ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2015, Vol. 52 ›› Issue (3): 702-717.doi: 10.7544/issn1000-1239.2015.20131382

Previous Articles     Next Articles

Light-Weight Integrity Monitoring Based on Hashing Time Validity

Xu Qingui1, Qin Yong1, Yang Taolan2   

  1. 1(College of Computer, Dongguan University of Technology, Dongguan, Guangdong 523808); 2(College of Computer, National University of Science Technology, Changsha 410073)
  • Online:2015-03-01

Abstract: Real-time monitoring of node integrity is effective means to protect resource-restrained nodes. By identifying main tampering attack modes against resource-restrained nodes, and analysiing the influence on hashing time, pure-software integrity monitoring means based on inspecting hashing time validity is suggested. On the basis of analysing testability condition of hashing time validity, checksum forging punishment coefficient is proposed to indicate tamper-resisting performance of monitor mechanism, and a light-weight hashing algorithm of merging program states is put forward. By simplifying hashing structure and integrating program states into checksum, checksum forging is made more difficult. Damaged nodes have to spend much more time on extra work like restoring legal code and program states than on hashing if they want to aquire the correct checksum. Hence, the proposed mechanism imposes much greater checksum forging punishment on damaged nodes than other approaches like SWATT and Shah. In order to prevent message forging or tampering during transmission over communication networks, a monitoring protocol supporting message authentication is designed. For tolerating influence from hashing time fluctuation and checksum guess, node integrity state is evaluated from results of both checksum comparison and hashing time validity statistics. The experiments show that the proposed approach achieves high reliabiliy in examining validity of checksum and hashing time with small cost. Toleration ability against fluctuation disturbance on hashing time from node multi-tasking environment and communication networks is improved, and hence tamper-resisting performance of resource-constrained nodes is enhanced.

Key words: integrity monitoring, hashing time validity, light-weight hashing algorithm, low-overhead authentication algorithm, checksum forging punishment coefficient

CLC Number: