基于数字证书识别及校验的物联网固件安全检测系统的设计与实现

doi:10.3976/j.issn.1002-4026.2020.04.017

Abstract

Abstract: A security detection system for Internet of Things firmware based on digital certificate identification and verification is designed and implemented. For the firmware download from different vendors, this paper studies the method of identifying digital certificate files such as public key, private key and signature file in firmware, designs a model to verify the validity of certificate contents, builds a certificate management database, and implements a complete firmware security detection system. The experimental results show that the system can effectively identify and validate the certificates in the firmware, and successfully detect the firmware with security defects of digital certificates outside the samples.

Key words: Internet of Things, firmware, digital certificate, detection

CLC Number:

TP311.1

MU Chao , YANG Ming , YANG Ming-zhao , WANG Biao , WANG Ji-zhi . Design and implementation of Internet of Things firmware security detection system based on digital certificate identification and verification[J].Shandong Science, 2020, 33(4): 131-135.

References 13

1	GARTNER. Gartner identifies top 10 strategic IoT technologies and trends[EB/OL].（2018-11-07）［2020-01-10］.https://www.gartner.com/en/newsroom/press-releases/2018-11-07-gartner-identifies-top-10-strategic-iot-technologies-and-trends.
2	GEEKPWN.年度盘点：2018物联网安全大事件[EB/OL].（2018-12-28）[2020-01-10].https://mp.weixin.qq.com/s/lC4F2PXoXo920av1UYYrzg.
3	ANTONAKAKIS M, APRIL T, BAILEY M, et al. Understanding the Mirai Botnet[C]//26th Usenix Security Symposium. Vancouver, BC, Canada :USENIX Association ,2017: 1093-1110.
4	HEFFNER C. Exploiting network surveillance cameras like a Hollywood hacker[EB/OL].（2013-02-25）[2020-01-10].https://media.blackhat.com/us-13/US-13-Heffner-Exploit-ing-Network-Surveillance-Cameras-Like-A-Hollywood-Hacker-WP.pdf.
5	THOMAS S L, CHOTHIA T, GARCIA F D, et al. Stringer: measuring the importance of static data comparisons to detect backdoors and undocumented functionality[C]//22nd European Symposium on Research in Computer Security. Oslo, Norway:ESORICS Organizing Committee, 2017: 513-531. doi: 10.1007/978-3-319-66399-9_28
6	THOMAS S L, GARCIA F D, CHOTHIA T, et al. HumIDIFy: a tool for hidden functionality detection in firmware[C]//14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Bonn, Germany :Springer,2017: 279-300.
7	DAVIDSON D, MOENCH B, JHA S, et al. FIE on firmware: finding vulnerabilities in embedded systems using symbolic ution[C]//22th USENIX Security Symposium. Washington, DC, USA: USENIX Association, 2013: 463-478.
8	CADAR C, DUNBAR D, ENGLER D, et al. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs[C]// USENIX Conference on Operating Systems Design and Implementation. San Diego,USA:USENIX Association, 2009:209-224.
9	PIERREKIM. Multiple vulnerabilities found in wireless IP camera (P2P) WIFICAM cameras and vulnerabilities in custom http server[EB/OL].(2017-03-08)［2020-01-10］.https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html#rsa-lulz.
10	VASILE S, OSWALD D, CHOTHIA T, et al. Breaking all the things:a systematic survey of firmware extraction techniques for iot devices[C]// 17th International Conference on Smart Card Research and Advanced Application Conference, Cham,FRA: Springer, 2018: 171-185.
11	CHEN D D, WOO M, BRUMLEY D, et al. Towards automated dynamic analysis for Linux-based embedded firmware[C]// Network and Distributed System Security Symposium, San Diego, CA, USA: Internet Society, 2016,110-116 DOI：10.14722/ndss.2016.23415
12	HEFFNER C. BINWALK:The #1 open source firmware extraction tool[EB/OL].(2019-04-13)［2020-01-10］.https://www.refirmlabs.com/binwalk/.
13	COLLAKE J,HEFFNER C. Firmware modification kit[EB/OL].(2014-06-09)［2020-01-10］.https://bitsum.com/firmware_mod_kit.htm.

[1]	ZHANG Yue-hong. Architecture design of the cyber range for teaching [J]. Shandong Science, 2020, 33(5): 127-134.
[2]	ZHU Xi, WU Hao. Design of cloud identity management trust model based on blockchain technology [J]. Shandong Science, 2020, 33(3): 100-108.
[3]	LI Chen, ZHU Shi-wei, WEI Mo-ji, YU Jun-feng,LI Xintian. Lexicon and rules based news text sentiment analysis [J]. SHANDONG SCIENCE, 2017, 30(1): 115-121.
[4]	JIANG Peng,ZHAO Zheng-li. Design and implementation of distributed computing based screening system of abnormal websites [J]. SHANDONG SCIENCE, 2016, 29(4): 106-111.
[5]	LI Chen, ZHU Shiwei, Zhao Yanqing,YU Junfeng . MapReduce based web crawler design and implementation [J]. SHANDONG SCIENCE, 2015, 28(2): 101-107.
[6]	WANG Geng, SONG Chuan-Chao, SHENG Yu-Xiao, WANG Tong-Tong, LI Sheng-En. Label propagation based detecting algorithm of stable overlapping communities [J]. J4, 2013, 26(5): 61-68.
[7]	ZHAO Lin, MIN Li, LI Shu-Juan. Application of SQLite in an embedded fiber Bragg grating system [J]. J4, 2012, 25(2): 80-82.
[8]	WANG Shuai, LIU Lei, SUN Ming-Shan, LIU Xiang-Yang. Real time database of a vehicleborne embedded remote surveillance system [J]. J4, 2012, 25(1): 81-86.
[9]	ZHANG Dong-Sheng, YIN Jian-Min, ZHANG Yu-Hong. Application of image color management in typesetting software [J]. J4, 2011, 24(1): 86-88.
[10]	ZHANG Yan-Fang, ZHENG Jiang-Hua, LIU Guang-Liang, LIU Cheng-Ye, LI Qian. Implementation of data communications in the control system of a .NET based completely automatic tester [J]. J4, 2011, 24(1): 102-105.
[11]	LIU Guang-Liang, ZHANG Dong, ZHANG Yan-Fang, ZHENG Jiang-Hua, ZHANG Wei-Zhong. [J]. J4, 2010, 23(1): 77-80.

Design and implementation of Internet of Things firmware security detection system based on digital certificate identification and verification

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

References 13

Related Articles 11

Metrics

Comments

Recommended 0