Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1225

Emulation-Based Fuzzing Techniques for Identifying Web Interface Vulnerabilities in Embedded Device Firmware  

Heo, Jung-Min (Department of Computer Engineering, Ajou University)
Kim, Ji-Min (Department of Computer Engineering, Ajou University)
Ji, Cheong-Min (Department of Computer Engineering, Ajou University)
Hong, Man-Pyo (Department of Cyber Security, Ajou University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1225-1234 More about this Journal
Abstract
The security of the firmware is more important because embedded devices have become popular. Network devices such as routers can be attacked by attackers through web application vulnerabilities in embedded firmware. Therefore, they must be found and removed quickly. The Firmadyne framework proposes a dynamic analysis method to find vulnerabilities after emulating firmware. However, it only performs vulnerability checks according to the analysis methods defined in the tool, thus limiting the scope of vulnerabilities that can be found. In this paper, fuzzing is performed in emulation-based environment through fuzzing, one of the software security test techniques. We also propose a Fabfuzz tool for efficient emulation based fuzzing. Experiments have shown that in addition to the vulnerabilities identified in existing tools, other types of vulnerabilities have been found.
Keywords
Embedded Device; Dynamic Analysis; Firmware Emulation; Fuzzing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Gartner, "Internet of Things (IoT) Market," https://www.gartner.com/newsroom/id/3598917, Feb. 2017.
2 B. Herzberg, D. Bekerman, and I. Zeifman, "Breaking Down Mirai: An IoTDDoS Botnet Analysis," https://www.incapsula.com/blog/malware-analysis-mirai-ddos-botnet.html, Nov. 2017.
3 J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, "AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares," in Proceedings of the 21st Annual Network and Distributed System Security Symposium ,NDSS ,Feb. 2014.
4 Jiongyi Chen,Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. "IoTFuzzer: Discovering memory corruptions in iot through app-based fuzzing," In Networked and Distributed System Security Symposium, NDSS, Feb. 2018.
5 Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. "Towards automated dynamic analysis for Linux-based embedded firmware," In Network and Distributed System Security Symposium, NDSS, Feb. 2016.
6 Joshua Pereyda, "boofuzz Documentation," https://buildmedia.readthedocs.org/media/pdf/boofuzz/latest/boofuzz.pdf, Aug. 2019.
7 M. Eddington, "Peach fuzzing platform," http://community.peachfuzzer.com/WhatIsPeach.html, Feb 2014.
8 F. Bellard, "QEMU, a fast and portable dynamic translator," in Proceedings of the USENIX 2005 Annual Technical Conference, pp. 41-41, Apr. 2005,
9 D. Aitel, "An introduction to SPIKE, the fuzzer creation kit," in Proceedings of the Black Hat USA, 2001.
10 Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu and Limin Sun, "Firm-AFL: High-Throughput Greybox Fuzzing of IoT Firmwarevia Augmented Process Emulation," in Proceedings of the USENIX 2019 Annual Technical Conference, Aug, 2019
11 CVE, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1555", Apr. 2017.
12 CVE, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1556", Apr. 2017.
13 CVE, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1557", Apr. 2017.
14 CVE, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1558", Apr. 2017.
15 CVE, "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1559", Apr. 2017.
16 Rune Hammersland, Einar Snekkenes, "Fuzz testing of web applications," https://www.semanticscholar.org/paper/Fuzz-testing-of-web-applications-Hammersland-Snekkenes/40882fb2cc230e1e8c7859ae3b5e96999e7ec45d#citing-papers, 2008.
17 Metasploit, "http://www.metasploit.com/", Aug. 2019
18 M.Zalewski. American fuzzy lop. http://lcamtuf.coredump.cx/afl/.
19 Serge Gorbunov and Arnold Rosenbloom, "AutoFuzz: Automated Network Protocol Fuzzing Framework," International Journal of Computer Science and Network Security, VOL.10 No.8, pp. 239-245 Aug 2010.
20 Xing Han, Qiaoyan Wen and Zhao Zhang, "A Mutation-based Fuzz Testing Approach for Network Protocol Vulner ability Detection," Proceedings of 2012 2nd International Conference on Computer Science and Network Technology, pp. 1018-1022, Dec. 2012.
21 tshark version 3.1.1, https://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html
22 wireshark version 3.1.1, https://www.wireshark.org/download.html
23 selenium(python) version 3.14.0, https://www.seleniumhq.org, Aug. 2018.
24 Ivan Andrianto, M.M. Inggriani Liem and Yudistira Dwi Wardhana Asnar, "Web Application Fuzz Testing," 2017 International Conference on Data and Software Engineering, ICoDSE, Nov. 2017.
25 pyshark version 0.3.8, https://github.com/KimiNewt/pyshark, Aug. 2019.