SMuF: State Machine Based Mutational Fuzzing Framework for Internet of Things

The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.

[1]  Juha Röning,et al.  Experiences with Model Inference Assisted Fuzzing , 2008, WOOT.

[2]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[3]  Joeri de Ruiter,et al.  Protocol State Fuzzing of TLS Implementations , 2015, USENIX Security Symposium.

[4]  Yuval Elovici,et al.  Let the Cat Out of the Bag: A Holistic Approach Towards Security Analysis of the Internet of Things , 2017, IoTPTS@AsiaCCS.

[5]  Stephen McCamant,et al.  Statically-directed dynamic automated test generation , 2011, ISSTA '11.

[6]  Herbert Bos,et al.  IFuzzer: An Evolutionary Interpreter Fuzzer Using Genetic Programming , 2016, ESORICS.

[7]  Kevin C. Almeroth,et al.  SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr , 2006, ISC.

[8]  Olivier Festor,et al.  A Testing Framework for Discovering Vulnerabilities in 6LoWPAN Networks , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.

[9]  Anja Feldmann,et al.  Static Program Analysis as a Fuzzing Aid , 2017, RAID.

[10]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[11]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[12]  Radu State,et al.  KiF: a stateful SIP fuzzer , 2007, IPTComm '07.

[13]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[14]  Cacm Staff,et al.  BufferBloat , 2011, Communications of the ACM.

[15]  Wu Gang,et al.  Vulnerability Analysis for X86 Executables Using Genetic Algorithm and Fuzzing , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[16]  Roger M. Needham,et al.  Denial of service , 1993, CCS '93.

[17]  Natalija Vlajic,et al.  The Role of DNS TTL Values in Potential DDoS Attacks: What Do the Major Banks Know About It? , 2012, ANT/MobiWIS.

[18]  Yang Liu,et al.  Skyfire: Data-Driven Seed Generation for Fuzzing , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[19]  Li Guo,et al.  Inferring Protocol State Machine from Network Traces: A Probabilistic Approach , 2011, ACNS.