All web services available today are for open storage and sharing, where the existence of the data is known to the service provider. The fundamental, implicit assumption here, is that the service provider can be completely trusted with the user data. Any content stored in the clear on these servers is vulnerable to unauthorized access by the service administrators. Further, the government could compel the service provider to turn over this data without the knowledge of the user. A more cautious user might encrypt all content that is stored on these servers. While this protects the data from unauthorized access, it cannot hide the fact that some data is stored by a particular user. The user might be subsequently coerced into revealing the encryption keys by legal instruments such as subpoenas. Thus, users may desire to hide the very presence of their data stored on public servers in such a way that its existence cannot be proven by the service providers themselves or another third party.

The goal of this project is to create a web based covert file system, CovertFS, which facilitates secure file storage and sharing amongst a group of people and yet provides plausible deniability. The idea is to build the file system over a publicly available media service. Challenges are to map the local file system objects to the remotely hosted media in an efficient way such that covert traffic patterns appear as regular photo sharing traffic patterns.


We are building CovertFS as a user-level file system. We are implementing this on top of the FUSE file system interface as shown in the figure below. FUSE facilitates easy development of user-level file systems. It has a kernel mode driver and a user-level library. The user-level library libfuse interacts with the kernel mode driver through a device called /dev/fuse. The system calls that operate on files in the FUSE file system are redirected from the virtual file system (VFS) layer in the kernel to the FUSE driver. The driver in turn forwards this call to the userspace library. The new filesystem, CovertFS in the figure, that links into this library can handle this call and implement new functionality. We plan to develop CovertFS over Flickr.



Research Goals

Primary research goals for this project are :

  1. To explore the various options available in the design space, it's effects on performance and feasibility in the usage and deployment of the file system, as well as the impact different design options have on the traffic patterns. Other performance goals are to make the file system efficient and practical, minimize the network bandwidth usage, optimize the usage of hiding capacity within the media and so on.

  2. To analyze traffic patterns generated by CovertFS users. Detection of the existence of CovertFS is important from two perspectives. From the user’s viewpoint, the design has to be resilient to traffic analysis to provide the user
    with complete plausible deniability. From the service provider’s point of view, detection of CovertFS might be important to stop users from using the service in such a way, if it is found undesirable for any reason whatsoever.

  3. To study the resiliency of CovertFS when the service providers either perform content transformation or impose bandwidth restrictions on the clients.






 Joe Kilian, Liviu Iftode

Graduate Students

 Arati Baliga