摘要
随着物联网技术与电力行业生产结合日益紧密,越来越多的电力物联网智能终端在电力生产中发挥重要作用。但鉴于物联网安全领域专业性,公司用户无法全面了解电力物联网智能终端的安全风险和漏洞,无法满足大量的安全性评估需求。基于电力物联网智能终端的主要安全风险,对其固件进行安全测试、分析,实现了对常规漏洞、硬编码口令、潜在安全风险等方面的检测;利用模糊测试、远程扫描等策略实现了对电力物联网智能终端在线设备的漏洞挖掘测试。实验结果表明,进行的研究可以有效检测电力物联网智能终端设备固件安全性并对在线设备进行漏洞挖掘测试,满足公司对电力物联网智能终端的安全要求。
With the increasingly close integration of IoT technology and power industry production, more and more IoT terminal devices are playing an important role in power production. However, in view of the professionalism in the field of IoT security, company users cannot fully understand the security risks and vulnerabilities of power IoT intelligent terminals and cannot meet a large number of security assessment needs. Based on the main security risks of power IoT terminal device, ordinary vulnerabilities, hardcoded messages and potential safety risks are tested through firmware safety testing and analysis;fuzzy testing, remote scanning and other strategies are employed to achieve the vulnerability mining test on the online device of the IoT terminal. The experimental results show that the research conducted in this paper can effectively detect the firmware security of the power IoT terminal device and conduct vulnerability mining tests on online devices to meet the company’s security requirements for intelligent terminals of power IoT.
作者
孙昌华
李景
戴桦
汤晓冬
崔崟
SUN Changhua;LI Jing;DAI Hua;TANG Xiaodong;CUI Yin(State Grid Zhejiang Electric Power Research Institute,Hangzhou 310014,China;Shanghai Wudun Information Technology Co.,Ltd.,Shanghai 200000,China)
出处
《浙江电力》
2021年第1期24-28,共5页
Zhejiang Electric Power
关键词
电力物联网智能终端
固件安全
安全检测
模糊测试
漏洞挖掘
IoT intelligent terminal
firmware security
security testing
fuzz testing
vulnerability mining
