Skip to main content
SpringerLink
Log in

EmuIoTNet: An Emulated IoT Network for Dynamic Analysis

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12918))

Included in the following conference series:

  • 1763 Accesses

Abstract

Dynamic analysis of IoT firmware is an effective method to discover security flaws and vulnerabilities. However, limited by emulation methods concentrating on a single IoT device, it is challenging to find security issues hidden in communication channels. This paper presents EmuIoTNet, a tool capable of automatically building an emulated IoT network for dynamic analysis. First, EmuIoTNet prepares an emulated hardware environment to emulate a number of devices for firmware. Then, it employs network virtualization tools to setup two types of networks, IntraNet and InterNet, which connect emulated devices, companion applications, and cloud endpoints to support many communication protocols. Meanwhile, it reconfigures the IP address of emulated devices at will to support simultaneous operations of multiple users. The experimental results show that EmuIoTNet can automatically build various emulated networks and facilitate security analysis in communication channels.

Supported in part by the National Natural Science Foundation of China under Grant 61972392 and Grant 62072453 and in part by the Youth Innovation Promotion Association of the Chinese Academy of Sciences under Grant 2020164.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Some firmware cannot be extracted if they are encrypted or do not contain a valid file system.

References

  1. Anatomy of an iot malware attack. https://developer.ibm.com/articles/iot-anatomy-iot-malware-attack/

  2. Android-x86. https://www.android-x86.org/

  3. Iot attacks up significantly in first half of 2019. https://www.darkreading.com

  4. Sonicwall: Encrypted attacks, IoT malware surge as global malware volume dips. http://blog.sonicwall.com

  5. Alrawi, O., Lever, C., Antonakakis, M., Monrose, F.: Sok: security evaluation of home-based IoT deployments. In: S&P, pp. 1362–1380 (2019)

    Google Scholar 

  6. Antonakakis, M., et al.: Understanding the mirai botnet. In: USENIX Security Symposium, pp. 1093–1110 (2017)

    Google Scholar 

  7. Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. NDSS 16, 1–16 (2016)

    Google Scholar 

  8. Chen, J., et al.: Iotfuzzer: discovering memory corruptions in IoT through app-based fuzzing. In: NDSS (2018)

    Google Scholar 

  9. Chipounov, V., Kuznetsov, V., Candea, G.: S2e: a platform for in-vivo multi-path analysis of software systems. Acm Sigplan Notices 46(3), 265–278 (2011)

    Article  Google Scholar 

  10. Clements, A.A., et al.: Halucinator: firmware re-hosting through abstraction layer emulation. In: 29th USENIX Security Symposium (USENIX Security 20), pp. 1201–1218 (2020)

    Google Scholar 

  11. Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: USENIX Security Symposium, pp. 95–110 (2014)

    Google Scholar 

  12. Costin, A., Zarras, A., Francillon, A.: Automated dynamic firmware analysis at scale: a case study on embedded web interfaces. In: AsiaCCS, pp. 437–448 (2016)

    Google Scholar 

  13. Davidson, D., Moench, B., Ristenpart, T., Jha, S.: Fie on firmware: finding vulnerabilities in embedded systems using symbolic execution. In: 22nd USENIX Security Symposium (USENIX Security 2013), pp. 463–478 (2013)

    Google Scholar 

  14. Feng, B., Mera, A., Lu, L.: P 2 IM: scalable and hardware-independent firmware testing via automatic peripheral interface modeling. In: USENIX Security Symposium (2020)

    Google Scholar 

  15. Gustafson, E., et al.: Toward the analysis of embedded firmware through automated re-hosting. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 135–150 (2019)

    Google Scholar 

  16. Kammerstetter, M., Burian, D., Kastner, W.: Embedded security testing with peripheral device caching and runtime program state approximation. In: 10th International Conference on Emerging Security Information, Systems and Technologies (SECUWARE) (2016)

    Google Scholar 

  17. Kammerstetter, M., Platzer, C., Kastner, W.: Prospect: peripheral proxying supported embedded code testing. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 329–340 (2014)

    Google Scholar 

  18. Koscher, K., Kohno, T., Molnar, D.: SURROGATES: enabling near-real-time dynamic analyses of embedded systems. In: 9th USENIX Workshop on Offensive Technologies (WOOT 15) (2015)

    Google Scholar 

  19. Li, H., Tong, D., Huang, K., Cheng, X.: Femu: a firmware-based emulation framework for soc verification. In: CODES+ISSS, pp. 257–266 (2010)

    Google Scholar 

  20. Magnusson, P.S., et al.: Simics: a full system simulation platform. Computer 35(2), 50–58 (2002)

    Article  Google Scholar 

  21. Muench, M., Nisi, D., Francillon, A., Balzarotti, D.: Avatar2: a multi-target orchestration platform. Workshop Binary Anal. Res. 18, 1–11 (2018)

    Google Scholar 

  22. Sha, L., Xiao, F., Chen, W., Sun, J.: Iiot-sidefender: detecting and defense against the sensitive information leakage in industry IoT. World Wide Web 21(1), 59–88 (2018)

    Article  Google Scholar 

  23. Srivastava, P., Peng, H., Li, J., Okhravi, H., Shrobe, H., Payer, M.: Firmfuzz: automated IoT firmware introspection and analysis. In: IoT S&P, pp. 15–21 (2019)

    Google Scholar 

  24. Talebi, S.M.S., Tavakoli, H., Zhang, H., Zhang, Z., Sani, A.A., Qian, Z.: Charm: facilitating dynamic analysis of device drivers of mobile systems. In: USENIX Security Symposium, pp. 291–307 (2018)

    Google Scholar 

  25. Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: rethinking network security for the internet-of-things. In: Hot Topics in Networks, pp. 1–7 (2015)

    Google Scholar 

  26. Zaddach, J., Bruno, L., Francillon, A., Balzarotti, D., et al.: Avatar: a framework to support dynamic security analysis of embedded systems’ firmwares. NDSS 14, 1–16 (2014)

    Google Scholar 

  27. Zhang, L., Chen, J., Diao, W., Guo, S., Weng, J., Zhang, K.: Cryptorex: large-scale analysis of cryptographic misuse in IoT devices. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), pp. 151–164 (2019)

    Google Scholar 

  28. Zhang, Z.K., Cho, M.C.Y., Shieh, S.: Emerging security threats and countermeasures in IoT. In: Proceedings of the AsiaCCS, pp. 1–6 (2015)

    Google Scholar 

  29. Zheng, Y., Davanian, A., Yin, H., Song, C., Zhu, H., Sun, L.: Firm-afl: high-throughput greybox fuzzing of IoT firmware via augmented process emulation. In: USENIX Security Symposium, pp. 1099–1114 (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Qin Si

  2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Qin Si, Lei Cui, Lun Li, Zhenquan Ding, Yongji Liu & Zhiyu Hao

Authors
  1. Qin Si
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Cui
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lun Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhenquan Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yongji Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhiyu Hao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lun Li .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Debin Gao

  2. Tsinghua University, Beijing, China

    Qi Li

  3. Xi'an Jiaotong University, Xi'an, China

    Xiaohong Guan

  4. Chongqing University, Chongqing, China

    Xiaofeng Liao

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Si, Q., Cui, L., Li, L., Ding, Z., Liu, Y., Hao, Z. (2021). EmuIoTNet: An Emulated IoT Network for Dynamic Analysis. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds) Information and Communications Security. ICICS 2021. Lecture Notes in Computer Science(), vol 12918. Springer, Cham. https://doi.org/10.1007/978-3-030-86890-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-86890-1_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-86889-5

  • Online ISBN: 978-3-030-86890-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation