Framework to analyze and exploit the smart home IoT firmware by Keshav Kaushik, Akashdeep Bhardwaj, Susheela Dahiya

Subjects: Get full text

Hardcoded vulnerability detection approach for IoT device firmware by Chao MU, Xin WANG, Ming YANG, Heng ZHANG, Zhenya CHEN, Xiaoming WU

“…With the popularization of IoT devices, more and more valuable data is generated.Analyzing and mining big data based on IoT devices has become a hot topic in the academic and industrial circles in recent years.However, due to the lack of necessary detection and protection methods, many IoT devices have serious information security risks.In particular, device hard-coded information is closely related to system encryption and decryption, identity authentication and other functions, which can provide confidentiality protection for core data.Once this information is exploited by malicious attackers, serious consequences such as sensitive information leakage, backdoor attacks, and unauthorized logins will occur.In response to this problem, a multi-type character recognition and positioning scheme was designed and a hard-coded vulnerability detection method in executable files was proposed based on the study of the characteristics of hard-coded vulnerabilities in IoT devices.The proposed method extracted the firmware of IoT devices and filtered all executable files as the source to be analyzed.Then, a solution to identify and locate three types of hard-coded characters was provided.Further, the reachability of the function, where the hard-coded character was located, was analyzed according to the function call relationship.Meanwhile, the instruction heterogeneity was mitigated by an intermediate representation (IR) model.The character and parameter hard-coded values was obtained through a data flow analysis approach.A symbolic execution method was devised to determine the trigger conditions of the hard-coded vulnerabilities, and then the vulnerability detection result was output.On the one hand, the proposed method introduced the method of symbolic execution based on the use of the intermediate representation model, which eliminated the dependency of instruction architecture and reduces the false positive rate of vulnerabilities; On the other hand, this method can integrate characters, files, and cryptographic implementation to realize the different characteristics of three types of hard-coded characters, which increased the coverage of vulnerability detection and improves the versatility of the detection method.The experimental results show that the proposed method can effectively detect three types of hard-coded vulnerabilities of characters, files and cryptographic implementation in various IoT devices, and has good detection accuracy, which can provide certain guidance for the deployment of subsequent security protection technologies.…”
Get full text

Backdoor detection in embedded system firmware without file system by Chao-jian HU, Yi-bo XUE, Liang ZHAO, Zhou-jun LI

Subjects: Get full text

Firmware vulnerability analysis based on formal verification of software and hardware by Peng-hui ZHANG, Xi TIAN, Kang-wei LOU

Subjects: “…firmware security…”
Get full text

Method for constructing function correspondence between firmware based on candidate function group by Ruiqing XIAO, Yuefei ZHU, Shengli LIU, Bin LU

Subjects: “…firmware…”
Get full text

IoT Firmware Emulation and Its Security Application in Fuzzing: A Critical Revisit by Wei Zhou, Shandian Shen, Peng Liu

Subjects: Get full text

Firmware protocol stack supporting remote boot and storage volumes mapping in IP-SAN by TAN Huai-liang, YIN Bin

Subjects: Get full text

Beamforming Feedback-Based Line-of-Sight Identification Toward Firmware-Agnostic WiFi Sensing by Hiroki Shimomura, Koji Yamamoto, Takayuki Nishio, Akihito Taya

Subjects: Get full text

Hard-coded backdoor detection method based on semantic conflict by Anxiang HU, Da XIAO, Shichen GUO, Shengli LIU

Subjects: “…router firmware…”
Get full text

TPCM-based trusted PXE boot method for servers by Guojie LIU, Jianbiao ZHANG

“…The PXE startup mechanism downloads operating system files through the network and starts the operating system,which is widely used in server network startup.It is widely used in server network startup.The PXE boot process is secured and trusted through trusted computing technology to prevent the PXE boot file from being tampered with maliciously,ensuring the safe and reliable operation of the server.The cyber security classified protection standard requires that the system boot program and system program of the server device be trusted and verified based on the trusted root.A TPCM-based server trusted PXE boot method based on the requirements of classified protection standard was proposed to ensure the security and trust of the server's BIOS firmware,PXE bootfiles,and Linux system files.When the server performs PXE boot,TPCM measured BIOS firmware,BIOS boot environment measured PXE boot files,and PXE boot environment measured Linux system files.Taking TPCM as the root of trust,one level of measurement,one level of trust,and a chain of trust were established to achieve a trusted server operating environment.The proposed method was tested on a domestically-controlled,self-controllable Shenwei server.The experimental results show that the proposed method is feasible.…”
Get full text

Framework Design for the Dynamic Reconfiguration of IoT-Enabled Embedded Systems and “On-the-Fly” Code Execution by Elmin Marevac, Esad Kadušić, Nataša Živić, Nevzudin Buzađija, Samir Lemeš

“…Both processes were fast and resource-efficient under normal conditions, supporting real-time updates with occasional outliers, suggesting room for optimization and also highlighting the advantages of VM-based firmware update methods, which outperform traditional approaches like Serial and OTA (Over-the-Air, the ability to update or configure firmware, software, or devices via wireless connection) updates by achieving lower latency and greater consistency. …”
Get full text

Hadoop-Based Distributed Sensor Node Management System by In-Yong Jung, Ki-Hyun Kim, Byong-John Han, Chang-Sung Jeong

“…Additionally, it provides a flexible management scheme for sensor node by reconfiguring firmware or updating configurations and data formats of sensor nodes based on mapreduce framework. …”
Get full text

Quantitative evaluation of fault propagation in a commercial cloud system by Chao Wang, Zhongchuan Fu

“…These studies have been performed using inaccurate simulations instead of validating complete cloud software stacks (firmware, hypervisor, operating system hosts and workloads) as a whole. …”
Get full text

Comparative evaluation between Java application using JNI and native C/C++ application running on an Android platform. by Alison de Oliveira Venâncio, Thales Ruano Barros de Souza, Bruno Raphael Cardoso Dias

“…We conducted sequence of executions initiated either through a graphical interface or via the Android Debug Bridge (ADB) command line, with timing performed by external hardware with its own firmware for this evaluation. Based on the results, we observed that in all test cases, the native application performs faster, except when there are variations related to process scheduling, which may rarely lead to a reversal of this pattern. …”
Get full text

Stability of Bar Code Information Stored in Magnetic Nanowire Arrays by Eduardo Cisternas, Eugenio E. Vogel, Julián Faúndez

“…Firmware applications such as security codes, magnetic keys, and similar products can be stored in magnetic bar codes similar to optical bar codes. …”
Get full text

Information security vulnerability scoring model for intelligent vehicles by Haiyang YU, Xiuzhen CHEN, Jin MA, Zhihong ZHOU, Shuning HOU

“…More and more electronic devices are integrated into the modern vehicles with the development of intelligent vehicles.There are various design flaws and vulnerabilities hidden in a large number of hardware, firmware and software.Therefore, the vulnerabilities of intelligent vehicles have become the most important factor affecting the vehicle safety.The safety of vehicles is seriously affected by the disclosure of a large number of vulnerabilities, and the wide application of smart cars is also restricted.Vulnerability management is an effective method to reduce the risk of vulnerabilities and improve vehicle security.And vulnerability scoring is one the important step in vulnerability management procedure.However, current method have no capability assessing automotive vulnerabilities reasonably.In order to handle this problem, a vulnerability scoring model for intelligent vehicles was proposed, which was based on CVSS.The attack vector and attack complexity were optimized, and property security, privacy security, functional safety and life safety were added to characterize the possible impact of the vulnerabilities according to the characteristics of intelligent vehicles.With the machine learning method, the parameters in CVSS scoring formula were optimized to describe the characteristics of intelligent vehicle vulnerabilities and adapt to the adjusted and new added weights.It is found in case study and statistics that the diversity and distribution of the model are better than CVSS, which means the model can better score different vulnerabilities.And then AHP is used to evaluate the vulnerability of the whole vehicle based on the vulnerability score of the model, a score is given representing the risk level of whole vehicle.The proposed model can be used to evaluate the severity of information security vulnerabilities in intelligent vehicles and assess the security risks of the entire vehicle or part of the system reasonably, which can provide an evidence for fixing the vulnerabilities or reinforcing the entire vehicle.…”
Get full text

Method of flight operation of software and hardware for controlling parameters of the rotational motion of small spacecraft of the Aist series by A. V. Sedelnikov, Yu. Ya. Puzin, A. S. Filippov

“…The paper presents a methodology for flight operation of firmware intended for monitoring the parameters of the rotational motion of a small spacecraft. …”
Get full text

Orientações para utilização de acelerômetros no Brasil by Jeffer Sasaki, Andrée Coutinho, Carla Santos, Cecília Bertuol, Giseli Minatto, Juliane Berria, Lúcia Tonosaki, Luiz Lima, Moane Marchesan, Pablo Silveira, Rodrigo Krug, Tânia Benedetti

“…Com base nesses estudos, buscou-se apresentar orientações para as fases pré-coleta (seleção do acelerômetro; testagem da calibração dos acelerômetros, atualização de firmware; estudo piloto; e definição de protocolo), coleta (distribuição dos acelerômetros; contato com participantes; e devolução dos acelerômetros) e pós-coleta (processamento; transformação e interpretação dos dados; e comparabilidade dos dados) do uso de acelerômetros. …”
Get full text

Biosensors and their widespread impact on human health by Dinesh Bhatia, Sohini Paul, Tania Acharjee, Shrimanata Sundar Ramachairy

“…It examines fourteen key applications of Biosensors in the medical field, highlighting the integration of biomedical devices, apps, firmware, and advanced algorithms. These developments pave the way for innovative medical therapies, real-time evidence-based insights, customized solutions, and informed guidance, shaping a bright future for healthcare.…”
Get full text

Development of an ISOBUS-compliant communication node for multiple machine vision systems on wide boom sprayers for nozzle control in spot application schemes by Mozammel Bin Motalab, Ahmad Al-Mallahi, Alex Martynenko, Karama Al-Tamimi, Dimitrios S. Paraforos

“…A threaded client-server firmware incorporates a checksum verification subroutine to ensure reliable protocol message handling, followed by message queuing for uninterrupted real-time processing. …”
Get full text