结合容量伪装和双文件系统的文件隐藏方法

针对现有基于通用串行总线(USB)移动存储设备的文件隐藏方法存在的鲁棒性差及隐藏强度低的问题,提出一种结合容量伪装和双文件系统的文件隐藏方法。在分析Nand flash芯片的特点及其管理机制的基础上,该方法通过篡改命令状态包(CSW)中的设备容量值,实现容量伪装,达到欺骗主机的目的;利用闪存转换层(FTL)存储管理机制,通过在物理块冗余区标记不同的内容把物理块分成两部分,划分隐藏区和普通区,利用格式化功能建立双文件系统;用户通过写特定数据发送切换文件系统请求,设备进行用户认证后完成文件系统切换,实现隐藏区的安全访问。理论分析和实验结果表明,该方法实现了对操作系统透明的文件隐藏;相对于挂接应用程序编程接口(API)、基于文件分配表(FAT)的修改以及加密等实现的文件隐藏方法,该方法不受系统对设备操作的影响,具有更好的鲁棒性和更高的隐藏强度。

File hiding based on capacity disguise and double file system

Concerning the poor robustness and low hiding strength of existing file hiding method based on Universal Serial Bus (USB), a new file hiding method based on capacity disguised and double file system was proposed. By analyzing the characteristics and management mechanism of Nand flash chips, the capacity disguise was achieved to deceive the host by tampering equipment capacity value in Command Status Wrap (CSW). Based on the memory management mechanism of the Flash Translation Layer (FTL), the storage area was divided into two parts including the hiding area and the common area by different marks, and a double file system was established using format function. Request for switching file system was sent by writing specific data, then it was achieved after user authentication to realize secure access to hiding areas. The experimental results and theoretical analysis show that the proposed method can achieve hiding file which is transparent to operating system, moreover, it is not affected by device operation and has better robustness and stronger hiding effect with respect to the methods based on hooking Application Programming Interface (API), modifying File Allocation Table (FAT) or encryption.