Please use this identifier to cite or link to this item:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88118
Title: | 利用應用程式和封包分析引導物聯網黑箱模糊測試 IoT Blackbox Fuzzing Guided by App and Packet Analysis |
Authors: | 宋哲寬 Che-Kuan Sung |
Advisor: | 蕭旭君 Hsu-Chun Hsiao |
Keyword: | 模糊測試,物聯網, Fuzzing,IoT, |
Publication Year : | 2023 |
Degree: | 碩士 |
Abstract: | 物聯網設備在現今生活中變得普及,引起了安全問題的重要性。模糊測試是一種用於檢測物聯網韌體中安全漏洞的常用技術。在各種類型的模糊測試中,黑盒模糊測試成為相對有效的解決方案,因為它不需要韌體的獲取和仿真。然而,如何生成可以被目標設備接受的有效輸入成為一個關鍵問題。此外,一般的突變策略不適合在保持結構良好的輸入的同時高效突變請求,因為涉及到複雜的數據格式。
在本文中,我們提出了一個名為 APAfuzzer 的自動化黑盒模糊測試框架,旨在克服先前提到的問題。在以往的研究中,實現結構良好的輸入通常涉及繁重的應用程序分析或使用文檔生成種子的方法。然而,這些方法往往難以在效果和自動化之間取得平衡。相比之下,我們的工作利用應用程序生成種子和封包進行突變,還使用勾子函數來攔截加密功能,從而實現了效果和自動化的雙重目標。我們將 APAfuzzer 與三種最先進的黑盒模糊測試器進行了比較,包括 Diane、Boofuzz 和 Snipuzz。我們在模擬設備和實際設備上對我們的模糊測試器進行了評估。結果顯示,APAfuzzer 能夠觸發已知的 CVE 漏洞,並發現新的漏洞。此外,與其他模糊測試器相比,它表現出更高的效率,並成功觸發更多的漏洞。 Internet of Things (IoT) devices have become prevalent in nowadays life and bring up the importance of security issues. Fuzzing is a popular technique to detect security vul-nerabilities in IoT firmware. Among various types of fuzzing, black-box fuzzing becomes a relatively effective solution because it requires no firmware acquisition and emulation. However, how to generate valid input, which could be accepted for the target devices, becomes a critical problem. In addition, general mutation strategies are not suitable for efficiently mutating the requests while preserving the input structure due to the complex data format. In this paper, we proposed an automated blackbox fuzzing framework called APAfuzzer to overcome the previously mentioned problems. In previous work, achieving well-structured input often involved heavyweight app analysis or the use of documents to generate seeds. However, these approaches often struggle to strike a balance between effectiveness and automation. In contrast, our work utilizes the app to generate seeds and packets for mutation; hooking encryption functions, allowing us to achieve both effectiveness and automation. We compared APAfuzzer to three state-of-the-art black-box fuzzers, i.e., Diane, Boofuzz, and Snipuzz. We evaluated our fuzzer on both emulated devices and real-world devices. Our results show that APAfuzzer could trigger well-known CVEs and also discover new bugs. Also, compared to other fuzzers, it demonstrates higher efficiency and successfullytriggers more vulnerabilities |
URI: | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/88118 |
DOI: | 10.6342/NTU202301492 |
Fulltext Rights: | 同意授權(全球公開) |
Appears in Collections: | 資訊網路與多媒體研究所 |
Files in This Item:
File | Size | Format | |
---|---|---|---|
ntu-111-2.pdf | 950.31 kB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.