Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing
نویسندگان
چکیده
Zigbee is widely adopted as a resource-efficient wireless protocol in the IoT network. devices from manufacturers have recently been affected due to major vulnerabilities implementations. Security testing of implementations becoming increasingly important. However, applying existing vulnerability detection techniques such fuzzing not simple task. Dealing with low-level hardware events still remains big challenge. For protocol, which communicates over radio channel, many tools lack sufficient execution environment. To narrow gap, we designed Z-Fuzzer , device-agnostic tool for detecting security flaws simulate execution, leverages commercial embedded device simulator pre-defined peripherals and interrupt setups interact engine. generates more high-quality test cases code-coverage heuristics. We compare advanced tools, BooFuzz Peach fuzzer, on top Z-Fuzzer’s simulation platform. Our findings suggest that can achieve greater code coverage Z-Stack, used implementation. Compared Peach, found fewer cases. Three them assigned CVE IDs high CVSS scores (7.5~8.2).
منابع مشابه
Design and Implementation of Zigbee Protocol in Wireless Sensor Networks
Recently, there has been a growing demand to incorporate multimedia content delivery over the Wireless Sensor Networks (WSNs). This feature could not only enhance several existing applications in the commercial, industrial, and medical domains, but could also spur an array of new applications. However, the efficient gathering of still images, audio, and video information in WSNs imposes stringe...
متن کاملProactive Security Testing and Fuzzing
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...
متن کاملImproving Protocol State Fuzzing of SSH
With the scale and use of the Internet nowadays, it is crucial that we can effectively test the correctness and security of systems that handle our personal data. In this thesis, we improve upon a previous work by Verleg. Verleg used protocol state fuzzing to test several implementations of the SSH protocol. By adapting a more formal methodology, we achieve higher confidence in our results. We ...
متن کاملProtocol State Fuzzing of TLS Implementations
We describe a largely automated and systematic analysis of TLS implementations by what we call ‘protocol state fuzzing’: we use state machine learning to infer state machines from protocol implementations, using only blackbox testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indication of flaws in the program logic. For detecting the presence...
متن کاملFuzzing: Testing Security in Maintenance Projects
New trends in IT industry impose increasingly requirements on openness and interoperability via networks to enterprise software systems. As a consequence, more and more legacy applications are made available via interfaces more openly through mobile and insecure networks, thereby inducing security risks the initial designs have never had to account for. In this paper, we show how a highly autom...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Digital threats
سال: 2023
ISSN: ['2692-1626', '2576-5337']
DOI: https://doi.org/10.1145/3551894