Chinese Journal of Network and Information Security ›› 2022, Vol. 8 ›› Issue (5): 98-110.doi: 10.11959/j.issn.2096-109x.2022070
• Papers • Previous Articles Next Articles
Chao MU1, Xin WANG1, Ming YANG1, Heng ZHANG2, Zhenya CHEN1, Xiaoming WU1
Revised:
2022-09-02
Online:
2022-10-15
Published:
2022-10-01
Supported by:
CLC Number:
Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU. Hardcoded vulnerability detection approach for IoT device firmware[J]. Chinese Journal of Network and Information Security, 2022, 8(5): 98-110.
"
文件类型 | 代表文件 | 应用场景 | 架构组成 |
可执行 | busybox,boa,pppd, | 命令操作,Web | MIPS |
文件 | init,httpd,webs, | 服务,初始化, | ARM |
(625个) | ucloud,app_default, | 授权认证,时间 | PowerPC |
cgi,switch等 | 获取等 | X86-64 | |
链接库 | libc.so,libcrypto.so, | OpenSSL库,加 | MIPS |
文件 | libgcc.so,libssl.so, | 解密操作,协议 | ARM |
(214个) | libutil.so,libdl.so, | 应用,系统语言 | PowerPC |
libuClibc.so等 | 功能等 | X86-64 |
"
厂商名称 | 固件架构及数量 | 特殊格式字符 | 外部文件引用 | 密码实现硬编码 |
360 | MIPS(32) | MIPS(13) | MIPS(5) | 0 |
TP-Link | MIPS(52) | MIPS(12) | MIPS(7) | 0 |
ARM(24) | ARM(8) | ARM(4) | ||
Tenda | MIPS(36) | MIPS(9) | MIPS(3) | MIPS(1) |
D-Link | MIPS(7) | MIPS(5) | MIPS(2) | ARM(3) |
ARM(5) | ARM(2) | |||
ARM(3) | PowerPC(1) | PowerPC(1) | ARM(1) | |
Western Digital | PowerPC(2) | X86-64(2) | X86-64(1) | X86-64(1) |
X86-64(3) | ||||
MIPS(127) | MIPS(39) | MIPS(17) | MIPS(1) | |
合计 | ARM(32) | ARM(10) | ARM(4) | ARM(4) |
PowerPC(2) | PowerPC(1) | PowerPC(1) | X86-64(1) | |
X86-64(3) | X86-64(2) | X86-64(1) |
[1] | 王鑫 . 面向分布式计算的隐私保护研究[D]. 浙江:浙江大学, 2020. |
WANG X . Research on privacy protection for distributed compu-ting[D]. Zhejiang:Zhejiang University, 2020. | |
[2] | BURSZTEIN E , COCHRAN G J , DURUMERIC C Z ,et al. Understanding the Mirai Botnet[C]// USENIX Security Symposium. 2017. |
[3] | 杨毅宇, 周威, 赵尚儒 ,等. 物联网安全研究综述:威胁,检测与防御[J]. 通信学报, 2021,42(8): 188-205. |
YANG Y Y , ZHOU W , ZHAO S R ,et al. Survey of IoT security re-search:threats,detection and defense[J]. Journal on Communica-tions, 2021,42(8): 188-205. | |
[4] | 张玉清, 周威, 彭安妮 . 物联网安全综述[J]. 计算机研究与发展, 2017,54(10): 2130. |
ZHANG Y , ZHOU W , PENG A N . Survey of internet of things se-curity[J]. Journal of Computer Research and Development, 2017,54(10): 2130-2143. | |
[5] | 郑尧文, 文辉, 程凯 ,等. 物联网设备漏洞挖掘技术研究综述[J]. 信息安全学报, 2019,4(5): 61-75. |
ZHENG Y W , WEN H , CHENG K ,et al. A survey of IoT device vulnerability mining techniques[J]. Journal of Cyber Security, 2019,4(5): 61-75. | |
[6] | CAO X H , SHILA D M , CHENG Y ,et al. Ghost-in-zigbee:Energy depletion attack on zigbee-based wireless networks[J]. IEEE Internet of Things Journal, 2016,3(5): 816-829. |
[7] | WEN H , CHEN Q A , LIN Z . Plug-N-Pwned:comprehensive vulnerability analysis of OBD-II dongles as a new over-the-air attack surface in automotive IoT[C]// USENIX Security Symposium. 2020: 949-965. |
[8] | CHEN J Y , ZUO C S , DIAO W R ,et al. Your IoTs are (not) mine:on the remote binding between IoT devices and users[C]// 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 2019: 222-233. |
[9] | HE W , GOLLA M , PADHI R ,et al. Rethinking access control and authentication for the home Internet of things (IoT)[C]// USENIX Security Symposium. 2018: 255-272. |
[10] | YUAN B , JIA Y , XING L ,et al. Shattered chain of trust:understanding security risks in cross-cloud IoT access delegation[C]// USENIX Security Symposium. 2020: 1183-1200. |
[11] | FERNANDES E , RAHMATI A , JUNG J ,et al. Decentralized action integrity for trigger-action IoT platforms[C]// Proceedings 2018 Network and Distributed System Security Symposium. 2018: 1-16. |
[12] | ZHANG L , CHEN J , DIAO W ,et al. {CryptoREX}:large-scale analysis of cryptographic misuse in {IoT} Devices[C]// 22nd International Symposium on Research in Attacks,Intrusions and Defenses (RAID 2019). 2019: 151-164. |
[13] | ALMAKHDHUB N S , CLEMENTS A A , BAGCHI S ,et al. μRAI:securing embedded systems with return address integrity[C]// Proceedings 2020 Network and Distributed System Security Symposium. 2020: 1-18. |
[14] | YAO Y , ZHOU W , JIA Y ,et al. Identifying privilege separation vulnerabilities in IoT firmware with symbolic execution[C]// European Symposium on Research in Computer Security. 2019: 638-657. |
[15] | ZHOU J , DU Y , SHEN Z ,et al. Silhouette:efficient protected shadow stacks for embedded systems[C]// USENIX Security Symposium. 2020: 1219-1236. |
[16] | MU C , YANG M , CHEN Z ,et al. Research on RSA padding identification method in IoT firmwares[C]// Journal of Physics:Conference Series. 2020:012061. |
[17] | Vulnerabilities in foscam IP cameras report[R]. |
[18] | THOMAS S L , CHOTHIA T , GARCIA F D . Stringer:measuring the importance of static data comparisons to detect backdoors and undocumented functionality[C]// European Symposium on Research in Computer Security. 2017: 513-531. |
[19] | SHOSHITAISHVILI Y , WANG R , HAUSER C ,et al. Firmaliceautomatic detection of authentication bypass vulnerabilities in binary firmware[C]// NDSS. 2015: 1-8. |
[20] | WANG F , SHOSHITAISHVILI Y . Angr-the next generation of binary analysis[C]// 2017 IEEE Cybersecurity Development (SecDev). 2017: 8-9. |
[21] | ZHENG Y , DAVANIAN A , YIN H ,et al. FIRM-AFL:greybox fuzzing of IoT firmware via augmented process emulation[C]// 28th USENIX Security Symposium (USENIX Security 19). 2019: 1099-1114. |
[22] | ZADDACH J , BRUNO L , FRANCILLON A ,et al. AVATAR:A framework to support dynamic security analysis of embedded systems' firmwares[C]// NDSS. 2014: 1-16. |
[23] | CHEN J Y , DIAO W R , ZHAO Q C ,et al. IoTFuzzer:discovering memory corruptions in IoT through app-based fuzzing[C]// Proceedings 2018 Network and Distributed System Security Symposium. 2018: 1-15. |
[24] | REDINI N , MACHIRY A , WANG R ,et al. Karonte:detecting insecure multi-binary interactions in embedded firmware[C]// 2020 IEEE Symposium on Security and Privacy. 2020: 1544-1561. |
[25] | CHEN L , WANG Y , CAI Q ,et al. Sharing more and checking less:Leveraging common input keywords to detect bugs in embedded systems[C]// 30th USENIX Security Symposium (USENIX Security 21). 2021: 303-319. |
[26] | MU C , WANG X , YANG M ,et al. Vulnerability analysis for iot devices of multi-agent systems:a cryptographic function identification approach[C]// Proceedings of 2021 5th Chinese Conference on Swarm Intelligence and Cooperative Control. 2023: 1510-1519. |
[27] | DAVIDSON D , MOENCH B , RISTENPART T ,et al. {FIE} on firmware:Finding vulnerabilities in embedded systems using symbolic execution[C]// 22nd USENIX Security Symposium (USENIX Security 13). 2013: 463-478. |
[28] | NETHERCOTE N , SEWARD J . Valgrind:a framework for heavyweight dynamic binary instrumentation[J]. ACM Sigplan Notices, 2007,42(6): 89-100. |
[29] | DUONG T , RIZZO J . Here come the⊕ninjas[J]. Unpublished manuscript, 2011,320. |
[30] | CHEN D D , EGELE M , WOO M ,et al. Towards automated dynamic analysis for linux-based embedded firmware[C]// Pro- ceedings 2016 Network and Distributed System Security Symposium. 2016: 1-16. |
[1] | Dong LI, Yanni HAO, Shenghui PENG, Ruijie ZI, Ximeng LIU. Network security of the National Natural Science Foundation of China: today and prospects [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 92-101. |
[2] | Dibin SHAN, Xuehui DU, Wenjuan WANG, Aodi LIU, Na WANG. Access control relationship prediction method based on GNN dual source learning [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 40-55. |
[3] | Jian LI, Tinglu DONG, Jie LI. Research on IoT security situation awareness method based on evidence theory [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 39-47. |
[4] | Cheng HUANG, Mingxu SUN, Renyu DUAN, Susheng WU, Bin CHEN. Vulnerability identification technology research based on project version difference [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 52-62. |
[5] | Zhensheng GAO, Lifeng CAO, Xuehui DU. Research progress of access control based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 68-87. |
[6] | Jiashun ZHOU, Na WANG, Xuehui DU. Multi-party efficient audit mechanism for data integrity based on blockchain [J]. Chinese Journal of Network and Information Security, 2021, 7(6): 113-125. |
[7] | Deqing ZOU, Xiang LI, Minhuan HUANG, Xiang SONG, Hao LI, Weiming LI. Intelligent vulnerability detection system based on graph structured source code slice [J]. Chinese Journal of Network and Information Security, 2021, 7(5): 113-122. |
[8] | Hao CHEN, Ping YI. Code vulnerability detection method based on graph neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 37-45. |
[9] | Jinhui TENG,Yan GUANG,Hui SHU,Bing ZHANG. Automatic detection method of software upgrade vulnerability based on network traffic analysis [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 94-108. |
[10] | Jianming ZHU,Hongrui YANG. Data security challenges and countermeasures in financial technology [J]. Chinese Journal of Network and Information Security, 2019, 5(4): 71-79. |
[11] | Zhen LI, Deqing ZOU, Zeli WANG, Hai JIN. Survey on static software vulnerability detection for source code [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 1-14. |
[12] | Qiuyue SU, Xingshu CHEN, Yonggang LUO. Access control model for multi-source heterogeneous data in big data environment [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 78-86. |
[13] | Tuosiyu MING, Hongchang CHEN. Research progress and trend of text summarization [J]. Chinese Journal of Network and Information Security, 2018, 4(6): 1-10. |
[14] | De-yu YUAN,Xiao-juan WANG,Jian-chao WAN. Influence of Internet plus on cyberspace security and the technology development trend in Internet plus era [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 1-9. |
[15] | Kai-min WEI,Jian WENG,Kui REN. Data security and protection techniques in big data:a survey [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 1-11. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|