Presentation | 2020-03-02 Backdoor Detection Based On Network Functions For IoT Devices Minami Yoda, Shuji Sakuraba, Junichi Yamamoto, Yuichi Sei, Yasuyuki Tahara, Akihiko Ohsuga, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | We propose a method to detect a hardcoded username and password in IoT devices by means of static analysis. Our approach helps to protect from 1st IoT attack risk at OWASP2018 Top10. A hardcoded login information is found by comparing an user input with strcmp or strncmp. Thus, previous work analyzed symbols of strcmp or strncmp to detect a hardcoded login information. However, these works take time because of using complicated algorithms such as symbolic execution. This work proposes a simple and light detection tool that finds a hardcoded login information. We focus on a network function in IoT firmware because IoT device is compromised when it is invaded by someone via the internet. Thus, we analyze string compare functions around a network function. We confirmed that our tool found a hardcoded login information in a backdoor framework. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | IoT / backdoor / static analysis / smart home |
Paper # | ICSS2019-78 |
Date of Issue | 2020-02-24 (ICSS) |
Conference Information | |
Committee | ICSS / IPSJ-SPT |
---|---|
Conference Date | 2020/3/2(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Okinawa-Ken-Seinen-Kaikan |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Security, Trust, etc. |
Chair | Hiroki Takakura(NII) |
Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
Paper Information | |
Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Backdoor Detection Based On Network Functions For IoT Devices |
Sub Title (in English) | |
Keyword(1) | IoT |
Keyword(2) | backdoor |
Keyword(3) | static analysis |
Keyword(4) | smart home |
1st Author's Name | Minami Yoda |
1st Author's Affiliation | The University of Electro-Communications(UEC) |
2nd Author's Name | Shuji Sakuraba |
2nd Author's Affiliation | The University of Electro-Communications(UEC) |
3rd Author's Name | Junichi Yamamoto |
3rd Author's Affiliation | The University of Electro-Communications(UEC) |
4th Author's Name | Yuichi Sei |
4th Author's Affiliation | The University of Electro-Communications/JST PRESTO(UEC/JST PRESTO) |
5th Author's Name | Yasuyuki Tahara |
5th Author's Affiliation | The University of Electro-Communications(UEC) |
6th Author's Name | Akihiko Ohsuga |
6th Author's Affiliation | The University of Electro-Communications(UEC) |
Date | 2020-03-02 |
Paper # | ICSS2019-78 |
Volume (vol) | vol.119 |
Number (no) | ICSS-437 |
Page | pp.pp.61-65(ICSS), |
#Pages | 5 |
Date of Issue | 2020-02-24 (ICSS) |