a large scale analysis of the security of embedded
play

A"Large(Scale"Analysis"of"the" - PowerPoint PPT Presentation

Jun 15, 2023 •541 likes •784 views

A"Large(Scale"Analysis"of"the" Security"of"Embedded"Firmwares Presented(by(Zhenyu Ning 1 Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study

  1. A"Large(Scale"Analysis"of"the" Security"of"Embedded"Firmwares Presented(by(Zhenyu Ning 1

  2. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 2

  3. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 3

  4. Firmware • IEEE(definition:(Combination(of(a(hardware(device(and( computer(instructions(or(computer(data(that(reside(as(readJ only(software(on(the(hard(ware(device. • Software(that(is(embedded(in(a(hardware(device. 4

  5. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 5

  6. Motivation • Physically(analysis • Cost • Operability( • Online(device(analysis • Difficulty( • Ethic 6

  7. Challenges • Building(a(Representative(Dataset • Firmware(Identification • Unpacking(and(Custom(Formats • Scalability(and(Computational(Limits • Results(Confirmation 7

  8. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 8

  9. Architecture 9

  10. Firmware"Acquisition"and"Storage • Web(crawler( • FTP(Index(Engine( • GCSE( • Web(submission(interface( 10

  11. Unpacking"and"Analysis • Unpacking( • binwalk,(FRAK,(BAT( ( • BAT • low(false(positive(( • recursive(unpacking • generic(interface( 11

  12. Unpacking"and"Analysis"(Cont.) • Password(Hash(Cracking( • John(The(Ripper • A(Dictionary(built(from(common(password(lists(and(resources. • Parallelizing(the(Unpacking(and(Analysis 12

  13. Correlation"Engine • Comparison( • Shared(Credentials(and(SelfJSigned(Certificates( • Keywords • Fuzzy(hashes • Future(work( • Distributed(comparison(and(clustering(infrastructure( • “bins”(partitioning(approach 13

  14. Data"Enrichment • Automated(queries( • <title>(tag(of(web(pages( • authentication(realms(of(web(servers( • Passive(scans • (SSL(certificates( • (ZMap 14

  15. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 15

  16. General"Dataset"Statistics • 172,751(files(out(of(759,273(files(collected(by(crawler. • 32,356(firmware(images(out(of(172,751(files. • 26,275(images(successfully(unpacked( 16

  17. Files"Formats 17

  18. Results"Overview • Password(Hashes(Statistics • Certificates(and(Private(RSA(Keys(Statistics • Packaging(Outdated(and(Vulnerable(Software • Building(Images(as(root • Web(Servers(Configuration 18

  19. Case"study • Backdoors • Plain(text(search • Private(SSL(Key • Common(vulnerable(components • XSS(in(WiFi Enabled(SD(Cards • Manually(vulnerability(confirmation 19

  20. Contents 1.(Background 2.(Motivation(&(Challenges 3.(Architecture 4.(Analysis(Result(&(Case(study 5.(Conclusion 20

  21. Conclusion • LargeJscale(static(analysis • Beneficial • Desirable( • Future(work • Continue(analysis(on(current(firmware(image • Improve(analysis(technique 21

  22. Reference • Costin,(Andrei,(et(al.("A(largeJscale(analysis(of(the(security(of( embedded(firmwares." USENIX'Security'Symposium .(2014. 22

  23. Thank(you! 23

Recommend

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A.

A Large Scale Analysis of the Security of Embedded Firmwares A. Costin , J. Zaddach, A. Francillon, D. Balzarotti EURECOM, France 20th August 2014 USENIX Security '14 San Diego, USA Embedded Systems Are Everywhere Andrei Costin 2 By

1.03k views • 72 slides
A Large-Scale Analysis of the Security of Embedded Firmwares Andrei Cos+n, Jonas Zaddach, Aurlien

A Large-Scale Analysis of the Security of Embedded Firmwares Andrei Cos+n, Jonas Zaddach, Aurlien

A Large-Scale Analysis of the Security of Embedded Firmwares Andrei Cos+n, Jonas Zaddach, Aurlien Francillon, and Davide Balzaro:, Eurecom h;ps://www.usenix.org/conference/usenixsecurity14/technical-sessions/presenta+on/ cos+n Saeid Mofrad

1.14k views • 22 slides
A Scalable Processor with Embedded Software for Large- Scale Scientific Applications Daniel Alex

A Scalable Processor with Embedded Software for Large- Scale Scientific Applications Daniel Alex

A Scalable Processor with Embedded Software for Large- Scale Scientific Applications Daniel Alex Finkelstein and Haldun Hadimioglu Polytechnic University, Brooklyn, NY, USA Outline 1. Motivation/Goals and Related Work 2. Peripheral Context

887 views • 29 slides
Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra

Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra

Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra Distributed Real- -time &amp; Embedded time &amp; Embedded Distributed Real (DRE) Systems (DRE) Systems Wednesday, May 30, 2007, ISORC, , ISORC,

730 views • 49 slides
Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing

Granula: Toward Fine-grained Performance Analysis of Large-scale Graph Processing Platforms Wing Lung Ngai, Tim Hegeman, Stijn Heldens, and Alexandru Iosup @Large Research Massivizing Computer Systems Large-scale Graph Processing 2 OpenG

266 views • 13 slides
Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale

Introduction to Performance Analysis Visualization and Analysis of Performance on Large-scale Software VAPLS 2013 Todd Gamblin Katherine Isaacs UC Davis, LLNL LLNL Why does my code run slowly? Bad algorithm 1. Poor computational

2.17k views • 12 slides
robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard

robust control for analysis and design of large-scale optimization algorithms Laurent Lessard University of WisconsinMadison Joint work with Ben Recht and Andy Packard LCCC Workshop on Large-Scale and Distributed Optimization Lund

435 views • 32 slides
Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand,

Introduction Multi-scale Analysis Approach Experimental Framework Results and Analysis Conclusion Multi-scale Analysis of Large Distributed Computing Systems Lucas M. Schnorr, Arnaud Legrand, Jean-Marc Vincent INRIA Mescal, CNRS LIG

583 views • 27 slides
Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological

Using CellProfiler for Biological Image Analysis Quantitative Analysis of Large-Scale Biological Image Data Mark-Anthony Bray, Ph.D Imaging Platform, Broad Institute Cambridge, Massachusetts, USA mbray@broadinstitute.org 0.4233 54,454

701 views • 52 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra

Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra

Meeting the Challenges of Ultra- -Large Large- -Scale Scale Meeting the Challenges of Ultra Distributed Real- -time &amp; Embedded Systems time &amp; Embedded Systems Distributed Real with QoS- -enabled Middleware &amp; enabled

682 views • 50 slides
Large-Scale Distributed Systems and Networks TDDE35 Lectures on Embedded Systems Petru Eles

Large-Scale Distributed Systems and Networks TDDE35 Lectures on Embedded Systems Petru Eles

Large-Scale Distributed Systems and Networks TDDE35 Lectures on Embedded Systems Petru Eles Institutionen fr Datavetenskap (IDA) Linkpings Universitet email: petru.eles@liu.se http://www.ida.liu.se/~petel71/ phone: 28 1396 B building,

1.52k views • 128 slides
Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and

Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and

Automatic Detection of Performance Deviations in Load Testing of Large Scale Systems Haroon Malik Software Analysis and Intelligence Lab (SAIL) Queens University, Kingston, Canada Large scale systems need to satisfy performance constraints

822 views • 37 slides
SMALL SCALE EFFECT ON THE BUCKLING ANALYSIS OF DOUBLE-LAYER GRAPHENE NANORIBBONS EMBEDDED IN AN

SMALL SCALE EFFECT ON THE BUCKLING ANALYSIS OF DOUBLE-LAYER GRAPHENE NANORIBBONS EMBEDDED IN AN

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS SMALL SCALE EFFECT ON THE BUCKLING ANALYSIS OF DOUBLE-LAYER GRAPHENE NANORIBBONS EMBEDDED IN AN ELASTIC MATRIX J.X. Shi 1 , T. Natsuki 2 , X.W. Lei 1 , Q.Q. Ni 2 * 1 Interdisciplinary Graduate

328 views • 6 slides
Who we are Eshard - Embedded Security Company Software &amp; Hardware Security What do we

Who we are Eshard - Embedded Security Company Software &amp; Hardware Security What do we

Who we are Eshard - Embedded Security Company Software &amp; Hardware Security What do we do: @eshardNews Tools: Side Channel / Code Analysis Consultancy https://www.eshard.com Audit contact@eshard.com Training

752 views • 54 slides
The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion

The Picnic Post-Quantum Signature Scheme and its Security Analysis Itai Dinur Ben-Gurion University Credit for some slides: Melissa Chase and Picnic team Post-Quantum Cryptography Large-scale quantum computer could efficiently factor large

533 views • 34 slides
Analysis Algorithms for Large-Scale Networks Dan Meehan meehan.49@osu.edu Table of Contents

Analysis Algorithms for Large-Scale Networks Dan Meehan meehan.49@osu.edu Table of Contents

Analysis Algorithms for Large-Scale Networks Dan Meehan meehan.49@osu.edu Table of Contents Algorithm analysis overview Degree distribution Characteristic path length Betweenness centrality Exact Approximate

585 views • 23 slides
Scalable performance analysis of large-scale parallel applications Brian Wylie &amp; Markus

Scalable performance analysis of large-scale parallel applications Brian Wylie &amp; Markus

Scalable performance analysis of large-scale parallel applications Brian Wylie &amp; Markus Geimer J lich Supercomputing Centre scalasca@fz-juelich.de September 2010 Performance analysis, tools &amp; techniques Profile analysis

582 views • 24 slides
embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt

embedded security October 2015 The Old Model (simplified view) Embedded Security Benedikt Gierlichs KU Leuven, COSIC IACR Summer school 2015 Chia Laguna, Italy Attack on channel between communicating parties Encryption and

412 views • 6 slides
Analysis of large-scale variability of the surface air chemical composition in the Northern

Analysis of large-scale variability of the surface air chemical composition in the Northern

Analysis of large-scale variability of the surface air chemical composition in the Northern Eurasia K. B. Moiseenko, N.F. Elansky, A. I. Skorokhod, I.B. Belikov, A.I. Safronov, N.V. Pankratova, A.V. Vivchar, E.V. Beresina Obukhov Institute for

471 views • 27 slides
Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code

Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code

Going Na)ve: Using a Large-Scale Analysis of Android Apps to Create a Prac)cal Na)ve-Code Sandboxing Policy Vitor Afonso, Antonio Bianchi, Yanick Fratantonio, Adam Doupe, Mario Polino, Paulo de Geus , Christopher Kruegel, and Giovanni Vigna

557 views • 30 slides
Analysis of Large Scale Visual Recogni4on Fei-Fei Li and

Analysis of Large Scale Visual Recogni4on Fei-Fei Li and

Analysis of Large Scale Visual Recogni4on Fei-Fei Li and Olga Russakovsky Olga Russakovsky, Jia Deng, Zhiheng Huang, Alex Berg, Li Fei-Fei Detec4ng

848 views • 60 slides
Large Scale Complex Network Analysis using Large Scale Complex Network Analysis using the Hybrid

Large Scale Complex Network Analysis using Large Scale Complex Network Analysis using the Hybrid

Large Scale Complex Network Analysis using Large Scale Complex Network Analysis using the Hybrid Combination of a the Hybrid Combination of a MapReduce Cluster and MapReduce Cluster and a Highly Multithreaded System a Highly Multithreaded

449 views • 22 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides

More recommend