Rootkit Detection on Embedded IoT Devices

IoT systems are subject to cyber attacks, including infecting embedded IoT devices with rootkits. Rootkits are malicious software that typically run with elevated privileges, which makes their detection challenging. In this paper, we address this challenge: we propose a rootkit detection approach for embedded IoT devices that takes advantage of a trusted execution environment (TEE), which is often supported on popular IoT platforms, such as ARM based embedded boards. The TEE provides an isolated environment for our rootkit detection algorithms, and prevents the rootkit from interfering with their execution even if the rootkit has root privileges on the untrusted part of the IoT device. Our rootkit detection algorithms identify modifications made by the rootkit to the code of the operating system kernel, to system programs, and to data influencing the control flow (e.g., hooking system calls), as well as inconsistencies created by the rootkit in certain kernel data structures (e.g., those responsible to handle process related information). We also propose algorithms to detect rootkit components in the persistent storage of the device. Besides describing our approach and algorithms in details, we also report on a prototype implementation and on the evaluation of our design and implementation, which is based on testing our prototype with rootkits that we developed for this purpose.

Non-Volatile Kernel Root kit Detection and Prevention in Cloud Computing

The field of web has turned into a basic part in everyday life. Security in the web has dependably been a significant issue. Malware is utilized to rupture into the objective framework. There are various kinds of malwares, for example, infection, worms, rootkits, trojan pony, ransomware, etc. Each malware has its own way to deal with influence the objective framework in various ways, in this manner making hurt the framework. The rootkit may be in some arbitrary records, which when opened can change or erase the substance or information in the objective framework. Likewise, by opening the rootkit contaminated record may debase the framework execution. Hence, in this paper, a Kernel Rootkit Detection and Prevention (KRDP) framework is proposed an avert the records. The avoidance system in this paper utilizes a calculation to forestall the opening of the rootkit influenced record as portrayed. By and large, the framework comprises of a free antivirus programming which is restricted to certain functionalities. The proposed model beats the functionalities by utilizing a calculation, in this way identifying the rootkits first and afterward cautioning the client to react to the rootkit tainted record. In this way, keeping the client from opening the rootkit contaminated record. Inevitably, in the wake of expelling the tainted document from the framework will give an improvement in the general framework execution

A Survey: Cryptographic Hash Functions for Digital Stamping

The current study aims to examine a general overview of the application of hash functions in cryptography and study the relationships between cryptographic hash functions and uses of the digital signature. Functions of the cryptographic hash are an important tool applied in several sections of data security, and application of hash function is common and used for various purposes such as File Integrity Verification, Key Derivation, Time stamping, Password Hashing, Rootkit Detection and Digital Signature. Digital Signature is a code that is linked electronically with the document including the sender's identity. Therefore, the digital signature is of high value in verifying digital messages or documents. Cryptographic hash functions do not present without mathematics. The success of computer science is attributed to mathematics; in other words, it is because of mathematical science, that computer science was understood and could be explained to all. The study aims to teach the reader hash functions and its applications such as digital signature and to show in details some hash functions and their designing.