Not all file in firmware are executed while using Internet of Things (IoT) devices and hundreds to approximately a thousand executable and linkable format files exist in one firmware. Therefore, security investigations without prioritization may lead to investigate programs that are not executed while using IoT devices first. This has resulted in inefficient security investigations. To perform efficient security investigations, we proposed a method that can identify programs executed during the startup process. However, only two firmware were used for the evaluation which can only evaluate one of the two startup sequences in the OpenWrt-based firmware. In addition, security investigations to validate whether the proposed method addresses the problem of inefficient security investigations were limited to OpenWrt-based firmware. In this study, we use more firmware data for evaluation and validation. We use nine firmware not used in previous studies including startup methods that have not previously been used for evaluation. In addition, we increase the number of firmware used for validation to 225. The evaluation results demonstrate that the proposed method can identify with only few false positives. The validation demonstrates that efficiency can be improved and prioritizing investigations by considering the proposed method result is worthwhile.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Evaluation of a Startup Program Identification for Efficient and Accurate IoT Security Investigations

  • Yuta Shimamoto,
  • Jiratchaya Phinyodom,
  • Ryota Yoshimoto,
  • Hiroyuki Uekawa,
  • Mitsuaki Akiyama,
  • Toshihiro Yamauchi

摘要

Not all file in firmware are executed while using Internet of Things (IoT) devices and hundreds to approximately a thousand executable and linkable format files exist in one firmware. Therefore, security investigations without prioritization may lead to investigate programs that are not executed while using IoT devices first. This has resulted in inefficient security investigations. To perform efficient security investigations, we proposed a method that can identify programs executed during the startup process. However, only two firmware were used for the evaluation which can only evaluate one of the two startup sequences in the OpenWrt-based firmware. In addition, security investigations to validate whether the proposed method addresses the problem of inefficient security investigations were limited to OpenWrt-based firmware. In this study, we use more firmware data for evaluation and validation. We use nine firmware not used in previous studies including startup methods that have not previously been used for evaluation. In addition, we increase the number of firmware used for validation to 225. The evaluation results demonstrate that the proposed method can identify with only few false positives. The validation demonstrates that efficiency can be improved and prioritizing investigations by considering the proposed method result is worthwhile.