A group of computer scientists has developed software that can hide sensitive data on a hard drive without encrypting it, an advancement that could provide security professionals with a valuable tool to thwart data breaches and keep important files safe.
The software takes stored files, breaks them into fragments, then scatters those individual pieces in clusters throughout the hard drive.
It sounds simple enough, but the manipulation of how files are labeled and stored can make certain sensitive data impossible to detect, the scientists wrote in a paper.
"Even when a user is forced to release all the contents of his/her hard disk, a forensic investigator who is scanning the device for the presence of suspect information can neither detect the boundaries of hidden information nor its contents," the paper explained.
The paper was titled "Designing a Cluster-Based Covert Channel to Evade Disk Investigation and Forensics." It was written by researchers from the University of Southern California and the National University of Science and Technology, in Islamabad, Pakistan.
In effect, the security development promotes "plausible deniability," the researchers said. Encrypted files can be decrypted and easily identified in an investigation, but by fracturing files and placing them throughout the hard drive, the person who hides the data can convincingly claim that all the system's information is out in the open.
The researchers say their software allows a 20-megabyte message to be hidden on a 160-gigabyte hard drive.
Hiding data on a hard drive without encrypting it could have widespread implications for professionals responsible for data storage. In recent months, several companies have suffered high-profile, damaging data breaches, including US Airways, Gucci, DuPont, TripAdvisor and the European Space Agency.