A survey on IoT & embedded device firmware security: architecture, extraction techniques, and vulnerability analysis frameworks

Shahid Ul Haq, Yashwant Singh, Amit Sharma, Rahul Gupta, Dipak Gupta
{"title":"A survey on IoT & embedded device firmware security: architecture, extraction techniques, and vulnerability analysis frameworks","authors":"Shahid Ul Haq, Yashwant Singh, Amit Sharma, Rahul Gupta, Dipak Gupta","doi":"10.1007/s43926-023-00045-2","DOIUrl":null,"url":null,"abstract":"Abstract IoT and Embedded devices grow at an exponential rate, however, without adequate security mechanisms in place. One of the key challenges in the cyber world is the security of these devices. One of the main reasons that these devices are active targets for large-scale cyber-attacks is a lack of security standards and thorough testing by manufacturers. Manufacturer-specific operating systems or firmware of various architectures and characteristics are typically included with these devices. However, due to a lack of security testing and/or late patching, the underlying firmware or operating systems are vulnerable to numerous types of vulnerabilities. Reverse engineering and in-depth research of the firmware is required to detect the vulnerabilities. In this paper, we've delved into various aspects of IoT and embedded devices. This includes a comprehensive survey on the architecture of firmware, techniques for firmware extraction, and state-of-the-art vulnerability analysis frameworks for the detection of vulnerabilities using various approaches like static, dynamic, and hybrid approaches. Furthermore, we’ve scrutinized the challenges of existing vulnerability analysis frameworks and proposed a novel framework to address these issues.","PeriodicalId":34751,"journal":{"name":"Discover Internet of Things","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Discover Internet of Things","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1007/s43926-023-00045-2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Abstract IoT and Embedded devices grow at an exponential rate, however, without adequate security mechanisms in place. One of the key challenges in the cyber world is the security of these devices. One of the main reasons that these devices are active targets for large-scale cyber-attacks is a lack of security standards and thorough testing by manufacturers. Manufacturer-specific operating systems or firmware of various architectures and characteristics are typically included with these devices. However, due to a lack of security testing and/or late patching, the underlying firmware or operating systems are vulnerable to numerous types of vulnerabilities. Reverse engineering and in-depth research of the firmware is required to detect the vulnerabilities. In this paper, we've delved into various aspects of IoT and embedded devices. This includes a comprehensive survey on the architecture of firmware, techniques for firmware extraction, and state-of-the-art vulnerability analysis frameworks for the detection of vulnerabilities using various approaches like static, dynamic, and hybrid approaches. Furthermore, we’ve scrutinized the challenges of existing vulnerability analysis frameworks and proposed a novel framework to address these issues.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
物联网研究综述嵌入式设备固件安全性:体系结构、提取技术和漏洞分析框架
物联网和嵌入式设备以指数级速度增长,然而,没有适当的安全机制。网络世界的主要挑战之一是这些设备的安全性。这些设备成为大规模网络攻击目标的主要原因之一是缺乏安全标准和制造商的彻底测试。这些设备通常包含特定于制造商的操作系统或各种体系结构和特性的固件。然而,由于缺乏安全测试和/或后期补丁,底层固件或操作系统容易受到多种类型漏洞的攻击。需要对固件进行逆向工程和深入研究才能发现漏洞。在本文中,我们深入研究了物联网和嵌入式设备的各个方面。这包括对固件架构的全面调查,固件提取技术,以及使用各种方法(如静态,动态和混合方法)检测漏洞的最新漏洞分析框架。此外,我们仔细研究了现有漏洞分析框架的挑战,并提出了一个新的框架来解决这些问题。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Discover Internet of Things
Discover Internet of Things Internet of Things (IoT)-
CiteScore
7.50
自引率
0.00%
发文量
6
审稿时长
28 days
期刊介绍: Discover Internet of Things is part of the Discover journal series committed to providing a streamlined submission process, rapid review and publication, and a high level of author service at every stage. It is an open access, community-focussed journal publishing research from across all fields relevant to the Internet of Things (IoT), providing cutting-edge and state-of-art research findings to researchers, academicians, students, and engineers. Discover Internet of Things is a broad, open access journal publishing research from across all fields relevant to IoT. Discover Internet of Things covers concepts at the component, hardware, and system level as well as programming, operating systems, software, applications and other technology-oriented research topics. The journal is uniquely interdisciplinary because its scope spans several research communities, ranging from computer systems to communication, optimisation, big data analytics, and application. It is also intended that articles published in Discover Internet of Things may help to support and accelerate Sustainable Development Goal 9: ‘Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation’. Discover Internet of Things welcomes all observational, experimental, theoretical, analytical, mathematical modelling, data-driven, and applied approaches that advance the study of all aspects of IoT research.
期刊最新文献
Determining critical nodes in optimal cost attacks on networked infrastructures Comparative analysis of audio classification with MFCC and STFT features using machine learning techniques Innovative image interpolation based reversible data hiding for secure communication Is iterative feature selection technique efficient enough? A comparative performance analysis of RFECV feature selection technique in ransomware classification using SHAP Internet of things (IoT)-based on real-time and remote boiler fuel monitoring system: a case of Raha Beverages Company Limited, Arusha-Tanzania
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1