Abstract
Dynamic analysis of IoT firmware is an effective method to discover security flaws and vulnerabilities. However, limited by emulation methods concentrating on a single IoT device, it is challenging to find security issues hidden in communication channels. This paper presents EmuIoTNet, a tool capable of automatically building an emulated IoT network for dynamic analysis. First, EmuIoTNet prepares an emulated hardware environment to emulate a number of devices for firmware. Then, it employs network virtualization tools to setup two types of networks, IntraNet and InterNet, which connect emulated devices, companion applications, and cloud endpoints to support many communication protocols. Meanwhile, it reconfigures the IP address of emulated devices at will to support simultaneous operations of multiple users. The experimental results show that EmuIoTNet can automatically build various emulated networks and facilitate security analysis in communication channels.
Supported in part by the National Natural Science Foundation of China under Grant 61972392 and Grant 62072453 and in part by the Youth Innovation Promotion Association of the Chinese Academy of Sciences under Grant 2020164.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Some firmware cannot be extracted if they are encrypted or do not contain a valid file system.
References
Anatomy of an iot malware attack. https://developer.ibm.com/articles/iot-anatomy-iot-malware-attack/
Android-x86. https://www.android-x86.org/
Iot attacks up significantly in first half of 2019. https://www.darkreading.com
Sonicwall: Encrypted attacks, IoT malware surge as global malware volume dips. http://blog.sonicwall.com
Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: Sok: security evaluation of home-based IoT deployments. In: S&P, pp. 1362–1380 (2019)
Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security Symposium, pp. 1093–1110 (2017)
Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. NDSS 16, 1–16 (2016)
Chen, J., et al.: Iotfuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)
Chipounov, V., Kuznetsov, V., Candea, G.: S2e: a platform for in-vivo multi-path analysis of software systems. Acm Sigplan Notices 46(3), 265–278 (2011)
Clements, A.A., et al.: Halucinator: firmware re-hosting through abstraction layer emulation. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1201–1218 (2020)
Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security Symposium, pp. 95–110 (2014)
Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: AsiaCCS, pp. 437–448 (2016)
Davidson, D., Moench, B., Ristenpart, T., Jha, S.: Fie on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 463–478 (2013)
Feng, B., Mera, A., Lu, L.: P 2 IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In: USENIX Security Symposium (2020)
Gustafson, E., et al.: Toward the analysis of embedded firmware through automated re-hosting. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 135–150 (2019)
Kammerstetter, M., Burian, D., Kastner, W.: Embedded security testing with peripheral device caching and runtime program state approximation. In: 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE) (2016)
Kammerstetter, M., Platzer, C., Kastner, W.: Prospect: peripheral proxying supported embedded code testing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 329–340 (2014)
Koscher, K., Kohno, T., Molnar, D.: SURROGATES: enabling near-real-time dynamic analyses of embedded systems. In: 9th USENIX Workshop on Offensive Technologies (WOOT 15) (2015)
Li, H., Tong, D., Huang, K., Cheng, X.: Femu: a firmware-based emulation framework for soc verification. In: CODES+ISSS, pp. 257–266 (2010)
Magnusson, P.S., et al.: Simics: a full system simulation platform. Computer 35(2), 50–58 (2002)
Muench, M., Nisi, D., Francillon, A., Balzarotti, D.: Avatar2: a multi-target orchestration platform. Workshop Binary Anal. Res. 18, 1–11 (2018)
Sha, L., Xiao, F., Chen, W., Sun, J.: Iiot-sidefender: detecting and defense against the sensitive information leakage in industry IoT. World Wide Web 21(1), 59–88 (2018)
Srivastava, P., Peng, H., Li, J., Okhravi, H., Shrobe, H., Payer, M.: Firmfuzz: automated IoT firmware introspection and analysis. In: IoT S&P, pp. 15–21 (2019)
Talebi, S.M.S., Tavakoli, H., Zhang, H., Zhang, Z., Sani, A.A., Qian, Z.: Charm: facilitating dynamic analysis of device drivers of mobile systems. In: USENIX Security Symposium, pp. 291–307 (2018)
Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Hot Topics in Networks, pp. 1–7 (2015)
Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D., et al.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. NDSS 14, 1–16 (2014)
Zhang, L., Chen, J., Diao, W., Guo, S., Weng, J., Zhang, K.: Cryptorex: large-scale analysis of cryptographic misuse in IoT devices. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 151–164 (2019)
Zhang, Z.K., Cho, M.C.Y., Shieh, S.: Emerging security threats and countermeasures in IoT. In: Proceedings of the AsiaCCS, pp. 1–6 (2015)
Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: Firm-afl: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX Security Symposium, pp. 1099–1114 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Si, Q., Cui, L., Li, L., Ding, Z., Liu, Y., Hao, Z. (2021). EmuIoTNet: An Emulated IoT Network for Dynamic Analysis. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds) Information and Communications Security. ICICS 2021. Lecture Notes in Computer Science(), vol 12918. Springer, Cham. https://doi.org/10.1007/978-3-030-86890-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-86890-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-86889-5
Online ISBN: 978-3-030-86890-1
eBook Packages: Computer ScienceComputer Science (R0)