MUTATION BASED PROTOCOL FUZZER FOR IOT

Open Access
Author:
Karamchandani, Neeraj
Graduate Program:
Computer Science and Engineering
Degree:
Master of Science
Document Type:
Master Thesis
Date of Defense:
November 15, 2017
Committee Members:
  • Sencun Zhu, Thesis Advisor
Keywords:
  • Fuzzer
  • Android Things
  • HomeKit
  • IoT
  • Internet of Things
  • Security of Internet of Things
Abstract:
Internet of Things (IoT) is changing the way we live. Now everyday objects are being connected to the Internet from thermostats to CCTV cameras, from refrigerators to watches. The type and volume of data flowing in and out of the devices are at an unprecedented level. While the industries are focusing on connecting everything to the Internet without focusing on security, IoT related cyber-attacks have touched record heights. One of the challenges when dealing with security of the Internet of Things is that there is no standardization of protocols or platforms to be used. New protocols and platforms are being developed now and then. There is a lack of understanding of how these platform work. Apple’s HomeKit and Google’s Android Things are two of the most promising IoT platforms. In the first half of this thesis, we look at the security challenges of IoT and try to explain how Apple’s HomeKit and Google’s Android Things works along with the security features built in them. Most of the security problems are usually attributed to the incorrect implementation of different protocols. IoT devices rely on different protocols to talk with each other. Thus, it becomes very important for IoT devices to test the implementation of that protocol rigorously. Protocol fuzzers are one of the most widely used tools for testing the implementation. But the problem with the current protocol fuzzers is that usually, they are not optimal, inefficient, time-consuming and do not cover all the possible inputs. In the second half of this thesis, we propose an efficient model for an IoT protocol fuzzer. We harness the power of state machine and packet representation to not blindly mutate the data input, but we mutate the states in the state machine. We mutate based on context, timings, feedback/fitness, probability code coverage along with standard mutation operator. We implemented this design to test it on an IP camera and got two Denial of Service (DoS) vulnerabilities that were being caused by sending one malformed packet with special characters.