On Manually Reverse Engineering Communication Protocols of Linux-Based IoT Systems
作者: Kaizheng Liu , Ming Yang , Zhen Ling , Huaiyu Yan , Yue Zhang
DOI: 10.1109/JIOT.2020.3036232
关键词:
摘要: IoT security and privacy has raised grave concerns. Efforts have been made to design tools identify understand vulnerabilities of systems. Most the existing protocol analysis techniques rely on a well understanding underlying communication protocols. In this article, we systematically present first manual reverse engineering framework for discovering protocols embedded Linux-based We successfully applied our engineer number As an example, detailed use WeMo smart plug by extracting firmware from flash, performing static dynamic firmware, analyzing network traffic. The discovered exposes severe flaws that allow attackers control or deny service victim plugs. Our is generic can be both read-only writable Linux filesystems.
sci-hub.st 参考文章(54)
Benjamin Aziz, A Formal Model and Analysis of an IoT Protocol ad hoc networks. ,vol. 36, pp. 49- 57 ,(2016) , 10.1016/J.ADHOC.2015.05.013
Moshe Shavit, Andy Gryc, Radovan Miucic, Firmware Update Over The Air (FOTA) for Automotive Industry SAE Technical Paper Series. ,(2007) , 10.4271/2007-01-3523
Johannes Kinder, Helmut Veith, Jakstab: A Static Analysis Platform for Binaries computer aided verification. pp. 423- 427 ,(2008) , 10.1007/978-3-540-70545-1_40
Manuel Egele, Christopher Kruegel, Engin Kirda, Giovanni Vigna, PiOS : Detecting privacy leaks in iOS applications network and distributed system security symposium. ,(2011)
R. Canetti, H. Krawczyk, M. Bellare, HMAC: Keyed-Hashing for Message Authentication RFC. ,vol. 2104, pp. 1- 11 ,(1997)
I Gordon Michael, Kim Deokhwan, H Perkins Jeff, Gilham Limei, Nguyen Nguyen, C Rinard Martin, None, Information-Flow Analysis of Android Applications in DroidSafe network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23089
Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, Guofei Jiang, Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23287
Daniele Gallingani, Rigel Gjomemo, V.N. Venkatakrishnan, Stefano Zanero, Practical Exploit Generation for Intent Message Vulnerabilities in Android conference on data and application security and privacy. pp. 155- 157 ,(2015) , 10.1145/2699026.2699132
Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti, AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23229
David Sounthiraraj, Justin Sahs, Garrett Greenwood, Zhiqiang Lin, Latifur Khan, SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23205