I'll keep you my dirty little secret: Towards automatic detection of bad crypto in Type I embedded devices
I'll keep you my dirty little secret: Towards automatic detection of bad crypto in Type I embedded devices
| Supervisor(s): | Sascha Wessel, Vincent Ahlrichs |
| Status: | finished |
| Topic: | Others |
| Author: | Katharina Bogad |
| Submission: | 2022-02-15 |
| Type of Thesis: | Masterthesis |
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching
|
|
DescriptionComplex embedded devices have become ubiquitous in our lives – be it smartphones, connected plugs or one of the
other countless smart devices like TVs. Historically, powerful embedded devices are not known to have a particularly
good track record in security and privacy. For example, home Wi-Fi routers shipping a full Linux installation have over
the years accumulated a massive pile of CVEs. Many of these bugs were spread over multiple binaries, making automated
discovery difficult if only looked at one program at a time. Additionally, modern embedded systems like LGs WebOS mandate
some kind of split-process microservice architecture for security reasons – some processes can have different sandbox
characteristics than others. In this thesis, we show that this architecture poses an analysis gap when processing one program
at a time and propose a novel method to close this gap using Code Property Graphs. We apply this method to a case study
suffering from the analysis gap and show that we can apply our method to connect data flow across a binary system, which
allows us to reason about the origin of private key material.
|
|