Title: slackFS - resilient and persistent information hiding framework

Authors: Avinash Srinivasan; Christian Rose; Jie Wu

Addresses: Department of Cyber Science, United States Naval Academy, 597 McNair Road, Hopper Hall – Room 478, Annapolis, MD 21402, USA ' Amber Orchard Ct., Odenton, MD 21113, USA ' Department of Computer and Information Sciences, Center of Networked Computing, Temple University, SERC 362, 1925 N. 12th Street, Philadelphia, PA 19122, USA

Abstract: The ever-expanding cyberspace, driven by digital convergence, inadvertently broadens the attack surface. Savvy modern cybercriminals have embraced steganography as a key weapon. This paper introduces slackFS, a novel steganographic framework utilising file slack space for covert data concealment. Unlike prior methods focusing on individual files, slackFS hides entire filesystems, offering a structured means for data exfiltration. It ensures persistence across system reboots, robust detection resistance, portability, and minimal performance impact. Incorporating erasure-code-based fault-tolerance, slackFS enables recovery from partial loss due to accidental slack space overwriting. Prototype validation on Ubuntu 20.04 with ext4 filesystems as the cover medium and FAT16 as the hidden malicious filesystem is conducted. The study includes testing of three coding libraries and two Reed-Solomon erasure code implementations - VANDERMONDE and CAUCHY matrices - highlighting slackFS's resilience and effectiveness.

Keywords: attacker; data exfiltration; fault-tolerance; filesystem; information hiding; malicious; operating system; persistence; resilience; security; steganography.

DOI: 10.1504/IJSN.2024.140278

International Journal of Security and Networks, 2024 Vol.19 No.2, pp.77 - 91

Received: 24 Feb 2024
Accepted: 09 Mar 2024

Published online: 01 Aug 2024 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article