IoTInfer: Automated Blackbox Fuzz Testing of IoT Network Protocols Guided by Finite State Machine Inference

• Published in: IEEE internet of things journal Vol. 9; no. 22; pp. 22737 - 22751
• Main Authors: Shu, Zhan, Yan, Guanhua
• Format: Journal Article
• Language: English
• Published: Piscataway IEEE 15.11.2022; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Bluetooth; Clustering; Codes; Device security; Devices; Finite state machines; Fuzzing; Inference; Inference algorithms; Internet of Things; Microbalances; Mutation; Performance evaluation; Protocols; Security; security and privacy
• ISSN: 2327-4662; 2327-4662
• DOI: 10.1109/JIOT.2022.3182589

The popularity of Internet of Things (IoT) devices calls for effective yet efficient methods to assess the security and resilience of IoT devices. In this work, we explore a new heuristic based on finite state machine (FSM) inference to guide generation of test cases for blackbox fuzzing tests of IoT network protocol implementations. Our method, which is called IoTInfer, balances exploration and exploitation by continuously monitoring how likely mutation of an input message leads to counterexamples conflicting with the prediction by the current FSM. IoTInfer also applies clustering techniques to coarsen the FSM inferred when there are limited computational resources provisioned for fuzzing tests. We implement IoTInfer for both Bluetooth and Telnet protocols, which are widely used by existing IoT devices. Our experimental results with a variety of IoT devices reveal that IoTInfer is efficient at generating meaningful test cases, some of which can expose previously unknown vulnerabilities or implementation deviations from protocol specifications. We also compare IoTInfer with two other state-of-the-art blackbox IoT device fuzzing tools and find that IoTInfer is better at eliciting different types of responses from the fuzzing targets.