Skip to content

a-Lucar-d/IOT_isl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ IoT_ISL – IoT Security Layer

C Platform Build License Status

A lightweight security framework for Linux-based IoT systems that combines:

  • Boot-time integrity verification
  • Runtime security monitoring
  • Network traffic inspection
  • Service and user activity monitoring

The project is designed to provide a foundational security layer for resource-constrained IoT devices without requiring specialized hardware such as TPMs.


πŸ“Œ Overview

IoT_ISL consists of two major components:

1️⃣ SecureBoot Integrity Verification

Executed during the boot process through initramfs.

Responsibilities:

  • Verify integrity of critical files
  • Detect unauthorized modifications
  • Establish an initial trusted state before user-space services start
  • Prevent compromised systems from booting unnoticed

2️⃣ Runtime Security Monitoring Daemon

Executed after boot.

Responsibilities:

  • Weak password detection
  • Active connection monitoring
  • Logged-in user monitoring
  • Reverse shell detection
  • Running service monitoring
  • HTTP traffic inspection

βš™οΈ Features

πŸ›‘οΈ Boot-Time Integrity Verification

  • SHA256-based file integrity verification
  • Manifest-driven verification
  • Executed during initramfs stage
  • Detects unauthorized file modifications
  • Generates boot-time integrity status reports

Monitored Files

Configured through:

secureBoot/version2/monitored_files.txt

Examples:

./my_daemon
config/daemon.conf
/etc/passwd

πŸ”‘ Weak Password Detection

  • Scans /etc/shadow
  • Detects weak password hashes
  • Runs every 30 minutes

🧠 System & Service Monitoring

Runs every 2 seconds:

  • Active network connections
  • Logged-in users
  • Running services
  • Reverse shell detection

🌐 HTTP Traffic Monitoring

  • Uses libpcap
  • Captures HTTP traffic
  • Monitors incoming and outgoing packets

🧡 Architecture

                Boot Process
                     β”‚
                     β–Ό
              Initramfs Stage
                     β”‚
                     β–Ό
        SecureBoot Integrity Check
                     β”‚
         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
         β”‚                       β”‚
         β–Ό                       β–Ό
      SAFE                 COMPROMISED
         β”‚
         β–Ό
      systemd
         β”‚
         β–Ό
      IoT_ISL Daemon
         β”‚
         β”œβ”€β”€ Service Monitoring Thread
         β”‚
         β”œβ”€β”€ Password Audit Thread
         β”‚
         └── HTTP Sniffer Thread

πŸ“ Project Structure

.
β”œβ”€β”€ build/
β”œβ”€β”€ config/
β”œβ”€β”€ http/
β”œβ”€β”€ passwd_check/
β”œβ”€β”€ Services/
β”œβ”€β”€ Utility/
β”‚
β”œβ”€β”€ secureBoot/
β”‚   β”œβ”€β”€ version1/
β”‚   └── version2/
β”‚       β”œβ”€β”€ verifier.c
β”‚       β”œβ”€β”€ monitored_files.txt
β”‚       β”œβ”€β”€ generate_manifest.sh
β”‚       β”œβ”€β”€ secureBoot.boot
β”‚       └── initramfs_codes/
β”‚           β”œβ”€β”€ iot_isl_hook
β”‚           └── iot_isl_check
β”‚
β”œβ”€β”€ main.c
β”œβ”€β”€ Makefile
β”œβ”€β”€ my_daemon
└── README.md

🧰 Requirements

Install dependencies:

sudo apt update

sudo apt install \
    build-essential \
    libpcap-dev \
    libcrypt-dev \
    libssl-dev \
    initramfs-tools

πŸ”¨ Build

Build daemon only:

make

Output:

my_daemon

πŸ›‘οΈ SecureBoot Build

Build daemon and SecureBoot components:

make SECUREBOOT=true

This performs:

  • Daemon build
  • SecureBoot verifier build
  • Manifest generation

πŸš€ SecureBoot Deployment

Deploy SecureBoot into initramfs:

make deploy-secureboot

This automatically:

  • Builds daemon
  • Builds verifier
  • Generates integrity manifest
  • Installs initramfs hook scripts
  • Updates initramfs

Reboot afterwards:

sudo reboot

πŸ” SecureBoot Verification Results

After reboot:

cat /boot/firmware/iot_isl_status.txt

Debug information:

cat /boot/firmware/iot_isl_debug.txt

Example:

SYSTEM SAFE

or

INTEGRITY COMPROMISED

▢️ Run Runtime Daemon

sudo ./my_daemon

Root privileges are required for:

  • /etc/shadow access
  • Packet capture
  • Service monitoring
  • Network inspection

βš™οΈ Configuration

Configuration file:

config/daemon.conf

Example:

[passwd]
enable=true

[services]
active_connections=true
current_access=true
reverse_shell=true
running_services=true

[http]
http_sniffer=true

[secureboot]
enable=true

πŸ“œ Logging

Logs are written using syslog.

Traditional Syslog

sudo tail -f /var/log/syslog

Filter daemon logs:

sudo grep simple_daemon /var/log/syslog

journalctl

View logs:

sudo journalctl -t simple_daemon

Follow logs:

sudo journalctl -t simple_daemon -f

Recent logs:

sudo journalctl -t simple_daemon -n 50

πŸ“Œ Boot-Time Reports

Generated by SecureBoot:

/boot/firmware/iot_isl_status.txt
/boot/firmware/iot_isl_debug.txt

These files contain:

  • Integrity verification result
  • Files checked
  • Verification status
  • Debug information

πŸ”¬ Research Focus

IoT_ISL is intended as a lightweight software-based security framework for Linux IoT systems and explores:

  • Secure boot concepts without TPM hardware
  • File integrity verification
  • Runtime security monitoring
  • Early boot trust establishment
  • Embedded Linux security

⚠️ Current Limitations

SecureBoot

  • SHA256 manifest is not digitally signed yet
  • No TPM integration
  • No measured boot support
  • Software-only trust model

Runtime Monitoring

  • No deep packet inspection
  • Heuristic reverse shell detection
  • No alerting mechanism
  • No centralized logging
  • HTTP-only packet monitoring
  • Requires root privileges

πŸ‘¨β€πŸ’» Author

Adityakrishna Vinod


πŸ“„ License (MIT)

MIT License

Copyright (c) 2026 Adityakrishna Vinod

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.

About

Custom IOT security framework

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors