MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Zeng, Yingpei; Lin, Mingmin; Guo, Shanqing; Shen, Yanzhao; Cui, Tingting; Wu, Ting; Zheng, Qiuhua; Wang, Qiuhua

doi:10.3390/s20185194

Cited by 12 publications

(5 citation statements)

References 31 publications

(83 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The standard Internet sockets (TPC/IP and UDP/IP) used by AFLNet to communicate to the target and send it fuzzed inputs are unnecessarily slow. As observed before [45], replacing them with UNIX domain sockets can lead to significant performance speed-ups. We discuss how this is achieved in §4.3.…”

Section: Snapfuzz Network Fuzzing Protocol: Eliminating Communication...mentioning

confidence: 71%

“…To eliminate this overhead, similarly to prior work [45], SnapFuzz replaces Internet sockets with UNIX domain sockets. More specifically, SnapFuzz uses Sequenced Packet sockets (SOCK_SEQPACKET).…”

Section: Unix Domain Socketsmentioning

confidence: 99%

“…Multifuzz [45] presents a more advanced de-socketing library called Desockmulti, which is similar to Preeny, but optimised in various ways, e.g., by removing the use of threads and adding the ability to initiate multiple connections to the target. MultiFuzz is specifically designed for publish/subscribe protocols and the evaluation does not include the benchmarks used by AFLNet and us.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

SnapFuzz: high-throughput fuzzing of network applications

Andronidis¹,

Cadar²

2022

Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

In recent years, fuzz testing has benefited from increased computational power and important algorithmic advances, leading to systems that have discovered many critical bugs and vulnerabilities in production software. Despite these successes, not all applications can be fuzzed efficiently. In particular, stateful applications such as network protocol implementations are constrained by a low fuzzing throughput and the need to develop complex fuzzing harnesses that involve custom time delays and clean-up scripts.In this paper, we present SnapFuzz, a novel fuzzing framework for network applications. SnapFuzz offers a robust architecture that transforms slow asynchronous network communication into fast synchronous communication, snapshots the target at the latest point at which it is safe to do so, speeds up file operations by redirecting them to a custom in-memory filesystem, and removes the need for many fragile modifications, such as configuring time delays or writing clean-up scripts.Using SnapFuzz, we fuzzed five popular networking applications: LightFTP, TinyDTLS, Dnsmasq, LIVE555 and Dcmqrscp. We report impressive performance speedups of 62.8 x, 41.2 x, 30.6 x, 24.6 x, and 8.4 x, respectively, with significantly simpler fuzzing harnesses in all cases. Due to its advantages, SnapFuzz has also found 12 extra crashes compared to AFLNet in these applications. CCS CONCEPTS• Software and its engineering → Software testing and debugging; • Security and privacy → Systems security.

show abstract

Section: Snapfuzz Network Fuzzing Protocol: Eliminating Communication...mentioning

confidence: 71%

Section: Unix Domain Socketsmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

SnapFuzz: high-throughput fuzzing of network applications

Andronidis¹,

Cadar²

2022

Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

show abstract

“…Fuzzing type Hardware support Component Zero-day detection IoTFuzzer [11] Black-box Bare-metal APP-related Yes FIRM-AFL [7] Grey-box Emulation Web Yes FirmFuzz [6] Grey-box Emulation Web Yes IoTHunter [17] Grey-box Emulation Protocol Yes MultiFuzz [18] Grey-box None Protocol Yes SIoTFuzzer [19] Black-box Emulation Web No DIANE [10] Black-box Bare-metal APP-related Yes device require authentication? (ii) Is the authentication process replayable?…”

Section: Fuzzermentioning

confidence: 99%

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

Cheng

Fan

Huang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Black-box fuzzing is a testing technique to find both known and unknown vulnerabilities in software. When applying black-box fuzzing to smart devices, the main idea is to take a smart device as a black box and provide random input through a network-based interface, such as a Web interface. Due to the diversity of Web interface implementations and complex data format, a blind mutation of the message makes the message unable to pass the verification of the device component. Therefore, each Web interface needs a unique fuzzer, which precisely defines a message format of the target interface, a state maintenance method, the field positions to be mutated, and a specific input mutation method. At the time of writing, a fuzzer is completely developed by a security engineer. To save human labor, we present PDFuzzerGen, a tool to automatically synthesize complex black-box fuzzers for smart devices. PDFuzzerGen generates multiple fuzzing policies by analyzing raw messages and then synthesizes fuzzers based on policies. PDFuzzerGen requires no human intervention and can be applied to a wide range of smart devices. Furthermore, the generated fuzzers can expose bugs and flaws that rest deep in smart devices. PDFuzzerGen was evaluated to generate fuzzers for 19 different smart devices from 6 vendors. It has found 14 previously unknown vulnerabilities, 5 of which were confirmed and disclosed by the China National Vulnerability Database (CNVD) and 2 of which were confirmed and disclosed by Common Vulnerabilities and Exposures (CVE). The generated fuzzers outperform some manually crafted fuzzers on a few metrics, including the vulnerability detection rate and time cost of a newly developed fuzzer, which demonstrates the effectiveness and efficiency of PDFuzzerGen.

show abstract

“…For many years, many such protocols used timestamps. In addition, security protocols can be used in IoT systems [ 1 , 2 , 3 , 4 , 5 ]. It is necessary for the appropriate time-dependent management of cryptographic primitives (keys, passwords), especially to preserve and monitor the validity (lifetime) of the primitives.…”

Section: Introductionmentioning

confidence: 99%

SAT and SMT-Based Verification of Security Protocols Including Time Aspects

Szymoniak

Siedlecka-Lamch

Zbrzezny

et al. 2021

Sensors

View full text Add to dashboard Cite

For many years various types of devices equipped with sensors have guaranteed proper work in a huge amount of machines and systems. For the proper operation of sensors, devices, and complex systems, we need secure communication. Security protocols (SP) in this case, guarantee the achievement of security goals. However, the design of SP is not an easy process. Sometimes SP cannot realise their security goals because of errors in their constructions and need to be investigated and verified in the case of their correctness. Now SP uses often time primitives due to the necessity of security dependence on the passing of time. In this work, we propose and investigate the SAT-and SMT-based formal verification methods of SP used in communication between devices equipped with sensors. For this, we use a formal model based on networks of communicating timed automata. Using this, we show how the security property of SP dedicated to the sensors world can be verified. In our work, we investigate such timed properties as delays in the network and lifetimes. The delay in the network is the lower time constraint related to sending the message. Lifetime is an upper constraint related to the validity of the timestamps generated for the transmitted messages.

show abstract

MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

Cited by 12 publications

References 31 publications

SnapFuzz: high-throughput fuzzing of network applications

SnapFuzz: high-throughput fuzzing of network applications

PDFuzzerGen: Policy-Driven Black-Box Fuzzer Generation for Smart Devices

SAT and SMT-Based Verification of Security Protocols Including Time Aspects

Contact Info

Product

Resources

About