KR101767104B1 - Apparatus and method of message hiding in file system - Google Patents
Apparatus and method of message hiding in file system Download PDFInfo
- Publication number
- KR101767104B1 KR101767104B1 KR1020150167956A KR20150167956A KR101767104B1 KR 101767104 B1 KR101767104 B1 KR 101767104B1 KR 1020150167956 A KR1020150167956 A KR 1020150167956A KR 20150167956 A KR20150167956 A KR 20150167956A KR 101767104 B1 KR101767104 B1 KR 101767104B1
- Authority
- KR
- South Korea
- Prior art keywords
- hidden
- file
- name
- data
- data file
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 35
- 238000012217 deletion Methods 0.000 claims abstract description 16
- 230000037430 deletion Effects 0.000 claims abstract description 16
- 230000001174 ascending effect Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 description 9
- 238000007726 management method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 229910052709 silver Inorganic materials 0.000 description 1
- 239000004332 silver Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G06F17/30076—
-
- G06F17/30123—
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
Abstract
The present invention relates to a device for hiding a message in a file system, which controls deletion of a first hidden data file in a working directory, changes the currently hidden data file to a spoofed file name, deletes the last hidden data file A hidden control unit that repeats the operation of controlling the restoration of the deleted first data file, deletes the first hidden data file, changes the name of the data file to be hidden last, and then displays the last hidden file The data file is deleted and the operation of restoring the first data file to be hidden is repeated to sequentially delete the plurality of data files to be hidden in descending order of the file names and the master file table entry related to the working directory and the plurality of hidden files Index les for data files Code, deletion of the first file, operation of changing the name of the last data file to be hidden last in the current position to the name of the camouflage file, deletion of the last data file to be hidden after the file name is changed to the camouflage file name, And a file system for controlling the list state of the master file table entry and the index record according to the restoring operation of the data file.
Description
The present invention relates to an apparatus and method for hiding a message in a file system, and more particularly, to an apparatus and method for hiding a message using a new technology file system (NTFS).
Computer and Internet users are rapidly growing due to the development of information and communication technologies such as computer technology and network infra. Such computer and internet users are the users of digital contents (digital contents) A variety of contents such as text information, images, audio, and video, which have been used in off-line media, have been generated as contents that can only be digitized or digitized.
The development of the information and communication field includes the technology to mass-replicate the digital contents described above without damaging the original and to distribute it unlimitedly. To prevent illegal copying and distribution of such digital contents, There is a growing demand for technologies for digital contents, and various illegal copying and distribution prevention techniques for digital contents are being announced.
Methods for preventing illegal copying and distribution of digital contents include a method of allowing only a legitimate user to access digital contents through a procedure called user authentication, a method of encrypting a digital content by a cryptographic process called scramble and descramble, , A method for enabling digital contents to be used only by legitimate users and authorized systems, and a method for directly tracking copyright information by inserting information on copyright directly,
Of these methods, there are DRM (Digital Rights Management) technologies that are being put to practical use or being developed so as to be executed only by legitimate users who have paid for the digital content by encrypting the digital contents.
DRM is a management method that performs license authentication for digital contents, management of copyright and authorization history, content usage right and approval execution, and settlement of content usage through an authenticated content providing environment and network infrastructure. Digital content management technology that generates digital content as an encrypted file and distributes the digital content through a portable storage device such as the Internet or a CD (compact disk), and then permits the use of the content only to legitimate users who pay a fee for the digital content.
The digital contents distributed through the DRM can be freely redistributed by the user, and the digital contents can not be used without paying the fee for using the digital contents in a process of using the digital contents.
However, a method of encrypting only a digital content file using an existing general encryption technology to prevent illegal copying can be relatively easily destroyed by an improper method, It is not possible to prevent illegal copying in a case where the digital content is redistributed together with the authentication key of the authentication key or the authentication key is stolen in an improper manner.
In order to overcome such disadvantages, there has been developed and used a technology for encrypting and inserting files or digital contents through a file management system in a computer system having a computer or a digital storage device.
SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a method and an apparatus for managing an NTFS file system, .
A device for hiding messages in a file system according to an aspect of the present invention controls deletion of a first hidden data file among a plurality of hidden data files stored in a working directory, A hidden control unit which controls deletion of the currently hidden data file changed to the spoofed file name and controls the restoration of the deleted first data file to be hidden, and a hidden control unit connected to the hidden control unit, The first hidden data file is deleted, the name of the currently hidden data file is changed to the spoofed file name, the currently hidden data file is deleted, and the deleted first hidden data file is restored By repeating the operation, A master file table entry (Master File Table entry) for the working directory and an index record for the plurality of data files to be hidden are generated in the order of descending order of file names, The operation to delete the last file to be hidden, the operation to delete the last hidden data file, the operation to delete the last hidden data file, the operation to delete the last hidden data file, And a file system for controlling the list state of the master file table entry and the index record.
The names of the plurality of data files to be hidden may be determined by dividing a message to be hidden by the number of set characters from the beginning to the end, sequentially dividing the hidden message into a plurality of message blocks, and assigning a head number to each message block.
The set number of characters may have a maximum of 255 characters.
The head number is assigned in ascending order according to the division order of the plurality of message blocks, and the head number of the first message block divided first among the plurality of message blocks is the earliest and the head of the last divided message block It is recommended that the order of the numbers is the slowest.
Wherein the hidden control unit controls generation of a fixed file in the working directory so that the fixed file can be created in the working directory by the file system, and the file name of the fixed file is sorted in a sort order .
The hidden control unit controls the change of the name of the data file to be hidden first to the name of the camouflaged file and the camouflage file name of the data file to be hidden when the data file to be hidden is deleted The deletion of the first hidden data file is controlled so that the file system changes the name of the first hidden data file to the spoofed file name and deletes the first hidden data file changed to the spoofed file name.
Preferably, the filename of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged filename.
In accordance with another aspect of the present invention, there is provided a method of hiding a message in a file system, the hiding control unit instructing a file system to delete a first data file to be hidden among a plurality of hidden data files stored in a working directory, Wherein the hidden control unit transmits to the file system a command to change the last hidden data file to a false file name in response to a command from the control unit, Changing a name of a data file to be hidden last according to a command of the hidden control unit to a false file name, the hidden control unit instructing the file system to delete the currently last hidden data file changed to a false file name, Silver Award Wherein the hidden control unit transmits to the file system a command to control restoration of the deleted first data file to be hidden, the file system deletes the first hidden data file Wherein the hidden control unit judges whether there is only data to be hidden in the hidden data file that is not deleted among the plurality of hidden data files, Transmitting a command for changing a name of a first data file to be hidden to a file name if the first data to be hidden is present, the file system associating the name of the first data file to be hidden with the file system Changing the name to a spoofed file name, The first hidden data file whose name is changed to the first hidden data file whose name has been changed to the first hidden data file whose name has been changed to the first hidden data file by the hidden control file, If the first data file to be hidden is not present among the plurality of data files to be hidden, the hidden control data file is deleted from among the plurality of data files to be hidden stored in the working directory, To the file system. ≪ RTI ID = 0.0 >
The method of hiding a message in a file system according to any one of the preceding claims, wherein before the step of commanding deletion of the first hidden data file to the file system, the hidden control unit stores a name of the plurality of hidden data files, Dividing the hidden message into a plurality of message blocks sequentially by dividing the message block into a plurality of message blocks, and sequentially assigning a head number to each message block by the hidden control unit.
The head numbers are preferably given in ascending order according to the division order of the plurality of message blocks.
The method according to any of the preceding claims, characterized in that after the step of assigning a head number to each message block, the concealment control unit transmits a creation command of the working directory to the file system so that the file system stores the working directory And causing the hidden control unit to generate a fixed file of a fixed file name in the working directory to the file system so that the file system creates the fixed file in the working directory can do.
It is preferable that the file name of the fixed file be preceded by the file name of the plurality of data files to be hidden.
Preferably, the filename of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged filename.
According to this characteristic, a data file to be hidden is generated by using a hidden message as a plurality of data file names to be hidden, a data file to be hidden according to a predetermined rule is deleted, a file name is changed, By leaving a trace of the data file to be hidden, the hidden message is hidden, making it difficult to search for the hidden message.
1 is a view schematically showing a structure of a general hard disk.
2 is a diagram schematically showing the structure of a general MFT entry.
3 (a) to 3 (c) are diagrams showing various examples of the structure of an MFT entry according to the number of index entries.
4 is a schematic structure of a device for hiding messages in a file system according to an embodiment of the present invention.
5 and 6 are flowcharts illustrating a method of controlling a device for hiding messages in a file system according to an embodiment of the present invention.
7 is a diagram showing an example of a message to be hidden.
FIGS. 8A and 8B sequentially illustrate the list change of the MFT entry and the index record generated by the NTFS according to the control method of the message hiding device in the file system according to the embodiment of the present invention.
9 is a diagram illustrating the structure of an index record after all data files to be hidden are deleted according to the operation of a message hiding device in a file system according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, but it should be understood that there may be other elements in between do. On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.
An apparatus and method for hiding messages in a file system according to an embodiment of the present invention will now be described with reference to the accompanying drawings.
The present invention can be applied to an index entry located in a slack space area of an index record using a B-tree structure used in an NTFS file system, which is a basic file system of a window. To store the message and to perform data hiding.
As shown in FIG. 1, generally, a user forms at least one upper folder such as 'C' drive, 'D' drive and 'E' drive in a storage device such as a hard disk, At least one subfolder is formed in the folder, and a desired file is stored in each subfolder.
The NTFS file system includes a master file table (MFT, Master File) based on a directory such as an upper folder and a lower folder formed in each corresponding drive of the storage device, Table, and the MFT has at least one MFT entry having a different address. At this time, each MFT entry has the same size and stores information and contents about the directory and files stored in the directory.
Figure 2 shows the structure of an MFT entry for a directory.
2, the structure of an MFT entry for a directory includes a $
The $
The $ FN
The
At this time, the maximum size of the
This
The $ INDEX_ROOT attribute is an attribute that acts as a root in the B-tree structure. The number of index entries stored in this $ INDEX_ROOT attribute section varies depending on the length of the file name.
3 (a), when the total size of a plurality of index entries (IE # 1, IE # 2, IE # 3) stored in the directory is all stored in the
Accordingly, in this case, the
The index entries (IE # 1,
3 (b), the total size of the index entries (
FIG. 3B shows a case where one index record (Index Record # 1) is generated. However, when the total size of a plurality of index entries stored in the corresponding MFT entry exceeds 4K bytes, two index records are generated The index entries stored in each index record are stored in the ascending order of the file names.
As shown in FIG. 3B, when at least one index record (Index record # 1) is generated, the MFT
The $ INDEX_ALLOC
3B, the cluster number indicating the
When an index record is generated as shown in FIG. 3 (b), the index entry is not stored in the
3C shows a structure of an MFT entry showing a case where a number of files stored in a corresponding directory, that is, the number of index entries, increases to require a plurality of index records.
There are two index entries (
The pointer between the two index entries (
In the second index record (Index Record # 2), five index entries (IE # 21-IE # 25) are stored, and in the third index record (Index Record # , IE # 28) are stored in the fourth index record (Index # 2), and four index entries (IE # 210-IE # 214) are stored in the fourth index record (Index Record # 4).
In some cases, an index record may not have an index entry recorded. For example, if only a folder is formed and no file is stored in the formed folder, the index record stored in the index record corresponding to the folder does not exist and the corresponding index record is empty.
For example, if the number of index entries increases and the number of index entries increases to exceed the capacity of one index record, the number of index entries is allocated to a new index record After half-way store, the intermediate index record is stored in the $ INDEX-ROOT attribute and the index entry is added to the corresponding index record (that is, the index record located on the left or the index record located on the right centered on the intermediate index record) It functions as a key value for storing.
The bitmap storage unit 134 formed in the
Thus, the file system (i.e., the NTFS file system) uses information stored in the bitmap storage unit 134 (i.e., 1 or 0) to determine whether an index entry exists in the index record.
In this manner, the NTFS file system changes corresponding MFT structure and information according to operations such as creation and deletion of a directory, file storage and deletion of a corresponding directory, and the like.
Next, an apparatus for hiding messages in a file system according to an embodiment of the present invention will be described with reference to FIG.
An
The input unit 100 may be a keyboard, a mouse, or the like.
The
The
Therefore, the retrieval of the hidden data file using the explorer or the like is not performed by such a deletion operation. However, as described above, since there are traces of all hidden data files, the hidden message is securely present in the index entry.
As described above, the
The
Next, with reference to FIG. 5 to FIG. 8B, the operation of a device for hiding messages in a file system having such a structure will be described.
First, when the operation of the apparatus for hiding data in the index record of the NTFS file system according to the present example is started, the operations of the hidden
Accordingly, when the user inputs the name of the working directory, which is a directory to execute a job to be hidden, and a message to be hidden (i.e., data to be hidden) (MESS) using the
In this case, the hidden message MESS may be a file stored in the designated path through the
Next, the
At this time, the number of characters to be set is set by the user through the
The divided message blocks may all have the same number of characters or different number of characters. For example, if a set number of characters is set, the number of characters of the remaining message blocks except for the last message block is the same, and the number of characters of the last message block may be equal to or different from the number of characters of other message blocks.
In addition, when a plurality of setting characters are set so as to have different numbers of characters, there may be a plurality of message blocks in which the number of characters of all the message blocks is different or the number of characters is different.
For example, when a hidden message (MESS) as shown in FIG. 7 is input to the
Next, the
At this time, the head number may be already set in the
Since the head number is given in the ascending order according to the division order divided by the number of characters determined from the beginning of the message to be hidden, a data file to be hidden, which has a file name of a message to be partially hidden, corresponding to a message block divided in the entire message to be hidden The sorting order of the messages is sorted according to the order of the messages to be hidden.
As a result, the sorting order of the data files to be hidden in the MFT entry and index records, that is, the names of the data files to be hidden, is also sorted in ascending order.
In this case, the ascending order is in the order of ASCII (American Standard Code Information Interchange) code.
In the case of FIG. 7, the message blocks MB1, MB2, MB3, MB4 and MB5 are arranged in the order of MB1? MB2? MB3? MB4? MB5 from the contents corresponding to the first part of the message The head number of the earliest sequence is given to the first message block MB1 and the head number of the earliest sequence is assigned to the fifth message block MB5 among the five message blocks MB1 to MB5 do.
Then, the
Accordingly, the
Next, the
An example of the name of a fixed file (FF1) is '$ filxedFile.txt', and this fixed file (FF1) is always present in the working directory.
Generally, since there is more than one file in the directory, the allocation of the index record corresponding to the directory is maintained, so that the fixed file (FF1) is required so that the allocation of the index record corresponding to the working directory is maintained.
The fixed file FF1 is given a sequence name that is earlier than the head number given to the message blocks MB1-MB5 so as to be located at the first position (i.e., the topmost position) in the index record corresponding to the working directory.
When the generation command of the fixed file FF1 is transferred to the
When the fixed file FF1 is created in the working directory, the
At this time, the
In the case of this example, the
At this time, the dummy part is made up of characters or symbols of meaningless contents, is already set by the user and stored in the
As a result, the name of the first data file to hide is different from the name of the other data file to hide, and includes a dummy part in addition to the head number and the hidden message, and the dummy part can be located between the head number and the hidden message.
The
The first to fifth hidden data files generated based on the hidden message (MESS) shown in FIG. 7 are '01The Road Not Taken ~', '02nd be one tray ~', '03in the undergrow ~ took the other ~ 'and' 05ecuse it was grassy ~ '.
As described above, when the creation of the working directory for encryption of the message to be hidden (MESS), the creation of the fixed file (FF1) and the hidden data file stored in the working directory are completed, the file system (130) Creates an MFT entry, and creates an index record (Index record # 21) for the data file to be hidden.
In the MFT entry, the numbers 500-507 are the address number (i.e., the cluster number).
When the data file to be hidden is generated, the
Next, with reference to FIG. 6, the hidden processing operation will be described in more detail.
In FIGS. 8A and 8B, for convenience of illustration, the name of each data file (CRYF1-CRYF5) to be hidden having a part of the content of the message to be hidden as a file name is changed to message01.txt, message02. txt, message03.txt, message04.txt, and message05.txt, respectively.
6, when the control step of the hidden
Accordingly, the
By deleting the first data file to be hidden (CRYF1), the first hidden data file (CRYF1) is also deleted from the list of MFT entries as shown in FIG. 8A.
When the first data file to be hidden (CRYF1) is deleted, the
As described above, since the first data file (CRYF1) to be hidden is deleted from the index record (Index record # 21), the description position of the fifth hidden data file (CRYF5) located at the end of the index record A trace of the fifth data file (CRYF5) to be hidden is stored in the corresponding position of the index record (Index record # 21) in which the data file (CRYF5) to be hidden at the beginning is moved to the initial position of the data file (Fig. 8A).
However, the state of the MFT entry according to the sorting of the data files (CRYF2-CRYF5) to be hidden is not changed.
Next, the
The disguised file name (disguised05.txt) is predetermined by the user through the
Accordingly, the
By changing the file name of the fifth hidden data file CRYF5, the name of the fifth hidden data file CRYF5 from the list of the MFT entry and the
Next, the
Therefore, the
The data file (CRYF5) to be hidden is deleted from the corresponding index record (Index record # 21) and the MFT entry by the deletion operation of the fifth hidden data file (CRYF5) as shown in FIG. 8A.
Next, the
Accordingly, the
By restoring the first hidden data file CRYF1, the list of the first hidden data file CRYF1 is restored from the list of the MFT entry and the index record (Index record # 21), and the MFT entry and the index record # 21) is performed (Fig. 8A).
Therefore, the hidden data files CRYF1-CRYF4 existing in the MFT entry and the index record (Index record # 21) are positioned immediately after the fixed file (FF1) in order from the first data file (CRYF1) to be hidden.
The position of the second hidden data file (CRYF4) positioned at the end of the data files (CRYF1-CRYF4) currently hidden by the restore operation of the first data file (CRYF1) to be hidden is returned to the position where the first data file do.
As described above, when restoration of the data file (CRYF1) to be hidden first after deletion of the data file (CRYF5) currently hidden at the end of the plurality of data files (CRYF1-CRYF5) to be hidden is performed, the hidden control section (120) In step S175, it is determined whether only the data file to be hidden first exists among the data files to be hidden (CRYF1 to CRYF5).
Since only one data file (CRYF5) is deleted from the data files (CRYF1-CRFY5) to be hidden from the order of the head numbers of all the five currently hidden data files, the remaining data files to be hidden are the first to fourth data files (CRYF1- CRYF4).
Therefore, since there is not only the first data file to be hidden (CRYF1) (S175), in this case, the operation of the hidden
In other words, delete the first file (CRYF11) → Change the name of the second hidden data file located at the end to the name of the spoofed file → Delete the last hidden data file (CRYF4) after the file name is changed to the spoofed file name → Delete the first hidden data file (CRYF1) are sequentially executed to delete the data file (CRYF4) to be hidden at the last position among the currently held hidden data files (CRYF1 to CRYF4).
Therefore, this operation is repeated to sequentially delete all data files (CRYF4-CRYF2) except for the first data file (CRYF1) to be hidden among the plurality of generated data files (CRYF1-CRYF5) to be hidden in descending order.
If the data files (CRYF5-CRYF2) to be hidden except for the first data file (CRYF1) to be hidden are deleted (FIG. 8B), the fifth through 2 The list of the data files to be hidden (CRYF5-CRYF2) is deleted in order, but the trace for the deleted data files (CRYF5-CRYF2) still exists at the corresponding position in the index record (Index record # 21).
However, as shown in FIG. 8B, when only the data file (CRYF1) to be hidden, which is the first data file to be hidden, exists in the currently hidden data file (S175), the cryptographic control unit (120) The file name of the data file (CRYF1) to be hidden, which is the data file, is changed to the camouflage file name (S176).
Next, the
The list of the MFT entry and the corresponding index record (Index record # 21) is shown in FIG. 8B by the process on the first hidden data file (CRYF1).
A part of the file name of the data file (CRYF1) to be first hidden is changed to the file name of the camouflage, and a part of the file name of the data file (CRYF1) to be hidden is superimposed on the camouflage file name, Part of the message may be lost.
However, when determining the name of the first data file to be hidden (CRYF1) as described above, a dummy portion is added based on the length of the camouflaged file name in the portion where the loss of the hidden message occurs, so that the name of the data file . In this example, the length of the camouflage filename is set to be much shorter than the length of the filename of the hidden data files, which is determined based on the message to be hidden (MESS).
Therefore, when the first data file to be hidden (CRYF1) is changed to the camouflage file name, the camouflage file name is superimposed on the dummy portion of the data file (CRYF1) to be hidden first and the first hidden data file (CRYF1) changed to the camouflage file name is deleted , The hidden message part allocated to the file name of the first data file to be hidden (CRYF1) is present without being lost.
9, the first part AR11 corresponds to the file name of the fixed file FF1, the second part AR11 corresponds to the file name of the first hidden data file CRYF1, (AR13) is a part of the file name of the first hidden data file (CRYF1) that is overwritten with a camouflage filename and is lost, that is, a dummy portion.
When the first data file (CRYF1) to be hidden is deleted through this operation, only the fixed file (FF1) remains in the list existing in the MFT entry and the index record (Index record # 21).
Therefore, even if a third party that is not involved in the encryption operation of the message to be hidden does not participate in the encryption operation but searches the working directory through the search operation using the Windows file explorer, all the hidden data files (CRYF1 -CRYF5) are all deleted, the data files (CRYF1-CRYF5) to be hidden are not retrieved, and as a result, the hidden message (MESS) is not found.
However, the user can retrieve all the hidden data files and restore the hidden messages by using the traces for all the hidden data files (CRYF1-CRYF5) in the index record (Index record # 21).
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.
110: input unit 120: hidden control unit
130: File system 140: Storage unit
FF1: Fixed file MESS: Hide message
CRYF1-CRYF5: Data file to hide Index record # 21: Index record
Claims (13)
Wherein the first hidden data file is deleted, the name of the last hidden data file is changed to a spoofed file name, and the last hidden data file is deleted under the control of the hidden control unit, The master file table entry (Master File Table entry) relating to the working directory and the plurality of hidden data files (master file table entry) relating to the working directory are sequentially deleted in descending order of the filenames, An operation to delete the first file, an operation to change the name of the last hidden data file located at the end to the file name of the camouflage file, an operation to change the file name of the last hidden data file Delete action and restore the first hidden data file According to the file operation system for controlling the status of the list of the master file table entry and the index record; includes,
The names of the plurality of data files to be hidden are divided into a plurality of message blocks sequentially by dividing a message to be hidden from the beginning to the end by the number of set characters and then a head number is assigned to each message block, Hiding device.
Wherein the set character count is 255 characters.
The head number is assigned in ascending order according to the division order of the plurality of message blocks, and the head number of the first message block divided first among the plurality of message blocks is the earliest and the head of the last divided message block A device that hides messages in the file system with the lowest order of numbers.
Wherein the hidden control unit controls generation of a fixed file in the working directory so that the fixed file can be created in the working directory by the file system, and the file name of the fixed file is sorted in a sort order A device that hides messages in the preceding file system.
The hidden control unit,
When only the first data file to be hidden is left and the remaining data files to be hidden are deleted from the plurality of data files to be hidden, the change of the name of the data file to be hidden first to the file name of the first file to be hidden is controlled, The deletion of the data file to be hidden is controlled so that the file system changes the name of the first data file to be hidden to the file name of the first hidden file and deletes the first hidden data file changed to the file name of the false file.
Wherein the file name of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged file name.
The file system deleting the first hidden data file according to a command of the hidden control unit;
The hidden control unit transmits to the file system a command to change the last hidden data file to a false file name;
Changing the name of a data file to be hidden last in accordance with a command of the hidden control unit to a false file name;
The hidden control unit instructing the file system to delete the last hidden data file changed to a spoofed file name;
The file system deleting the last hidden data file;
Transmitting a command to the file system to control restoration of the first data file to be hidden;
The file system restoring the deleted first data file;
The hidden control unit may include a step of determining whether only data to be hidden first exists in a hidden data file that is not deleted among a plurality of hidden data files;
Transmitting, to the file system, a command for changing a name of a first data file to be hidden to a file name of a spoofed file if there is only data to be hidden in the first hidden data file of the plurality of hidden data files;
Changing the name of a first data file to be hidden according to a command of the hidden control unit to a false file name;
Wherein the hidden control unit transmits to the file system an instruction to delete the first hidden data file whose name is changed to a false file name;
Wherein the file system deletes the first hidden data file whose name is changed to a file name according to a command of the hidden control unit; And
Wherein the hidden control unit deletes the first hidden data file among the plurality of hidden data files stored in the working directory to a file system if the data to be hidden is not present among the plurality of hidden data files And returning to the commanding step.
Wherein the hidden control unit divides the name of the plurality of hidden data files by the number of the set characters from the first to the last before instructing deletion of the first hidden data file to the file system, Sequentially dividing into message blocks; And
And the hidden control unit assigns a head number to each message block.
Wherein the head number is assigned in ascending order according to the order of division of the plurality of message blocks.
After the step of assigning a head number to each message block, the hidden control unit sends a creation command of the working directory to the file system so that the file system brings the working directory into the storage unit; And
Wherein the hidden control unit sends a command for generating a fixed file having a file name defined in the working directory to the file system so that the file system creates the fixed file in the working directory. .
Wherein the file name of the fixed file is preceded by the file name of the plurality of data files to be hidden.
Wherein the file name of the first data file to be hidden is additionally assigned with a dummy portion whose length is determined based on the length of the camouflage file name.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150167956A KR101767104B1 (en) | 2015-11-27 | 2015-11-27 | Apparatus and method of message hiding in file system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150167956A KR101767104B1 (en) | 2015-11-27 | 2015-11-27 | Apparatus and method of message hiding in file system |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20170062307A KR20170062307A (en) | 2017-06-07 |
KR101767104B1 true KR101767104B1 (en) | 2017-08-10 |
Family
ID=59223873
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150167956A KR101767104B1 (en) | 2015-11-27 | 2015-11-27 | Apparatus and method of message hiding in file system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101767104B1 (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101966032B1 (en) * | 2019-01-07 | 2019-04-04 | 동양대학교 산학협력단 | Data hiding method by modifying directory information |
KR102395564B1 (en) * | 2020-02-13 | 2022-05-10 | 주식회사 루닛 | Device for Prospective Preprocessing Data and Method thereof |
KR102408150B1 (en) * | 2020-02-29 | 2022-06-10 | 동양대학교 산학협력단 | Disk Allocation Method for Manipulating Cluster Fragmentation |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100714709B1 (en) | 2006-01-11 | 2007-05-04 | 삼성전자주식회사 | Apparatus and method for managing hidden areas |
-
2015
- 2015-11-27 KR KR1020150167956A patent/KR101767104B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100714709B1 (en) | 2006-01-11 | 2007-05-04 | 삼성전자주식회사 | Apparatus and method for managing hidden areas |
Non-Patent Citations (2)
Title |
---|
NTFS 파일 시스템의 $LogFile의 로그 데이터에 연관된 컴퓨터 포렌식 대상 파일을 찾기 위한 방법, 전자공학회 논문지 제49권 CI편 제4호, 2012.07.30. pp.1-8 |
XMS 파일 시스템 내의 삭제된 파일 복구 기법 연구, 정보보호학회 논문지 제24권 제5호, 2014.10.31. pp.885-896 |
Also Published As
Publication number | Publication date |
---|---|
KR20170062307A (en) | 2017-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8533489B2 (en) | Searchable symmetric encryption with dynamic updating | |
CN105678189B (en) | Data file encryption storage and retrieval system and method | |
US8892905B2 (en) | Method and apparatus for performing selective encryption/decryption in a data storage system | |
JP5963936B2 (en) | Server device, secret search program, recording medium, and secret search system | |
US8196208B2 (en) | Method and apparatus for creating and applying secure file identifier of rights object by using random numbers | |
US6249866B1 (en) | Encrypting file system and method | |
US6757699B2 (en) | Method and system for fragmenting and reconstituting data | |
US20030191938A1 (en) | Computer security system and method | |
CN110352413B (en) | Policy-based real-time data file access control method and system | |
US20100218001A1 (en) | Method for Managing Keys and/or Rights Objects | |
CN104331408A (en) | Chunk-level client side encryption in hierarchical content addressable storage systems | |
JP5392439B2 (en) | ENCRYPTION SEARCH DATABASE DEVICE, ENCRYPTION SEARCH DATA ADDITION / DELETE METHOD AND ADDITION / DELETE PROGRAM | |
CN104794024A (en) | Data recovery method | |
WO2012063755A1 (en) | Distributed archive system, data archive device, and data restoring device | |
GB2567146A (en) | Method and system for secure storage of digital data | |
US7152693B2 (en) | Password security utility | |
WO2013109504A1 (en) | System and method for secure erase in copy-on-write file systems | |
KR101767104B1 (en) | Apparatus and method of message hiding in file system | |
US20200042497A1 (en) | Distributed ledger system | |
CN104751076A (en) | Method for recovering disk data | |
US20130024698A1 (en) | Digital content management system, device, program and method | |
WO2014141802A1 (en) | Information processing device, information processing system, information processing method, and program | |
CN111581647B (en) | File encryption and decryption method and device | |
KR100678893B1 (en) | Method and apparatus for searching rights objects stored in portable storage device using object identifier | |
JP2007316944A (en) | Data processor, data processing method and data processing program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |