Large Scale Firmware Analysis For Open Source Components, Hard Coding and Weak Passwords

2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE) Pub Date : 2021-01-15 DOI:10.1109/ICCECE51280.2021.9342303

Shen Quanjiang, Song Yan, Yu Xiaohu, Liu Tinghui, He Daojing, Y. Guisong

{"title":"Large Scale Firmware Analysis For Open Source Components, Hard Coding and Weak Passwords","authors":"Shen Quanjiang, Song Yan, Yu Xiaohu, Liu Tinghui, He Daojing, Y. Guisong","doi":"10.1109/ICCECE51280.2021.9342303","DOIUrl":null,"url":null,"abstract":"In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.","PeriodicalId":229425,"journal":{"name":"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCECE51280.2021.9342303","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.

查看原文本刊更多论文

开源组件、硬编码和弱密码的大规模固件分析

近年来，物联网安全事件频发，威胁着国家、社会和个人隐私的稳定。固件作为物联网设备系统的核心，其安全性至关重要。为了设计更合理有效的固件安全检测方法，需要对固件进行详细的分析。本文从保密性、完整性和可用性三个方面描述了固件的安全目标，总结分析了固件的攻击面，并针对每个攻击面进行了相关的验证实验。为了解决大规模固件安全分析过程中固件格式识别、解包、关键信息提取等繁琐步骤，设计并实现了固件安全分析工具，从开源组件、弱密码、硬编码等角度对固件进行了大规模实验分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)

自引率

0.00%

发文量