This thesis researches the security of firmware images in the Internet of Things (IoT) and embedded devices. We present an open-source tool, Embedded Binary Analysis Tool (EBAT), designed to analyze cross-architectural firmware image security context. EBAT consists of various modules capable of discovering outdated software for various libraries, particularly on cryptographic libraries, and detecting Common Vulnerabilities and Exposures (CVEs), focusing on firmware's cryptographic libraries. It also detects exploit mitigation techniques on firmware's image binaries and discovers credentials and passwords with a focus on private keys embedded in the firmware image. Additionally, EBAT identifies Application Programming Interfaces (APIs) cryptographic misuses through static taint analysis (backward tracking) on cross-architectural binaries. We presented a total of 18 well-defined cryptographic rules and a list of 733 function calls with more than 1,600 function arguments, applicable in static taint analysis to check the possibility of cryptographic misuses based on 10 well-used open-source cryptographic libraries APIs. EBAT's static taint analysis provides a powerful framework for detecting the possibility of cryptographic misuses in cross-architectural binaries, making it a valuable tool for identifying and addressing vulnerabilities in cryptographic implementation in firmware images.

Using EBAT, we conducted a large-scale analysis of over 36,000 firmware images publicly crawled from the Internet and successfully unpacked over 60% of them. The created dataset of firmware images includes more than 5,000 different products across 33 vendors, spanning more than 20 years and a plethora of various device types. Our findings show that ARM and MIPS are the most prevailed CPU architecture in the IoT/embedded industry. We compared identical binaries across all vendors, revealing a significant percentage of similar binaries used across different vendors' firmware images. Our analysis of firmware binaries reveals a notable absence of exploit mitigation techniques in IoT/embedded firmware images, and we present many firmware images containing private keys, posing potential security threats. Additionally, versions of open-source cryptographic libraries used in firmware images are identified, and the CVEs of the cryptographic libraries are evaluated. Two real-world case studies on hard-coded credentials demonstrate the significance of the large-scale attack presented in this thesis. Hashed passwords, predominantly using outdated algorithms, have also been discovered, and several have been cracked.

The main goal of EBAT is to identify cryptographic misuses in cross-architectural binaries. By applying static taint analysis (backward tracking) to well-defined APIs on specific functions and arguments for 10 open-source cryptographic libraries, we can identify potential violations of cryptographic rules. This analysis was executed on over 1.4 million binaries, revealing that approximately 50% of examined firmware images violated at least one cryptographic rule. Various case studies on real-world vulnerabilities in firmware images are presented, including recent CVEs that are found in various vendors' products. Executing EBAT on those vulnerable firmware images, we tested the effectiveness of our tool to evaluate the automatic capturing of these known vulnerabilities. In addition, performing large-scale analysis on an extensive corpus of firmware images allows us to discover that other firmware images are affected by these known vulnerabilities, in some cases also across various product lines not covered on the public CVEs reports.

In conclusion, EBAT is a valuable resource for researchers working on firmware security. Its automated analysis process, comprehensive modules, and ability to discover possible vulnerabilities, cryptographic misuses at a binary level, and other security weaknesses make it a powerful tool for identifying and mitigating security risks in IoT/embedded devices.

We propose a novel, dynamic analysis-based detection solution for formjackers. The operating principle of these formjackers, or card skimmers on the web, is typically simple, yet effective: when making a payment on webshop that has been infected with a formjacker, the submitted payment information is not just transmitted to the webshop, but also silently to the involved malicious actor. Incidents in the past few years with large numbers of potentially affected customers, in the order of hundreds of thousands to millions, and high fines, in the order of tens of millions, have shown the urgency of addressing the issue of card skimming on the web. Currently, the state of the art in detecting formjackers is that of the cybersecurity industry, whose proprietary detection strategies appear to heavily rely on classical, static-analysis techniques. A drawback of these techniques is that they are less suited to detect new or unknown strands of formjackers. To advance the state of the art and enable a comprehensive, large-scale study of formjackers on the web, we wish to go beyond the traditional `Indicators of Compromise' approach. Instead of building on relatively shallow indicators, such as what formjacker typically look like, or which domains are commonly associated with formjacking campaigns, we propose to look at the underlying, more rudimentary behavior of formjackers, such as accessing data entered into the page. To this end, we introduce and study a detection strategy that ties into these more fundamental behavioral patterns of formjackers by applying dynamic analysis of client-side JavaScript. As an important prerequisite in dynamic analysis, we identify which conditions must be satisfied to elicit malicious behavior in formjackers. We implement two types of dynamic analysis, showing how these conditions can be met in practice. Finally, by crawling various collections of URLs we study the extent to which the proposed detection solution is suited to detect formjackers.

Virtual private networks are often used to secure communication between two hosts and preserve privacy by tunneling all traffic over a single encrypted channel. Previous work has already shown that metadata of different secured channels can be used to fingerprint various kinds of information. In this work, we will dive into the encrypted tunnels as used by VPNs. We have collected automatically generated data of 9 network protocols sent over 8 different VPN solutions with 3 different rates for mixed traffic each. Due to the single combined traffic channel of the VPN, this work had to focus on packet-wise features instead of stream-wise ones, requiring the development of new features compared to related work. Both Random Forest and Markov Chains are trained to distinguish the network protocols by finding the patterns of the protocols in the developed features. We show that it is possible to fingerprint network protocols in all different scenarios based on the metadata available. Moreover, it was found that size features are more important than timing-related ones, especially when padding comes into place. Lastly, we show that obfuscations methods focussing on distorting size or timing patterns solely are not effective enough and future obfuscation methods should incorporate both features.

The Internet consists of many subnetworks, which are connected to each other. These subnetworks are the autonomous systems (ASes) that make up the Internet: each hosts a part of it. In order to successfully determine routes from one of these ASes to the other, the Border Gateway Protocol (BGP) is used. This protocol has several security flaws however, and exploitation of them has lead to parts of the Internet being temporarily unreachable. In order to combat these flaws, several security solutions have been developed already. However, none of these have been deployed on a wide scale yet. As such, this thesis focuses on the question: why not, and what can be done to protect BGP in the future? This thesis includes an analysis of the BGP threat landscape, to find which threats are most relevant, and to find out whether or not solutions have adapted to the threat landscape. It also includes a comparison of solutions on different practical security aspects. From this comparison, I found that no solution is able to prevent attacks if only one autonomous system deploys it. Due to this, I suggest to shift attention to detective security. This thesis also includes an analysis of some detective security schemes, to see which properties of these schemes can be used for a new scheme. This new scheme is designed to comply with a list of requirements, and it uses properties from three other schemes. Development of this scheme is left as future work. Altogether, this thesis should provide a new direction for the future of BGP security.