Research On Sensitive Information Detection Technology Of Smart IoT Firmware

With the rapid development of the Internet of Things,a variety of Io T devices have been widely used in smart home,intelligent transportation,intelligent medical and other fields,which become an integral part of production life.At the same time,the number of security attacks towards Io T devices is increasing,many attacks are associated with Io T device firmware security vulnerabilities.Firmware is a kind of software written into hardware devices,which contains the operating system and functional code of Io T devices,in which there may be some sensitive information that is enough to threaten the security of Io T devices.The detection and analysis of sensitive information on firmware can discover the security risks hidden in firmware and take remedial measures in time to avoid the emergence of high-risk vulnerabilities from the root.Therefore,it is of great importance to study firmware sensitive information detection techniques to improve the security of Io T devices.In most of cases,firmware analysis is performed for unencrypted firmware.However,some vendors encrypt the firmware in order to protect the firmware security and prevent the firmware from being unpackaged and analyzed.Analyzing the encrypted firmware directly often costs a lot of time and effort,so it is necessary to firstly determine whether the firmware is encrypted before unpacking,and the encrypted firmware which is detected should be specially processed to improve the analysis efficiency.For this reason,fast and accurate firmware encryption detection methods are important to improve the efficiency of firmware analysis.This paper researches the encryption detection and sensitive information identification techniques of Io T firmware.The main work and results of this paper are as follows:1.To address the problem that existing encrypted firmware identification methods are inefficient and cannot cope with large-scale encrypted firmware analysis,this paper proposes a file slicing-based encrypted firmware detection algorithm.First,the algorithm slices the firmware into several parts.Then,it reads the equal-length data in each part and calculates the information entropy of each part.In the end,it calculates the variance of the information entropy of all parts to determine the firmware encryption.The smaller the value of variance means the smaller the difference of the confusion degree of data in each place,that is,the firmware is encrypted,and vice versa means the firmware is unencrypted.The study uses the above method,and it turns out that 1334 router firmware are tested,the average analysis time per firmware is only 67.27 ms,the false alarm rate is 0.075%,which shows the detection speed is much better than similar software binwalk.2.In order to detect the sensitive strings in firmware,this paper proposes a regular expressionbased sensitive string detection method,which realizes the detection of IPs,URLs and Emails with special format in firmware.In order to test the accuracy of this method,we tested 100 Io T firmware,and the experimental results show that the method detects 190 more sensitive strings with special format than other similar tools on average,and the false detection rate is only 0.55% and the missed detection rate is 0,which has higher performance and accuracy.3.In order to detect sensitive files in firmware,this paper proposes a method to identify abnormal files in firmware based on file signature comparison,and finds hidden sensitive files in firmware by constructing a file signature table,a file type table and a setting of abnormal file weights.4.Based on the above research,a Web-based firmware sensitive information detection system Firm Inspector is designed and implemented,which provides functions such as user management,firmware upload,firmware encryption detecting and unpacking,firmware database browsing,sensitive information detecting,result display and report generating.The test results show the effectiveness of the system.This system has advantages in abnormal file identification,encrypted firmware identification and certificate file analysis compared with similar tools.