Open Access iconOpen Access

ARTICLE

crossmark

Adaptive Emulation Framework for Multi-Architecture IoT Firmware Testing

Jihyeon Yu1, Juhwan Kim1, Youngwoo Lee1, Fayozbek Rustamov2, Joobeom Yun1,*

1 Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul, 05006, Korea
2 Department of Computer and Information Security, Sejong University, Seoul, 05006, Korea

* Corresponding Author: Joobeom Yun. Email: email

Computers, Materials & Continua 2023, 75(2), 3291-3315. https://doi.org/10.32604/cmc.2023.035835

Abstract

Internet of things (IoT) devices are being increasingly used in numerous areas. However, the low priority on security and various IoT types have made these devices vulnerable to attacks. To prevent this, recent studies have analyzed firmware in an emulation environment that does not require actual devices and is efficient for repeated experiments. However, these studies focused only on major firmware architectures and rarely considered exotic firmware. In addition, because of the diversity of firmware, the emulation success rate is not high in terms of large-scale analyses. In this study, we propose the adaptive emulation framework for multi-architecture (AEMA). In the field of automated emulation frameworks for IoT firmware testing, AEMA considers the following issues: (1) limited compatibility for exotic firmware architectures, (2) emulation instability when configuring an automated environment, and (3) shallow testing range resulting from structured inputs. To tackle these problems, AEMA can emulate not only major firmware architectures but also exotic firmware architectures not previously considered, such as Xtensa, ColdFire, and reduced instruction set computer (RISC) version five, by implementing a minority emulator. Moreover, we applied the emulation arbitration technique and input keyword extraction technique for emulation stability and efficient test case generation. We compared AEMA with other existing frameworks in terms of emulation success rates and fuzz testing. As a result, AEMA succeeded in emulating 864 out of 1,083 overall experimental firmware and detected vulnerabilities at least twice as fast as the experimental group. Furthermore, AEMA found a 0-day vulnerability in real-world IoT devices within 24 h.

Keywords


Cite This Article

J. Yu, J. Kim, Y. Lee, F. Rustamov and J. Yun, "Adaptive emulation framework for multi-architecture iot firmware testing," Computers, Materials & Continua, vol. 75, no.2, pp. 3291–3315, 2023.



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 680

    View

  • 300

    Download

  • 0

    Like

Share Link