3
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

      research-article

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The publish/subscribe model has gained prominence in the Internet of things (IoT) network, and both Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) support it. However, existing coverage-based fuzzers may miss some paths when fuzzing such publish/subscribe protocols, because they implicitly assume that there are only two parties in a protocol, which is not true now since there are three parties, i.e., the publisher, the subscriber and the broker. In this paper, we propose MultiFuzz, a new coverage-based multiparty-protocol fuzzer. First, it embeds multiple-connection information in a single input. Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. Third, it uses a new desockmulti module to feed the network messages into the program under test. desockmulti is similar to desock (Preeny), a tool widely used by the community, but it is specially designed for fuzzing and is 10x faster. We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. In addition, we compare MultiFuzz with AFL and two state-of-the-art fuzzers, MOPT and AFLNET, and find it discovering more paths and crashes.

          Related collections

          Most cited references 44

          • Record: found
          • Abstract: not found
          • Article: not found

          Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            An empirical study of the reliability of UNIX utilities

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              A Survey of Communication Protocols for Internet of Things and Related Challenges of Fog and Cloud Computing Integration

                Bookmark

                Author and article information

                Journal
                Sensors (Basel)
                Sensors (Basel)
                sensors
                Sensors (Basel, Switzerland)
                MDPI
                1424-8220
                11 September 2020
                September 2020
                : 20
                : 18
                Affiliations
                [1 ]School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310000, China; yzeng@ 123456hdu.edu.cn (Y.Z.); lin_mingmin@ 123456163.com (M.L.); yanzhaoshen@ 123456hdu.edu.cn (Y.S.); cuitingting@ 123456hdu.edu.cn (T.C.); zheng_qiuhua@ 123456163.com (Q.Z.); wangqiuhua@ 123456hdu.edu.cn (Q.W.)
                [2 ]State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210000, China
                [3 ]School of Cyber Science and Technology, Shandong University, Jinan 250000, China; guoshanqing@ 123456sdu.edu.cn
                [4 ]Science and Technology on Communication Security Laboratory, Chengdu 610041, China
                [5 ]Hangzhou Innovation Institute, Beihang University, Hangzhou 310000, China
                Author notes
                [* ]Correspondence: wuting@ 123456hdu.edu.cn
                Article
                sensors-20-05194
                10.3390/s20185194
                7570995
                32933082
                82ad01c0-9022-4122-bbd0-f03af2c73b96
                © 2020 by the authors.

                Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( http://creativecommons.org/licenses/by/4.0/).

                Categories
                Article

                Comments

                Comment on this article