Hardcoded vulnerability detection approach for IoT device firmware

Autor: Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU
Jazyk: English<br />Chinese
Rok vydání: 2022
Předmět:
Zdroj: 网络与信息安全学报, Vol 8, Pp 98-110 (2022)
Druh dokumentu: article
ISSN: 2096-109X
DOI: 10.11959/j.issn.2096-109x.2022070
Popis: With the popularization of IoT devices, more and more valuable data is generated.Analyzing and mining big data based on IoT devices has become a hot topic in the academic and industrial circles in recent years.However, due to the lack of necessary detection and protection methods, many IoT devices have serious information security risks.In particular, device hard-coded information is closely related to system encryption and decryption, identity authentication and other functions, which can provide confidentiality protection for core data.Once this information is exploited by malicious attackers, serious consequences such as sensitive information leakage, backdoor attacks, and unauthorized logins will occur.In response to this problem, a multi-type character recognition and positioning scheme was designed and a hard-coded vulnerability detection method in executable files was proposed based on the study of the characteristics of hard-coded vulnerabilities in IoT devices.The proposed method extracted the firmware of IoT devices and filtered all executable files as the source to be analyzed.Then, a solution to identify and locate three types of hard-coded characters was provided.Further, the reachability of the function, where the hard-coded character was located, was analyzed according to the function call relationship.Meanwhile, the instruction heterogeneity was mitigated by an intermediate representation (IR) model.The character and parameter hard-coded values was obtained through a data flow analysis approach.A symbolic execution method was devised to determine the trigger conditions of the hard-coded vulnerabilities, and then the vulnerability detection result was output.On the one hand, the proposed method introduced the method of symbolic execution based on the use of the intermediate representation model, which eliminated the dependency of instruction architecture and reduces the false positive rate of vulnerabilities; On the other hand, this method can integrate characters, files, and cryptographic implementation to realize the different characteristics of three types of hard-coded characters, which increased the coverage of vulnerability detection and improves the versatility of the detection method.The experimental results show that the proposed method can effectively detect three types of hard-coded vulnerabilities of characters, files and cryptographic implementation in various IoT devices, and has good detection accuracy, which can provide certain guidance for the deployment of subsequent security protection technologies.
Databáze: Directory of Open Access Journals