stegfs 201001

A new steganographic file system for a new decade
stegfs is a steganographic file system in userspace which uses FUSE (Filesystem in Userspace). Steganographic file systems are one step ahead of (or beyond) encrypted file systems as they aim to grant the user plausible deniability of the files within. It achieves this by becoming a lossy file system: writing a file to the file system may overwrite an existing file.

As stegfs has reached a stable state and is mostly feature complete. It allows reading and writing files (obviously), and various mechanisms for limiting the damage done to files as new files are added, yet it still retains its aura of deniability. Pre-built binary packages are usually available for Debian and RPM based distributions shortly after the latest source code is released. As always, the Git repository has the latest (but not always greatest) code we've committed.

In an attempt to keep our own code clean we have started using the libraries mcrypt and mhash to take advantage of the algorithms they offer. Theoretically, this allows stegfs to use any of the algorithms they support, but at this stage, we have coded only to allow the Serpent block cipher and Tiger one-way hashing function.

Remember: you will not only require the standard libraries for mhash and mcrypt, but if you intend to build from source, you will also their respective development packages - consult your package management system for further details.

Now for a few technical details: each file system block is 128 bytes, with 80 being used for actual data, and the rest being used to verify the integrity of the data, and point to the location of the next block. (Thus, not only is stegfs lossy, it's also very inefficient! Oh - and really slow.) NB Approximately, only 6% of the total file system capacity is actually usable, owing to meta data, and collision avoidance techniques (multiple copies of each file).

stegfs uses a file hierarchy similar to that of conventional file systems. However, all directories must start with a + symbol; to allow stegfs to easily distinguish between files and directories. For each sub directory, a check is made to ensure that the current block isn't already being used by another file down that path. Files at a deeper level 'know' about the files above them, but files in the root directory know only of those other files also in the root. This basically means that files at a deeper level are less likely to overwrite another file, but in turn, are more susceptible to being overwritten themselves.

stegfs can make use of an internal cache to remember allocated blocks and directory entries, however these are only kept in memory whilst the file system is mounted. There is a directory named /+proc/ in the root of the stegfs image, which will link to known files, as well as provide a list of all known/used blocks. NB This isn't yet fully functional and should be treated with some degree of caution.

We've also now made an attempt to support multiple, congruent read/writes. Reading shouldn't present any problems, just a large memory requirement and high latency. However, when writing files, due to the limited amount of actual usable space, problems can arise as each thread will be trying to claim the last of this space.

As a final note: files and directories do not need to be created, they already exist - just try to stat a file to see what this means ;-) (that said, just because a file might be stat'able doesn't it it actually exists or contains any retrievable data).

last updated on:
February 7th, 2010, 20:22 GMT
developed by:
The stegfs Team
license type:
GPL v3 
ROOT \ System \ Filesystems


In a hurry? Add it to your Download Basket!

user rating



Add your review!