TY - GEN
T1 - SMuF
T2 - 13th International Conference on Critical Information Infrastructures Security, CRITIS 2018
AU - Karamchandani, Neeraj
AU - Sachidananda, Vinay
AU - Setikere, Suhas
AU - Zhou, Jianying
AU - Elovici, Yuval
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.
AB - The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.
KW - IoT security
KW - Mutational fuzzing
KW - Vulnerability discovery
UR - http://www.scopus.com/inward/record.url?scp=85059939192&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-05849-4_8
DO - 10.1007/978-3-030-05849-4_8
M3 - Conference contribution
AN - SCOPUS:85059939192
SN - 9783030058487
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 101
EP - 112
BT - Critical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers
A2 - Luiijf, Eric
A2 - Žutautaitė, Inga
A2 - Hämmerli, Bernhard M.
PB - Springer Verlag
Y2 - 24 September 2018 through 26 September 2018
ER -