当前位置: X-MOL 学术arXiv.cs.CR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
argXtract: Deriving IoT Security Configurations via Automated Static Analysis of Stripped ARM Binaries
arXiv - CS - Cryptography and Security Pub Date : 2021-05-07 , DOI: arxiv-2105.03135
Pallavi Sivakumaran, Jorge Blasco

Recent high-profile attacks on the Internet of Things (IoT) have brought to the forefront the vulnerability of "smart" devices, and have resulted in numerous IoT-focused security analyses. Many of the attacks had weak device configuration as the root cause. One potential source of rich and definitive information about the configuration of an IoT device is the device's firmware. However, firmware analysis is complex and automated firmware analyses have thus far been confined to devices with more traditional operating systems such as Linux or VxWorks. Most IoT peripherals, due to lacking traditional operating systems and implementing a wide variety of communication technologies, have only been the subject of smaller-scale analyses. Peripheral firmware analysis is further complicated by the fact that such firmware files are predominantly available as stripped binaries, without the ELF headers and symbol tables that would simplify reverse engineering. In this paper, we present argXtract, an open-source automated static analysis tool, which extracts security-relevant configuration information from stripped IoT peripheral firmware. Specifically, we focus on binaries that target the ARM Cortex-M architecture, due to its growing popularity among IoT peripherals. argXtract overcomes the challenges associated with stripped Cortex-M analysis and is able to retrieve arguments to security-relevant supervisor and function calls, enabling automated bulk analysis of firmware files. We demonstrate this via three real-world case studies. The largest case study covers a dataset of 243 Bluetooth Low Energy binaries targeting Nordic Semiconductor chipsets, while the other two focus on Nordic ANT and STMicroelectronics BlueNRG binaries. The results reveal widespread lack of security and privacy controls in IoT, such as minimal or no protection for data, fixed passkeys and trackable device addresses.

中文翻译:

argXtract:通过剥离的ARM二进制文件的自动静态分析得出IoT安全配置

最近对物联网(IoT)进行的备受瞩目的攻击已将“智能”设备的漏洞置于最重要的位置,并导致了许​​多针对IoT的安全性分析。许多攻击都以设备配置不佳为根本原因。有关IoT设备配置的丰富而确定的信息的一种潜在来源是设备的固件。但是,固件分析非常复杂,并且迄今为止,自动化固件分析仅限于具有更传统操作系统(例如Linux或VxWorks)的设备。由于缺乏传统的操作系统并实现了多种通信技术,大多数物联网外围设备仅是较小规模分析的主题。外围固件分析由于以下事实而变得更加复杂:此类固件文件主要以剥离二进制文件的形式提供,而没有ELF标头和符号表可以简化逆向工程。在本文中,我们介绍了argXtract,这是一种开源自动静态分析工具,可从剥离的IoT外围设备固件中提取与安全性相关的配置信息。具体而言,由于其在IoT外围设备中的日益普及,我们专注于针对ARM Cortex-M架构的二进制文件。argXtract克服了与剥离的Cortex-M分析相关的挑战,并能够检索与安全性相关的主管和函数调用的参数,从而实现对固件文件的自动批量分析。我们通过三个真实的案例研究来证明这一点。最大的案例研究涵盖了针对Nordic Semiconductor芯片组的243个低功耗蓝牙低功耗二进制文件的数据集,而其他两个则集中于Nordic ANT和STMicroelectronics BlueNRG二进制文件。结果表明,物联网中普遍缺乏安全性和隐私控制,例如对数据,固定密钥和可跟踪设备地址的保护最少或没有保护。
更新日期:2021-05-10
down
wechat
bug