The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.
CITATION STYLE
Karamchandani, N., Sachidananda, V., Setikere, S., Zhou, J., & Elovici, Y. (2019). SMuF: State machine based mutational fuzzing framework for internet of things. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11260 LNCS, pp. 101–112). Springer Verlag. https://doi.org/10.1007/978-3-030-05849-4_8
Mendeley helps you to discover research relevant for your work.