TUM Logo

I'll keep you my dirty little secret: Towards automatic detection of bad crypto in Type I embedded devices

I'll keep you my dirty little secret: Towards automatic detection of bad crypto in Type I embedded devices

Supervisor(s): Sascha Wessel, Vincent Ahlrichs
Status: finished
Topic: Others
Author: Katharina Bogad
Submission: 2022-02-15
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Complex embedded devices have become ubiquitous in our lives – be it smartphones, connected plugs or one of the
other countless smart devices like TVs. Historically, powerful embedded devices are not known to have a particularly
good track record in security and privacy. For example, home Wi-Fi routers shipping a full Linux installation have over
the years accumulated a massive pile of CVEs. Many of these bugs were spread over multiple binaries, making automated
discovery difficult if only looked at one program at a time. Additionally, modern embedded systems like LGs WebOS mandate
some kind of split-process microservice architecture for security reasons – some processes can have different sandbox
characteristics than others. In this thesis, we show that this architecture poses an analysis gap when processing one program
at a time and propose a novel method to close this gap using Code Property Graphs. We apply this method to a case study
suffering from the analysis gap and show that we can apply our method to connect data flow across a binary system, which
allows us to reason about the origin of private key material.