secure data export
Oleg Goldshmidt
pub at goldshmidt.org
Fri Jun 24 01:33:17 IDT 2011
Hi Orna,
First, I'd like to make sure I understand the question. I normally do
it by rephrasing...
You have some human-readable, non-obfuscated plain text files you wish
to write to a CD and take the CD outside of some secure location. You
have 2 concerns:
1) Something else may be written onto the CD and taken outside of the
secure location unnoticed.
2) Somehow a text file (with the right magic number, etc.) may be
faked in such a way that it will be presented to a human reader as
expected in a variety of tools (editors, pagers, etc.) but in fact
will contain something else in addition to the expected information.
In either case "something else" is not necessarily malicious, just
something that is not supposed to be there. It is also not necessarily
a lot of information - it is important, not large.
If the above is correct then it looks to me like you have devoted some
thought to concern #1 and somewhat less thought to concern #2. Let's
have a quick look at some possibilities. I am sure more sophisticated
attacks can be invented.
Problem #2 sounds to me like textual steganography. If all you rely
upon is a person reading the text verifying that the text is what it
is intended to be start asking questions like:
a) Will he/she be able to verify the original text including typos,
punctuation, etc.? If not, subtle changes may be used to convey
information.
b) Will he/she be able to discover hidden whitespace, e.g., added to
the ends of lines? Adding tabs and spaces (or not adding tabs and
spaces) to ends of lines may be used to convey hidden information. One
tool that does that is SNOW,
http://www.darkside.com.au/snow/index.html, I am sure there are many
others.
c) Will he/she notice subtle changes in phrasing? Tools like TextHide
(http://www.compris.com/TextHide/en/) may be used to hide information
in plain sight while preserving the overall meaning of the text.
Obviously, I assume here that malware can be created to introduce such
changes into text files. This does not seem a big stretch of
imagination in the light of the original machine being arbitrarily
infected by assumption.
I am sure there are other ideas that will be harder to protect against.
Oh, obviously the references above are intended just as examples of
some things that can be done, not as specific dangers/
As far as concern #1 goes you must not use your (presumably) infected
machine to burn your CD. What if it indeed creates, e.g., an
ISO9660-like FS that looks just like ISO9660 but has some extra hidden
data?
--
Oleg Goldshmidt | pub at goldshmidt.org
More information about the Linux-il
mailing list