KR20200142754A - How to obfuscate return commands and how to execute obfuscated return commands - Google Patents

Abstract

The present invention relates to a return instruction obfuscation method and to an obfuscated return instruction execution method. The method is a return instruction obfuscation method in firmware performed by a controller, and comprises: a step of receiving an encryption key from a secure chip (SE) which exists separately from a controller in a device through an initialization module; a scanning step of searching for an address of an encrypted return instruction existing in a flash memory included in the controller through the initialization module after receiving the encryption key; and an address storage step of collecting the address searched in the scanning step, indexing and storing the address in a static memory (SRAM) included in the controller through the initialization module.

Description

How to obfuscate return commands and how to execute obfuscated return commands}

The present invention relates to a return instruction obfuscation method and an obfuscated return instruction execution method, and more particularly, a method of obfuscation of a return instruction using an initialization module and a Return Control Flow module. How to execute the obfuscated return command using.

IoT technology is rapidly growing as a leader in providing user-oriented intelligent services. IoT devices are used in various fields because they collect data by incorporating sensor network technology and provide services to users based on this, and the number of devices is also rapidly increasing. As such, IoT devices are located where users can easily access them, but from a different perspective, attackers also provide the possibility to access the device. Therefore, IoT devices have new security vulnerabilities due to the attacker's physical access.

Firmware extraction is an action that an attacker can take by exploiting the accessibility of the device. An attacker can extract the micro-controller unit (MCU) chip in the device and analyze the binary of the internal firmware to understand the control flow of the service application. An attacker can perform various security threats based on the analyzed firmware, and a representative threat is a code reuse attack.

Existing security solutions focus on protecting devices from external threats by introducing secure communication and authentication and verification systems through data encryption/decryption. However, since the code reuse attack implements new programming using only the legitimate firmware binary stored in the flash memory, the existing security solution alone could not solve this.

Recently, CFI (Control Flow Integrity) related studies have been steadily progressing to prepare for code reuse attacks. CFI (Control Flow Integrity) refers to a security policy that instructs software execution to flow along the path of the CFG (Control Flow Graph) in advance. However, in an environment of low-end IoT devices, hardware-based encryption methods increase manufacturing cost and are still vulnerable to corresponding protection techniques through firmware extraction attacks. Even if an attacker extracts the firmware, it is necessary not only to prevent code reuse attacks, but also to prepare appropriate security measures for low-end IoT devices.

The present invention proposes a method of obfuscation of a return instruction and a method of executing the obfuscated return instruction in order to prevent the code reuse attack as described above.

[Patent Document 1] Korean Laid-Open Patent Publication No. 10-2017-0055933

The present invention was created to solve the above-described problem, and a method of obfuscation of a return instruction using an initialization module and execution of an obfuscated return instruction using a return control flow module. Its purpose is to provide a method.

The objects of the present invention are not limited to the objects mentioned above, and other objects not mentioned will be clearly understood from the following description.

In order to achieve the above objects, a method of obfuscation of a return instruction and a method of executing an obfuscated return instruction according to an embodiment of the present invention are disclosed. The method is a method of obfuscation of a return command in firmware performed by a controller, the step of receiving an encryption key from a secure element (SE) separate from a controller (MCU) in a device through an initialization module, and After the step of receiving the encryption key, a scanning step of searching for an address of an encrypted return command existing in the flash memory included in the controller (MCU) through an initialization module may be included.

In addition, according to an embodiment of the present invention, the address storage step of collecting the address searched in the scanning step, indexing and storing it in a static memory (SRAM) included in the controller (MCU) through an initialization module is performed. It may contain more.

Further, according to an embodiment of the present invention, after the step of receiving the encryption key, the step of storing the received encryption key in a static memory (SRAM) included in the controller may be further included.

In addition, according to an embodiment of the present invention, the initialization module is inserted into a source binary file through a code instrumentation process, and may be a module independently existing in a flash memory.

In addition, according to an embodiment of the present invention, in a method of executing a return instruction obfuscated by a return instruction obfuscation method in a controller, when executing firmware stored in a flash memory, an encryption key stored in a static memory (SRAM) It may include a runtime step of decrypting the encrypted return instruction by using and executing the decrypted return instruction.

In addition, according to an embodiment of the present invention, the runtime step may further include executing a Return Control Flow module before the controller (MCU) executes the encrypted return command. .

In addition, according to an embodiment of the present invention, the Return Control Flow module is inserted into the source binary file through a code instrumentation process, and is a module that decrypts and executes the encrypted return command, and the controller After executing, when the Return Control Flow module receives a call signal, the step of loading the address stored in the static memory (SRAM), decrypts the encrypted return command using the encryption key, and the decrypted command is stored in the static memory. It may include storing in (SRAM) and executing a decrypted instruction stored in static memory (SRAM).

Specific matters for achieving the above objects will become apparent with reference to embodiments to be described later in detail together with the accompanying drawings.

However, the present invention is not limited to the embodiments disclosed below, but may be configured in various different forms, so that the disclosure of the present invention is complete and those of ordinary skill in the technical field to which the present invention pertains ( Hereinafter, it is provided in order to completely inform the scope of the invention to the "common engineer").

According to an embodiment of the present invention, when firmware is stored in a flash memory in a device, the return instruction is encrypted and stored in only some segments having a branch instruction, thereby enabling driving even in a low-end device.

In addition, by encrypting only some commands used in code reuse attacks, it is possible to not only solve the performance degradation of the device caused by the entire encryption, but also enhance security.

In addition, by inserting a hardware security chip (Secure Element: SE) with enhanced security that exists separately in the device, it is possible to further enhance security by storing the encryption key separately.

In addition, when the firmware is executed, the encryption key is stored in a volatile static memory (SRAM) during the decryption process, thereby enhancing security.

Through the above method, return-oriented programming, a kind of code reuse attack, can be prevented.

The effects of the present invention are not limited to the above-described effects, and the potential effects expected by the technical features of the present invention will be clearly understood from the following description.

Some of the embodiments are shown in the accompanying drawings so that the features of the present disclosure mentioned above may be understood in detail, in a more detailed description, with reference to the following embodiments. In addition, like reference numbers in the drawings are intended to refer to the same or similar functions over several aspects. However, it should be noted that the accompanying drawings show only specific exemplary embodiments of the present invention, and are not considered to limit the scope of the present invention, and other embodiments having the same effect may be sufficiently recognized. Do it.
1 is a flow chart illustrating a method for obfuscation of a return instruction according to an embodiment of the present invention.
2 is a flowchart illustrating a process of a Return Control Flow module according to an embodiment of the present invention.
3 is a diagram illustrating a system architecture of a return instruction obfuscation technique according to an embodiment of the present invention.
4 is a diagram illustrating an initialization process through an initialization module according to an embodiment of the present invention.
5 is a diagram illustrating a runtime process including a return control flow module according to an embodiment of the present invention.

In the present invention, various modifications may be made and various embodiments may be provided, and specific embodiments will be illustrated in the drawings and described in detail.

The various features of the invention disclosed in the claims may be better understood in view of the drawings and detailed description. The apparatus, method, preparation method, and various embodiments disclosed in the specification are provided for illustration purposes. The disclosed structural and functional features are intended to enable a person skilled in the art to specifically implement various embodiments, and are not intended to limit the scope of the invention. The disclosed terms and sentences are intended to describe various features of the disclosed invention in an easy to understand manner, and are not intended to limit the scope of the invention.

In describing the present invention, if it is determined that a detailed description of related known technologies may unnecessarily obscure the subject matter of the present invention, a detailed description thereof will be omitted.

Hereinafter, a method of obfuscation of a return instruction and a method of executing an obfuscated return instruction according to an embodiment of the present invention will be described.

1 is a flow chart illustrating a method for obfuscation of a return instruction according to an embodiment of the present invention.

Referring to FIG. 1, in the method (S10) of obfuscation of the return command in the firmware of the present invention, an encryption key from a security chip (Secure Element: SE) that exists separately from a controller (MCU) in a device through an initialization module. Receiving (S11), after the step of receiving the encryption key, a scanning step (S13) of searching for an address of an encrypted return instruction existing in the flash memory included in the controller (MCU) through an initialization module (S13) and An address storage step (S15) of collecting the address found in the scanning step, indexing and storing the address in the static memory (SRAM) included in the controller (MCU) through an initialization module (S15).

In one embodiment, the return command obfuscation method (S10) includes a step (S11) of receiving an encryption key from a secure element (SE) that exists separately from a controller (MCU) in the device through an initialization module. Can include.

More specifically, in the step of receiving the encryption key (S11), the controller (MCU) may receive the encryption key from a secure element (SE) using an initialization module inserted in the flash memory. After the step of receiving the encryption key, it may include storing the received encryption key in a static memory (SRAM) included in the controller.

In one embodiment, the return command obfuscation method (S10) is, after the step of receiving the encryption key, of the encrypted return command present in the code segment in the flash memory included in the controller (MCU) through the initialization module. A scanning step S13 of searching for an address may be included. The controller (MCU) can determine the address address by comparing the operation code value of the encrypted return instruction for address search.

In one embodiment, the return instruction obfuscation method (S10) collects the address found in the scanning step, and indexes and stores the address in a static memory (SRAM) included in the controller (MCU) through an initialization module. It may include a storage step (S15). When the firmware is executed later, it can be indexed and stored in the return table in the static memory (SRAM) for use in the decryption process.

The code segment may be a code including a branch instruction in the source binary file. By encrypting only the code with branch instructions rather than encrypting the entire code, it can run even on low-end IoT devices and enhance security.

The hardware security chip (SE) 210 is a hardware security chip (SE) that exists separately from the controller (MCU) in the device. By storing the security key in a separate hardware security chip (SE), the risk of leakage of the encryption key is reduced. Can be reduced.

The initialization module is inserted into the source binary file through a code instrumentation process, and may be a module that independently exists in the flash memory.

2 is a flowchart illustrating a process of a Return Control Flow module according to an embodiment of the present invention.

Referring to FIG. 2, in the method of executing the return command obfuscated by the return command obfuscation method, when executing the firmware previously stored in the flash memory, an encrypted return using an encryption key stored in a static memory (SRAM) It may include a runtime step of decoding the command and executing the decoded return command. The runtime step may further include executing the return control flow module S20 before the controller (MCU) executes the encrypted return command.

More specifically, in the runtime phase, the last instruction is stored in encrypted form in the code segment, and the Return Control Flow module (return control flow) module (return control flow) before the controller (MCU) executes the encrypted return instruction in the code segment. S20) can be executed. The Return Control Flow module (S20) is a module that decrypts and executes the encrypted return command inserted in the source binary file, and the controller executes the firmware, and the Return Control Flow module sends a call signal. Upon receipt, the controller (MCU) loads the address of the encrypted return instruction to be decrypted by referring to the return table stored in the static memory (SRAM) in the device (S21), and initializes the loaded encrypted return instruction in the initialization process. Decryption using the received encryption key, and storing the decrypted command in static memory (SRAM) (S23), and executing the decrypted command stored in static memory (SRAM) (S25). have.

3 is a diagram illustrating a system architecture of a return instruction obfuscation technique according to an embodiment of the present invention.

3, the system architecture 100 is instrumented through a code instrumentation process of inserting two modules, an initialization module and a return control flow module, into an original source binary file. Source files can be created. Afterwards, a binary modification process in which the return command is encrypted and rewritten in the flash memory area in the controller (MCU) is performed to finally generate the rewritten binary file.

Code instrumentation refers to a function that monitors or measures the performance level of a product to diagnose errors in an executable file or write trace information. Instrumentation can be implemented in the form of code commands that monitor specific components in the system. However, since most IoT devices are manufactured in a form that does not have an operating system as a limited environment such as miniaturization and low power, it is difficult to use a dynamic instrumentation method to check system errors using a backdoor. Therefore, in this patent, in order to perform code instrumentation, it is possible to use a static code instrumentation method in which the inserted module is directly inserted at the time when the return instruction is executed and the time when the main function is executed.

By modifying the linker scripter, the two inserted modules can be stored and managed in separate sections. Therefore, you can modify the linker scripter to create an independent region and store the module's source code.

The purpose of binary modification is to store the return instruction such as pop in the flash memory in the IoT device in an encrypted state. As described above, since most low-spec IoT devices do not have an OS, it is impossible to check commands using a backdoor. Therefore, it is necessary to insert the binary code for checking directly into the firmware binary. Commands encrypted through binary modification can be safely decrypted and executed later by the Initialization module and the Return Control Flow module.

Two modules to be inserted through code instrumentation are an initialization module that collects encrypted instruction information and stores the address in a table in the static memory (SRAM) area, and an encrypted instruction at runtime of the firmware. It consists of a Return Control Flow module that safely executes the operation.

A description of an initialization process through an initialization module and a description of a runtime process including a return control flow module will be described later in detail in the descriptions of FIGS. 4 and 5, respectively. do.

4 is a diagram illustrating an initialization process through an initialization module according to an embodiment of the present invention.

Referring to FIG. 4, in the initialization process, the controller (MCU) receives an encryption key from a hardware security chip (SE) that exists separately in the device through an initialization module existing in the flash memory and encrypts the return command. The encryption key receiving step, the scanning step of searching for the address of the encrypted return instruction existing in the code segment in the flash memory, and the address storage step of collecting the searched address and indexing it in the return table in the static memory (SRAM) are performed. Can include.

More specifically, in the step of receiving the encryption key, when the initialization module is executed, the controller (MCU) communicates with the initialization module existing in the flash memory and the hardware security chip SE separately existing in the device. It may be a step of receiving an encryption key through. The received encryption key has a data length of 16 bytes using the AES128 encryption algorithm. The exchange message between the initialization module and the hardware security chip (SE) communicates in an encrypted state, and the encryption key used for encryption can be safely generated and stored in the initialization module and the hardware security chip (SE). .

Further, the scanning step may be a step of searching for an address of an encrypted return command existing in a code segment in the flash memory when the encryption key is received through the step of receiving the encryption key. For search, the address address can be determined by comparing the operation code value of the return instruction.

In addition, the address storage step may be a step of indexing and storing the address of the return instruction searched in the scanning step in a return table in the static memory (SRAM). This table can be used later for demodulation. Since this return table exists in the static memory (SRAM) area, which is a volatile memory, it does not leave traces when the device is booted, and analysis may be impossible by simply extracting the firmware.

5 is a diagram illustrating a runtime process including a return control flow module according to an embodiment of the present invention.

Referring to FIG. 5, in the runtime step, the last instruction is stored in an encrypted form in a code segment, and a return control flow is performed before the controller (MCU) executes the encrypted return instruction in the code segment. You can run the module. The Return Control Flow module (S20) is a module that decrypts and executes the encrypted return command inserted in the source binary file, and the controller executes the firmware, and the Return Control Flow module (S20) is Upon receiving the call signal, the controller (MCU) refers to the return table stored in the static memory (SRAM) in the device and loads the address of the encrypted return instruction to be decrypted (S21), and initializes the loaded encrypted return instruction (Initialization). Decrypting using the encryption key received in step ), storing the decrypted command in a static memory (SRAM) (S23) and executing the decrypted command stored in the static memory (SRAM) (S25) It can be a module.

More specifically, in the case of the original code segment of FIG. 5, when the foo function in the original source code executes all of a series of instructions and a pop instruction, which is the last instruction, is issued, the control blur is changed to the previously called func function.

On the other hand, in the case of the re-written code segment, the last instruction, the pop instruction, is stored in an encrypted form (enc_ins), and all the instructions of the foo function are executed in the source code, and the encrypted pop instruction ( Before enc_ins) comes out, the Return Control Flow module is inserted. In addition, the following operations may be sequentially performed by adding a command to execute a Return Control Flow module before the encrypted pop command (enc_ins) is executed.

In addition, referring to FIG. 5, the direct call indicated by a solid line simply means an instruction in the next order of the previous instruction, so it is not subject to protection, and the indirect call indicated by a broken line refers to the previous instruction and moves to the next instruction. It is a command that needs protection.

For example, “b Ex_Ret_CF” written and inserted by the developer before the encrypted pop command (enc_ins) comes out in the foo function can call the Return Control Flow module. The called Return Control Flow module can execute pre-stored commands. The Return Control Flow module may include instructions of load enc_ins, decryption, and execution of an encrypted return instruction. When entering the return control flow module, the encrypted return instruction address load (load enc_ins) can load the address address of the currently encrypted instruction to be decrypted by referring to the return table stored in the static memory (SRAM). For decryption, the loaded enc_ins can be decrypted with the encryption key received from the Initialization module. Execution can be returned to the func function by executing the decoded instruction stored in static memory (SRAM). Through the above series of operations, all return instructions stored in the code segment are obfuscated, and the Return Control Flow module can be decrypted and executed only when the instruction is executed. The above example is only an example for describing the present disclosure, and the present disclosure is not limited thereto.

The above description is merely illustrative of the technical idea of the present invention, and various changes and modifications may be made to those skilled in the art without departing from the essential characteristics of the present invention.

Accordingly, the embodiments disclosed in the present specification are not intended to limit the technical spirit of the present invention, but are intended to be described, and the scope of the present invention is not limited by these embodiments.

The scope of protection of the present invention should be interpreted by the claims, and all technical ideas within the scope equivalent thereto should be understood as being included in the scope of the present invention.

Claims (7)

In the method of obfuscation of the return command in the firmware performed by the controller,
Receiving an encryption key from a secure element (SE) that exists separately from the controller in the device through an initialization module; And
After the step of receiving the encryption key, a scanning step of searching for an address of an encrypted return command existing in a flash memory included in the controller through the initialization module,
How to obfuscate the return instruction.
The method of claim 1,
An address storage step of collecting the address searched in the scanning step, indexing and storing the address in the static memory (SRAM) included in the controller through the initialization module,
How to obfuscate the return instruction.
The method of claim 1,
After the step of receiving the encryption key,
Further comprising the step of storing the received encryption key in a static memory (SRAM) included in the controller,
How to obfuscate the return instruction.
The method of claim 1,
The initialization module (Initialization Module),
A module that is inserted into a source binary file through a code instrumentation process and independently exists in the flash memory,
How to obfuscate the return instruction.
In the method of executing the return instruction obfuscated by the return instruction obfuscation method of claims 1 to 3 in a controller,
When executing the firmware previously stored in the flash memory, the encrypted return command is decrypted using an encryption key stored in a static memory (SRAM), and a runtime step of executing the decrypted return command,
How to execute obfuscated return command.
The method of claim 5,
The run (Runtime) step,
Further comprising the step of executing a Return Control Flow module before the controller executes the encrypted return command,
How to execute obfuscated return command.
The method of claim 6,
The return control flow module,
A module that is inserted into a source binary file through a code instrumentation process, and decrypts and executes the encrypted return command,
When the controller executes the firmware and the Return Control Flow module receives a call signal,
Loading an address stored in the static memory (SRAM);
Decrypting the encrypted return command using the encryption key and storing the decrypted command in a static memory (SRAM); And
Including the step of executing the decoded instruction stored in the static memory (SRAM),
How to execute obfuscated return command.

Images