The Steganographic Filesystem
The concept of a steganographic filesystem was put forward by in the paper ‘The Steganographic Filesystem’ by Ross Anderson, Roger Needham and Adi Shamir. What’s available today as “secure” filesystems are encrypted and cryptographic filesystems or normal filesystems that support encryption or cryptography. But even then, are these file completely secure? Even though it is encrypted, whoever takes a look at the filesystem can see these files but cannot read them because they are encrypted. So this means an intruder knows the name and location of the file and guess how valuable or sensitive the information is. Once he gets the password right, (he may obtain it illegally or torture the user to give up the password), the whole file is revealed and thus the sensitive information is revealed!
The steganographic filesystem on the other hand goes one step further and does not even show the existence of protected or sensitive information. The presence of these hidden files not revealed even when raw sectors of the hard disc are accessed. You can plausibly deny the existence of sensitive files on your hard disc. In fact you can store your valuable information in a computer placed among a group of computers (eg: internet café) so that it even more difficult for the intruder to get anywhere near your protected data.
Magikfs is such a kind of steganographic filesystem implementing plausible deniability features that make your sensitive data non existent in this world to others and so provide maximum security to your data.
Phases of the Project
We have divided the whole project into 3 phases of development
III. Moving it to kernel space.
Magikfs is designed to run over the ext2/ext3 filesystem partition. As we had mentioned earlier the basic structure and working of these filesystems are not disturbed but only extra steganographic features are added and existing data on the filesystem is not harmed too. The superblocks, inodes, group descriptors etc all remain same as that of the ext2/3 filesystems. Then where do the differences come in? The following paragraph describes the differences.
Although deletion is implemented in ext2/3 filesystems, its not destructive which means the data can be later recovered at a later time by an intruder if he wants to. The normal deletion is done just by removing the directory entry and the inode entries and then updating the superblocks and group descriptors, nothing is done to the data as such. But Magikfs goes one step further and fills the blocks occupied by the file with random values, i.e. It actually removes ALL of the data that had been part of the file so that it can NEVER be recovered. Normal deletion is also possible in magikfs.