|
Using ZIP-Container Based Formats to Hide Data |
|
|
|
So let's say you're in a bind: you have to carry sensitive data out of a location. However, there is no secure means with which to export that data. For instance, the USB stick you carry your data on is liable to be analyzed by an untrustworthy third party. What are you to do? Encrypt the data? And how are you to do so quickly?
Visibly encrypted data files throws red flags up for snooping parties. Though "they" may not be able to discern the actual data, the extra attention might be unwanted. No - you need to hide the data (and encrypt it as well). This is more than just security through obscurity, as you'll see.
Rootkits don't exactly work for unexecutable USB sticks in a default FAT environment, nor do they work midway during FTP transfers, so that's out of the question. So how else to do it? You hide the data within another file, while retaining that other files original functionality. This is easier than it sounds.
Many developers these days use a container format to hold many subfiles. Typically, their container is actually the ZIP standard, renamed to something more suitable for the developer. This is a popular solution among themes for media apps (ie. the Quintessential .qsk format), and it is the way that the OpenOffice and OpenDocument format stores its data.
To hide their data, all one has to do is obtain/create a document in the OpenDocument standard, rename it as ZIP, insert their own precious files in there (which can be encrypted or in a protected ZIP file), and rename the document file back to its original three letter file extension.
Meanwhile, the original document/theme/whatever-was-using-that-ZIP-container-format still works. A snooper opening that OpenDocument spreadsheet file, for instance, will see the spreadsheet(s) - and will have no idea of the other data you securely hidd.
There are a few flaws with this. Someone examining the hex/ascii of that example spreadsheet file might notice that extra files were added there. There are ways around this, of course, but that assumes that the person is really looking long and hard at all the files and has a certain level of knowledge.
There's also the filesize issue. Adding a 10MB file to a file that was originally 10kb might raise flags, but that really depends on the knowledge level of that snooping third party. Most are likely to dismiss such discrepencies on programs acting up and so forth.
All in all this by no means a perfect way to securely export data. Its something to do when you're stuck, have little time remaining, but are not in a secure environment. It's dirty, it works, and doesn't require rootkits or potentially unavailable encryption solutions.
Related Items:
|
