Computer Science ›› 2016, Vol. 43 ›› Issue (9): 188-191.doi: 10.11896/j.issn.1002-137X.2016.09.037

Previous Articles     Next Articles

Research and Implementation of EFI OS Loader Security Reinforcement Technology

WU Wei-min, CHEN Dong-xin, LAI Wen-xin and SU Qing   

  • Online:2018-12-01 Published:2018-12-01

Abstract: By analyzing the safety of architecture and boot procedure of unified extensible firmware interface (UEFI),it is found that the credibility verification of EFI OS Loader has security risks,which can lead to the hijack of Windows startup process.To avoid the security risks,considering from the three layers of file isolation protection,boot authentication and system critical region protection,a three-layer security reinforcement plan based on USB Key,the dynamic password cell phone token and EFI antivirus software was proposed.Storing the EFI OS Loader file in the USB Key and encrypting it can achieve the file protection.The dynamic password authentication server is placed in the USB Key,and the combination of both mechanism can achieve a high intensity boot authentication.Designing and developing an EFI application security software following the UEFI specification can achieve the protection of the key region of system.The results show that the dual authentication and security mechanism of the program make up the relevant security vulnerabilities,and enhance the security of computer systems during startup.

Key words: EFI OS loader,Credibility verification,Security reinforcement,Identity authentication

[1] UEFI Forum.Unified Extensible Firmware Interface Specification V2.3.1 [EB/OL].[2012-07-27].http://www.uefi.org
[2] Bashun V,Sergeev A,Minchenkov V,et al.Too young to be secure:Analysis of UEFI threats and vulnerabilities[C]∥Confe-rence of Open Innovations Association.IEEE,2013:16-24
[3] Tang Wen-bin,Zhu Yue-fei,Chen Jia-yong.Research on Attack Method of Unified Extensible Firmware Interface [J].Computer Engineering,2012,38(13):99-101(in Chinese) 唐文彬,祝跃飞,陈嘉勇.统一可扩展固件接口攻击方法研究[J].计算机工程,2012,38(13):99-101
[4] Chi Ya-ping,Wang Quan-min,Wu Li-jun.A Scheme of streng-thening the security of the root of trust for measurement based on USBKey [J].Information Security and Communications Privacy,2007(12):114-117(in Chinese) 池亚平,王全民,吴丽军.一种基于USBKey的可信测量根安全增强设计方案[J].信息安全与通信保密,2007(12):114-117
[5] Yang Shao-qian.Design and Implementation of Strengthing the EFI BIOS Security [D].Xi’an:Xidian University,2009(in Chinese) 杨少谦.EFI BIOS安全增强方案设计与实现[D].西安:西安电子科技大学,2009
[6] Shi Jie.Key Technology of EFI BIOS Research and DesignBased on Fingerprint Encryption [D].Tianjin:Tianjin University,2010(in Chinese) 史杰.基于指纹加密的EFI BIOS关键技术研究及设计[D].天津:天津大学,2010
[7] Zimmer V,Rothman M,Marisetty S.Beyond BIOS:developing with the unified extensible firmware interface [M].Intel Press,2010
[8] Nikkel B J.Forensic analysis of GPT disks and GUID partition tables [J].Digital Investigation,2009,6(1/2):39-47
[9] Microsoft Corporation.Microsoft PE and COFF Specification[EB/OL].https://msdn.microsoft.com/en-us/windows/hardware/gg463119.aspx
[10] Egale.The IDA Pro Book:The Unofficial Guide to the World’s Most Popular Disassembler [M].Beijing:Posts & T elecom Press,2010(in Chinese) 伊格尔.IDA Pro权威指南[M].北京:人民邮电出版社,2010
[11] Arium Corporation.ECM-XDP3 Intel JTAG Debugger[EB/OL].[2012].http://www.arium.com/product/55/ECM-XDP3-Intel-JTAG-Debugger.html
[12] Dai Zheng-hua.UEFI Principles and Programming [M].China Machine Press,2015(in Chinese) 戴正华.UEFI原理与编程[M].机械工业出版社,2015
[13] Chen Li-zhi, Li Feng-hua.User Authentication MechanismBased on Dynamic Password and Its Security Analysis [J].Computer Engineering,2002,28(10):48-49(in Chinese) 陈立志,李凤华.基于动态口令的身份认证机制及其安全性分析[J].计算机工程,2002,28(10):48-49

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!