請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88118
標題: | 利用應用程式和封包分析引導物聯網黑箱模糊測試 IoT Blackbox Fuzzing Guided by App and Packet Analysis |
作者: | 宋哲寬 Che-Kuan Sung |
指導教授: | 蕭旭君 Hsu-Chun Hsiao |
關鍵字: | 模糊測試,物聯網, Fuzzing,IoT, |
出版年 : | 2023 |
學位: | 碩士 |
摘要: | 物聯網設備在現今生活中變得普及,引起了安全問題的重要性。模糊測試是一種用於檢測物聯網韌體中安全漏洞的常用技術。在各種類型的模糊測試中,黑盒模糊測試成為相對有效的解決方案,因為它不需要韌體的獲取和仿真。然而,如何生成可以被目標設備接受的有效輸入成為一個關鍵問題。此外,一般的突變策略不適合在保持結構良好的輸入的同時高效突變請求,因為涉及到複雜的數據格式。
在本文中,我們提出了一個名為 APAfuzzer 的自動化黑盒模糊測試框架,旨在克服先前提到的問題。在以往的研究中,實現結構良好的輸入通常涉及繁重的應用程序分析或使用文檔生成種子的方法。然而,這些方法往往難以在效果和自動化之間取得平衡。相比之下,我們的工作利用應用程序生成種子和封包進行突變,還使用勾子函數來攔截加密功能,從而實現了效果和自動化的雙重目標。我們將 APAfuzzer 與三種最先進的黑盒模糊測試器進行了比較,包括 Diane、Boofuzz 和 Snipuzz。我們在模擬設備和實際設備上對我們的模糊測試器進行了評估。結果顯示,APAfuzzer 能夠觸發已知的 CVE 漏洞,並發現新的漏洞。此外,與其他模糊測試器相比,它表現出更高的效率,並成功觸發更多的漏洞。 Internet of Things (IoT) devices have become prevalent in nowadays life and bring up the importance of security issues. Fuzzing is a popular technique to detect security vul-nerabilities in IoT firmware. Among various types of fuzzing, black-box fuzzing becomes a relatively effective solution because it requires no firmware acquisition and emulation. However, how to generate valid input, which could be accepted for the target devices, becomes a critical problem. In addition, general mutation strategies are not suitable for efficiently mutating the requests while preserving the input structure due to the complex data format. In this paper, we proposed an automated blackbox fuzzing framework called APAfuzzer to overcome the previously mentioned problems. In previous work, achieving well-structured input often involved heavyweight app analysis or the use of documents to generate seeds. However, these approaches often struggle to strike a balance between effectiveness and automation. In contrast, our work utilizes the app to generate seeds and packets for mutation; hooking encryption functions, allowing us to achieve both effectiveness and automation. We compared APAfuzzer to three state-of-the-art black-box fuzzers, i.e., Diane, Boofuzz, and Snipuzz. We evaluated our fuzzer on both emulated devices and real-world devices. Our results show that APAfuzzer could trigger well-known CVEs and also discover new bugs. Also, compared to other fuzzers, it demonstrates higher efficiency and successfullytriggers more vulnerabilities |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88118 |
DOI: | 10.6342/NTU202301492 |
全文授權: | 同意授權(全球公開) |
顯示於系所單位: | 資訊網路與多媒體研究所 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-111-2.pdf | 950.31 kB | Adobe PDF | 檢視/開啟 |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。