Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing

نویسندگان

چکیده

Zigbee is widely adopted as a resource-efficient wireless protocol in the IoT network. devices from manufacturers have recently been affected due to major vulnerabilities implementations. Security testing of implementations becoming increasingly important. However, applying existing vulnerability detection techniques such fuzzing not simple task. Dealing with low-level hardware events still remains big challenge. For protocol, which communicates over radio channel, many tools lack sufficient execution environment. To narrow gap, we designed Z-Fuzzer , device-agnostic tool for detecting security flaws simulate execution, leverages commercial embedded device simulator pre-defined peripherals and interrupt setups interact engine. generates more high-quality test cases code-coverage heuristics. We compare advanced tools, BooFuzz Peach fuzzer, on top Z-Fuzzer’s simulation platform. Our findings suggest that can achieve greater code coverage Z-Stack, used implementation. Compared Peach, found fewer cases. Three them assigned CVE IDs high CVSS scores (7.5~8.2).

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Design and Implementation of Zigbee Protocol in Wireless Sensor Networks

Recently, there has been a growing demand to incorporate multimedia content delivery over the Wireless Sensor Networks (WSNs). This feature could not only enhance several existing applications in the commercial, industrial, and medical domains, but could also spur an array of new applications. However, the efficient gathering of still images, audio, and video information in WSNs imposes stringe...

متن کامل

Proactive Security Testing and Fuzzing

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...

متن کامل

Improving Protocol State Fuzzing of SSH

With the scale and use of the Internet nowadays, it is crucial that we can effectively test the correctness and security of systems that handle our personal data. In this thesis, we improve upon a previous work by Verleg. Verleg used protocol state fuzzing to test several implementations of the SSH protocol. By adapting a more formal methodology, we achieve higher confidence in our results. We ...

متن کامل

Protocol State Fuzzing of TLS Implementations

We describe a largely automated and systematic analysis of TLS implementations by what we call ‘protocol state fuzzing’: we use state machine learning to infer state machines from protocol implementations, using only blackbox testing, and then inspect the inferred state machines to look for spurious behaviour which might be an indication of flaws in the program logic. For detecting the presence...

متن کامل

Fuzzing: Testing Security in Maintenance Projects

New trends in IT industry impose increasingly requirements on openness and interoperability via networks to enterprise software systems. As a consequence, more and more legacy applications are made available via interfaces more openly through mobile and insecure networks, thereby inducing security risks the initial designs have never had to account for. In this paper, we show how a highly autom...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ژورنال

عنوان ژورنال: Digital threats

سال: 2023

ISSN: ['2692-1626', '2576-5337']

DOI: https://doi.org/10.1145/3551894