Article: CG-Fuzzing: a comprehensive fuzzy algorithm for ZigBee Journal: International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC) 2016 Vol.23 No.3/4 pp.203 - 215 Abstract: ZigBee defines several security services on the MAC layer, including sequential freshness, frame integrity, data encryption and access control. Unfortunately, there are still security vulnerabilities that could result in network meltdown. Therefore, it is necessary to detect these defects by using a fuzzing test. However, fuzzing tests have usually been inefficient because test cases are either too numerous or invalid. In this paper, a novel comprehensive fuzzing test algorithm, CG-Fuzzing (comprehensive genetic-based-fuzzing) is proposed. The CG-Fuzzing algorithm contains three parts: structure-based, boundary-based and genetic algorithms. This paper establishes an evolutionary model that helps achieve high rates of passing filtering rules and vulnerability triggering. Compared with the traditional fuzzing methods, the number of test cases is reduced and they are more efficient. Experimental results prove that the synthesised performance of CG-Fuzzing is outstanding. The fuzzing test with the algorithm takes only 4 min to exploit a previously known vulnerability of ZigBee. Inderscience Publishers - linking academia, business and industry through research

Title: CG-Fuzzing: a comprehensive fuzzy algorithm for ZigBee

Authors: Baojiang Cui; Ziyue Wang; Bing Zhao; Xiaobing Liang

Addresses: School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China; National Engineering Laboratory for Mobile Network Security, Beijing 100876, China ' School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China; National Engineering Laboratory for Mobile Network Security, Beijing 100876, China ' Institute of Measurement, China Electric Power Research Institute, Beijing 100192, China ' Institute of Measurement, China Electric Power Research Institute, Beijing 100192, China

Abstract: ZigBee defines several security services on the MAC layer, including sequential freshness, frame integrity, data encryption and access control. Unfortunately, there are still security vulnerabilities that could result in network meltdown. Therefore, it is necessary to detect these defects by using a fuzzing test. However, fuzzing tests have usually been inefficient because test cases are either too numerous or invalid. In this paper, a novel comprehensive fuzzing test algorithm, CG-Fuzzing (comprehensive genetic-based-fuzzing) is proposed. The CG-Fuzzing algorithm contains three parts: structure-based, boundary-based and genetic algorithms. This paper establishes an evolutionary model that helps achieve high rates of passing filtering rules and vulnerability triggering. Compared with the traditional fuzzing methods, the number of test cases is reduced and they are more efficient. Experimental results prove that the synthesised performance of CG-Fuzzing is outstanding. The fuzzing test with the algorithm takes only 4 min to exploit a previously known vulnerability of ZigBee.

Keywords: CG-fuzzing; fuzz tests; ZigBee vulnerability; IoT; internet of things; network security; MAC layer; medium access control; genetic-based fuzzing; genetic algorithms; filtering rules; vulnerability triggering.

DOI: 10.1504/IJAHUC.2016.079267

International Journal of Ad Hoc and Ubiquitous Computing, 2016 Vol.23 No.3/4, pp.203 - 215

Received: 20 Feb 2015
Accepted: 24 Jun 2015
Published online: 26 Sep 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: CG-Fuzzing: a comprehensive fuzzy algorithm for ZigBee

Keep up-to-date