Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
The Golden Snitch: A Byzantine Fault Tolerant Protocol with Activity Kapitel lesen Erstes Kapitel lesen

2021 | OriginalPaper | Buchkapitel

EmuIoTNet: An Emulated IoT Network for Dynamic Analysis

verfasst von : Qin Si, Lei Cui, Lun Li, Zhenquan Ding, Yongji Liu, Zhiyu Hao

Erschienen in: Information and Communications Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Dynamic analysis of IoT firmware is an effective method to discover security flaws and vulnerabilities. However, limited by emulation methods concentrating on a single IoT device, it is challenging to find security issues hidden in communication channels. This paper presents EmuIoTNet, a tool capable of automatically building an emulated IoT network for dynamic analysis. First, EmuIoTNet prepares an emulated hardware environment to emulate a number of devices for firmware. Then, it employs network virtualization tools to setup two types of networks, IntraNet and InterNet, which connect emulated devices, companion applications, and cloud endpoints to support many communication protocols. Meanwhile, it reconfigures the IP address of emulated devices at will to support simultaneous operations of multiple users. The experimental results show that EmuIoTNet can automatically build various emulated networks and facilitate security analysis in communication channels.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Source Identification from In-Vehicle CAN-FD Signaling: What Can We Expect?
Nächstes Kapitel ACGVD: Vulnerability Detection Based on Comprehensive Graph via Graph Neural Network with Attention
Fußnoten
1
Some firmware cannot be extracted if they are encrypted or do not contain a valid file system.
 
Literatur
1.
2.
3.
4.
5.
Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: Sok: security evaluation of home-based IoT deployments. In: S&P, pp. 1362–1380 (2019)
6.
Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security Symposium, pp. 1093–1110 (2017)
7.
Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. NDSS 16, 1–16 (2016)
8.
Chen, J., et al.: Iotfuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
9.
Chipounov, V., Kuznetsov, V., Candea, G.: S2e: a platform for in-vivo multi-path analysis of software systems. Acm Sigplan Notices 46(3), 265–278 (2011)CrossRef
10.
Clements, A.A., et al.: Halucinator: firmware re-hosting through abstraction layer emulation. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1201–1218 (2020)
11.
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security Symposium, pp. 95–110 (2014)
12.
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: AsiaCCS, pp. 437–448 (2016)
13.
Davidson, D., Moench, B., Ristenpart, T., Jha, S.: Fie on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 463–478 (2013)
14.
Feng, B., Mera, A., Lu, L.: P 2 IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In: USENIX Security Symposium (2020)
15.
Gustafson, E., et al.: Toward the analysis of embedded firmware through automated re-hosting. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 135–150 (2019)
16.
Kammerstetter, M., Burian, D., Kastner, W.: Embedded security testing with peripheral device caching and runtime program state approximation. In: 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE) (2016)
17.
Kammerstetter, M., Platzer, C., Kastner, W.: Prospect: peripheral proxying supported embedded code testing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 329–340 (2014)
18.
Koscher, K., Kohno, T., Molnar, D.: SURROGATES: enabling near-real-time dynamic analyses of embedded systems. In: 9th USENIX Workshop on Offensive Technologies (WOOT 15) (2015)
19.
Li, H., Tong, D., Huang, K., Cheng, X.: Femu: a firmware-based emulation framework for soc verification. In: CODES+ISSS, pp. 257–266 (2010)
20.
Magnusson, P.S., et al.: Simics: a full system simulation platform. Computer 35(2), 50–58 (2002)CrossRef
21.
Muench, M., Nisi, D., Francillon, A., Balzarotti, D.: Avatar2: a multi-target orchestration platform. Workshop Binary Anal. Res. 18, 1–11 (2018)
22.
Sha, L., Xiao, F., Chen, W., Sun, J.: Iiot-sidefender: detecting and defense against the sensitive information leakage in industry IoT. World Wide Web 21(1), 59–88 (2018)CrossRef
23.
Srivastava, P., Peng, H., Li, J., Okhravi, H., Shrobe, H., Payer, M.: Firmfuzz: automated IoT firmware introspection and analysis. In: IoT S&P, pp. 15–21 (2019)
24.
Talebi, S.M.S., Tavakoli, H., Zhang, H., Zhang, Z., Sani, A.A., Qian, Z.: Charm: facilitating dynamic analysis of device drivers of mobile systems. In: USENIX Security Symposium, pp. 291–307 (2018)
25.
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Hot Topics in Networks, pp. 1–7 (2015)
26.
Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D., et al.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. NDSS 14, 1–16 (2014)
27.
Zhang, L., Chen, J., Diao, W., Guo, S., Weng, J., Zhang, K.: Cryptorex: large-scale analysis of cryptographic misuse in IoT devices. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 151–164 (2019)
28.
Zhang, Z.K., Cho, M.C.Y., Shieh, S.: Emerging security threats and countermeasures in IoT. In: Proceedings of the AsiaCCS, pp. 1–6 (2015)
29.
Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: Firm-afl: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX Security Symposium, pp. 1099–1114 (2019)
Metadaten
Titel
EmuIoTNet: An Emulated IoT Network for Dynamic Analysis
verfasst von
Qin Si
Lei Cui
Lun Li
Zhenquan Ding
Yongji Liu
Zhiyu Hao
Copyright-Jahr
2021
Buch
Information and Communications Security

Print ISBN: 978-3-030-86889-5

Electronic ISBN: 978-3-030-86890-1

Copyright-Jahr: 2021

DOI
https://doi.org/10.1007/978-3-030-86890-1_13

Premium Partner

    Bildnachweise