The  S uper  S ecret  F ile  S ystem CS851 – Web Application Security Seminar Chris Sosa Blake Sutton Howie Huang
Overview Implemented CovertFS on top of FUSE Automatic Image Selection from Video Used Tor to further protect users
Motivation <ul><li>We have the right and the desire for privacy </li></ul><ul><li>We only trust our friends </li></ul>
Plausible Deniability <ul><li>What can we do to provide privacy? </li></ul><ul><li>We want Plausible Deniability </li></ul...
Related Work and their Issues <ul><li>StegFS – Free Memory Blocks </li></ul><ul><ul><li>Files were stored on the same syst...
Image Generation
Anonymizing with Tor Onion Routing in Action I AM A MEDIA SERVER I <3 Privacy
Image Access Patterns <ul><li>Mask our private file access patterns with non-private online image access  </li></ul><ul><u...
File System Implementation <ul><li>Based on Ext2  </li></ul><ul><li>Uses Fuse-J library to take advantage of Java Serializ...
Implementation Issues <ul><li>Allocation Table cannot act as a traditional special file (chicken-egg problem) </li></ul><u...
Evaluation (Future Work) <ul><li>Image Generation </li></ul><ul><ul><li>How many images selected </li></ul></ul><ul><ul><l...
Demo
Conclusions <ul><li>An anonyMizing Image-based Log File System is feasible! </li></ul><ul><li>Completely automatic image g...
Questions?
Upcoming SlideShare
Loading in …5
×

PicFS presentation

590 views

Published on

My presentation on PicFS. PicFS is an implementation of CovertFS. More specifically, it is a online file system that uses steganography to gain plausible deniability

Published in: Travel, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
590
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PicFS presentation

  1. 1. The S uper S ecret F ile S ystem CS851 – Web Application Security Seminar Chris Sosa Blake Sutton Howie Huang
  2. 2. Overview Implemented CovertFS on top of FUSE Automatic Image Selection from Video Used Tor to further protect users
  3. 3. Motivation <ul><li>We have the right and the desire for privacy </li></ul><ul><li>We only trust our friends </li></ul>
  4. 4. Plausible Deniability <ul><li>What can we do to provide privacy? </li></ul><ul><li>We want Plausible Deniability </li></ul><ul><ul><li>Privacy is threatened whenever private information is known to exist </li></ul></ul><ul><ul><li>We can mask private activities with non-private ones </li></ul></ul>What do you do if Nina isn’t one of your friends?
  5. 5. Related Work and their Issues <ul><li>StegFS – Free Memory Blocks </li></ul><ul><ul><li>Files were stored on the same system </li></ul></ul><ul><ul><li>No permanent storage guarantees </li></ul></ul><ul><li>CovertFS – Online photo-sharing </li></ul><ul><ul><li>Lacked way of getting images </li></ul></ul><ul><ul><li>Lacked implementation </li></ul></ul><ul><ul><li>User is compromised at same time as data </li></ul></ul>He does not like bullets either
  6. 6. Image Generation
  7. 7. Anonymizing with Tor Onion Routing in Action I AM A MEDIA SERVER I <3 Privacy
  8. 8. Image Access Patterns <ul><li>Mask our private file access patterns with non-private online image access </li></ul><ul><ul><li>Online sites have open API’s that encourage 3 rd party applications </li></ul></ul><ul><ul><li>Mask our accesses to be similar to at least one such popular application </li></ul></ul><ul><li>Techniques Used </li></ul><ul><ul><li>See CovertFS </li></ul></ul><ul><ul><li>Image-based On-disk cache helps enormously here </li></ul></ul>
  9. 9. File System Implementation <ul><li>Based on Ext2 </li></ul><ul><li>Uses Fuse-J library to take advantage of Java Serialization </li></ul><ul><li>Steganographic Algorithm replaceable (uses F5) </li></ul><ul><li>Allocation Table has paths for efficiency </li></ul><ul><li>Allocation table is chained especially (does not follow normal direct – indirect linkage) </li></ul><ul><li>Implemented Media Server </li></ul><ul><li>Image-based On-Disk Cache </li></ul><ul><ul><li>Looks just like a subset of images from the Media Server </li></ul></ul><ul><ul><li>Permanently deleted on unmount </li></ul></ul>Insert “Sexy” On-disk cache here Ext2
  10. 10. Implementation Issues <ul><li>Allocation Table cannot act as a traditional special file (chicken-egg problem) </li></ul><ul><li>Flickr modifies uploaded images of Free Account holders </li></ul><ul><ul><li>Grad students are poor </li></ul></ul><ul><ul><li>No restriction with $30 / year subscription </li></ul></ul><ul><ul><li>Easier to evaluate without Flickr </li></ul></ul><ul><li>Tradeoff with privacy vs. efficiency between On-Demand downloading and Bulk Download </li></ul>
  11. 11. Evaluation (Future Work) <ul><li>Image Generation </li></ul><ul><ul><li>How many images selected </li></ul></ul><ul><ul><li>“ Uniqueness” of frames </li></ul></ul><ul><ul><li>Different video types (cartoon, home, television) </li></ul></ul>I’m unique! <ul><li>Traffic patterns </li></ul><ul><ul><li>Media Server gathers data </li></ul></ul><ul><ul><li>Compare with existing API tools/apps </li></ul></ul>
  12. 12. Demo
  13. 13. Conclusions <ul><li>An anonyMizing Image-based Log File System is feasible! </li></ul><ul><li>Completely automatic image generation is practical if you have lots of videos ;) available as source material </li></ul>
  14. 14. Questions?

×