For Publishers
DiscoveryMetadataPeer reviewHostingPublishing
For Researchers
JoinPublishReviewCollect
Register
Blog
About
Search
Advanced search
My ScienceOpen
Search
For Publishers
For Researchers
Blog
About
15
views
44
references
 Top references
cited by
2
    
0 reviews
 Review
0
comments
 Comment
0
recommends
+1 Recommend
0 collections
    0
    shares
      273
      similar
       All similar
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      MultiFuzz: A Coverage-Based Multiparty-Protocol Fuzzer for IoT Publish/Subscribe Protocols

      research-article

      Read this article at

      ScienceOpenPublisherPMC
      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          The publish/subscribe model has gained prominence in the Internet of things (IoT) network, and both Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) support it. However, existing coverage-based fuzzers may miss some paths when fuzzing such publish/subscribe protocols, because they implicitly assume that there are only two parties in a protocol, which is not true now since there are three parties, i.e., the publisher, the subscriber and the broker. In this paper, we propose MultiFuzz, a new coverage-based multiparty-protocol fuzzer. First, it embeds multiple-connection information in a single input. Second, it uses a message mutation algorithm to stimulate protocol state transitions, without the need of protocol specifications. Third, it uses a new desockmulti module to feed the network messages into the program under test. desockmulti is similar to desock (Preeny), a tool widely used by the community, but it is specially designed for fuzzing and is 10x faster. We implement MultiFuzz based on AFL, and use it to fuzz two popular projects Eclipse Mosquitto and libCoAP. We reported discovered problems to the projects. In addition, we compare MultiFuzz with AFL and two state-of-the-art fuzzers, MOPT and AFLNET, and find it discovering more paths and crashes.

          Related collections

          Most cited references44

          • Record: found
          • Abstract: not found
          • Article: not found

          Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications

          Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi (2016)
          Article 0 comments Cited 839 times – based on 0 reviews     Review now
            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            A Survey of Communication Protocols for Internet of Things and Related Challenges of Fog and Cloud Computing Integration

            Jasenka Dizdarevic, Francisco Carpio, Admela Jukan (2019)
            Article 0 comments Cited 57 times – based on 0 reviews     Review now
              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              An empirical study of the reliability of UNIX utilities

              Barton Miller, Louis Fredriksen, Bryan So (1990)
              Article 0 comments Cited 56 times – based on 0 reviews     Review now
                Bookmark
                All references

                Author and article information

                Journal
                Journal ID (nlm-ta): Sensors (Basel)
                Journal ID (iso-abbrev): Sensors (Basel)
                Journal ID (publisher-id): sensors
                Title: Sensors (Basel, Switzerland)
                Publisher: MDPI
                ISSN (Electronic): 1424-8220
                Publication date (Electronic): 11 September 2020
                Publication date Collection: September 2020
                Volume: 20
                Issue: 18
                Electronic Location Identifier: 5194
                Affiliations
                [1 ]School of Cyberspace, Hangzhou Dianzi University, Hangzhou 310000, China; yzeng@ 123456hdu.edu.cn (Y.Z.); lin_mingmin@ 123456163.com (M.L.); yanzhaoshen@ 123456hdu.edu.cn (Y.S.); cuitingting@ 123456hdu.edu.cn (T.C.); zheng_qiuhua@ 123456163.com (Q.Z.); wangqiuhua@ 123456hdu.edu.cn (Q.W.)
                [2 ]State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210000, China
                [3 ]School of Cyber Science and Technology, Shandong University, Jinan 250000, China; guoshanqing@ 123456sdu.edu.cn
                [4 ]Science and Technology on Communication Security Laboratory, Chengdu 610041, China
                [5 ]Hangzhou Innovation Institute, Beihang University, Hangzhou 310000, China
                Author notes
                [* ]Correspondence: wuting@ 123456hdu.edu.cn
                Author information
                https://orcid.org/0000-0002-6294-4889
                Article
                Publisher ID: sensors-20-05194
                DOI: 10.3390/s20185194
                PMC ID: 7570995
                PubMed ID: 32933082
                SO-VID: 82ad01c0-9022-4122-bbd0-f03af2c73b96
                Copyright © © 2020 by the authors.
                License:

                Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license ( http://creativecommons.org/licenses/by/4.0/).

                History
                Date received : 13 August 2020
                Date accepted : 08 September 2020
                Categories
                Subject: Article

                ScienceOpen disciplines: Biomedical engineering
                Keywords: coverage-based fuzzing,network protocol,publish/subscribe,multiparty-protocol fuzzer,mqtt,coap,iot,preeny,security,desock
                Data availability:
                ScienceOpen disciplines: Biomedical engineering
                Keywords: coverage-based fuzzing, network protocol, publish/subscribe, multiparty-protocol fuzzer, mqtt, coap, iot, preeny, security, desock

                Comments

                Comment on this article