KR101767104B1 - Apparatus and method of message hiding in file system - Google Patents

Apparatus and method of message hiding in file system Download PDF

Info

Publication number
KR101767104B1
KR101767104B1 KR1020150167956A KR20150167956A KR101767104B1 KR 101767104 B1 KR101767104 B1 KR 101767104B1 KR 1020150167956 A KR1020150167956 A KR 1020150167956A KR 20150167956 A KR20150167956 A KR 20150167956A KR 101767104 B1 KR101767104 B1 KR 101767104B1
Authority
KR
South Korea
Prior art keywords
hidden
file
name
data
data file
Prior art date
Application number
KR1020150167956A
Other languages
Korean (ko)
Other versions
KR20170062307A (en
Inventor
조규상
Original Assignee
동양대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 동양대학교 산학협력단 filed Critical 동양대학교 산학협력단
Priority to KR1020150167956A priority Critical patent/KR101767104B1/en
Publication of KR20170062307A publication Critical patent/KR20170062307A/en
Application granted granted Critical
Publication of KR101767104B1 publication Critical patent/KR101767104B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F17/30076
    • G06F17/30123
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Abstract

The present invention relates to a device for hiding a message in a file system, which controls deletion of a first hidden data file in a working directory, changes the currently hidden data file to a spoofed file name, deletes the last hidden data file A hidden control unit that repeats the operation of controlling the restoration of the deleted first data file, deletes the first hidden data file, changes the name of the data file to be hidden last, and then displays the last hidden file The data file is deleted and the operation of restoring the first data file to be hidden is repeated to sequentially delete the plurality of data files to be hidden in descending order of the file names and the master file table entry related to the working directory and the plurality of hidden files Index les for data files Code, deletion of the first file, operation of changing the name of the last data file to be hidden last in the current position to the name of the camouflage file, deletion of the last data file to be hidden after the file name is changed to the camouflage file name, And a file system for controlling the list state of the master file table entry and the index record according to the restoring operation of the data file.

Description

[0001] APPARATUS AND METHOD OF MESSAGE HIDING IN FILE SYSTEM [0002]

The present invention relates to an apparatus and method for hiding a message in a file system, and more particularly, to an apparatus and method for hiding a message using a new technology file system (NTFS).

Computer and Internet users are rapidly growing due to the development of information and communication technologies such as computer technology and network infra. Such computer and internet users are the users of digital contents (digital contents) A variety of contents such as text information, images, audio, and video, which have been used in off-line media, have been generated as contents that can only be digitized or digitized.

The development of the information and communication field includes the technology to mass-replicate the digital contents described above without damaging the original and to distribute it unlimitedly. To prevent illegal copying and distribution of such digital contents, There is a growing demand for technologies for digital contents, and various illegal copying and distribution prevention techniques for digital contents are being announced.

Methods for preventing illegal copying and distribution of digital contents include a method of allowing only a legitimate user to access digital contents through a procedure called user authentication, a method of encrypting a digital content by a cryptographic process called scramble and descramble, , A method for enabling digital contents to be used only by legitimate users and authorized systems, and a method for directly tracking copyright information by inserting information on copyright directly,

Of these methods, there are DRM (Digital Rights Management) technologies that are being put to practical use or being developed so as to be executed only by legitimate users who have paid for the digital content by encrypting the digital contents.

 DRM is a management method that performs license authentication for digital contents, management of copyright and authorization history, content usage right and approval execution, and settlement of content usage through an authenticated content providing environment and network infrastructure. Digital content management technology that generates digital content as an encrypted file and distributes the digital content through a portable storage device such as the Internet or a CD (compact disk), and then permits the use of the content only to legitimate users who pay a fee for the digital content.

The digital contents distributed through the DRM can be freely redistributed by the user, and the digital contents can not be used without paying the fee for using the digital contents in a process of using the digital contents.

However, a method of encrypting only a digital content file using an existing general encryption technology to prevent illegal copying can be relatively easily destroyed by an improper method, It is not possible to prevent illegal copying in a case where the digital content is redistributed together with the authentication key of the authentication key or the authentication key is stolen in an improper manner.

In order to overcome such disadvantages, there has been developed and used a technology for encrypting and inserting files or digital contents through a file management system in a computer system having a computer or a digital storage device.

Korean Patent Laid-Open Publication No. 10-2004-0087971 (filed on October 15, 2004, entitled "Device for preventing piracy of digital contents using file system information data, applicant: Biz Model Line Co., Ltd.)

SUMMARY OF THE INVENTION Accordingly, the present invention has been made keeping in mind the above problems occurring in the prior art, and it is an object of the present invention to provide a method and an apparatus for managing an NTFS file system, .

A device for hiding messages in a file system according to an aspect of the present invention controls deletion of a first hidden data file among a plurality of hidden data files stored in a working directory, A hidden control unit which controls deletion of the currently hidden data file changed to the spoofed file name and controls the restoration of the deleted first data file to be hidden, and a hidden control unit connected to the hidden control unit, The first hidden data file is deleted, the name of the currently hidden data file is changed to the spoofed file name, the currently hidden data file is deleted, and the deleted first hidden data file is restored By repeating the operation, A master file table entry (Master File Table entry) for the working directory and an index record for the plurality of data files to be hidden are generated in the order of descending order of file names, The operation to delete the last file to be hidden, the operation to delete the last hidden data file, the operation to delete the last hidden data file, the operation to delete the last hidden data file, And a file system for controlling the list state of the master file table entry and the index record.

The names of the plurality of data files to be hidden may be determined by dividing a message to be hidden by the number of set characters from the beginning to the end, sequentially dividing the hidden message into a plurality of message blocks, and assigning a head number to each message block.

The set number of characters may have a maximum of 255 characters.

The head number is assigned in ascending order according to the division order of the plurality of message blocks, and the head number of the first message block divided first among the plurality of message blocks is the earliest and the head of the last divided message block It is recommended that the order of the numbers is the slowest.

Wherein the hidden control unit controls generation of a fixed file in the working directory so that the fixed file can be created in the working directory by the file system, and the file name of the fixed file is sorted in a sort order .

The hidden control unit controls the change of the name of the data file to be hidden first to the name of the camouflaged file and the camouflage file name of the data file to be hidden when the data file to be hidden is deleted The deletion of the first hidden data file is controlled so that the file system changes the name of the first hidden data file to the spoofed file name and deletes the first hidden data file changed to the spoofed file name.

Preferably, the filename of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged filename.

In accordance with another aspect of the present invention, there is provided a method of hiding a message in a file system, the hiding control unit instructing a file system to delete a first data file to be hidden among a plurality of hidden data files stored in a working directory, Wherein the hidden control unit transmits to the file system a command to change the last hidden data file to a false file name in response to a command from the control unit, Changing a name of a data file to be hidden last according to a command of the hidden control unit to a false file name, the hidden control unit instructing the file system to delete the currently last hidden data file changed to a false file name, Silver Award Wherein the hidden control unit transmits to the file system a command to control restoration of the deleted first data file to be hidden, the file system deletes the first hidden data file Wherein the hidden control unit judges whether there is only data to be hidden in the hidden data file that is not deleted among the plurality of hidden data files, Transmitting a command for changing a name of a first data file to be hidden to a file name if the first data to be hidden is present, the file system associating the name of the first data file to be hidden with the file system Changing the name to a spoofed file name, The first hidden data file whose name is changed to the first hidden data file whose name has been changed to the first hidden data file whose name has been changed to the first hidden data file by the hidden control file, If the first data file to be hidden is not present among the plurality of data files to be hidden, the hidden control data file is deleted from among the plurality of data files to be hidden stored in the working directory, To the file system. ≪ RTI ID = 0.0 >

The method of hiding a message in a file system according to any one of the preceding claims, wherein before the step of commanding deletion of the first hidden data file to the file system, the hidden control unit stores a name of the plurality of hidden data files, Dividing the hidden message into a plurality of message blocks sequentially by dividing the message block into a plurality of message blocks, and sequentially assigning a head number to each message block by the hidden control unit.

The head numbers are preferably given in ascending order according to the division order of the plurality of message blocks.

The method according to any of the preceding claims, characterized in that after the step of assigning a head number to each message block, the concealment control unit transmits a creation command of the working directory to the file system so that the file system stores the working directory And causing the hidden control unit to generate a fixed file of a fixed file name in the working directory to the file system so that the file system creates the fixed file in the working directory can do.

It is preferable that the file name of the fixed file be preceded by the file name of the plurality of data files to be hidden.

Preferably, the filename of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged filename.

According to this characteristic, a data file to be hidden is generated by using a hidden message as a plurality of data file names to be hidden, a data file to be hidden according to a predetermined rule is deleted, a file name is changed, By leaving a trace of the data file to be hidden, the hidden message is hidden, making it difficult to search for the hidden message.

1 is a view schematically showing a structure of a general hard disk.
2 is a diagram schematically showing the structure of a general MFT entry.
3 (a) to 3 (c) are diagrams showing various examples of the structure of an MFT entry according to the number of index entries.
4 is a schematic structure of a device for hiding messages in a file system according to an embodiment of the present invention.
5 and 6 are flowcharts illustrating a method of controlling a device for hiding messages in a file system according to an embodiment of the present invention.
7 is a diagram showing an example of a message to be hidden.
FIGS. 8A and 8B sequentially illustrate the list change of the MFT entry and the index record generated by the NTFS according to the control method of the message hiding device in the file system according to the embodiment of the present invention.
9 is a diagram illustrating the structure of an index record after all data files to be hidden are deleted according to the operation of a message hiding device in a file system according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, but it should be understood that there may be other elements in between do. On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between.

An apparatus and method for hiding messages in a file system according to an embodiment of the present invention will now be described with reference to the accompanying drawings.

The present invention can be applied to an index entry located in a slack space area of an index record using a B-tree structure used in an NTFS file system, which is a basic file system of a window. To store the message and to perform data hiding.

As shown in FIG. 1, generally, a user forms at least one upper folder such as 'C' drive, 'D' drive and 'E' drive in a storage device such as a hard disk, At least one subfolder is formed in the folder, and a desired file is stored in each subfolder.

The NTFS file system includes a master file table (MFT, Master File) based on a directory such as an upper folder and a lower folder formed in each corresponding drive of the storage device, Table, and the MFT has at least one MFT entry having a different address. At this time, each MFT entry has the same size and stores information and contents about the directory and files stored in the directory.

Figure 2 shows the structure of an MFT entry for a directory.

2, the structure of an MFT entry for a directory includes a $ SI attribute portion 11, a $ FN attribute portion 12, and a storage space 13, which are resident attributes .

The $ SI attribute unit 11 stores attribute information such as the address number, the generation time, and the upper directory.

The $ FN attribute unit 12 stores the name of the file or the directory or file and the creation time.

The storage space 13 stores the necessary information in the MFT entry and stores the name, the content and the address number of the index record for at least one sub-directory or file stored in the directory, .

At this time, the maximum size of the storage space 13 may be 768 bytes.

This storage space 13 is a space allowed for the $ INDEX_ROOT attribute portion, which is an inner attribute.

The $ INDEX_ROOT attribute is an attribute that acts as a root in the B-tree structure. The number of index entries stored in this $ INDEX_ROOT attribute section varies depending on the length of the file name.

3 (a), when the total size of a plurality of index entries (IE # 1, IE # 2, IE # 3) stored in the directory is all stored in the storage space 13, It is possible to store all the index entries in the storage space 13 without having to have separate index records.

Accordingly, in this case, the storage space 13 of the MFT entry is divided into a $ INDEX_ROOT attribute 131 storing the $ INDEX_ROOT attribute and an index entry storage 132 storing the index entry.

The index entries (IE # 1, IE # 2, IE # 3) may be the names of files stored in the directory.

3 (b), the total size of the index entries (IE # 11, IE # 12, IE # 13, IE # 14, IE # 15) If the index entries (IE # 11, IE # 12, IE # 13, IE # 14, IE # 15) are not all stored in the storage space 13, And generates at least one index record (Index Record # 1) corresponding to the MFT entry. At this time, the size of each index record (index record # 1) is 4K bytes (byte).

FIG. 3B shows a case where one index record (Index Record # 1) is generated. However, when the total size of a plurality of index entries stored in the corresponding MFT entry exceeds 4K bytes, two index records are generated The index entries stored in each index record are stored in the ascending order of the file names.

As shown in FIG. 3B, when at least one index record (Index record # 1) is generated, the MFT entry storage space 13 stores a $ INDEX_ROOT attribute 131 in addition to the $ INDEX_ROOT attribute 131 in which the $ INDEX_ROOT attribute is stored. A $ INDEX_ALLOC attribute 133 for storing the index entry and a bitmap ($ BITMAP) storage 134 for indicating the presence or absence of the index entry in the index record are formed.

The $ INDEX_ALLOC attribute unit 133 is a space in which information related to the formed index record is recorded and includes a cluster number at which the corresponding index record is started and a run number of at least one index record following the index record. length information is stored.

3B, the cluster number indicating the index record # 1 is stored in the INDEX_ALLOC unit 133, and in the case of FIG. 3B, only one index record is stored And there is no other index record following this index record (Index Record # 1), the run length information is not stored.

When an index record is generated as shown in FIG. 3 (b), the index entry is not stored in the INDEX_ROOT attribute unit 131, but pointer information for the index record (Index Record # 1) corresponding to the child node is stored.

3C shows a structure of an MFT entry showing a case where a number of files stored in a corresponding directory, that is, the number of index entries, increases to require a plurality of index records.

There are two index entries (IE # 26 and IE # 29) in the first index record (Index Record # 1) of FIG. 3 (c) the pointer to the right of the index entry (IE # 29) indicates the second index record (Index Record # 2) existing to the left of the index entry (IE # 26) (Index Record # 4) existing on the right side of the index record # 4.

The pointer between the two index entries (IE # 26 and IE # 29) indicates the third index record (Index Record # 3).

In the second index record (Index Record # 2), five index entries (IE # 21-IE # 25) are stored, and in the third index record (Index Record # , IE # 28) are stored in the fourth index record (Index # 2), and four index entries (IE # 210-IE # 214) are stored in the fourth index record (Index Record # 4).

In some cases, an index record may not have an index entry recorded. For example, if only a folder is formed and no file is stored in the formed folder, the index record stored in the index record corresponding to the folder does not exist and the corresponding index record is empty.

For example, if the number of index entries increases and the number of index entries increases to exceed the capacity of one index record, the number of index entries is allocated to a new index record After half-way store, the intermediate index record is stored in the $ INDEX-ROOT attribute and the index entry is added to the corresponding index record (that is, the index record located on the left or the index record located on the right centered on the intermediate index record) It functions as a key value for storing.

The bitmap storage unit 134 formed in the storage space 13 may store a plurality of index records having a set size (e.g., 4K bytes) Quot; 0 " if there is no index entry.

Thus, the file system (i.e., the NTFS file system) uses information stored in the bitmap storage unit 134 (i.e., 1 or 0) to determine whether an index entry exists in the index record.

In this manner, the NTFS file system changes corresponding MFT structure and information according to operations such as creation and deletion of a directory, file storage and deletion of a corresponding directory, and the like.

Next, an apparatus for hiding messages in a file system according to an embodiment of the present invention will be described with reference to FIG.

An input unit 110 for inputting commands, data or information necessary for the operation by the user, a hidden control unit 120 connected to the input unit 110, a file system 130 connected to the hidden control unit 120, And a storage unit 140 connected to the file system 130.

The input unit 100 may be a keyboard, a mouse, or the like.

The hidden control unit 120 controls the hidden operation of a hidden message input through the input unit 110 or a message stored in a designated path through the input unit 110 (hereinafter referred to as a hidden message).

The hidden control unit 120 divides a hidden message into units of a set number of characters (the number of set characters is at least one character to a maximum of 255 characters), and then divides the divided hidden messages into at least one file (hereinafter, Quot; file "), and creates a data file to be hidden in a predetermined order through operations such as changing at least one data file to be hidden to a camouflage file name, deleting the changed camouflage file name, and restoring the deleted data file to be deleted So that all the hidden data files stored in the index records corresponding to the corresponding MFT entries of the MFT formed by the file system 130 (i.e., the data file names to be hidden) can be deleted. At this time, all the data files to be hidden, which is the list described in the index record, are deleted, but there is a trace of the location (address number) where the data files to be hidden exist.

Therefore, the retrieval of the hidden data file using the explorer or the like is not performed by such a deletion operation. However, as described above, since there are traces of all hidden data files, the hidden message is securely present in the index entry.

As described above, the file system 130 generates a corresponding MFT according to a directory (hereinafter referred to as a 'working directory') in which a hidden data file to be generated and a data file to be hidden are stored, And restores the list of the MFT entries corresponding to the working directory and the hidden data files stored in the corresponding index records according to the received command, and restores and renames the file names.

The storage unit 140 is a storage medium such as a hard disk and stores data necessary for operation of the hidden control unit 120 and the file system 130 or data required during operation, An entry, an index record, and setting data set by the user (i.e., the number of characters set for the data file to be hidden, the name of the camouflage, and the name of the working directory).

Next, with reference to FIG. 5 to FIG. 8B, the operation of a device for hiding messages in a file system having such a structure will be described.

First, when the operation of the apparatus for hiding data in the index record of the NTFS file system according to the present example is started, the operations of the hidden control unit 120 and the file system 130 are also started .

Accordingly, when the user inputs the name of the working directory, which is a directory to execute a job to be hidden, and a message to be hidden (i.e., data to be hidden) (MESS) using the input unit 110, the hidden control unit 120 stores the name of the working directory The message to be hidden (MESS) is read and stored in the storage unit 140 (S11).

In this case, the hidden message MESS may be a file stored in the designated path through the input unit 110. In this case, the hidden control unit 120 stores a corresponding hidden message (MESS) along the path designated by the input unit 110 And stores it in the read and store unit 140.

Next, the hidden control unit 120 reads the number of set characters stored in the storage unit 140 and divides the message (MESS) to be hidden according to the set number of characters in order from the beginning to the end, and divides the message into at least one message block (S12 ).

At this time, the number of characters to be set is set by the user through the input unit 110 and can be a maximum of 255 characters.

The divided message blocks may all have the same number of characters or different number of characters. For example, if a set number of characters is set, the number of characters of the remaining message blocks except for the last message block is the same, and the number of characters of the last message block may be equal to or different from the number of characters of other message blocks.

In addition, when a plurality of setting characters are set so as to have different numbers of characters, there may be a plurality of message blocks in which the number of characters of all the message blocks is different or the number of characters is different.

For example, when a hidden message (MESS) as shown in FIG. 7 is input to the input unit 10, the hidden control unit 120 stores all the hidden messages MESS into five message blocks MB1 to MB5 Can be divided.

Next, the concealment control unit 120 assigns a head number to the divided message blocks (S13).

At this time, the head number may be already set in the storage unit 140 by the user, and may be a number, a symbol or a character, and the number of digits of the head number is determined according to the number of divided message blocks.

Since the head number is given in the ascending order according to the division order divided by the number of characters determined from the beginning of the message to be hidden, a data file to be hidden, which has a file name of a message to be partially hidden, corresponding to a message block divided in the entire message to be hidden The sorting order of the messages is sorted according to the order of the messages to be hidden.

As a result, the sorting order of the data files to be hidden in the MFT entry and index records, that is, the names of the data files to be hidden, is also sorted in ascending order.

In this case, the ascending order is in the order of ASCII (American Standard Code Information Interchange) code.

In the case of FIG. 7, the message blocks MB1, MB2, MB3, MB4 and MB5 are arranged in the order of MB1? MB2? MB3? MB4? MB5 from the contents corresponding to the first part of the message The head number of the earliest sequence is given to the first message block MB1 and the head number of the earliest sequence is assigned to the fifth message block MB5 among the five message blocks MB1 to MB5 do.

Then, the hidden control unit 120 transmits a command for generating a working directory having a name input through the input unit 110 or stored in the storage unit 140 to the file system 130, 140) (S14).

Accordingly, the file system 130 creates a working directory having a corresponding name in the storage unit 140 according to a command for generating a working directory transmitted from the hidden control unit 120.

Next, the hidden control unit 120 transmits a command for generating a fixed file (FF1) to the file system 130 in the working directory (S15).

An example of the name of a fixed file (FF1) is '$ filxedFile.txt', and this fixed file (FF1) is always present in the working directory.

Generally, since there is more than one file in the directory, the allocation of the index record corresponding to the directory is maintained, so that the fixed file (FF1) is required so that the allocation of the index record corresponding to the working directory is maintained.

The fixed file FF1 is given a sequence name that is earlier than the head number given to the message blocks MB1-MB5 so as to be located at the first position (i.e., the topmost position) in the index record corresponding to the working directory.

When the generation command of the fixed file FF1 is transferred to the file system 130, the file system 130 creates a fixed file FF1 of the corresponding name in the working directory and stores the fixed file FF1 in the storage unit 140. [

When the fixed file FF1 is created in the working directory, the hidden control unit 120 transmits a generation command for generating the hidden data file to the file system 130 (S16).

At this time, the hidden control unit 120 designates the hidden message belonging to each message block (MB1-MB5) and the head number given to each message block (MB1-MB5) as the file name of the data file to hide, To the system 130.

In the case of this example, the hidden control unit 120 stores the file name of the first hidden data file based on the first generated message block MB1 as the head number of the dummy unit determined based on the length of the already set camouflaged file name And determines the file name of the first data file to be hidden and transmits the file name to the file system 130.

At this time, the dummy part is made up of characters or symbols of meaningless contents, is already set by the user and stored in the storage part 140, and the length of the dummy part may be equal to or longer than the length of the camouflaged file name.

As a result, the name of the first data file to hide is different from the name of the other data file to hide, and includes a dummy part in addition to the head number and the hidden message, and the dummy part can be located between the head number and the hidden message.

The file system 130 generates a hidden data file having the corresponding file name in the working directory using the file creation command transmitted from the hidden control unit 120 and the file name of each hidden data file and stores it in the storage unit 140 do.

The first to fifth hidden data files generated based on the hidden message (MESS) shown in FIG. 7 are '01The Road Not Taken ~', '02nd be one tray ~', '03in the undergrow ~ took the other ~ 'and' 05ecuse it was grassy ~ '.

As described above, when the creation of the working directory for encryption of the message to be hidden (MESS), the creation of the fixed file (FF1) and the hidden data file stored in the working directory are completed, the file system (130) Creates an MFT entry, and creates an index record (Index record # 21) for the data file to be hidden.

In the MFT entry, the numbers 500-507 are the address number (i.e., the cluster number).

When the data file to be hidden is generated, the hidden control unit 120 performs a hidden operation for the hidden message using the generated hidden data file (S17).

Next, with reference to FIG. 6, the hidden processing operation will be described in more detail.

In FIGS. 8A and 8B, for convenience of illustration, the name of each data file (CRYF1-CRYF5) to be hidden having a part of the content of the message to be hidden as a file name is changed to message01.txt, message02. txt, message03.txt, message04.txt, and message05.txt, respectively.

6, when the control step of the hidden control unit 120 goes to the control routine for performing the hidden process (S17), the hidden control unit 120 is located in the file system 130 after the fixed file (FF1) The first data file (CRYF1) to be hidden, which is the first data file to be hidden, is transmitted to the file system 130 so that the first data file (CRYF1) to be hidden is deleted.

Accordingly, the file system 130 deletes the first hidden data file (CRYF1), which is the first hidden data file, from the list described in the index record (Index record # 21) according to the delete command applied from the hidden control unit 120 Conduct.

By deleting the first data file to be hidden (CRYF1), the first hidden data file (CRYF1) is also deleted from the list of MFT entries as shown in FIG. 8A.

When the first data file to be hidden (CRYF1) is deleted, the file system 130 arranges the hidden data files (CRYF2-CRYF5) existing in the index record (Index record # 21) The data files (CRYF2-CRYF5) are sorted in ascending order after the fixed file (FF1).

As described above, since the first data file (CRYF1) to be hidden is deleted from the index record (Index record # 21), the description position of the fifth hidden data file (CRYF5) located at the end of the index record A trace of the fifth data file (CRYF5) to be hidden is stored in the corresponding position of the index record (Index record # 21) in which the data file (CRYF5) to be hidden at the beginning is moved to the initial position of the data file (Fig. 8A).

However, the state of the MFT entry according to the sorting of the data files (CRYF2-CRYF5) to be hidden is not changed.

Next, the hidden control unit 120 deletes the data file to be hidden located at the last among the index entries of the index record (Index record # 21), that is, the data file to be hidden with the head number in the latest order (e.g., the data file ) To the file system 130 (S172) to change the name of the disguise file name (for example, disguised05.txt) to a predetermined disguise file name (e.g., disguised05.txt).

The disguised file name (disguised05.txt) is predetermined by the user through the input unit 110 and stored in the storage unit 140. [

Accordingly, the file system 130 changes the name of the data file (CRYF1) to be hidden, which is the last data file to be hidden, to 'disguised05.txt', which is the camouflage filename specified in 'message05.txt'.

By changing the file name of the fifth hidden data file CRYF5, the name of the fifth hidden data file CRYF5 from the list of the MFT entry and the index record # 21 is also disguised file name disguised05.txt. (Fig. 8A).

Next, the cloaking control unit 120 transmits a command to the file management system 130 to delete the data file (CRYF5) to be hidden, which is the last data file to be hidden, which has been changed to the file name disguised05.txt (S173).

Therefore, the file system 130 deletes the fifth data file to be hidden (CRYF5).

The data file (CRYF5) to be hidden is deleted from the corresponding index record (Index record # 21) and the MFT entry by the deletion operation of the fifth hidden data file (CRYF5) as shown in FIG. 8A.

Next, the hidden control unit 120 transmits a command for restoring the first hidden data file (CRYF1), which is the first hidden data file, to the file system 130, and restores the first hidden data file (CRYF1) S174).

Accordingly, the file system 130 restores the deleted first data file CRYF1 and stores the contents of the first hidden data file CRYF1 in the storage unit 140. [

By restoring the first hidden data file CRYF1, the list of the first hidden data file CRYF1 is restored from the list of the MFT entry and the index record (Index record # 21), and the MFT entry and the index record # 21) is performed (Fig. 8A).

Therefore, the hidden data files CRYF1-CRYF4 existing in the MFT entry and the index record (Index record # 21) are positioned immediately after the fixed file (FF1) in order from the first data file (CRYF1) to be hidden.

The position of the second hidden data file (CRYF4) positioned at the end of the data files (CRYF1-CRYF4) currently hidden by the restore operation of the first data file (CRYF1) to be hidden is returned to the position where the first data file do.

As described above, when restoration of the data file (CRYF1) to be hidden first after deletion of the data file (CRYF5) currently hidden at the end of the plurality of data files (CRYF1-CRYF5) to be hidden is performed, the hidden control section (120) In step S175, it is determined whether only the data file to be hidden first exists among the data files to be hidden (CRYF1 to CRYF5).

Since only one data file (CRYF5) is deleted from the data files (CRYF1-CRFY5) to be hidden from the order of the head numbers of all the five currently hidden data files, the remaining data files to be hidden are the first to fourth data files (CRYF1- CRYF4).

Therefore, since there is not only the first data file to be hidden (CRYF1) (S175), in this case, the operation of the hidden control section 120 goes to step S171 and repeats the operation described above.

In other words, delete the first file (CRYF11) → Change the name of the second hidden data file located at the end to the name of the spoofed file → Delete the last hidden data file (CRYF4) after the file name is changed to the spoofed file name → Delete the first hidden data file (CRYF1) are sequentially executed to delete the data file (CRYF4) to be hidden at the last position among the currently held hidden data files (CRYF1 to CRYF4).

Therefore, this operation is repeated to sequentially delete all data files (CRYF4-CRYF2) except for the first data file (CRYF1) to be hidden among the plurality of generated data files (CRYF1-CRYF5) to be hidden in descending order.

If the data files (CRYF5-CRYF2) to be hidden except for the first data file (CRYF1) to be hidden are deleted (FIG. 8B), the fifth through 2 The list of the data files to be hidden (CRYF5-CRYF2) is deleted in order, but the trace for the deleted data files (CRYF5-CRYF2) still exists at the corresponding position in the index record (Index record # 21).

However, as shown in FIG. 8B, when only the data file (CRYF1) to be hidden, which is the first data file to be hidden, exists in the currently hidden data file (S175), the cryptographic control unit (120) The file name of the data file (CRYF1) to be hidden, which is the data file, is changed to the camouflage file name (S176).

Next, the hidden control unit 120 deletes the first hidden data file CRYF1 changed to the spoofed file name (S177).

The list of the MFT entry and the corresponding index record (Index record # 21) is shown in FIG. 8B by the process on the first hidden data file (CRYF1).

A part of the file name of the data file (CRYF1) to be first hidden is changed to the file name of the camouflage, and a part of the file name of the data file (CRYF1) to be hidden is superimposed on the camouflage file name, Part of the message may be lost.

However, when determining the name of the first data file to be hidden (CRYF1) as described above, a dummy portion is added based on the length of the camouflaged file name in the portion where the loss of the hidden message occurs, so that the name of the data file . In this example, the length of the camouflage filename is set to be much shorter than the length of the filename of the hidden data files, which is determined based on the message to be hidden (MESS).

Therefore, when the first data file to be hidden (CRYF1) is changed to the camouflage file name, the camouflage file name is superimposed on the dummy portion of the data file (CRYF1) to be hidden first and the first hidden data file (CRYF1) changed to the camouflage file name is deleted , The hidden message part allocated to the file name of the first data file to be hidden (CRYF1) is present without being lost.

9, the first part AR11 corresponds to the file name of the fixed file FF1, the second part AR11 corresponds to the file name of the first hidden data file CRYF1, (AR13) is a part of the file name of the first hidden data file (CRYF1) that is overwritten with a camouflage filename and is lost, that is, a dummy portion.

When the first data file (CRYF1) to be hidden is deleted through this operation, only the fixed file (FF1) remains in the list existing in the MFT entry and the index record (Index record # 21).

Therefore, even if a third party that is not involved in the encryption operation of the message to be hidden does not participate in the encryption operation but searches the working directory through the search operation using the Windows file explorer, all the hidden data files (CRYF1 -CRYF5) are all deleted, the data files (CRYF1-CRYF5) to be hidden are not retrieved, and as a result, the hidden message (MESS) is not found.

However, the user can retrieve all the hidden data files and restore the hidden messages by using the traces for all the hidden data files (CRYF1-CRYF5) in the index record (Index record # 21).

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

110: input unit 120: hidden control unit
130: File system 140: Storage unit
FF1: Fixed file MESS: Hide message
CRYF1-CRYF5: Data file to hide Index record # 21: Index record

Claims (13)

The deletion of the first hidden data file among the plurality of hidden data files stored in the working directory, the last hidden data file to be located last is changed to the false file name, and the deletion of the last hidden data file changed to the false file name A hidden control unit for controlling the restoration of the deleted first data file to be hidden; And
Wherein the first hidden data file is deleted, the name of the last hidden data file is changed to a spoofed file name, and the last hidden data file is deleted under the control of the hidden control unit, The master file table entry (Master File Table entry) relating to the working directory and the plurality of hidden data files (master file table entry) relating to the working directory are sequentially deleted in descending order of the filenames, An operation to delete the first file, an operation to change the name of the last hidden data file located at the end to the file name of the camouflage file, an operation to change the file name of the last hidden data file Delete action and restore the first hidden data file According to the file operation system for controlling the status of the list of the master file table entry and the index record; includes,
The names of the plurality of data files to be hidden are divided into a plurality of message blocks sequentially by dividing a message to be hidden from the beginning to the end by the number of set characters and then a head number is assigned to each message block, Hiding device. delete The method of claim 1,
Wherein the set character count is 255 characters. The method of claim 1,
The head number is assigned in ascending order according to the division order of the plurality of message blocks, and the head number of the first message block divided first among the plurality of message blocks is the earliest and the head of the last divided message block A device that hides messages in the file system with the lowest order of numbers. The method of claim 1,
Wherein the hidden control unit controls generation of a fixed file in the working directory so that the fixed file can be created in the working directory by the file system, and the file name of the fixed file is sorted in a sort order A device that hides messages in the preceding file system. The method of claim 1,
The hidden control unit,
When only the first data file to be hidden is left and the remaining data files to be hidden are deleted from the plurality of data files to be hidden, the change of the name of the data file to be hidden first to the file name of the first file to be hidden is controlled, The deletion of the data file to be hidden is controlled so that the file system changes the name of the first data file to be hidden to the file name of the first hidden file and deletes the first hidden data file changed to the file name of the false file. The method of claim 6,
Wherein the file name of the first data file to be hidden is further provided with a dummy portion having a predetermined length based on the length of the camouflaged file name. The hidden control unit instructs the file system to delete the first data file to be hidden among the plurality of hidden data files stored in the working directory;
The file system deleting the first hidden data file according to a command of the hidden control unit;
The hidden control unit transmits to the file system a command to change the last hidden data file to a false file name;
Changing the name of a data file to be hidden last in accordance with a command of the hidden control unit to a false file name;
The hidden control unit instructing the file system to delete the last hidden data file changed to a spoofed file name;
The file system deleting the last hidden data file;
Transmitting a command to the file system to control restoration of the first data file to be hidden;
The file system restoring the deleted first data file;
The hidden control unit may include a step of determining whether only data to be hidden first exists in a hidden data file that is not deleted among a plurality of hidden data files;
Transmitting, to the file system, a command for changing a name of a first data file to be hidden to a file name of a spoofed file if there is only data to be hidden in the first hidden data file of the plurality of hidden data files;
Changing the name of a first data file to be hidden according to a command of the hidden control unit to a false file name;
Wherein the hidden control unit transmits to the file system an instruction to delete the first hidden data file whose name is changed to a false file name;
Wherein the file system deletes the first hidden data file whose name is changed to a file name according to a command of the hidden control unit; And
Wherein the hidden control unit deletes the first hidden data file among the plurality of hidden data files stored in the working directory to a file system if the data to be hidden is not present among the plurality of hidden data files And returning to the commanding step. 9. The method of claim 8,
Wherein the hidden control unit divides the name of the plurality of hidden data files by the number of the set characters from the first to the last before instructing deletion of the first hidden data file to the file system, Sequentially dividing into message blocks; And
And the hidden control unit assigns a head number to each message block. The method of claim 9,
Wherein the head number is assigned in ascending order according to the order of division of the plurality of message blocks. The method of claim 9,
After the step of assigning a head number to each message block, the hidden control unit sends a creation command of the working directory to the file system so that the file system brings the working directory into the storage unit; And
Wherein the hidden control unit sends a command for generating a fixed file having a file name defined in the working directory to the file system so that the file system creates the fixed file in the working directory. . 12. The method of claim 11,
Wherein the file name of the fixed file is preceded by the file name of the plurality of data files to be hidden. 9. The method of claim 8,
Wherein the file name of the first data file to be hidden is additionally assigned with a dummy portion whose length is determined based on the length of the camouflage file name.
KR1020150167956A 2015-11-27 2015-11-27 Apparatus and method of message hiding in file system KR101767104B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150167956A KR101767104B1 (en) 2015-11-27 2015-11-27 Apparatus and method of message hiding in file system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150167956A KR101767104B1 (en) 2015-11-27 2015-11-27 Apparatus and method of message hiding in file system

Publications (2)

Publication Number Publication Date
KR20170062307A KR20170062307A (en) 2017-06-07
KR101767104B1 true KR101767104B1 (en) 2017-08-10

Family

ID=59223873

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150167956A KR101767104B1 (en) 2015-11-27 2015-11-27 Apparatus and method of message hiding in file system

Country Status (1)

Country Link
KR (1) KR101767104B1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101966032B1 (en) * 2019-01-07 2019-04-04 동양대학교 산학협력단 Data hiding method by modifying directory information
KR102395564B1 (en) * 2020-02-13 2022-05-10 주식회사 루닛 Device for Prospective Preprocessing Data and Method thereof
KR102408150B1 (en) * 2020-02-29 2022-06-10 동양대학교 산학협력단 Disk Allocation Method for Manipulating Cluster Fragmentation

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100714709B1 (en) 2006-01-11 2007-05-04 삼성전자주식회사 Apparatus and method for managing hidden areas

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100714709B1 (en) 2006-01-11 2007-05-04 삼성전자주식회사 Apparatus and method for managing hidden areas

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NTFS 파일 시스템의 $LogFile의 로그 데이터에 연관된 컴퓨터 포렌식 대상 파일을 찾기 위한 방법, 전자공학회 논문지 제49권 CI편 제4호, 2012.07.30. pp.1-8
XMS 파일 시스템 내의 삭제된 파일 복구 기법 연구, 정보보호학회 논문지 제24권 제5호, 2014.10.31. pp.885-896

Also Published As

Publication number Publication date
KR20170062307A (en) 2017-06-07

Similar Documents

Publication Publication Date Title
US8533489B2 (en) Searchable symmetric encryption with dynamic updating
CN105678189B (en) Data file encryption storage and retrieval system and method
US8892905B2 (en) Method and apparatus for performing selective encryption/decryption in a data storage system
JP5963936B2 (en) Server device, secret search program, recording medium, and secret search system
US8196208B2 (en) Method and apparatus for creating and applying secure file identifier of rights object by using random numbers
US6249866B1 (en) Encrypting file system and method
US6757699B2 (en) Method and system for fragmenting and reconstituting data
US20030191938A1 (en) Computer security system and method
CN110352413B (en) Policy-based real-time data file access control method and system
US20100218001A1 (en) Method for Managing Keys and/or Rights Objects
CN104331408A (en) Chunk-level client side encryption in hierarchical content addressable storage systems
JP5392439B2 (en) ENCRYPTION SEARCH DATABASE DEVICE, ENCRYPTION SEARCH DATA ADDITION / DELETE METHOD AND ADDITION / DELETE PROGRAM
CN104794024A (en) Data recovery method
WO2012063755A1 (en) Distributed archive system, data archive device, and data restoring device
GB2567146A (en) Method and system for secure storage of digital data
US7152693B2 (en) Password security utility
WO2013109504A1 (en) System and method for secure erase in copy-on-write file systems
KR101767104B1 (en) Apparatus and method of message hiding in file system
US20200042497A1 (en) Distributed ledger system
CN104751076A (en) Method for recovering disk data
US20130024698A1 (en) Digital content management system, device, program and method
WO2014141802A1 (en) Information processing device, information processing system, information processing method, and program
CN111581647B (en) File encryption and decryption method and device
KR100678893B1 (en) Method and apparatus for searching rights objects stored in portable storage device using object identifier
JP2007316944A (en) Data processor, data processing method and data processing program

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant