Using low-cost RFID for Rootkit countermeasures

• Main Authors: Kai Lun Kan, 甘凱綸
• Other Authors: K. C. Chang
• Format: Others
• Published: 2010
• Online Access: http://ndltd.ncl.edu.tw/handle/26844489635538646755

碩士 === 長庚大學 === 資訊管理學系 === 98 === Rootkit can automatically invade your system and install without asking (the computer user’s) permission. Rootkit is purposely hidden so it is difficult to detect. Anti-virus programs may not be able to remove the invading malware completely as Rootkit can be well hidden and can possibly stay in the system as a repair file or combine with some kinds of spyware or malware. Most crackers favor this kind of virus attack. This research discusses the repercussion of Rootkit to health care information fields to understand the importance of protection against Rootkit’s intrusion into hospital files. This is especially important when we needed to protect the privacy and security of patient medical data so this information will not be leaked to outsiders. In a hospital database server, it is possible that information can be circulating through e-mail, audio or video from recorded meetings, and electronically stored meeting minutes could be acquired by Rootkit. Medical R & D or any hospital administrative decisions could be taped or intercepted without being noticed creates a substantial vulnerability for the hospital database server. In addition, the exchange of patients’ medical data files among hospital staffs, personnel work shift arrangement, procedures of doctors’ diagnosis, or even patients’ medical files can all be deliberately altered. A vulnerability to Rootkit adversely affects patients. Because of the implications of a hospital’s database server is vulnerable to Rootkit as information technology is used by the medical system, we must also feverishly protect the security of information before the hospital’s proprietary knowledge is lost or appropriate patient care is altered. In this research, we want to define a new Rootkit attack corresponding to the countermeasure. We used the low computing operators which composed with the symmetric key, exclusive or (XOR) operation and hash-based message authentication code (HMAC) to communicate in the proposed mechanism. We will use a symmetric key to encrypt and decrypt the data which are transferred among the reader, database server and the user. We also use the XOR to compute the recover operator to recover the modified data. Finally we will use HMAC to gain the digested code that used value k to hash the cipher text to compare with the true data and false data. In recent years, there are many theories of RFID identity security mechanisms have been proposed, although these methods in security issues has improved, but they are unable to provide a high transmission efficiency of protection. Therefore, in considering the information security is also necessary to take into consideration the feasibility of the problem. This research uses the HMAC and XOR operation to manually discover a database server privacy protection in the backward-looking mechanism for retrieving false data. Contributions to the method are: (1) even if the data was transferred to the other users the data is useless; (2) efficiency for the most prevalent the low computing, the low memory capacity with a large database server. This research can be referred to all researchers who want to understand the Rookit operations.