Stealth data: a new dimension in PC data protection

Data concealed using steganography // Source: plus.math.org

As part of a research project, the Institute for IT Security Research at St. Poelten University of Applied Sciences in Poelten, Austria, has developed the first viable Windows-based solution for concealing stored information. The solution will improve data security for governments, companies, and private individuals. The project has also produced systems to defend against attacks using steganographic methods.

There are various ways to keep data on a PC hidden from other users. Conventional methods include access restriction and encryption. There is a distinct disadvantage to these options, however. For hackers and others like them, they are an open invitation to take their best shot. Indeed, the realization that something is protected often acts as a provocation to breach this protection. Steganography — the science of storing or transmitting information secretly — offers a means of removing this provocation. It can be used to ensure that the very existence of specific data remains undetected, thus avoiding any “invitation” to hack into it. Other users have no idea that data is protected as they are completely unaware that the data exists in the first place.

The research project StegIT — Research, Design and Prototype Development of Anti-Steganographic Solutions for Internet Telephony (VoIP) — run by St. Poelten University has now developed Europe’s first viable steganographic solution for the Windows operating system. It allows the “perfect” concealment of data and prevents its subsequent discovery. This development opens up a new range of possibilities that promise major opportunities in areas such as national security and data protection on the Internet. It also brings risks should the system fall into the wrong hands.

Prof. Dr. Ernst Piller, head of the Institute for IT Security Research at St. Poelten, explains how the steganographic solution for Windows works: “Steganographic methods are used to store an entire file system, including files on the hard disk or a memory stick, in existing image or music files so that they are virtually invisible. This file system initially appears on the computer as a virtual storage medium, for example drive F, and can be used in the same way as any other storage medium. As soon as the drive is closed, it disappears and can no longer be found. Not even IT forensics can find it. It only reappears — seemingly out of nowhere — when the software is launched. What’s more, it can only be launched when the user is aware that it is well hidden somewhere on the PC and knows where and how to find it.”

The tool developed by St. Poelten University represents the first ever practicable steganographic solution for Windows. It also opens up significant opportunities for national security. For example, it can be used to ensure sensitive personal data is protected from unauthorized access far better than ever before. Similarly, the tool also offers a means of securely protecting sensitive data in countries where there are restrictions or bans on data encryption. This is of particular interest to companies that operate in such countries. In a world that is becoming networked ever more closely, the stenographic tool also unlocks new opportunities for personal security. For example, it can help to protect sensitive data stored on a home PC from being attacked by hackers.

The comprehensive StegIT project is not geared solely toward making steganography available for active use in legal applications. Another of its key aims is to provide protection from criminal steganography-based attacks, as Dr. Piller explains: “It is only by acquiring the relevant know-how and making the technical advances in steganographic solutions — as in the case of the Windows application — that we can properly research and implement a defence against criminal activities.” In addition to developing the new Windows application, the StegIT project — which is being supported by KIRAS, the Austrian Security Research Program — has also created viable systems to defend against attacks that employ steganographic methods.