Steganographic information hiding that exploits a novel file system vulnerability
by Avinash Srinivasan; Satish Kolli; Jie Wu
International Journal of Security and Networks (IJSN), Vol. 8, No. 2, 2013

Abstract: In this paper, we present DupeFile, a simple yet critical security vulnerability in numerous file systems. By exploiting DupeFile, adversary can store two or more files with the same name/path, with different contents, inside the same volume. Consequently, data-exfiltration exploiting DupeFile vulnerability, hereafter called DupeFile Hiding, becomes simple and easy to execute. In DupeFile Hiding, a known good file is chosen, whose name serves as the cover for hiding the malicious file. Hence we classify DupeFile Hiding as a steganography technique. This vulnerability can also be exploited for legitimate applications - hiding product licence, DRM, etc. DupeFile was first uncovered on a FAT12-formatted disk on Win-98 VM. Nonetheless, the vulnerability exists in numerous file systems, including NTFS, HFS+, and HFS+ Journaled. We have developed two tools: DupeFile Detector and DupeFile Extractor for detecting and recovering hidden files respectively. We have also developed DupeFile Creator for hiding files in legitimate applications.

Online publication date: Sun, 18-Aug-2013

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

 
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?


Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email subs@inderscience.com