Abstract
The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Lahmadi, A., Brandin, C., Festor, O.: A testing framework for discovering vulnerabilities in 6LoWPAN Networks. In: DCOSS, pp. 335–340 (2012)
Amini, P., Portnoy, A.: Sulley fuzzing framework. https://github.com/OpenRCE/sulley
Miller, B.P., Fredriksen, L., So, B.: An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)
Shastry, B., et al.: Static program analysis as a fuzzing aid. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 26–47 (2017)
Miller, C., Peterson, Z.N.: Analysis of mutation and generation based fuzzing, independent security evaluators. Baltimore, Maryland. Technical report (2007)
Babic, D., Martignoni, L., McCamant, S., Song, D.: Statically-directed dynamic automated test generation. In: ISSTA, pp. 12–22 (2011)
Denial of service. https://www.owasp.org
Banks, G., Cova, M., Felmetsger, V., Almeroth, K., Kemmerer, R., Vigna, G.: SNOOZE: toward a Stateful network protocol fuzzer. In: 9th Information Security Conference (ISC) (2006)
Combs, G.: Wireshark. http://www.wireshark.org/
Liu, G.H., Wu, G., Tao, Z., Shuai, J.M., Tang, Z.C.: Vulnerability analysis for x86 executables using genetic algorithm and fuzzing. In: Third International Conference on Convergence and Hybrid Information Technology, ICCIT 2008, vol. 2, pp. 491–497. IEEE, November 2008
Abdelnur, H.J., Festor, O.: KiF: a stateful SIP fuzzer. In: Proceedings of the 1st International Conference on Principles, Systems and Applications of IP Telecommunications (2007)
Hewlett Packard: Internet of things Research Study, Available via HP Enterprise (2015). http://www8.hp.com/
Hewlett Packard Enterprise. The Internet of Things: Today and Tomorrow, HPE report (2017). http://www.arubanetworks.com
De Ruiter, J., Poll, E.: Protocol state fuzzing of TLS implementations. In: USENIX Security Symposium 2008, 193–206 (2008)
DeMott, J.: The evolving art of fuzzing. In: DEF CON 14 (2006)
Viide, J., et al.: Experiences with model inference assisted fuzzing. In: USENIX Security (2008)
Wang, J., Chen, B., Wei, L., Liu, Y.: Skyfire: data-driven seed generation for fuzzing. In: IEEE S&P (2017)
Kali Linux: Penetration Testing and Ethical Hacking Linux Distribution (2017). https://www.kali.org/news/kali-linux-20171-release/
Leap Second. https://gtacknowledge.extremenetworks.com/articles/Vulnerability
Eddington, M.: Peach fuzzer. https://www.peach.tech
Mimoso, M.: Exploit code released for NTP vulnerablity. https://threatpost.com/exploit-code-released-for-ntp-vulnerability/122104/
Rajpal, M., Blum, W., Singh, R.: Not all bytes are equal: neural byte sieve for fuzzing, arXiv preprint arXiv:1711.04596 (2017)
Zalewski, M.: American fuzzy lop. http://lcamtuf.coredump.cx/afl/
Biondi, P.: Scapy. http://www.secdev.org/projects/scapy/
Godefroid, P., Levin, M.Y., Molnar, D.: Sage: whitebox fuzzing for security testing. Commun. ACM 55(3), 40–44 (2012)
Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Networks 57(10), 2266–2279 (2013)
Veggalam, S., Rawat, S., Haller, I., Bos, H.: Ifuzzer: an evolutionary interpreter fuzzer using genetic programming. In: ESORICS, pp. 581–601 (2016)
Sachidananda, V., Siboni, S., Shabtai, A., Toh, J., Bhairav, S., Elovici, Y.: Let the cat out of the bag: a holistic approach towards security analysis of the internet of things. In: Proceedings of the 3rd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 3–10. ACM, April 2017
Vlajic, N., Andrade, M., Nguyen, U.T.: The role of DNS TTL values in potential DDoS attacks: what do the major banks know about it? Procedia Comput. Sci. 10, 466–473 (2012)
WFuzzing/Fuzz testing. http://en.wikipedia.org/wiki/Fuzzing
Jia, Y.J., et al.: ContexIoT: towards providing contextual integrity to appified IoT platforms. In: NDSS (2017)
Wang, Y., Zhang, Z., Yao, D., Qu, B., Guo, L.: Inferring protocol state machine from network traces: a probabilistic approach. In: Proceedings of the 9th International Conference Applied Cryptography and Network Security (ACNS) (2011)
Acknowledgments
The first author’s work was done during his internship in SUTD supported by the SUTD start-up research grant SRG-ISTD-2017-124.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Karamchandani, N., Sachidananda, V., Setikere, S., Zhou, J., Elovici, Y. (2019). SMuF: State Machine Based Mutational Fuzzing Framework for Internet of Things. In: Luiijf, E., Žutautaitė, I., Hämmerli, B. (eds) Critical Information Infrastructures Security. CRITIS 2018. Lecture Notes in Computer Science(), vol 11260. Springer, Cham. https://doi.org/10.1007/978-3-030-05849-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-05849-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05848-7
Online ISBN: 978-3-030-05849-4
eBook Packages: Computer ScienceComputer Science (R0)