Browse > Article
http://dx.doi.org/10.13089/JKIISC.2020.30.5.847

Efficient Coverage Guided IoT Firmware Fuzzing Technique Using Combined Emulation  

Kim, Hyun-Wook (Sejong University)
Kim, Ju-Hwan (Sejong University)
Yun, Joobeom (Sejong University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.30, no.5, 2020 , pp. 847-857 More about this Journal
Abstract
As IoT equipment is commercialized, Bluetooth or wireless networks will be built into general living devices such as IP cameras, door locks, cars and TVs. Security for IoT equipment is becoming more important because IoT equipment shares a lot of information through the network and collects personal information and operates the system. In addition, web-based attacks and application attacks currently account for a significant portion of cyber threats, and security experts are analyzing the vulnerabilities of cyber attacks through manual analysis to secure them. However, since it is virtually impossible to analyze vulnerabilities with only manual analysis, researchers studying system security are currently working on automated vulnerability detection systems, and Firm-AFL, published recently in USENIX, proposed a system by conducting a study on fuzzing processing speed and efficiency using a coverage-based fuzzer. However, the existing tools were focused on the fuzzing processing speed of the firmware, and as a result, they did not find any vulnerability in various paths. In this paper, we propose IoTFirmFuzz, which finds more paths, resolves constraints, and discovers more crashes by strengthening the mutation process to find vulnerabilities in various paths not found in existing tools.
Keywords
Fuzzing; Firmware Emulator; Dynamic Analysis; Embedded Device; IoT(Internet of Things);
Citations & Related Records
연도 인용수 순위
  • Reference
1 N. Zhang, S. Demetriou, X. Mi, W. Diao, K. Yuan, P. Zong, F. Qian, X. Wang, K. Chen, Y. Tian, C. A. Gunter, K. Zhang, P. Tague, and OY. Lin, "Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be," CoRR, vol. abs/1703.09809, 2017.
2 Barton P. Miller, Louis Fredriksen and Bryan So, "An empirical study of the reliability of UNIX utilities", Communications of the ACM, Dec. 1990.
3 J. Zaddach, L. Bruno, A. Francillon, and D. Balzarotti, "AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares," in Proceedings of the 21st Annual Network and Distributed System Security Symposium, NDSS, Feb. 2014.
4 Jiongyi Chen,Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Keh uan Zhang. "IoTFuzzer: Discovering memory corruptions in iot through app-based fuzzing," In Networked and Distributed System Security Symposium, NDSS, Feb. 2018.
5 Yaowen Zheng, Ali Davanian, Heng Yin, Chengyu Song, Hongsong Zhu and Limin Sun, "Firm-AFL: High-Through put Greybox Fuzzing of IoT Firmware via Augmented Process Emulation," in Proceedings of the USENIX 2019 Annual Technical Conference, Aug, 2019
6 Andrei Costin, Jonas Zaddach, Aurelien Francillon and Davide Balzarotti, "A Large-Scale Analysis of the Security of Embedded Firmwares", in Proceedings of the 23rd USENIX Security Symposium, Aug, 2014
7 Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. Towards automated dynamic analysis for Linux-based embedded firmware. In Network and Distributed System Security Symposium, NDSS, February 2016.
8 F. Bellard, "QEMU, a fast and portabl e dynamic translator," in Proceedings of the USENIX 2005 Annual Technical Conference, pp. 41-41, Apr. 2005,
9 Daming D. Chen, Maverick Woo, David Brumley, and Manuel Egele. "Towards automated dynamic analysis for Linux-based embedded firmware," In Network and Distributed System Security Symposium, NDSS, Feb. 2016.
10 Andrew Henderson, Aravind Prakash, Lok Kwong Yan, Xunchao Hu, Xujiewen Wang, Rundong Zhou, and Heng Yin. Make it work, make it right, make it fast: Building a platform-neutral whole-system dynamic binary analysis platform. In Interna tional Symposium on Software Testing and Analysis (ISSTA'14), July 2014.
11 C. Lyu, S. Ji, C. Zhang, Y. Li, W.-H. Lee, Y. Song and R. Beyah, MOptAFL, "https://github.com/HexHive/magma/tree/master/fuzzers/moptafl", 2019.
12 NCC-Group, FirmAFL, "https://github. com/zyw-200/FirmAFL", 2019
13 M. Bohme, V.-T. Pham, and A. Roychoudhury, "Coverage-based greyb ox fuzzing as markov chain," in CCS, 2016.
14 C. Lyu, S. Ji, C. Zhang, Y. Li, W.-H. Lee, Y. Song and R. Beyah, "MOPT: Optimized Mutation Scheduling for Fuzzers, Technical Report," in Proceedings of the USENIX 2019 Annual Technical Conference, Aug, 2019.
15 James Kennedy and Russell Eberhart, "Particle Swarm Optimization", in IEEE International Conference, 1995.
16 M. Zalewski, American fuzzy lop(AFL), " http://lcamtuf.coredump.cx/afl"
17 Smolinsky. L, "Discrete Power Law with Exponential Cutoff and Lotka's Law.", J. Assoc. Inf. Sci. Technol, 68, 1792-1795, 2017.   DOI
18 Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen and Abhik Roychoudhury, "Directed Greybox Fuzzing", in CCS, 2017.
19 Marcel Bohme, Van-Thuan Pham, Manh-Dung Nguyen and Abhik Roychoudhury, AFLgo, " https://github.com/aflgo/aflgo", 2017.
20 M. Bohme, V.-T. Pham, and A. Roychoudhury, AFLfast https://github.com/mboehme/aflfast, 2016.