Skip to main content
SpringerLink
Log in

Security Testing IoT Systems

  • Chapter
  • First Online:
Internet-of-Things (IoT) Systems

Abstract

System implementations need to be tested for security, because implementation bugs provide an attack surface that can be exploited to penetrate the systems. In this chapter, we introduce testing for security for IoT systems and especially fuzz testing, which is a successful technique to identify vulnerabilities in systems and network protocols. We describe an example fuzzer for the industrial protocol Modbus.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wurldtech- GE Digital, Achilles Test Platform, 2017. https://www.ge.com/digital/sites/default/files/achilles_test_platform.pdf

  2. Aitel, D. (2002). An introduction to SPIKE, the Fuzzer Creation Kit. Presented at The BlackHat USA Conference. www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt

  3. Amini, P. (2014). Sulley: Pure Python fully automated and unattended fuzzing framework. https://github.com/OpenRCE/sulley

  4. Antunes, J., & Neves, N. (2012). Recycling test cases to detect security vulnerabilities. In Proceedings of the 23rd International Symposium on Software Reliability Engineering, Dallas, Texas, November 27–30, 2012, pp. 231–240.

    Google Scholar 

  5. Avgerinos, T., Cha, S. K., Hao, B. L. T., & Brumley, D. (2011). AEG: Automatic Exploit Generation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11), San Diego, California, February 6–9, 2011.

    Google Scholar 

  6. Banks, G., et al. (2006). SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr. In Proceedings of the 9th Information Security Conference (ISC ‘06), pp. 343–358.

    Google Scholar 

  7. Biondi, P. Scapy, python interactive packet manipulation framework. http:/www.secdev.org/projects/scapy/

  8. Bratus, S., Hansen, A., & Shubina, A.(2008). LZFuzz: A fast compression-based Fuzzer for poorly documented protocols. Technical Report TR2008–634, Dept. of Computer Science, Dartmouth College, New Hampshire.

    Google Scholar 

  9. Byres, E. J., Hoffman, D., & Kube, N. (2006). On shaky ground – A study of security vulnerabilities in control protocols. In Proceedings of the 5th International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, November 12–16, 2006.

    Google Scholar 

  10. Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., & Engler, D. (2008). EXE: Automatically generating inputs of Death. In: Proceedings of CCS’06, Oct–Nov 2006 (extended version appeared in ACM TIS-SEC 12:2, 2008).

    Google Scholar 

  11. Cadar, C., Dunbar, D., & Engler, D. (2008). KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of OSDI’08, December 2008.

    Google Scholar 

  12. Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: Three decades later. Communications of the ACM, 56(2), 82–90.

    Article  Google Scholar 

  13. Clause, J., Li, W., & Orso, A. (2007). Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA’07), London, UK, July 9–12, 2007, pp. 196–206.

    Google Scholar 

  14. Chess, B., & West, J. (2007). Secure programming with static analysis. USA: Pearson Education.

    Google Scholar 

  15. Cowan, C., et al. (1998). StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Usenix Security Symposium, San Antonio, Texas, January 26–29, 1998.

    Google Scholar 

  16. Devarajan, G. (2007). Unraveling SCADA protocols: Using Sulley Fuzzer. Presented at the DefCon’15 Hacking Conference, 2007.

    Google Scholar 

  17. Du, W., & Mathur, A. P. (2002). Testing for software vulnerability using environment perturbation. Quality and Reliability Engineering International, 18(3), 261–272.

    Article  Google Scholar 

  18. Ganesh, V., Leek, T., & Rinard, M. (2009). Taint-based directed whitebox fuzzing. In Proceedings of the 31st International Conference on Software Engineering (ICSE’09), Vancouver, Canada, May 16–24, 2009, pp. 474–484.

    Google Scholar 

  19. Godefroid, P., Klarlund, N., & Sen, K. (2005). DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming language design and implementation, Chicago, USA, June 12–15, 2005, pp. 213–223.

    Google Scholar 

  20. Godefroid, P., Levin, M. Y., & Molnar, D. (2012). SAGE: Whitebox fuzzing for security testing. ACM Queue, 10(1).

    Google Scholar 

  21. Gorbunov, S., & Rosenbloom, A. (2010). Autofuzz: Automated network protocol fuzzing framework. IJCSNS, 10(8), 239–245.

    Google Scholar 

  22. Huang, S. K., Huang, M. H., Huang, P. Y., Lai, C. W., Lu, H. L., Leong, W. M. (2012). CRAX: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. IEEE 6th International Conference on Software Security and Reliability, June 20–22, 2012, pp. 78–87.

    Google Scholar 

  23. Kitagawa, T., Hanaoka, M., & Kono, K. (2010). AspFuzz: A state-aware protocol fuzzer based on application-layer protocols. In Proceedings of the IEEE Cymposium on Computers and Communications, Italy, 2010, pp. 202–208.

    Google Scholar 

  24. Kobayashi, T. H., Batista, A. B., Brito, A. M., & Motta Pires, P. S. (2007). Using a packet manipulation tool for security analysis of industrial network protocols. In Proceedings of 2007 IEEE Conference on Emerging Technologies and Factory Automation, Patras, 2007, pp. 744–747.

    Google Scholar 

  25. Koch, R. Profuzz. https://github.com/HSASec/ProFuzz

  26. Miller, B. P., Fredriksen, L., & So, B. (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12), 32–44.

    Article  Google Scholar 

  27. Miller, B. P., et al. (1995). Fuzz revisited: A re-examination of the reliability of UNIX utilities and services. Technical report TR-1268, Department of Computer Sciences, University of Wisconsin-Madison.

    Google Scholar 

  28. Miller, B. P., Cooksey, G., & Moore, F. (2006). An empirical study of the robustness of MacOS applications using random testing. In Proceedings of the 1st International Workshop on Random testing. Portland, Maine, July 20, 2006, pp. 46–54.

    Google Scholar 

  29. ModBus Organization. ModBus Application Protocol Specification http://www.modbus.org/docs/ModbusApplication/ProtocolV11b.pdf

  30. Modbus Serial Line Protocol and Implementation Guide V1.02 (Modbus_over_serial_line_V1_02.pdf).

    Google Scholar 

  31. McNally, R., Yiu, K., Grove, D., & Gerhardy, D. Fuzzing: The State of the Art. Technical Note DSTO-TN-1043, Defence Science and Technology Organization, Australia, 02–2012.

    Google Scholar 

  32. Newsome, J., & Song, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Technical report CMU-CS-04-140, 2004 (revised 2005).

    Google Scholar 

  33. http://nvd.nist.gov

  34. Peach Fuzzing Platform, http://www.peach.tech/products/peach-fuzzer/, 2017.

  35. PROTOS-Security Testing of Protocol Implementations. http//www.ee.oulu.fi/roles/ouspg/Protos/

  36. Qi, X., Yong, P., Dai, Z., Yi, S., & Wang, T. (2014). OPC-MFuzzer: A novel multi-layers vulnerability detection tool for OPC protocol based on fuzzing technology. International Journal of Computer and Communication Engineering, 3(4), 300–305.

    Article  Google Scholar 

  37. Schwartz, E. J., Avgerinos, T., & Brumley, D. (2010). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). 2010 IEEE Symposium on Security and Privacy.

    Google Scholar 

  38. Sen, K., Marinov, D., & Agha, G. (2005). CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference (held jointly with 13th ACM SIGSOFT International Symposium on the Foundations of Software Engineering), September 5–9, 2005, pp. 263–272.

    Google Scholar 

  39. http://www.securityfocus.com

  40. Shapiro, R., Bratus, S., Rogers, E., & Smith, S. (2011). Identifying vulnerabilities in SCADA systems via fuzz-testing. Critical Infrastructure Protection V, IFIP AICT, 367, 57–72.

    Article  Google Scholar 

  41. Sparks, S., Embleton, S., Cunningham, R., & Zou, C. (2007). Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting. In Proceedings of the 23rd Annual IEEE Computer Security Applications Conference (ACSAC 2007), pp. 477–486.

    Google Scholar 

  42. http://www.securitytracker.com

  43. Sutton, M., Greene, A., & Amini, P. (2007). Fuzzing: Brute force vulnerability discovery. Addison-Wesley Professional.

    Google Scholar 

  44. Takanen, A., DeMott, J., & Miller, C. (2008). Fuzzing for software security testing and quality assurance.

    Google Scholar 

  45. Tsankov, P., Torabi Dashti, M., Basin, D. (2012). SECFUZZ: Fuzz-testing security protocols. In Proceedings of the 7th International Workshop on Automation of Software Test (AST 2012), June 2–3, 2012, Zurich, Switzerland.

  46. VDA Labs, “General Purpose Fuzzer.” Rockford, Michigan, 2014, www.vdalabs.com/tools/efs gpf.html

  47. Viega, J., et al. (2000). ITS4: A static vulnerability scanner for C and C++ code. In Proceedings of 16th Annual IEEE Conference Computer Security Applications (ACSAC'00), New Orleans, Louisiana, 2000, pp. 257–267.

    Google Scholar 

  48. Voyiatzis, A. G., Katsigiannis, K., & Koubias, S. (2015). A Modbus/TCP Fuzzer for testing internetworked industrial systems. In Proceedings of the 20th IEEE International Conference on Emerging Technologies and Factory Automation ( ETFA 2015 ). Luxembourg, September 8–11, 2015, pp. 1–6.

    Google Scholar 

  49. Vuagnoux, M. (2006). Autodafe: An Act of Software Torture. Swiss Federal Institute of Technology (EPFL), Cryptography and Security Laboratory (LASEC). http://autodafe.sourceforge.net

  50. Wang, T., Wei, T., Gu, G., & Zou, W. (2010). TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2010, pp. 497–512.

    Google Scholar 

  51. Wang, T., et al. (2013). Design and implementation of fuzzing technology for OPC protocol. In Proceedings of 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, China, 2013, pp. 424–428.

    Google Scholar 

  52. Zhao, J., Wen, Y., & Zhao, G. (2011). H-fuzzing: A new heuristic method for fuzzing data generation. In Proceedings of Network and Parallel Computing, LNCS, Vol. 6985, Springer, 2011, pp. 32–43.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Electrical & Computer Engineering, University of Patras, Patras, Greece

    Dimitrios Serpanos

  2. School of ECE, Georgia Institute of Technology, Atlanta, GA, USA

    Marilyn Wolf

Authors
  1. Dimitrios Serpanos
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marilyn Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Serpanos, D., Wolf, M. (2018). Security Testing IoT Systems. In: Internet-of-Things (IoT) Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-69715-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-69715-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-69714-7

  • Online ISBN: 978-3-319-69715-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation