On Manually Reverse Engineering Communication Protocols of Linux Based IoT Systems
作者: Xinwen Fu , Zhen Ling , Wei Zhao , Ming Yang , Kaizheng Liu
DOI:
关键词:
摘要: IoT security and privacy has raised grave concerns. Efforts have been made to design tools identify understand vulnerabilities of systems. Most the existing protocol analysis techniques rely on a well understanding underlying communication protocols. In this paper, we systematically present first manual reverse engineering framework for discovering protocols embedded Linux based We successfully applied our engineer number As an example, detailed use reverse-engineering WeMo smart plug by extracting firmware from flash, performing static dynamic analyzing network traffic. The discovered exposes severe flaws that allow attackers control or deny service victim plugs. Our is generic can be both read-only writable Embedded filesystems.
arxiv.org
harvard.edu参考文章(51)
Rajaram Regupathy, Rajaram Regupathy, Android Debug Bridge (ADB) Unboxing Android USB. pp. 125- 138 ,(2014) , 10.1007/978-1-4302-6209-1_7
Benjamin Aziz, A Formal Model and Analysis of an IoT Protocol ad hoc networks. ,vol. 36, pp. 49- 57 ,(2016) , 10.1016/J.ADHOC.2015.05.013
Moshe Shavit, Andy Gryc, Radovan Miucic, Firmware Update Over The Air (FOTA) for Automotive Industry SAE Technical Paper Series. ,(2007) , 10.4271/2007-01-3523
Johannes Kinder, Helmut Veith, Jakstab: A Static Analysis Platform for Binaries computer aided verification. pp. 423- 427 ,(2008) , 10.1007/978-3-540-70545-1_40
R. Canetti, H. Krawczyk, M. Bellare, HMAC: Keyed-Hashing for Message Authentication RFC. ,vol. 2104, pp. 1- 11 ,(1997)
I Gordon Michael, Kim Deokhwan, H Perkins Jeff, Gilham Limei, Nguyen Nguyen, C Rinard Martin, None, Information-Flow Analysis of Android Applications in DroidSafe network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23089
Kangjie Lu, Zhichun Li, Vasileios P. Kemerlis, Zhenyu Wu, Long Lu, Cong Zheng, Zhiyun Qian, Wenke Lee, Guofei Jiang, Checking More and Alerting Less: Detecting Privacy Leakages via Enhanced Data-flow Analysis and Peer Voting network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23287
Jonas Zaddach, Luca Bruno, Aurélien Francillon, Davide Balzarotti, AVATAR: A framework to support dynamic security analysis of embedded systems' firmwares network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23229
David Sounthiraraj, Justin Sahs, Garrett Greenwood, Zhiqiang Lin, Latifur Khan, SMV-HUNTER: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23205
Michael A. Laurenzano, Mustafa M. Tikir, Laura Carrington, Allan Snavely, PEBIL: Efficient static binary instrumentation for Linux international symposium on performance analysis of systems and software. pp. 175- 183 ,(2010) , 10.1109/ISPASS.2010.5452024