| Presentation | 2020-03-02 Backdoor Detection Based On Network Functions For IoT Devices Minami Yoda, Shuji Sakuraba, Junichi Yamamoto, Yuichi Sei, Yasuyuki Tahara, Akihiko Ohsuga, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | We propose a method to detect a hardcoded username and password in IoT devices by means of static analysis. Our approach helps to protect from 1st IoT attack risk at OWASP2018 Top10. A hardcoded login information is found by comparing an user input with strcmp or strncmp. Thus, previous work analyzed symbols of strcmp or strncmp to detect a hardcoded login information. However, these works take time because of using complicated algorithms such as symbolic execution. This work proposes a simple and light detection tool that finds a hardcoded login information. We focus on a network function in IoT firmware because IoT device is compromised when it is invaded by someone via the internet. Thus, we analyze string compare functions around a network function. We confirmed that our tool found a hardcoded login information in a backdoor framework. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | IoT / backdoor / static analysis / smart home |
| Paper # | ICSS2019-78 |
| Date of Issue | 2020-02-24 (ICSS) |
| Conference Information | |
| Committee | ICSS / IPSJ-SPT |
|---|---|
| Conference Date | 2020/3/2(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Okinawa-Ken-Seinen-Kaikan |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Security, Trust, etc. |
| Chair | Hiroki Takakura(NII) |
| Vice Chair | Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
| Secretary | Katsunari Yoshioka(NICT) / Kazunori Kamiya(KDDI labs.) |
| Assistant | Keisuke Kito(Mitsubishi Electric) / Toshihiro Yamauchi(Okayama Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information and Communication System Security / Special Interest Group on Security Psychology and Trust |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Backdoor Detection Based On Network Functions For IoT Devices |
| Sub Title (in English) | |
| Keyword(1) | IoT |
| Keyword(2) | backdoor |
| Keyword(3) | static analysis |
| Keyword(4) | smart home |
| 1st Author's Name | Minami Yoda |
| 1st Author's Affiliation | The University of Electro-Communications(UEC) |
| 2nd Author's Name | Shuji Sakuraba |
| 2nd Author's Affiliation | The University of Electro-Communications(UEC) |
| 3rd Author's Name | Junichi Yamamoto |
| 3rd Author's Affiliation | The University of Electro-Communications(UEC) |
| 4th Author's Name | Yuichi Sei |
| 4th Author's Affiliation | The University of Electro-Communications/JST PRESTO(UEC/JST PRESTO) |
| 5th Author's Name | Yasuyuki Tahara |
| 5th Author's Affiliation | The University of Electro-Communications(UEC) |
| 6th Author's Name | Akihiko Ohsuga |
| 6th Author's Affiliation | The University of Electro-Communications(UEC) |
| Date | 2020-03-02 |
| Paper # | ICSS2019-78 |
| Volume (vol) | vol.119 |
| Number (no) | ICSS-437 |
| Page | pp.pp.61-65(ICSS), |
| #Pages | 5 |
| Date of Issue | 2020-02-24 (ICSS) |