Fingerprinting of Machines in Critical Systems for Integrity Monitoring and Verification
Prakhar Paliwal, Arjun Sable, Manjesh K. Hanawal
TL;DR
This work argues that system fingerprinting provides a proactive, baselined approach to integrity monitoring by capturing comprehensive hardware, software, and configuration data to establish a historical reference. It outlines a cross-platform data collection blueprint, a hashing-based baseline (using SHA-256) augmented with file size, permissions, and ownership checks, and a drift-detection framework with adaptive scheduling to detect unauthorized changes between security assessments. The paper also discusses challenges in item selection, tamper resistance, and OS-specific differences, and proposes future work including macOS support and SIEM/EDR integration to enable real-time alerts. Overall, the approach aims to strengthen breach analysis, incident response, and ongoing system integrity for critical environments.
Abstract
As cyber threats continue to evolve and diversify, it has become increasingly challenging to identify the root causes of security breaches that occur between periodic security assessments. This paper explores the fundamental importance of system fingerprinting as a proactive and effective approach to addressing this issue. By capturing a comprehensive host's fingerprint, including hardware-related details, file hashes, and kernel-level information, during periods of system cleanliness, a historical record is established. This historical record provides valuable insights into system changes and assists in understanding the factors contributing to a security breach. We develop a tool to capture and store these fingerprints securely, leveraging the advanced security features. Our approach presents a robust solution to address the constantly evolving cyber threat landscape, thereby safeguarding the integrity and security of critical systems.