Author

Mengfei Ren

ORCID Identifier(s)

0000-0001-8548-3299

Graduation Semester and Year

2023

Language

English

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science

Department

Computer Science and Engineering

First Advisor

Yu Lei

Second Advisor

Jiang Ming

Abstract

ABSTRACT: In recent years, we have witnessed the increasing of the Internet of Things (IoT) devices deployed by many areas, such as home automation, healthcare, manufacture, and smart vehicle. Among the numerous IoT wireless standards available, Zigbee stands out as one of the most globally popular choices, with major companies like Amazon, Samsung, IKEA, Huawei, and Xiaomi incorporating it into their products. Notably, Zigbee has even been utilized in NASA's Mars mission, where it serves as the communication radio between the flying drone and the Perseverance rover. However, with the rapid growth of Zigbee's global market presence, the incentive for cyber criminal attacks has also escalated. Recent incidents have highlighted severe vulnerabilities in Zigbee protocol implementations, compromising IoT devices from multiple manufacturers. Consequently, conducting security testing on Zigbee protocol implementations has become an imperative task. Nevertheless, applying existing vulnerability detection techniques like fuzzing and data flow analysis to Zigbee protocols is nontrivial, especially when dealing with vendor-specific requirements and low-level hardware events. Additionally, many existing protocol fuzzing tools lack an appropriate execution environment for Zigbee, as it relies on radio communication rather than internet connectivity. This dissertation aims to address the aforementioned gaps by proposing comprehensive fuzzing solutions tailored to the security testing of Zigbee protocol implementations. The goal is to assist IoT application manufacturers and protocol vendors in mitigating security risks during their development process. The dissertation makes the following contributions: (i) Z-Fuzzer: A device-agnostic fuzzing platform that utilizes code coverage feedback to detect security issues of the Zigbee protocol implementations. (ii) TaintBFuzz: An intelligent Zigbee protocol fuzzing solution via constraint-field dependency inference. (iii) CT-BFuzz: A fuzzing platform with combinatorial approach of Zigbee protocol implementation. This dissertation is presented in a monograph based format and includes three research articles. The first article introduces our work of Z-Fuzzer that is the first device-agnostic fuzzing tool making fuzzing applicable to detect security problems of Zigbee protocol implementation. The second article reports the work of TaintBFuzz that uses constraint-field dependency inference to augment test input mutation in fuzzing Zigbee protocol implementation. The third article presents CT-BFuzz that optimizes the Zigbee protocol fuzzing via combinatorial test generation to generate test cases for efficiently covering combination values of important message fields. The first two papers have been accepted at peer-reviewed venues, while the third one is currently in press.

Keywords

Fuzzing, Taint analysis, Combinatorial testing, Zigbee, IoT wireless protocols

Disciplines

Computer Sciences | Physical Sciences and Mathematics

Comments

Degree granted by The University of Texas at Arlington

31760-2.zip (8605 kB)

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.