Shekhanin K. Development and analysis of steganographic methods of hiding data in the structure of file systems

Українська версія

Thesis for the degree of Doctor of Philosophy (PhD)

State registration number


Applicant for


  • 125 - Кібербезпека


Specialized Academic Board

ДФ 64.051.071

V.N. Karazin Kharkiv National University


The dissertation is devoted to the development and improvement of steganographic methods of hiding information in the structure of the file system by mixing clusters. Development of a model for evaluating these methods and possible uses. The purpose of the dissertation is to increase the bandwidth of cluster steganosystems while ensuring the necessary resistance to unauthorized detection of hidden information. The first chapter of the dissertation (Research of media technologies and properties of file systems) analyzes the current state of development of technologies of physical media. In particular, technologies such as HDD and SSD are analyzed. The forecast on development of technologies of data carriers is given. Common file systems are also analyzed, their comparative analysis is performed. Based on the results of the analysis, a file system is selected for further research. The first partial research problem is solved: conducted research on modern and promising methods of information storage, properties of physical media and types of file systems, analysis of existing methods of steganographic hiding information in the structure of file systems. The second chapter (Development of a method to increase the bandwidth of cluster steganosystems and study their properties) analysis in detail the FAT32 file system as a root system from the family of cluster file systems. Possible properties of the file system structure that help to hide the message in the file system structure are also investigated and analyzed. A mathematical model of the method of hiding information by mixing clusters of cover files is given. The second partial problem of the research is solved: development of a method to increase the bandwidth of cluster steganosystems. For the first time is obtained a method of increasing the bandwidth of cluster steganosystems on the basis of taking into account the additional dependence of cluster locations within single cover file of the system. In the third chapter (Analysis of methods of hiding information and improving the mathematical model for estimating the basic parameters of cluster steganosystems) the researched methods on the possible size of the hidden message depending on various initial parameters are analyzed. The formulas by which it is possible to estimate the maximum possible size of the steganogram depending on key parameters of methods are received (number, order and size of cover files). Diagrams are given that clearly show the dependence of the size of the steganogram on the key parameters of the methods. The level of security of the hidden message before detection is also assessed by analyzing the average level of file system fragmentation and fragmentation of each cover file. The evaluation results are obtained by statistical analysis of the level of fragmentation of computer systems from laboratories of V. N. Karazin Kharkiv National University. According to the results of statistical analysis, a cast of file systems in terms of the level of fragmentation, the most fragmented file types and how to use computer systems. Based on the results of this analysis, data on the possible size of the hidden message are provided, so that the level of fragmentation of the cover files is within the average level of the file system. Also provided is a description of common software implementations that implement the above-described systems of methods of hiding information. A comparative analysis is made and an assessment of known software implementations is given as if they also used the methods of hiding information developed in this paper as a component in their algorithms. It is concluded that the described methods allow to significantly expand the functionality of the implemented programs and / or methods can provide an alternative in case it is unable to use internal program tools.


Similar theses