Research And Implementation Of Attack Detection System Based On UEFI Firmware

With the continuous development of network attack technology,attacks against the firmware have emerged,more and more attacks on the computer caused a huge threat.The malicious code in the firmware is hidden in the bottom of the computer,it is difficult to be found and eliminated by the anti-virus software.The detection and protection of the firmware attack is an urgent problem to be solved in the field of computer security.At present,there are few studies related to firmware attack detection,and there are few relevant data in the field of firmware security,which adds some difficulty to the research and implementation of firmware attack detection.In the past,for different types such as Award BIOS,AMI BIOS,Phoenix BIOS,the manufacturers had different specifications on BIOS.The format of BIOS image and composition of module were very different.The security detection system was usually implementated for a a specific type of BIOS,which was less common.In order to solve the shortcomings of traditional detection methods,this paper studies the technology of BIOS image file acquisition,analysis,display and integrity protection based on UEFI firmware technology.It designs and realizes the attack detection system based on UEFI firmware to effectively protect the BIOS system security.The main work and difficulties of this paper:1)An attack detection architecture based on UEFI firmware is proposed.2)As the operating system is running in protected mode,the physical memory that stores the BIOS image is protected and can not be accessed directly at the operating system level.To solve the problem of obtaining the BIOS image,this article enters the system management mode SMM by triggering the SMI interrupt.The BIOS image can be acquired by accessing the BIOS mapped physical address in SMM mode.3)The core of the module detection is the analysis of the BIOS image file.In order to solve the problem of BIOS module decomposition and improve the versatility of the system,this paper studies the storage structure of UEFI firmware,and analyzes the header structure of FV,FF and FF section files according to the specification.Finally,implement the BIOS module decomposition.4)Traditional integrity testing methods generally use MD5 algorithm,Its’ independent controllability is poor,because there is the possibility of implantation of the back doorhe by using foreign standards,This paper designs and realizes the verification algorithm based on the national cryptographic standard SM3,and designs and realizes the remote identity authentication based on SM2 digital signature algorithm.It enhances the system’s credibility,controllability and security.Based on UEFI firmware technology,this paper designs and realizes the attack detection system,which increases the versatility and security of the firmware detection system.If the BIOS is attacked,the system can locate the changed module.We can understand the attacker’s attempt.It is prepared for the restoration of the corresponding module.It can effectively protect the system security.