Research On Iot Firmware Network Protocol Simulation And Fuzzing Technology Based On Instrumentation

With the rapid development of IoT(Internet of Things)technology and 5G network technology,IoT devices have gradually fit into all aspects of people’s work and life.At the same time,various security risks in the IoT firmware have been exposed,which seriously threaten the information security of individuals,enterprises,and even countries.The original study of security analysis for the IoT firmware is mostly based on the hardware environment,but the operating environment of the hardware is relatively closed,the software interfaces and hardware resources are very limited,resulting in low research efficiency.The current mainstream research direction is to provide a simulation environment for IoT firmware,and combine the fuzzing technology for security analysis.However,there are still some problems in practical applications,mainly including insufficient hardware emulation of simulation tools,heavy workload of manual analysis of functions that cause simulation failure,and low efficiency of firmware network protocol fuzzing.This paper takes the IoT firmware network protocol and its service program as the main research object,and proposes an IoT firmware network protocol simulation and fuzzing technology based on instrumentation to solve the above problems.The main research contents include:1)A function execution tracking technology based on a combination of dynamic and static analysis is proposed to automatically track and locate the functions that cause simulation failure and reduce the burden of manual analysis;2)A hardware feedback emulation technology based on static binary instrumentation is proposed,which provides a hardware feedback repair method in a variety of granularities,minimizes the impact on the original code of binary files,and builds a virtual environment for firmware running;3)A coverage-oriented optimized sample mutation strategy technology is proposed,which updates the scheduling weight of the sample mutation methods according to the coverage information,reduces the generation of invalid test samples,and improves the efficiency of fuzzing.Based on the above research,this paper finally constructs an efficient firmware network protocol security analysis system.Through functional testing and experimental comparison,the simulation tool in this paper supports automatic positioning and finegrained repair of simulation-failed functions,which can make it easier to build a virtual environment.Compared with Peach 3 and Boofuzz,the fuzzing tool proposed in this paper outperforms others in terms of the sample execution coverage and the number of high-quality samples,indicating that the method in this paper can significantly improve the efficiency of fuzzing.