Research On Detection Methods Of Cryptographic Misuse For IoT Devices

With the rapid development of Internet of Things technology,Internet of Things devices have gradually entered people’s lives.At the same time,security problems in IoT devices are emerging one after another,and cryptographic misuse is one of the typical problems.Cryptographic misuse refers to the lack of security awareness of developers,and the failure to correctly call the cryptographic functions well-designed by security experts during the program development process,resulting in the loss of proper security of various cryptographic algorithms and protocols.Existing researches have shown that there are often a large number of cryptographic misuse problems in various platform applications,and this situation is even more serious in IoT devices.Since IoT devices are limited by size and power consumption,and their performance is generally far inferior to traditional computer equipment,developers can easily adopt a strategy of sacrificing security in exchange for performance improvements.Therefore,it is of great significance to detect cryptographic misuse problems in IoT devices.However,due to the non-uniform architecture of IoT device firmware and the variety of cryptographic functions used,previous cryptographic misuse detection methods cannot be directly applied to IoT firmware.To solve this problem,this paper studies the key technologies involved in detecting cryptographic misuse problems in IoT devices.The main work and achievements are as follows:1.Cryptographic misuse rules applicable to IoT devices are collected from previous cryptographic misuse studies,and a misuse model is designed according to the rules.The misuse model covers different types of cryptographic functions in standard cryptographic libraries commonly used in IoT firmware such as Openssl,Wolf SSL,and Mbed TLS,including misuse of Symmetric Cipher Algorithm,Hash Algorithm,Pseudo-Random Number,Asymmetric Cipher Algorithm and SSL/TLS Protocol.2.Since there are multiple architectures in the IoT firmware,a method for detecting misuse of function parameters suitable for different architectures is designed.Function parameter misuse refers to the misuse caused by calling outdated functions from the standard cryptographic libraries or improper setting of function parameters.The difference in instruction sets,function calling conventions,registers,and function call stack structures between firmware architectures cause difficulty in locating function parameters.Therefore,based on the existing research,this paper lifts the instruction sets of different architectures to a unified intermediate representation to eliminate the instruction differences between architectures.For the differences between function calling conventions,registers and function call stack structures that cannot be eliminated,subdivision processing is carried out to realize accurate location of function parameters.Experimental results show that this method can handle various function calls and parameter assignments in IoT firmware with different architectures and can reverse-trace the parameter data flow.After obtaining the parameter values,it can match the misuse model and accurately judge misuse situation.3.The causes of cryptographic misuse in IoT devices are diverse.In addition to the misuse of function parameters,the lack of calls to key functions in the cryptographic function call process can also lead to the occurrence of misuse.In response to this situation,a cryptographic function call integrity misuse detection method was designed.To detect this type of misuse,it is first necessary to filter out the function call nodes that should be detected from the program control flow graph to generate the target function call graph,and then extract the target function call path from it,combined with the integrity misuse model,to determine whether there are missing calls to key functions.Experimental results show that the method is applicable to different function call processes in IoT firmware and can efficiently detect integrity misuse problems.4.Combining the above two methods,a prototype system for detecting cryptographic misuse of IoT devices is designed.The system includes a complete automatic detection process,which can detect misuse of various cryptographic functions in different architecture of IoT firmware with less time consumption.type.Then,the detection experiment of cryptography misuse problem was carried out on 811 IoT device firmware from the real world.The experimental results showed that 83% of IoT firmware have cryptographic misuse problems.