學術產出-Theses
Article View/Open
Publication Export
-
題名 物聯網應用程式之資訊洩漏評估
Information leakage estimation of IoT applications作者 方元廷
Fang, Yuan-Ting貢獻者 郁方
Fang, Yu
方元廷
Fang, Yuan-Ting關鍵詞 物聯網
資訊洩漏
符號執行
Python
旁通道攻擊日期 2018 上傳時間 29-Aug-2018 15:48:31 (UTC+8) 摘要 隨著硬體的速度與價格高速的進步之下,物聯網已經逐漸成為我們生活中的一部分。為了避免物聯網應用程式遭到濫用,我們時常可以在程式中看到驗證相關的功能。然而若是這些驗證功能會於程式執行時產生資訊洩漏的情況,將會是對系統驗證機制的一大威脅,同時也為有心人士打開一道後門。旁通道攻擊即為一種藉由觀測程式的執行來取得程式內部資訊的方法。本篇文章提出了指令層級的方法去評估物聯網應用程式的資訊洩漏情形。首先我們將Python之操作碼轉成控制流程圖,在依照控制流程圖上的順序,依照深度優先原則來符號化執行指令,最終產生路徑條件與指令組,並將指令組視為觀測值。最後,我們依據觀測值的異同,利用Automata Based model Counter來估算路徑發生的次數,並計算其發生機率。而利用這些機率,我們可以求出shannon entropy,並以此數據評估此程式之資訊洩漏情形。
With rapidly growing cheaper and faster devices and connections, the Internetof Things (IoT) techniques gradually become ubiquitous and soon to be a part ofour lives. In order to prevent IoT applications from being abused, it is often to seeauthentication functionality in programs. However, if these programs leak secretsduring execution, it may damage the authentication mechanism and thus opens abackdoor for people with malicious intentions. Side channel attack that observesexecution differences is a way to get the secret behind programs.This paper presents an instruction-level technique to estimate information leakageof IoT applications. To facilitate analysis on IoT applications, we first parsepython opcodes to construct the control flow graph (CFG), and symbolically executethis code by traversing the CFG with depth first strategy to generate pathconstraints and their instruction sets as observables. Finally we make use of theAutomata Based model Counter (ABC) to perform model counting for each observableof path execution. Calculating shannon entropy with the probabilities of pathexecutions enables us to evaluate information leakage of target programs.參考文獻 [1] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things (iot): Avision, architectural elements, and future directions,” Future generation computersystems, vol. 29, no. 7, pp. 1645–1660, 2013.[2] I. Lee and K. Lee, “The internet of things (iot): Applications, investments, andchallenges for enterprises,” Business Horizons, vol. 58, no. 4, pp. 431–440, 2015.[3] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internetof things: A survey on enabling technologies, protocols, and applications,” IEEECommunications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.[4] A. Kamilaris, F. Gao, F. X. Prenafeta-Boldú, and M. I. Ali, “Agri-iot: A semanticframework for internet of things-enabled smart farming applications,” in Internet ofThings (WF-IoT), 2016 IEEE 3rd World Forum on, pp. 442–447, IEEE, 2016.[5] P. A. Laplante and N. Laplante, “The internet of things in healthcare: Potentialapplications and challenges,” IT Professional, vol. 18, no. 3, pp. 2–4, 2016.[6] Y. Jie, J. Y. Pei, L. Jun, G. Yun, and X. Wei, “Smart home system based on iottechnologies,” in Computational and Information Sciences (ICCIS), 2013 Fifth InternationalConference on, pp. 1789–1791, IEEE, 2013.[7] S. Kalra and S. K. Sood, “Secure authentication scheme for iot and cloud servers,”Pervasive and Mobile Computing, vol. 24, pp. 210–223, 2015.[8] E. Brier and M. Joye, “Weierstraß elliptic curves and side-channel attacks,” in InternationalWorkshop on Public Key Cryptography, pp. 335–345, Springer, 2002.[9] W. Schindler, K. Lemke, and C. Paar, “A stochastic model for differential side channelcryptanalysis,” in International Workshop on Cryptographic Hardware and EmbeddedSystems, pp. 30–46, Springer, 2005.[10] Y. Zhang, “Cache side channels: State of the art and research opportunities,” in Proceedingsof the 2017 ACM SIGSAC Conference on Computer and CommunicationsSecurity - CCS 17, 2017.[11] J. Chen, Y. Feng, and I. Dillig, “Precise detection of side-channel vulnerabilitiesusing quantitative cartesian hoare logic,” in Proceedings of the 2017 ACM SIGSACConference on Computer and Communications Security - CCS 17, 2017.[12] C. S. Pasareanu, Q.-S. Phan, and P. Malacaria, “Multi-run side-channel analysis usingsymbolic execution and max-smt,” in Computer Security Foundations Symposium(CSF), 2016 IEEE 29th, pp. 387–400, IEEE, 2016.[13] P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss,and other systems,” in Annual International Cryptology Conference, pp. 104–113,Springer, 1996.[14] Z. Tao, F. Ming-Yu, and F. Bo, “Side-channel attack on biometric cryptosystembased on keystroke dynamics,” in Data, Privacy, and E-Commerce, 2007. ISDPE2007. The First International Symposium on, pp. 221–223, IEEE, 2007.[15] K. Suzaki, K. Iijima, T. Yagi, and C. Artho, “Software side channel attack on memorydeduplication,” in ACM Symposium on Operating Systems Principles (SOSP 2011),Poster session, 2011.[16] N. J. Al Fardan and K. G. Paterson, “Lucky thirteen: Breaking the tls and dtls recordprotocols,” in Security and Privacy (SP), 2013 IEEE Symposium on, pp. 526–540,IEEE, 2013.[17] Q.-S. Phan, L. Bang, C. S. Pasareanu, P. Malacaria, and T. Bultan, “Synthesisof adaptive side-channel attacks,” in Computer Security Foundations Symposium(CSF), 2017 IEEE 30th, pp. 328–342, IEEE, 2017.[18] J. Newsome and D. Song, “Dynamic taint analysis for automatic detection, analysis,and signature generation of exploits on commodity software,” 2005[19] A. Aggarwal and P. Jalote, “Integrating static and dynamic analysis for detectingvulnerabilities,” in Computer Software and Applications Conference, 2006. COMPSAC’06. 30th Annual International, vol. 1, pp. 343–350, IEEE, 2006.[20] P. Godefroid, N. Klarlund, and K. Sen, “Dart: directed automated random testing,”in ACM Sigplan Notices, vol. 40, pp. 213–223, ACM, 2005.[21] N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for detectingweb application vulnerabilities,” in Security and Privacy, 2006 IEEE Symposium on,pp. 6–pp, IEEE, 2006.[22] J. C. King, “Symbolic execution and program testing,” Communications of the ACM,vol. 19, no. 7, pp. 385–394, 1976.[23] W. Visser, C. S. Pˇasˇareanu, and S. Khurshid, “Test input generation with javapathfinder,” ACM SIGSOFT Software Engineering Notes, vol. 29, no. 4, pp. 97–107,2004.[24] T. Xie, D. Marinov, W. Schulte, and D. Notkin, “Symstra: A framework for generatingobject-oriented unit tests using symbolic execution,” in International Conferenceon Tools and Algorithms for the Construction and Analysis of Systems, pp. 365–381,Springer, 2005.[25] C. S. Pasareanu, M. B. Dwyer, and W. Visser, “Finding feasible counter-exampleswhen model checking abstracted java programs,” in International Conference onTools and Algorithms for the Construction and Analysis of Systems, pp. 284–298,Springer, 2001.[26] C. Csallner and Y. Smaragdakis, “Check’n’crash: combining static checking and testing,”in Proceedings of the 27th international conference on Software engineering,pp. 422–431, ACM, 2005.[27] C. S. Pasareanu, W. Visser, D. Bushnell, J. Geldenhuys, P. Mehlitz, and N. Rungta,“Symbolic pathfinder: integrating symbolic execution with model checking for java bytecode analysis,” Automated Software Engineering, vol. 20, no. 3, pp. 391–425,2013.[28] C. Cadar, D. Dunbar, D. R. Engler, et al., “Klee: Unassisted and automatic generationof high-coverage tests for complex systems programs.,” in OSDI, vol. 8, pp. 209–224, 2008.[29] K. Sen, D. Marinov, and G. Agha, “Cute: a concolic unit testing engine for c,” inACM SIGSOFT Software Engineering Notes, vol. 30, pp. 263–272, ACM, 2005.[30] S. Mechtaev, J. Yi, and A. Roychoudhury, “Angelix: Scalable multiline program patchsynthesis via symbolic analysis,” in Software Engineering (ICSE), 2016 IEEE/ACM38th International Conference on, pp. 691–701, IEEE, 2016.[31] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contractssmarter,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer andCommunications Security, CCS ’16, (New York, NY, USA), pp. 254–269, ACM,2016.[32] 0vercl0k, “stuffz/python’s internals.” https://github.com/0vercl0k/stuffz, 2013.[33] C. Barrett, A. Stump, C. Tinelli, et al., “The smt-lib standard: Version 2.0,” in Proceedingsof the 8th International Workshop on Satisfiability Modulo Theories (Edinburgh,England), vol. 13, p. 14, 2010.[34] A. Aydin, L. Bang, and T. Bultan, “Automata-based model counting for string constraints,”in International Conference on Computer Aided Verification, pp. 255–272,Springer, 2015. 描述 碩士
國立政治大學
資訊管理學系
105356018資料來源 http://thesis.lib.nccu.edu.tw/record/#G0105356018 資料類型 thesis dc.contributor.advisor 郁方 zh_TW dc.contributor.advisor Fang, Yu en_US dc.contributor.author (Authors) 方元廷 zh_TW dc.contributor.author (Authors) Fang, Yuan-Ting en_US dc.creator (作者) 方元廷 zh_TW dc.creator (作者) Fang, Yuan-Ting en_US dc.date (日期) 2018 en_US dc.date.accessioned 29-Aug-2018 15:48:31 (UTC+8) - dc.date.available 29-Aug-2018 15:48:31 (UTC+8) - dc.date.issued (上傳時間) 29-Aug-2018 15:48:31 (UTC+8) - dc.identifier (Other Identifiers) G0105356018 en_US dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/119720 - dc.description (描述) 碩士 zh_TW dc.description (描述) 國立政治大學 zh_TW dc.description (描述) 資訊管理學系 zh_TW dc.description (描述) 105356018 zh_TW dc.description.abstract (摘要) 隨著硬體的速度與價格高速的進步之下,物聯網已經逐漸成為我們生活中的一部分。為了避免物聯網應用程式遭到濫用,我們時常可以在程式中看到驗證相關的功能。然而若是這些驗證功能會於程式執行時產生資訊洩漏的情況,將會是對系統驗證機制的一大威脅,同時也為有心人士打開一道後門。旁通道攻擊即為一種藉由觀測程式的執行來取得程式內部資訊的方法。本篇文章提出了指令層級的方法去評估物聯網應用程式的資訊洩漏情形。首先我們將Python之操作碼轉成控制流程圖,在依照控制流程圖上的順序,依照深度優先原則來符號化執行指令,最終產生路徑條件與指令組,並將指令組視為觀測值。最後,我們依據觀測值的異同,利用Automata Based model Counter來估算路徑發生的次數,並計算其發生機率。而利用這些機率,我們可以求出shannon entropy,並以此數據評估此程式之資訊洩漏情形。 zh_TW dc.description.abstract (摘要) With rapidly growing cheaper and faster devices and connections, the Internetof Things (IoT) techniques gradually become ubiquitous and soon to be a part ofour lives. In order to prevent IoT applications from being abused, it is often to seeauthentication functionality in programs. However, if these programs leak secretsduring execution, it may damage the authentication mechanism and thus opens abackdoor for people with malicious intentions. Side channel attack that observesexecution differences is a way to get the secret behind programs.This paper presents an instruction-level technique to estimate information leakageof IoT applications. To facilitate analysis on IoT applications, we first parsepython opcodes to construct the control flow graph (CFG), and symbolically executethis code by traversing the CFG with depth first strategy to generate pathconstraints and their instruction sets as observables. Finally we make use of theAutomata Based model Counter (ABC) to perform model counting for each observableof path execution. Calculating shannon entropy with the probabilities of pathexecutions enables us to evaluate information leakage of target programs. en_US dc.description.tableofcontents 1 Introduction 12 Related Work 32.1 Side Channel Attack 32.2 Vulnerability Detection 42.3 Symbolic Execution 42.4 Information Leakage Estimation 63 A Motivating Example 74 Methodology 114.1 Program Extraction 114.1.1 Code Disassembly 114.1.2 Control Flow Graph Construction 134.2 Constraint Generation 164.2.1 Symbolic Execution 204.2.2 Parameterized Path Constraints Generation 244.2.3 SMT Constraint Generation 274.3 Leakage Estimation 304.3.1 Model Counting 304.3.2 Entropy Calculation 305 Experiments 315.1 Password Checking 315.2 Codes of an Open-sourced Project 356 Conclusion 42References 43 zh_TW dc.format.extent 1167569 bytes - dc.format.mimetype application/pdf - dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0105356018 en_US dc.subject (關鍵詞) 物聯網 zh_TW dc.subject (關鍵詞) 資訊洩漏 zh_TW dc.subject (關鍵詞) 符號執行 zh_TW dc.subject (關鍵詞) Python zh_TW dc.subject (關鍵詞) 旁通道攻擊 zh_TW dc.title (題名) 物聯網應用程式之資訊洩漏評估 zh_TW dc.title (題名) Information leakage estimation of IoT applications en_US dc.type (資料類型) thesis en_US dc.relation.reference (參考文獻) [1] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things (iot): Avision, architectural elements, and future directions,” Future generation computersystems, vol. 29, no. 7, pp. 1645–1660, 2013.[2] I. Lee and K. Lee, “The internet of things (iot): Applications, investments, andchallenges for enterprises,” Business Horizons, vol. 58, no. 4, pp. 431–440, 2015.[3] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internetof things: A survey on enabling technologies, protocols, and applications,” IEEECommunications Surveys & Tutorials, vol. 17, no. 4, pp. 2347–2376, 2015.[4] A. Kamilaris, F. Gao, F. X. Prenafeta-Boldú, and M. I. Ali, “Agri-iot: A semanticframework for internet of things-enabled smart farming applications,” in Internet ofThings (WF-IoT), 2016 IEEE 3rd World Forum on, pp. 442–447, IEEE, 2016.[5] P. A. Laplante and N. Laplante, “The internet of things in healthcare: Potentialapplications and challenges,” IT Professional, vol. 18, no. 3, pp. 2–4, 2016.[6] Y. Jie, J. Y. Pei, L. Jun, G. Yun, and X. Wei, “Smart home system based on iottechnologies,” in Computational and Information Sciences (ICCIS), 2013 Fifth InternationalConference on, pp. 1789–1791, IEEE, 2013.[7] S. Kalra and S. K. Sood, “Secure authentication scheme for iot and cloud servers,”Pervasive and Mobile Computing, vol. 24, pp. 210–223, 2015.[8] E. Brier and M. Joye, “Weierstraß elliptic curves and side-channel attacks,” in InternationalWorkshop on Public Key Cryptography, pp. 335–345, Springer, 2002.[9] W. Schindler, K. Lemke, and C. Paar, “A stochastic model for differential side channelcryptanalysis,” in International Workshop on Cryptographic Hardware and EmbeddedSystems, pp. 30–46, Springer, 2005.[10] Y. Zhang, “Cache side channels: State of the art and research opportunities,” in Proceedingsof the 2017 ACM SIGSAC Conference on Computer and CommunicationsSecurity - CCS 17, 2017.[11] J. Chen, Y. Feng, and I. Dillig, “Precise detection of side-channel vulnerabilitiesusing quantitative cartesian hoare logic,” in Proceedings of the 2017 ACM SIGSACConference on Computer and Communications Security - CCS 17, 2017.[12] C. S. Pasareanu, Q.-S. Phan, and P. Malacaria, “Multi-run side-channel analysis usingsymbolic execution and max-smt,” in Computer Security Foundations Symposium(CSF), 2016 IEEE 29th, pp. 387–400, IEEE, 2016.[13] P. C. Kocher, “Timing attacks on implementations of diffie-hellman, rsa, dss,and other systems,” in Annual International Cryptology Conference, pp. 104–113,Springer, 1996.[14] Z. Tao, F. Ming-Yu, and F. Bo, “Side-channel attack on biometric cryptosystembased on keystroke dynamics,” in Data, Privacy, and E-Commerce, 2007. ISDPE2007. The First International Symposium on, pp. 221–223, IEEE, 2007.[15] K. Suzaki, K. Iijima, T. Yagi, and C. Artho, “Software side channel attack on memorydeduplication,” in ACM Symposium on Operating Systems Principles (SOSP 2011),Poster session, 2011.[16] N. J. Al Fardan and K. G. Paterson, “Lucky thirteen: Breaking the tls and dtls recordprotocols,” in Security and Privacy (SP), 2013 IEEE Symposium on, pp. 526–540,IEEE, 2013.[17] Q.-S. Phan, L. Bang, C. S. Pasareanu, P. Malacaria, and T. Bultan, “Synthesisof adaptive side-channel attacks,” in Computer Security Foundations Symposium(CSF), 2017 IEEE 30th, pp. 328–342, IEEE, 2017.[18] J. Newsome and D. Song, “Dynamic taint analysis for automatic detection, analysis,and signature generation of exploits on commodity software,” 2005[19] A. Aggarwal and P. Jalote, “Integrating static and dynamic analysis for detectingvulnerabilities,” in Computer Software and Applications Conference, 2006. COMPSAC’06. 30th Annual International, vol. 1, pp. 343–350, IEEE, 2006.[20] P. Godefroid, N. Klarlund, and K. Sen, “Dart: directed automated random testing,”in ACM Sigplan Notices, vol. 40, pp. 213–223, ACM, 2005.[21] N. Jovanovic, C. Kruegel, and E. Kirda, “Pixy: A static analysis tool for detectingweb application vulnerabilities,” in Security and Privacy, 2006 IEEE Symposium on,pp. 6–pp, IEEE, 2006.[22] J. C. King, “Symbolic execution and program testing,” Communications of the ACM,vol. 19, no. 7, pp. 385–394, 1976.[23] W. Visser, C. S. Pˇasˇareanu, and S. Khurshid, “Test input generation with javapathfinder,” ACM SIGSOFT Software Engineering Notes, vol. 29, no. 4, pp. 97–107,2004.[24] T. Xie, D. Marinov, W. Schulte, and D. Notkin, “Symstra: A framework for generatingobject-oriented unit tests using symbolic execution,” in International Conferenceon Tools and Algorithms for the Construction and Analysis of Systems, pp. 365–381,Springer, 2005.[25] C. S. Pasareanu, M. B. Dwyer, and W. Visser, “Finding feasible counter-exampleswhen model checking abstracted java programs,” in International Conference onTools and Algorithms for the Construction and Analysis of Systems, pp. 284–298,Springer, 2001.[26] C. Csallner and Y. Smaragdakis, “Check’n’crash: combining static checking and testing,”in Proceedings of the 27th international conference on Software engineering,pp. 422–431, ACM, 2005.[27] C. S. Pasareanu, W. Visser, D. Bushnell, J. Geldenhuys, P. Mehlitz, and N. Rungta,“Symbolic pathfinder: integrating symbolic execution with model checking for java bytecode analysis,” Automated Software Engineering, vol. 20, no. 3, pp. 391–425,2013.[28] C. Cadar, D. Dunbar, D. R. Engler, et al., “Klee: Unassisted and automatic generationof high-coverage tests for complex systems programs.,” in OSDI, vol. 8, pp. 209–224, 2008.[29] K. Sen, D. Marinov, and G. Agha, “Cute: a concolic unit testing engine for c,” inACM SIGSOFT Software Engineering Notes, vol. 30, pp. 263–272, ACM, 2005.[30] S. Mechtaev, J. Yi, and A. Roychoudhury, “Angelix: Scalable multiline program patchsynthesis via symbolic analysis,” in Software Engineering (ICSE), 2016 IEEE/ACM38th International Conference on, pp. 691–701, IEEE, 2016.[31] L. Luu, D.-H. Chu, H. Olickel, P. Saxena, and A. Hobor, “Making smart contractssmarter,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer andCommunications Security, CCS ’16, (New York, NY, USA), pp. 254–269, ACM,2016.[32] 0vercl0k, “stuffz/python’s internals.” https://github.com/0vercl0k/stuffz, 2013.[33] C. Barrett, A. Stump, C. Tinelli, et al., “The smt-lib standard: Version 2.0,” in Proceedingsof the 8th International Workshop on Satisfiability Modulo Theories (Edinburgh,England), vol. 13, p. 14, 2010.[34] A. Aydin, L. Bang, and T. Bultan, “Automata-based model counting for string constraints,”in International Conference on Computer Aided Verification, pp. 255–272,Springer, 2015. zh_TW dc.identifier.doi (DOI) 10.6814/THE.NCCU.MIS.021.2018.A05 -
