Detecting subtle system changes using digital signatures

In 1993, Gene Kim and Eugene Spafford working at the COAST Laboratory at Purdue University, developed the concept of a software “Tripwire” that would help detect changes to key system files. The process was to generate a set of one-way hash values that define the contents of key system files stored on host computers. Periodically, the hashes would be recalculated and compared to the stored original to determine if any change could be detected. Each unexpected result would be investigated to determine if the change was malicious or accidental. Digital signature technologies are being used today in many aspects of information security, including proof of identity, authentication, authorization, integrity and non-repudiation. The combination of Kim and Spafford´s early research and the application of digital signatures and smart cards is the basis of this paper. It discusses new techniques that have been developed and evolved from the original approach. These techniques combine to create a viable and exciting approach to providing early warning and indications of attack