Z-Fuzzer: Device-agnostic Fuzzing of Zigbee Protocol Implementation
View/ Open
Date
2021-07-02Author
Ren, Mengfei
Ren, Xiaolei
Feng, Huadong
Ming, Jiang
Lei, Yu
Metadata
Show full item recordAbstract
With the proliferation of the Internet of Things (IoT) devices, Zigbee
is widely adopted as a resource-efficient wireless protocol. Recently,
severe vulnerabilities in Zigbee protocol implementations have
compromised IoT devices from different manufacturers. It becomes
imperative to perform security testing on Zigbee protocol implementations. However, it is not a trivial task to apply the existing
vulnerability detection techniques such as fuzzing to Zigbee protocol implementations. In particular, it remains a significant obstacle
to deal with low-level hardware events. Many existing protocol
fuzzing tools lack a proper execution environment for the Zigbee
protocol, which communicates via a radio channel instead of the
Internet.
To bridge the above gap, we develop a device-agnostic fuzzing
platform named Z-Fuzzer to detect security vulnerabilities in Zigbee
protocol implementations. Z-Fuzzer provides a software simulation
environment with pre-defined peripherals and hardware interrupts
configurations to simulate Zigbee protocol execution on real IoT
devices. We first extend the existing protocol fuzzing framework’s
capabilities with a proxy server to bridge communication with the
Zigbee protocol execution. Second, we generate more high-quality
test cases with code-coverage heuristics. We compare Z-Fuzzer
with advanced protocol fuzzing tools, BooFuzz and Peach fuzzer,
on top of Z-Fuzzer’s simulation platform. Our results show that
Z-Fuzzer can achieve higher code coverage in a mainstream Zigbee protocol implementation called Z-Stack. Z-Fuzzer has detected
more vulnerabilities using fewer test cases than BooFuzz and Peach.
Three of them have been assigned CVE IDs with high CVSS scores
(7.5∼8.2).