Network Security Vunerability Analysis On An Iot Smart Plug And Countermeasures Of Iot Devices

In recent years,the rapid development of the Internet of Things(IoT)has connected millions of devices to the network,which promotes the arrival of Internet of Everything era.However,due to large quantity,different configurations and customized protocols,diverse IoT devices are exposed to high risks of network attack,hardware attack,operating system/firmware attack and software attack.Therefore,IoT security has attracted much attention and becomes a new research hotspot.Among a variety of security risks,network attack is more harmful because it is not restricted by region,so this thesis focuses on the network security problems of Edimax plug,while our analysis method can be applied to other IoT devices.Firstly,by reverse-engineering its communication traffic,we find a series of security vulnerabilities in the protocol design and authentication mechanism.Then,by exploiting these vulnerabilities,we are the first to implement device scanning attack,brute force attack,device spoofing attack,firmware upgrade attack and command injection attack on Edimax plug to obtain authentication credentials and gain root privileges of the device system,and succeed in installing Mirai malware on it.Finally,to study the harm of Mirai malware,we bulid a Mirai propagation model by analysis of Mirai source codes.The correctness of the model is verified by the NS3 simulation results and real data of Mirai.We design a trusted IoT device system with TrustZone to defend against software attack like Mirai malware,hardware attack and operating system/firmware tampering attack.Firstly,we propose the hybrid secure boot and trusted boot approach with TrustZone to ensure the system integrity at launch time.This approach regards the ROM-and eFuse-based root of trust as the basis of trust.On this basis,after securely booting the secure world OS,the memory isolation mechanism of TrustZone provides secure memory for measurement results from the trusted boot phase.Then the trusted boot is performed to initate the normal world OS,and proves its integrity to the authentication server after the system starts.Afterwards,we design a memory paging-based process integrity measurement method to ensure the process integrity of the run-time system.This method uses the program in the secure world to measure each memory page of process code segment in the normal world,and encrypts measurement results to the authenticaiton server to prove the process integrity.Finally,we implement the trusted IoT device prototype system on a NXP i.MX6 q development board,and carry out function and performance tests on the system to verify its feasibility.In summary,we first take Edimax plug as an example to thoroughly analyze the possible security problems of IoT devices.On this basis,to maintain the security of the IoT device system,we design the hybrid secure boot and trusted boot approach and memory paging-based process integrity measurement method by use of TrustZone,and implement a trusted IoT device prototype system with TrustZone.