Design And Implementation Of Drive Level Trojan Transmission And Encryption Algorithms

With the fast development of Internet, more and more corporations and users connect to the Internet. People are constantly exposed to various computer virus infection and hacker malicious attack when they enjoy the convenience and high efficient that Internet brings.The security of network is one of the important study content of the security of information,it is the research hotpot of the information security domain.The security of data is mostly content of the network's security. As a highly dangerous and covert remote control too, Trojan horse is commonly used techniques on network intrusion.However, with a variety of anti-virus software continuously improving the detection technology, the traditional user mode Trojan horse's living space is getting smaller and smaller.As a result, a teehnology called Rootkit is created. The Trojan horse combined rootkit technology is depth to the system kernel, it is able to modify the key data of system, making the conventional detection methods and tools for security are no longer credible.On the basis of analysis of the trojan functional structure and based on rootkit kernel level hidden technical, a modularized driverbased trojan structure is put forward, which is generic, and it can deal with different based on kinds of kernel-level rootkit hidden technical, contact effectively the main part of Trojan, running in the user mode, with the driver, running in the kernel mode, drivers can achieve the covert communications and hide the Trojan itself by the means of communicating with user-mode code mutually. The result of testing shows that this structure can effectively support the drivers on hiding Trojan-related informations including those of process, file, registry, service and so on. This article focuses on the NDIS protocol driver in VC++ platform, the preparation of NDIS protocol driver to achieve Trojans in the driver layer data transmission. Trojan Trojan scheduling the completion of the main program to start the service module, the process of hiding modules, as well as the encryption module, when done in the communication of data encryption and decryption. Prepared containing DES (Data Encryption Standard) and RSA (Ron Rivest, Adi Shamir and Leonard Adleman) encryption algorithm encryption module to Dynamic Link Library exists in the form of data transmission through Trojans call the main program to achieve transmit data encryption and decryption. This article, realized the hidden Trojan system communication module, for general non-contact achieved through the firewall to make it impossible to intercept transmission of data, aimed at increasing the development of personal firewall system,This article through carries on the analysis to DES and the RSA encryption technology,designed in the VC++ platform realizes the network data encryption system. Namely establishes a safe data transmission system, including the exchange of information form, the swap agreement and algorithm, thus guarantee network data safe transmission. During realization of the system we make good use of the characteristic and advantage of VC++ so that we can enhance reliability of the system. Through the Internet network environment in a simulated test system kernel layer Trojan hidden communication transmission can penetrate ordinary firewall, but for the system kernel layer firewall, encryption of data transmission can be done, so that the firewall unable to obtain clear information.