Design And Implementation Of Web Weak Key Detection System For Internet Of Things Devices

Nowadays,IoT(Internet of Things)technology is widely used in all walks of life.The IoT devices brings convenience to people,and the security threat of IoT faced is increasing.Due to the problems of network attack,network crime,privacy disclosure,etc.The issue of IoT devices security has become the focus of what we are concerned.Generally,IoT devices have a Web application system,which is rich in functions and can view device information,control and configuration equipment,which is of great security significance.The password authentication mechanism is still a very important way in the Web application system of the IoT devices.If a IoT device exists Web weak passwords,once it is discovered by hackers or hostile forces,the equipment can be controlled by them and the malicious code be injected into,then the device may be a springboard for attacking other devices in the network.The existing research shows that the problem of web weak password for the Internet of things is still serious.Because there are many vendors of the Internet of things,the authentication pages of the web application system of each vendor are not consistent,the authentication interface is not uniform too.Besides,the web application system itself has many ways of authentication and the technology application is complex.The implementation of unified automated weak password detection is more difficult.For The traditional method,firstly the authentication method of,the submission information and the way of the password is analyzed manually,then writing script to detect the weak password of the web with the help of weak password library.The traditional way is less automated,time consuming and costly.With the upgrading of products,the original API is also likely to fail,and it needs manual analysis and processing again.Therefore,the research of Web weak password detection is of practical significance and theoretical value.In view of the difficulties in the detection of web weak password,this paper summarizes and analyzes the existing password authentication methods,proposes a two detection based device recognition algorithm and a rule based automatic login method.The recognition algorithm first analyzes the home page of the device,then do further detection for device whose home page is same,which can identify the brand of the equipment more effectively and more accurately.With the brand information,the weak password detection can be done more accurately.After the analysis of the authentication mode,page feature and submission mode of many web application system connected to the Internet,we summarizes a set of automated weak password detection rules also.Based on the above two algorithms,this paper proposes a set of web weak password automatic detection framework in the end and implements a software of web weak password automatic detection.The experimental results show that the method proposed in this paper which is based on rule can effectively identify the existence of weak password in Web application system for Io T devices.Finally we realize a system and scanned Beijing,Hebei,Guangdong three provinces IoT devices,we found 7346 devices whose Web System has weak password in 120687 survival devices,which consist 6.09%,The practical application verifies the effectiveness of the system and the method we propose.