Practical Internet of Things Security
โ Brian Russell, Drew Van Duren
๐ Library
๐
2016
๐ Packt Publishing
๐ English
โฆ LIBER โฆ
๐
Internet of Things Security: Principles and Practice
โ Scribed by Qinghao Tang, Fan Du
- Publisher
- Springer
- Year
- 2021
- Tongue
- English
- Leaves
- 292
- Category
- Library
โฌ Acquire This Volume
No coin nor oath required. For personal study only.
โฆ Synopsis
Over the past few years, Internet of Things has brought great changes to the world. Reports show that, the number of IoT devices is expected to reach 10 billion units within the next three years. The number will continue to rise and wildly use as infrastructure and housewares with each passing day, Therefore, ensuring the safe and stable operation of IoT devices has become more important for IoT manufacturers.
Generally, four key aspects are involved in security risks when users use typical IoT products such as routers, smart speakers, and in-car entertainment systems, which are cloud, terminal, mobile device applications, and communication data. Security issues concerning any of the four may lead to the leakage of user sensitive data. Another problem is that most IoT devices are upgraded less frequently, which leads it is difficult to resolve legacy security risks in short term. In order to cope with such complex security risks,Security Companies in China, such as Qihoo 360, Xiaomi, Alibaba and Tencent, and companies in United States, e.g. Amazon, Google, Microsoft and some other companies have invested in security teams to conduct research and analyses, the findings they shared let the public become more aware of IoT device security-related risks. Currently, many IoT product suppliers have begun hiring equipment evaluation services and purchasing security protection products.
As a direct participant in the IoT ecological security research project, I would like to introduce the book to anyone who is a beginner that is willing to start the IoT journey, practitioners in the IoT ecosystem, and practitioners in the security industry. This book provides beginners with key theories and methods for IoT device penetration testing; explains various tools and techniques for hardware, firmware and wireless protocol analysis; and explains how to design a secure IoT device system, while providing relevant code details.
โฆ Table of Contents
Preface
Contents
Part I: Basics and Analysis Methods for IoT System
Chapter 1: The Analysis on Hardware
1.1 Dismantling the Equipment
1.2 The Analysis on the Circuit Board
1.3 The Analysis on the Hardware Interface
1.3.1 UART Interface
1.3.2 JTAG Interface
1.4 The Extraction of Firmware
1.4.1 The Disassembly of Flash Memory
1.4.2 Flash Memory Reading
1.4.3 Flash Memory Welding
Chapter 2: The Analysis of Wireless Communication Protocol
2.1 Wi-Fi
2.1.1 Introduction to the Protocol
2.1.2 Analysis Method
2.1.2.1 Packet Sniff
2.1.2.2 Test Replay Attack
2.1.2.3 De-authentication Attack Test
2.2 Low-power Bluetooth
2.2.1 Introduction to the Protocol
2.2.2 Introduction to the Analysis Methods
2.3 ZigBee
2.3.1 Introduction to the Protocol
2.3.2 Analysis Methods
2.4 GPS
2.4.1 Principles
2.4.2 Analytical Method
Chapter 3: Basic Knowledge of Firmware
3.1 Architecture and Operating System
3.1.1 CISC and RISC
3.1.2 Overview of Common Operating Systems
3.2 Overview of Embedded Linux System
3.2.1 Introduction
3.2.2 Boot Loader
3.2.2.1 System Boot Process
3.2.2.2 U-Boot Instruction Line Interface
3.2.3 Kernel and User Mode Process
3.2.4 File System
3.2.4.1 EXT2/EXT3/EXT4 File System
3.2.4.2 SquashFS File System
3.2.4.3 Cramfs File System
3.2.5 Hardware Device Interface
3.2.5.1 Storage Device
3.2.5.2 Network Equipment
3.2.5.3 Audio Equipment
3.2.6 Cross Compiling
3.2.6.1 Cross Compiling Toolchain
3.2.6.2 Example of Cross Compiling: Cross Compiling ARM Program with Alsa Library
3.2.7 Debug and Binary Tools
3.2.7.1 BusyBox
3.2.7.2 GDB and gdbserver
3.2.7.3 Binary Utilities
3.2.8 Example: Analysis of a Physical Contact Implantation Vulnerability of a Smart Speaker
3.2.8.1 Analysis of Serial Interface
3.2.8.2 Get the Shell by Starting with the External SD Card
3.2.8.3 Implant Code in Order to Reverse Shell After Startup
3.2.8.4 Implant Code for Remote Monitoring
3.2.8.5 Improvement Measures
3.3 Overview of the Android System
3.3.1 Introduction
3.3.2 File System
3.3.2.1 Boot Partition
3.3.2.2 System Partition
3.3.2.3 Userdata Partition
3.3.3 System Startup Process
3.3.3.1 Init Process
3.3.3.2 Start the Zygote Process
3.3.3.3 Start System Server
3.3.4 Recovery Mode
3.3.4.1 Fastboot
3.3.4.2 Recovery
3.3.5 Android Debug Bridge
3.3.6 Hardware Device Interface
3.3.6.1 Storage Device
3.3.6.2 Audio Device
3.3.6.3 Camera
3.3.7 Application
3.3.7.1 Application Structure
3.3.7.2 Basic Components of the Application
3.3.7.3 Application Construction Process
Chapter 4: Analysis of Firmware Vulnerabilities
4.1 Analysis of Firmware Vulnerability of Embedded Linux System
4.1.1 The Acquisition of Firmware
4.1.1.1 Download from the Website
4.1.1.2 Capture Update Packages
4.1.1.3 Get Through Serial Interface
4.1.1.4 Extract via Hardware Interface
4.1.1.5 Get Through Vulnerabilities
4.1.2 Modify Firmware
4.1.2.1 Unpack Tools
4.1.2.2 Program Implantation
4.1.2.3 Reformatting the Firmware
4.1.3 Basic Knowledge About Assembly
4.1.3.1 Program Structure and Data Storage
Segment
Data Types and Rules
4.1.3.2 Registers
General Registers
Special Registers
4.1.3.3 Instruction Sets
Instruction Format
Common Instructions
4.1.3.4 Strategies of Addressing
4.1.3.5 Function Call and Stack
4.1.4 Example: Fuzzing with AFL
4.1.4.1 Setting up the Environment
Download AFL
Download of webkit Source Code
4.1.4.2 Source Code Compilation
Install Library Dependencies
AFL Compilation Settings
4.1.4.3 Fuzzing Webkit JSC with AFL
4.1.5 Overview of Exploit
4.1.5.1 Basic Vulnerability Types
Buffer Overflow Vulnerability
Format String Vulnerability
UAF Vulnerability
4.1.5.2 Shellcode
4.1.5.3 ROP
4.1.5.4 Measures
4.2 Analysis of Android System Firmware Vulnerability
4.2.1 Analysis of the Vulnerability of Android Devices
4.2.1.1 Physical Vulnerability
4.2.1.2 Local Vulnerability
4.2.1.3 Remote Vulnerability
4.2.2 SEAndroid Security Policy
4.2.2.1 SELinux
4.2.2.2 The Core of SEAndroid
4.2.2.3 Two Modes
4.2.2.4 setools for Android
4.2.3 Modify Firmware
4.2.3.1 Service Starts Automatically
4.2.3.2 Firmware Reformatting
4.2.4 Reverse APK
4.2.4.1 APK File Structure
4.2.4.2 Reverse Tools
dex2jar and jd-gui
Apktool
Other Tools
4.2.5 Example: Reverse Analysis of the Drive Recorder Application
4.2.5.1 Hardware Analysis
4.2.5.2 Reverse APK
4.2.6 Example: A Translator Implants Vulnerability Analysis Through a USB Interface Program
4.2.6.1 Hardware Analysis
4.2.6.2 Open adb Through Reverse Analysis
4.2.6.3 Fastboot and Recovery Mode
4.2.6.4 Qualcomm Secure Boot
4.2.6.5 Qualcomm EDL Mode for Firmware Reformatting
4.2.6.6 Another Way to Enter EDL Mode by Viewing lk Source Code
4.2.6.7 Root Devices and Implanted Programs
4.2.6.8 Measures
4.2.7 Example: Analysis of Implantation Vulnerability of a Smart Speaker
4.2.7.1 Serial Interface Debugging
4.2.7.2 Implant Remote Control Program and Monitor
4.2.7.3 Make Use of the Results
4.2.7.4 Solutions
4.2.8 Overview of Vulnerability Mining
4.2.8.1 Tools for Static Analysis
Function and Interface
Hotkey
Plugin
4.2.8.2 Dynamic Analysis and Debugging
4.2.8.3 Automated Vulnerability Mining
4.2.9 Example: Analysis of Remote Code Execution Vulnerability of a Router
4.2.9.1 Construct a Crafted Packet
4.2.9.2 Extract Firmware
4.2.9.3 Find the Vulnerability Trigger Point
4.2.9.4 Construct ROP Chain
Cache Incoherency
Gadgets
Stack Distribution
4.2.9.5 Shellcode: Connect
4.2.9.6 Exploit Script
4.2.9.7 Repair Measures
Part II: Defense Methods for Industrial IoT System
Chapter 5: Techniques for IoT System Security
5.1 Identity Authentication
5.1.1 Introduction to Identity Authentication
5.1.2 Identity Authentication Technology
5.1.3 Identity Authentication Security
5.2 ARM TrustZone Technology
5.2.1 History
5.2.2 Introduction to GlobalPlatform TEE
5.2.3 Introduction to TrustZone
5.2.4 Set Up OP-TEE Development Environment
5.2.4.1 Dependent Library Installation
5.2.4.2 Download OP-TEE
5.2.4.3 Modify the Environment File
5.2.4.4 Compilation Tool Chain and OP-TEE
5.2.4.5 Test OP-TEE
5.2.5 OP-TEE Development
5.2.6 Introduction to OP-TEE Principle
5.3 Intel SGX Technology
5.3.1 Introduction to Intel SGX
5.3.2 Set Up SGX Development Environment
5.3.2.1 Build on Windows Platform
5.3.2.2 Build on Linux Platform
5.3.3 The Verification Program Designs the Password with SGX
5.3.4 Introduction to SGX Principle
5.4 Security OTA
5.4.1 Introduction to OTA
5.4.2 OTA Threat Modeling
5.4.3 Threat Report
5.4.4 Security Measures
Chapter 6: Solutions for IoT System Security
6.1 Introduction to the Solution
6.1.1 Terminal Device
6.1.1.1 Hardware
6.1.1.2 Operating System
6.1.1.3 Firmware
6.1.2 Internet
6.1.3 Cloud Platform
6.2 Introduction to the Implementation of the Security Plan
6.2.1 Identification and Authentication
6.2.2 OTA Firmware Update
6.2.3 Security Protection of Terminal Equipment
๐ SIMILAR VOLUMES
Internet of Things Security-Principles,
โ Brij B. Gupta (Author); Megha Quamara (Author)
๐ Library
๐
2020
๐ CRC Press
<p>The Internet of Things (IoT), with its technological advancements and massive innovations, is building the idea of inter-connectivity among everyday life objects. With an explosive growth in the number of Internet-connected devices, the implications of the idea of IoT on enterprises, individuals,
Practical Industrial Internet of Things
โ Sravani Bhattacharjee
๐ Library
๐
2018
๐ Packt Publishing
๐ English
Internet of Things Security and Privacy:
โ Ali Ismail Awad (editor), Atif Ahmad (editor), Kim-Kwang Raymond Choo (editor),
๐ Library
๐
2023
๐ CRC Press
๐ English
<p><span>The Internet of Things (IoT) concept has emerged partly due to information and communication technology developments and societal needs, expanding the ability to connect numerous objects. The wide range of facilities enabled by IoT has generated a vast amount of data, making cybersecurity a
Precision: Principles, Practices and Sol
โ Timothy Chou
๐ Library
๐ Lulu.com
๐ English
<span>You may not be sure why your coffee pot should talk to your toaster, but precision technology powering an industrial Internet of Things has the potential to reshape the planet. To help clarify, Dr. Timothy Chou has created Precision to introduce us to the basics of the industrial Internet of T
Practical internet of things security :
โ Brian Russell; Drew Van Duren
๐ Library
๐
2018
๐ English