Browse Prior Art Database

A method to prevent information linkage from ZIP files

IP.com Disclosure Number: IPCOM000081899D
Original Publication Date: 2005-Feb-28
Included in the Prior Art Database: 2005-Feb-28
Document File: 2 page(s) / 42K

Publishing Venue

IBM

Abstract

Hiding encrypted information without disclosing that it is password-protected.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

A method to prevent information linkage from ZIP files

Consider Information Theory as regards unexpected information leakage. When you use a Logonid+Password to get into some sort of computer system, you can get these responses: 1: OK 2: Wrong 3: Invalid Logonid 4: Invalid Password

    Now, in Information Theory terms, responses 3 and 4 constitute an Information flow and so Information Leakage. Why? Because the response of 'Bad Password' means that the Logonid is correct, and this is relevant information to someone trying to invalidly get in (as half the job is done as the logonid has been found). This is why more secure information systems either let you in (1) or simply say No (2). The 'No' response does not have the unintended information leakage as it does not inadvertently disclose that the logonid is correct.

    Now, consider the case of a Password Protected ZIP file. When one tries to unzip it (gain access to the information contained therein) you get a response of 'Invalid Password'. In Information Theory terms this constitutes Information Leakage - the relevant Leakage being the fact that the ZIP file is password protected, and so potentially contains something of interest. This article presents a technique to remove this Information Leakage from a Password Protected ZIP file. Or, in general, anything encrypted.

    ZIP files (commonly called Archives) consist of a set of compressed files. These files are compressed to save space (particularly important during Data Transfer). An extension to ZIP file processing is to encrypt the contents with a Password. After Compression, the (smaller) contained files are then encrypted using a well known two-way (so that they can be decrypted) technique. To extract (or view) the contents of such an encrypted ZIP file, the correct password has to be supplied. If an incorrect password, or no password, is given, the ZIP file is unreadable. Consequently, in terms of this article, the unreadableness of an encrypted ZIP file is the Information Leakage which this idea removes.

    An undesirable side effect to using encrypted ZIP files is that unhelpful things sometimes occur. For example, when they are incl...