Journal of Computer Applications ›› 2016, Vol. 36 ›› Issue (4): 979-984.DOI: 10.11772/j.issn.1001-9081.2016.04.0979

Previous Articles     Next Articles

File hiding based on capacity disguise and double file system

WANG Kang, LI Qingbao   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing(Information Engineering University), Zhengzhou Henan 450001, China
  • Received:2015-09-08 Revised:2015-11-04 Online:2016-04-10 Published:2016-04-08

结合容量伪装和双文件系统的文件隐藏方法

王康, 李清宝   

  1. 数学工程与先进计算国家重点实验室(信息工程大学), 郑州 450001
  • 通讯作者: 王康
  • 作者简介:王康(1990-),男,河南夏邑人,硕士研究生,主要研究方向:网络信息安全; 李清宝(1967-),男,四川乐山人,教授,博士,主要研究方向:计算机系统结构、信息安全、可信计算。

Abstract: Concerning the poor robustness and low hiding strength of existing file hiding method based on Universal Serial Bus (USB), a new file hiding method based on capacity disguised and double file system was proposed. By analyzing the characteristics and management mechanism of Nand flash chips, the capacity disguise was achieved to deceive the host by tampering equipment capacity value in Command Status Wrap (CSW). Based on the memory management mechanism of the Flash Translation Layer (FTL), the storage area was divided into two parts including the hiding area and the common area by different marks, and a double file system was established using format function. Request for switching file system was sent by writing specific data, then it was achieved after user authentication to realize secure access to hiding areas. The experimental results and theoretical analysis show that the proposed method can achieve hiding file which is transparent to operating system, moreover, it is not affected by device operation and has better robustness and stronger hiding effect with respect to the methods based on hooking Application Programming Interface (API), modifying File Allocation Table (FAT) or encryption.

Key words: Flash Translation Layer (FTL), file hiding, File Allocation Table (FAT), double file system, authentication, capacity disguise

摘要: 针对现有基于通用串行总线(USB)移动存储设备的文件隐藏方法存在的鲁棒性差及隐藏强度低的问题,提出一种结合容量伪装和双文件系统的文件隐藏方法。在分析Nand flash芯片的特点及其管理机制的基础上,该方法通过篡改命令状态包(CSW)中的设备容量值,实现容量伪装,达到欺骗主机的目的;利用闪存转换层(FTL)存储管理机制,通过在物理块冗余区标记不同的内容把物理块分成两部分,划分隐藏区和普通区,利用格式化功能建立双文件系统;用户通过写特定数据发送切换文件系统请求,设备进行用户认证后完成文件系统切换,实现隐藏区的安全访问。理论分析和实验结果表明,该方法实现了对操作系统透明的文件隐藏;相对于挂接应用程序编程接口(API)、基于文件分配表(FAT)的修改以及加密等实现的文件隐藏方法,该方法不受系统对设备操作的影响,具有更好的鲁棒性和更高的隐藏强度。

关键词: 闪存转换层, 文件隐藏, 文件分配表, 双文件系统, 身份认证, 容量伪装

CLC Number: