面向物联网设备固件的硬编码漏洞检测方法

doi:10.11959/j.issn.2096-109x.2022070

Abstract

Abstract:

With the popularization of IoT devices, more and more valuable data is generated.Analyzing and mining big data based on IoT devices has become a hot topic in the academic and industrial circles in recent years.However, due to the lack of necessary detection and protection methods, many IoT devices have serious information security risks.In particular, device hard-coded information is closely related to system encryption and decryption, identity authentication and other functions, which can provide confidentiality protection for core data.Once this information is exploited by malicious attackers, serious consequences such as sensitive information leakage, backdoor attacks, and unauthorized logins will occur.In response to this problem, a multi-type character recognition and positioning scheme was designed and a hard-coded vulnerability detection method in executable files was proposed based on the study of the characteristics of hard-coded vulnerabilities in IoT devices.The proposed method extracted the firmware of IoT devices and filtered all executable files as the source to be analyzed.Then, a solution to identify and locate three types of hard-coded characters was provided.Further, the reachability of the function, where the hard-coded character was located, was analyzed according to the function call relationship.Meanwhile, the instruction heterogeneity was mitigated by an intermediate representation (IR) model.The character and parameter hard-coded values was obtained through a data flow analysis approach.A symbolic execution method was devised to determine the trigger conditions of the hard-coded vulnerabilities, and then the vulnerability detection result was output.On the one hand, the proposed method introduced the method of symbolic execution based on the use of the intermediate representation model, which eliminated the dependency of instruction architecture and reduces the false positive rate of vulnerabilities; On the other hand, this method can integrate characters, files, and cryptographic implementation to realize the different characteristics of three types of hard-coded characters, which increased the coverage of vulnerability detection and improves the versatility of the detection method.The experimental results show that the proposed method can effectively detect three types of hard-coded vulnerabilities of characters, files and cryptographic implementation in various IoT devices, and has good detection accuracy, which can provide certain guidance for the deployment of subsequent security protection technologies.

Key words: big data, IoT security, hard coding, vulnerability detection

CLC Number:

TP393

Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU. Hardcoded vulnerability detection approach for IoT device firmware[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 98-110.

Figures/Tables 17

References 30

[1]	王鑫 . 面向分布式计算的隐私保护研究[D]. 浙江:浙江大学, 2020.
	WANG X . Research on privacy protection for distributed compu-ting[D]. Zhejiang:Zhejiang University, 2020.
[2]	BURSZTEIN E , COCHRAN G J , DURUMERIC C Z ,et al. Understanding the Mirai Botnet[C]// USENIX Security Symposium. 2017.
[3]	杨毅宇, 周威, 赵尚儒 ,等. 物联网安全研究综述:威胁,检测与防御[J]. 通信学报, 2021,42(8): 188-205.
	YANG Y Y , ZHOU W , ZHAO S R ,et al. Survey of IoT security re-search:threats,detection and defense[J]. Journal on Communica-tions, 2021,42(8): 188-205.
[4]	张玉清, 周威, 彭安妮 . 物联网安全综述[J]. 计算机研究与发展, 2017,54(10): 2130.
	ZHANG Y , ZHOU W , PENG A N . Survey of internet of things se-curity[J]. Journal of Computer Research and Development, 2017,54(10): 2130-2143.
[5]	郑尧文, 文辉, 程凯 ,等. 物联网设备漏洞挖掘技术研究综述[J]. 信息安全学报, 2019,4(5): 61-75.
	ZHENG Y W , WEN H , CHENG K ,et al. A survey of IoT device vulnerability mining techniques[J]. Journal of Cyber Security, 2019,4(5): 61-75.
[6]	CAO X H , SHILA D M , CHENG Y ,et al. Ghost-in-zigbee:Energy depletion attack on zigbee-based wireless networks[J]. IEEE Internet of Things Journal, 2016,3(5): 816-829.
[7]	WEN H , CHEN Q A , LIN Z . Plug-N-Pwned:comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT[C]// USENIX Security Symposium. 2020: 949-965.
[8]	CHEN J Y , ZUO C S , DIAO W R ,et al. Your IoTs are (not) mine:on the remote binding between IoT devices and users[C]// 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2019: 222-233.
[9]	HE W , GOLLA M , PADHI R ,et al. Rethinking access control and authentication for the home Internet of things (IoT)[C]// USENIX Security Symposium. 2018: 255-272.
[10]	YUAN B , JIA Y , XING L ,et al. Shattered chain of trust:understanding security risks in cross-cloud IoT access delegation[C]// USENIX Security Symposium. 2020: 1183-1200.
[11]	FERNANDES E , RAHMATI A , JUNG J ,et al. Decentralized action integrity for trigger-action IoT platforms[C]// Proceedings 2018 Network and Distributed System Security Symposium. 2018: 1-16.
[12]	ZHANG L , CHEN J , DIAO W ,et al. {CryptoREX}:large-scale analysis of cryptographic misuse in {IoT} Devices[C]// 22nd International Symposium on Research in Attacks,Intrusions and Defenses (RAID 2019). 2019: 151-164.
[13]	ALMAKHDHUB N S , CLEMENTS A A , BAGCHI S ,et al. μRAI:securing embedded systems with return address integrity[C]// Proceedings 2020 Network and Distributed System Security Symposium. 2020: 1-18.
[14]	YAO Y , ZHOU W , JIA Y ,et al. Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution[C]// European Symposium on Research in Computer Security. 2019: 638-657.
[15]	ZHOU J , DU Y , SHEN Z ,et al. Silhouette:efficient protected shadow stacks for embedded systems[C]// USENIX Security Symposium. 2020: 1219-1236.
[16]	MU C , YANG M , CHEN Z ,et al. Research on RSA padding identification method in IoT firmwares[C]// Journal of Physics:Conference Series. 2020:012061.
[17]	Vulnerabilities in foscam IP cameras report[R].
[18]	THOMAS S L , CHOTHIA T , GARCIA F D . Stringer:measuring the importance of static data comparisons to detect backdoors and undocumented functionality[C]// European Symposium on Research in Computer Security. 2017: 513-531.
[19]	SHOSHITAISHVILI Y , WANG R , HAUSER C ,et al. Firmaliceautomatic detection of authentication bypass vulnerabilities in binary firmware[C]// NDSS. 2015: 1-8.
[20]	WANG F , SHOSHITAISHVILI Y . Angr-the next generation of binary analysis[C]// 2017 IEEE Cybersecurity Development (SecDev). 2017: 8-9.
[21]	ZHENG Y , DAVANIAN A , YIN H ,et al. FIRM-AFL:greybox fuzzing of IoT firmware via augmented process emulation[C]// 28th USENIX Security Symposium (USENIX Security 19). 2019: 1099-1114.
[22]	ZADDACH J , BRUNO L , FRANCILLON A ,et al. AVATAR:A framework to support dynamic security analysis of embedded systems' firmwares[C]// NDSS. 2014: 1-16.
[23]	CHEN J Y , DIAO W R , ZHAO Q C ,et al. IoTFuzzer:discovering memory corruptions in IoT through app-based fuzzing[C]// Proceedings 2018 Network and Distributed System Security Symposium. 2018: 1-15.
[24]	REDINI N , MACHIRY A , WANG R ,et al. Karonte:detecting insecure multi-binary interactions in embedded firmware[C]// 2020 IEEE Symposium on Security and Privacy. 2020: 1544-1561.
[25]	CHEN L , WANG Y , CAI Q ,et al. Sharing more and checking less:Leveraging common input keywords to detect bugs in embedded systems[C]// 30th USENIX Security Symposium (USENIX Security 21). 2021: 303-319.
[26]	MU C , WANG X , YANG M ,et al. Vulnerability analysis for iot devices of multi-agent systems:a cryptographic function identification approach[C]// Proceedings of 2021 5th Chinese Conference on Swarm Intelligence and Cooperative Control. 2023: 1510-1519.
[27]	DAVIDSON D , MOENCH B , RISTENPART T ,et al. {FIE} on firmware:Finding vulnerabilities in embedded systems using symbolic execution[C]// 22nd USENIX Security Symposium (USENIX Security 13). 2013: 463-478.
[28]	NETHERCOTE N , SEWARD J . Valgrind:a framework for heavyweight dynamic binary instrumentation[J]. ACM Sigplan Notices, 2007,42(6): 89-100.
[29]	DUONG T , RIZZO J . Here come the⊕ninjas[J]. Unpublished manuscript, 2011,320.
[30]	CHEN D D , EGELE M , WOO M ,et al. Towards automated dynamic analysis for linux-based embedded firmware[C]// Pro- ceedings 2016 Network and Distributed System Security Symposium. 2016: 1-16.

Metrics

Recommended 0

No Suggested Reading articles found!

文件类型	代表文件	应用场景	架构组成
可执行	busybox，boa，pppd，	命令操作，Web	MIPS
文件	init，httpd，webs，	服务，初始化，	ARM
（625个）	ucloud，app_default，	授权认证，时间	PowerPC
	cgi，switch等	获取等	X86-64
链接库	libc.so，libcrypto.so，	OpenSSL库，加	MIPS
文件	libgcc.so，libssl.so，	解密操作，协议	ARM
（214个）	libutil.so，libdl.so，	应用，系统语言	PowerPC
	libuClibc.so等	功能等	X86-64

厂商名称	固件架构及数量	特殊格式字符	外部文件引用	密码实现硬编码
360	MIPS(32)	MIPS(13)	MIPS(5)	0
TP-Link	MIPS(52)	MIPS(12)	MIPS(7)	0
	ARM(24)	ARM(8)	ARM(4)
Tenda	MIPS(36)	MIPS(9)	MIPS(3)	MIPS(1)
D-Link	MIPS(7)	MIPS(5)	MIPS(2)	ARM(3)
	ARM(5)	ARM(2)
	ARM(3)	PowerPC(1)	PowerPC(1)	ARM(1)
Western Digital	PowerPC(2)	X86-64(2)	X86-64(1)	X86-64(1)
	X86-64(3)
	MIPS(127)	MIPS(39)	MIPS(17)	MIPS(1)
合计	ARM(32)	ARM(10)	ARM(4)	ARM(4)
	PowerPC(2)	PowerPC(1)	PowerPC(1)	X86-64(1)
	X86-64(3)	X86-64(2)	X86-64(1)

Hardcoded vulnerability detection approach for IoT device firmware

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 17

References 30

Related Articles 15

Metrics

Recommended 0

[1]	Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101.
[2]	Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55.
[3]	Jian LI, Tinglu DONG, Jie LI. Research on IoT security situation awareness method based on evidence theory [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 39-47.
[4]	Cheng HUANG, Mingxu SUN, Renyu DUAN, Susheng WU, Bin CHEN. Vulnerability identification technology research based on project version difference [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 52-62.
[5]	Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87.
[6]	Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125.
[7]	Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122.
[8]	Hao CHEN, Ping YI. Code vulnerability detection method based on graph neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 37-45.
[9]	Jinhui TENG,Yan GUANG,Hui SHU,Bing ZHANG. Automatic detection method of software upgrade vulnerability based on network traffic analysis [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 94-108.
[10]	Jianming ZHU,Hongrui YANG. Data security challenges and countermeasures in financial technology [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 71-79.
[11]	Zhen LI, Deqing ZOU, Zeli WANG, Hai JIN. Survey on static software vulnerability detection for source code [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 1-14.
[12]	Qiuyue SU, Xingshu CHEN, Yonggang LUO. Access control model for multi-source heterogeneous data in big data environment [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 78-86.
[13]	Tuosiyu MING, Hongchang CHEN. Research progress and trend of text summarization [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 1-10.
[14]	De-yu YUAN,Xiao-juan WANG,Jian-chao WAN. Influence of Internet plus on cyberspace security and the technology development trend in Internet plus era [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 1-9.
[15]	Kai-min WEI,Jian WENG,Kui REN. Data security and protection techniques in big data:a survey [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 1-11.