• The Transactions of The Korean Institute of Electrical Engineers
• /
• v.61 no.1
• /
• pp.155-161
• /
• 2012

The firmware upgrade, which is remotely performed, is an essential function in smart metering or AMI (Advanced Metering Infrastructure). In other words, the AMI software and firmware can be switched for maintaining and improvement without replacement of H/W devices in AMI environment. Also, if number and type of devices are increase, the demand of remote update service will be increased. Through the firmware upgrade service remotely, the electric power corporation may be able to benefit various fields. For example, there are to adapt more easily in many environments, real-time service and to cut maintenance costs. In this paper, we proposed to design an international level FUMS(Firmware Upgrade Management System) which includes requirement function, architecture and protocol related with DCU, Smart Meter.

• IEMEK Journal of Embedded Systems and Applications
• /
• v.12 no.6
• /
• pp.359-368
• /
• 2017

As the BadUSB is a vulnerability, in which a hacker tampers the firmware area of a USB flash drive. When the BadUSB device is plugged into the USB port of a host system, a malicious code acts automatically. The host system misunderstands the act of the malicious behavior as an normal behaviour for booting the USB device, so it is hard to detect the malicious code. Also, an antivirus software can't detect the tampered firmware because it inspects not the firmware area but the storage area. Because a lot of computer peripherals (such as USB flash drive, keyboard) are connected to host system with the USB protocols, the vulnerability has a negative ripple effect. However, the countermeasure against the vulnerability is not known now. In this paper, we analyze the tampered area of the firmware when a normal USB device is changed to the BadUSB device and propose the countermeasure to verify the integrity of the area when the USB boots. The proposed method consists of two procedures. The first procedure is to verify the integrity of the area which should be fixed even if the firmware is updated. The verification method use hashes, and the target area includes descriptors. The second procedure is to verify the integrity of the changeable area when the firmware is updated. The verification method use code signing, and the target area includes the function area of the firmware. We also propose the update protocol for the proposed structure and verify it to be true through simulation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.1
• /
• pp.31-49
• /
• 2021

IoT devices refer to embedded devices that can communicate with networks. Since there are various types of IoT devices and they are widely used around us, in the event of an attack, damages such as personal information leakage can occur depending on the type of device. While the security team analyzes IoT devices, they should target firmware as well as software interfaces since IoT devices are operated by both of them. However, the problem is that it is not easy to extract and analyze firmware and that it is not easy to manage product quality at a certain level even if the same target is analyzed according to the analyst's expertise within the security team. Therefore, in this paper, we intend to establish a vulnerability analysis process for the firmware of IoT devices and present available tools for each step. Besides, we organized the process from firmware acquisition to analysis of IoT devices produced by various commercial manufacturers, and we wanted to prove their validity by applying it directly to drone analysis by various manufacturers.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.2
• /
• pp.1-7
• /
• 2023

In this paper, we propose a base address candidate selection method using the $gp register and page granularity as a way to build a static analysis environment for firmware based on MIPS architecture. As a way to shorten the base address search time, which is a disadvantage of the base address candidate selection method through inductive reasoning in existing studies, this study proposes a method to perform page-level search based on the $gp register in the existing base address candidate selection method as a reference point for search. Then, based on the proposed method, a base address search tool is implemented and a static analysis environment is constructed to prove the validity of the target tool. The results show that the proposed method is faster than the existing candidate selection method through inductive reasoning.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1225-1234
• /
• 2019

The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.

• Proceedings of the Korean Society of Computer Information Conference
• /
• 2023.01a
• /
• pp.5-6
• /
• 2023

본 논문에서는 MIPS 아키텍쳐 기반 펌웨어에 대한 페이지 단위의 이미지 베이스 주소 탐색 방안을 제안한다. 이 방법은 MIPS 기반 임베디드 기기의 펌웨어를 대상으로, 대상 내의 분석 대상의 이미지 베이스 주소 계산 알고리즘을 효율적으로 개선하여 이미지 베이스 주소탐색 시간을 최소화하는 것을 목표로 한다. 이 방법은 펌웨어 내 문자열의 주소를 기준으로 세그먼트 시작 주소를 유추, 페이지 단위인 4KB 단위로의 이미지 베이스 주소 후보군을 계산하여 이미지 베이스 주소 후보군을 선별하는 것을 그 원리로 한다. 본 논문에 적용된 방법은 기존의 경험적 방법을 통한 펌웨어 베이스 탐색 방안에 비해 정확도면에서 우수함을 보인다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1185-1189
• /
• 2016

In modern society, the number of embedded devices has been increasing. However, embedded devices is growing, and the backdoor and vulnerabilities are found continously. It is necessary for this analysis. In this paper, we developed a tool to extract the base address information for the static analysis environment built of the embedded device's firmware. By using this tool, we built the environment for static analysis. As a result, this point enables us to parse the strings and to check the reference. Also, through the increased number of functions, we proved the validity of the tool.

• Proceedings of the KIEE Conference
• /
• 2011.07a
• /
• pp.1991-1992
• /
• 2011

스마트미터링 혹은 스마트미터의 기본 요구사항 중 하나는 AMI 환경의 장비들에 대한 펌웨어 원격 업그레이드 기능이다. 수동적인 H/W 장비의 교체 없이 S/W 및 펌웨어 교체만으로 변화되는 환경에 유연하게 대체할 수 있도록 하며 다양한 부가서비스 창출 및 사업화지원을 위해서 시스템을 주기적으로 유지보수함으로써 유지보수에 필요한 인건비를 절감 한다는 측면과 서비스의 즉시성 측면에서 매우 중요하다. 본 논문에서는 AMI 시스템 개발 시작품 중 데이터수집장치 및 스마트 미터를 대상으로하는 원격 펌웨어 업그레이드시스템(FUMS, Firmware Upgrade Management System)의 국제적 수준의 일반적 요구기능과 시스템 설계 내용을 제시한다.

• KIPS Transactions on Computer and Communication Systems
• /
• v.5 no.12
• /
• pp.491-498
• /
• 2016

Recently leakages of confidential information and internal date have been steadily increasing by using booting technique on portable OS such as Windows PE stored in portable storage devices (USB or CD/DVD etc). This method allows to bypass security software such as USB security or media control solution installed in the target PC, to extract data or insert malicious code by mounting the PC's storage devices after booting up the portable OS. Also this booting method doesn't record a log file such as traces of removable storage devices. Thus it is difficult to identify whether the data are leaked and use trace-back technique. In this paper is to propose method to help facilitate the process of digital forensic investigation or audit of a company by collecting and analyzing BIOS firmware images that record data relating to BIOS settings in flash memory and finding traces of portable storage devices that can be regarded as abnormal events.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.5
• /
• pp.847-857
• /
• 2020

As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.