vmware.com.
[35] WENGUANG. Wenguang’s introduction to universal disk format. http://homepage.mac.com/wenguangwang/ myhome/udf.html.
[36]高伟,磁盘数据安全保护技术研究,上海交通大学:计算机系统结构,2008.
[37]王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003,Vol.14,No .9.
[38]涂平,论网络个人数据隐私权的保护,上海交通大学:法律,2007.
[39]杨秀清,基于磁盘分区数据恢复技术的研究,国防科学技术大学:电子与通信工程,2007.
[40]郭云彪,信息隐藏的安全性研究,解放军信息工程大学:军事装备学,2006.
[41]黄步根,NTFS系统存储介质上文件操作痕迹分析,中国期刊网.
[42]赵双峰,费金龙等,Windows NTFS下数据恢复的研究与实现,计算机工程与设计,第29卷第2期.
[2]邹恒明,计算机的心智:操作系统之哲学原理,机械工业出版社,2009,4月.
[3]休林、邹恒明,计算机系统设计与结构,电子工业出版社.
[4]钱枫、邹恒明,算法概论,机械工业出版社,2009,1月.
[5]史茜,最小侵入式数据隐藏系统的设计与实现,上海交通大学:软件工程,2008.
[6] Harlan Carvey,Windows Forensics and Incident Recovery.
[7] Brian Carrier,File System Forensic Analysis.
[8] ANDERSON, R., NEEDHAM, R., AND SHAMIR, A. The Steganographic File System. In Proceedings of the Information Hiding Workshop, April (1998), Springer.
[9] Daniel Dickerman, Advanced Data Carving.
[10] Bairavasundaram. Analyzing the effects of disk-pointer corruption. In DSN With FTCS and DCC, 2008.
[11] CZESKIS, A., HILAIRE, D., KOSCHER, K., GRIBBLE, S.,KOHNO, T., AND SCHNEIER, B. Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications. USENIX HotSec 08’(2008).
[12] HAND, S., AND ROSCOE, T. Mnemosyne: Peer-to-peer steganographic storage. In Proc. of IPTPS (2002), vol. 56, Springer.
[13] GANG, L. On the data hiding theory and multimedia content security applications. PhD thesis, New Jersey Institute of Technology, Newark, NJ, USA, 2002. Adviser-Ali N. Akansu.
[14] GARFINKEL, S. Carving contiguous and fragmented files with fast object validation. Digital investigation (1991).
[15] GRAF, F., AND WOLTHUSEN, S. A Capability-Based Transparent Cryptographic File System. In Proceedings of the 2005 International Conference on Cyberworlds (2005), IEEE Computer Society Washington, DC, USA, pp. 101–108.
[16] S.L. Garfinkel. Carving contiguous and fragmentedˉles with fast objectvalidation. Digital investigation, 1991.
[17] NTFS.com. NTFS.com, http://www.ntfs.com.
[18] NTFS-3G, http://www.tuxera.com/community/ntfs-3g-download/.
[19] Crypto Plus Plus, www.cryptopp.com.
[20] Mark Russinovich, Inside Win2K NTFS, Part 1, Microsoft Developer Network. http://msdn2.microsoft.com/en-us/library/ms995846.aspx. Retrieved 2008-04-18.
[21] Custer, Helen (1994). Inside the Windows NT File System. Microsoft Press.
[22] Nagar, Rajeev (1997). Windows NT File System Internals: A Developer's Guide. O'Reilly.
[23] HARTUNG, F., AND GIROD, B. Digital watermarking of raw and compressed video. In Proc. European EOS/SPIE Symposium on Advanced Imaging and Network Technologies (1996), vol. 2952, pp. 205–213.
[24] KUKOL, P., AND GRAY, J. Sequential File Programming Patterns and Performance with .NET. Arxiv preprint cs.PF/0502012 (2005).
[25] LIU, T., AND TSAI, W. A New Steganographic Method for Data Hiding in Microsoft Word Documents by a Change Tracking Technique. Information Forensics and Security, IEEE Transactions on 2, 1 (2007), 24–30.
[26] MCDONALD, A., AND KUHN, M. StegFS: A Steganographic File System for Linux. LECTURE NOTES IN COMPUTER SCIENCE (2000), 463–471.
[27] MICROSOFT CORPORATION. Encrypting file system (efs) for windows 2000. http://www.microsoft.com/windows2000/techinfo/.
[28] MICROSOFT HELP AND SUPPORT. How to Cause ScanDisk for Windows to Retest Bad Clusters. http://support.microsoft.com/?kbid=127055.
[29] NI, Z. Image data hiding. PhD thesis, NEW JERSEY INSTITUTE OF TECHNOLOGY, 2005.
[30] PANG, H., TAN, K., AND ZHOU, X. StegFS: a steganographic file system. In Data Engineering, 2003. Proceedings. 19th International Conference on (2003), pp. 657–667.
[31] PGPI PROJECT GROUP. Pgpdisk. http://www.pgpi.org/products/pgpdisk/.
[32] ROGAWAY, P. Efficient instantiations of tweakable blockciphers and remnements to modes OCB and PMAC. In ASIACRYPT (2004), Springer, pp. 16–31.
[33] TRUECRYPT FOUNDATION. Turecrypt - free open-source on-the-fly disk encryption software. http://www.truecrypt.org.
[34] VMWARE INC. Vmware official site. http://www.vmware.com.
[35] WENGUANG. Wenguang’s introduction to universal disk format. http://homepage.mac.com/wenguangwang/ myhome/udf.html.
[36]高伟,磁盘数据安全保护技术研究,上海交通大学:计算机系统结构,2008.
[37]王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003,Vol.14,No .9.
[38]涂平,论网络个人数据隐私权的保护,上海交通大学:法律,2007.
[39]杨秀清,基于磁盘分区数据恢复技术的研究,国防科学技术大学:电子与通信工程,2007.
[40]郭云彪,信息隐藏的安全性研究,解放军信息工程大学:军事装备学,2006.
[41]黄步根,NTFS系统存储介质上文件操作痕迹分析,中国期刊网.
[42]赵双峰,费金龙等,Windows NTFS下数据恢复的研究与实现,计算机工程与设计,第29卷第2期.