Shen Quanjiang, Song Yan, Yu Xiaohu, Liu Tinghui, He Daojing, Y. Guisong
{"title":"开源组件、硬编码和弱密码的大规模固件分析","authors":"Shen Quanjiang, Song Yan, Yu Xiaohu, Liu Tinghui, He Daojing, Y. Guisong","doi":"10.1109/ICCECE51280.2021.9342303","DOIUrl":null,"url":null,"abstract":"In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.","PeriodicalId":229425,"journal":{"name":"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Large Scale Firmware Analysis For Open Source Components, Hard Coding and Weak Passwords\",\"authors\":\"Shen Quanjiang, Song Yan, Yu Xiaohu, Liu Tinghui, He Daojing, Y. Guisong\",\"doi\":\"10.1109/ICCECE51280.2021.9342303\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.\",\"PeriodicalId\":229425,\"journal\":{\"name\":\"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCECE51280.2021.9342303\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE International Conference on Consumer Electronics and Computer Engineering (ICCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCECE51280.2021.9342303","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Large Scale Firmware Analysis For Open Source Components, Hard Coding and Weak Passwords
In recent years, Internet of things security incidents occur frequently, which has threatened the stability of the country, society and personal privacy. As the core of Internet of things equipment system, the security of firmware is very important. In order to design a more reasonable and effective firmware security detection method, the firmware needs to be analyzed in detail. This paper describes the security objectives of firmware from three aspects of confidentiality, integrity and availability, summarizes and analyzes the firmware attack surface, and carries out relevant verification experiments for each attack surface. In order to solve the tedious steps of firmware format identification, unpacking and key information extraction in the process of large-scale firmware security analysis, a firmware security analysis tool is designed and implemented, and large-scale experimental analysis of firmware is carried out from the perspectives of open-source components, weak passwords and hard coding.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
