Title: CG-Fuzzing: a comprehensive fuzzy algorithm for ZigBee
Authors: Baojiang Cui; Ziyue Wang; Bing Zhao; Xiaobing Liang
Addresses: School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China; National Engineering Laboratory for Mobile Network Security, Beijing 100876, China ' School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China; National Engineering Laboratory for Mobile Network Security, Beijing 100876, China ' Institute of Measurement, China Electric Power Research Institute, Beijing 100192, China ' Institute of Measurement, China Electric Power Research Institute, Beijing 100192, China
Abstract: ZigBee defines several security services on the MAC layer, including sequential freshness, frame integrity, data encryption and access control. Unfortunately, there are still security vulnerabilities that could result in network meltdown. Therefore, it is necessary to detect these defects by using a fuzzing test. However, fuzzing tests have usually been inefficient because test cases are either too numerous or invalid. In this paper, a novel comprehensive fuzzing test algorithm, CG-Fuzzing (comprehensive genetic-based-fuzzing) is proposed. The CG-Fuzzing algorithm contains three parts: structure-based, boundary-based and genetic algorithms. This paper establishes an evolutionary model that helps achieve high rates of passing filtering rules and vulnerability triggering. Compared with the traditional fuzzing methods, the number of test cases is reduced and they are more efficient. Experimental results prove that the synthesised performance of CG-Fuzzing is outstanding. The fuzzing test with the algorithm takes only 4 min to exploit a previously known vulnerability of ZigBee.
Keywords: CG-fuzzing; fuzz tests; ZigBee vulnerability; IoT; internet of things; network security; MAC layer; medium access control; genetic-based fuzzing; genetic algorithms; filtering rules; vulnerability triggering.
DOI: 10.1504/IJAHUC.2016.079267
International Journal of Ad Hoc and Ubiquitous Computing, 2016 Vol.23 No.3/4, pp.203 - 215
Received: 20 Feb 2015
Accepted: 24 Jun 2015
Published online: 26 Sep 2016 *