SMuF: State machine based mutational fuzzing framework for internet of things

Neeraj Karamchandani, Vinay Sachidananda, Suhas Setikere, Jianying Zhou, Yuval Elovici

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The Internet of Things (IoT) exposes vulnerabilities at various levels. In this paper, we propose a mutation-based fuzzing framework called SMuF in order to find various vulnerabilities in IoT devices. We harness the power of state machine to generate distinct states of a protocol. In addition, we also generate legitimate packets as levels and sub-levels to intelligently mutate the data fields in the packet. Our mutation technique lies in mutation based on location, context and time. We propose a probability score for selecting the inputs for fuzzing based on payload length. We implemented and evaluated the proposed framework in our IoT security testbed. Using SMuF, we have discovered various vulnerabilities such as Denial of Service (DoS), Buffer Overflow, Session Hijacking etc.

Original languageEnglish
Title of host publicationCritical Information Infrastructures Security - 13th International Conference, CRITIS 2018, Revised Selected Papers
EditorsEric Luiijf, Inga Žutautaitė, Bernhard M. Hämmerli
PublisherSpringer Verlag
Pages101-112
Number of pages12
ISBN (Print)9783030058487
DOIs
StatePublished - 1 Jan 2019
Externally publishedYes
Event13th International Conference on Critical Information Infrastructures Security, CRITIS 2018 - Kaunas, Lithuania
Duration: 24 Sep 201826 Sep 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11260 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference13th International Conference on Critical Information Infrastructures Security, CRITIS 2018
Country/TerritoryLithuania
CityKaunas
Period24/09/1826/09/18

Keywords

  • IoT security
  • Mutational fuzzing
  • Vulnerability discovery

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'SMuF: State machine based mutational fuzzing framework for internet of things'. Together they form a unique fingerprint.

Cite this