A Novel Fuzzing Test Method For ZigBee Based On FSM

Internet of Things (IoT) enables communications between things and people, which makes industrial control and home control easier. Wireless Sensor Network (WSN) is widely used in IoT. It achieves data transmission between sensors. However, the computing rate, storage capacity and the power of sensors are limited and communication is wireless. These lead to WSN vulnerable. The networks are faced with various attacks, such as data monitoring, node clone attack, Denial of Service attack (DoS) and etc. Wireless protocols ensure the normal, stable and security communications between sensors. There are probably vulnerabilities in protocol stacks due to incomplete consideration or the deviation of understanding during design and implementing protocols. Therefore, it is necessary to finding vulnerabilities of protocol for improving the security of IoT.According to the experience of finding previous vulnerabilities, most of them are exposed due to an anomalous input in a special state. The migration of states of the tested objects is conducive for finding vulnerabilities in Fuzzing test. However, the importance of the migration of states is not taken into account in the previous improved Fuzzing algorithms for Zigbee. In this paper, another improved Fuzzing algorithm based on Finite State Machine (FSM) is proposed. In the novel algorithm, the FSM model of the tested protocol is built according to the abstract description of the protocol. The test sequences are generated based on FSM. They are used for Fuzzing and detecting whether the measured objects are operating normally. A sequence is composed with pre-sequence, mutation data, UIO sequence and regression sequence. Pre-sequence makes the measured objects transform to the tested state. UIO sequence is used for checking the state of the objects. Regression sequence make the objects prepare for the next round of test. The FSM model is auto building in the algorithm. Therefore, it is suitable for most of the wireless protocols.In this paper, the Fuzzing method based on FSM is applied on finding vulnerabilities of Zigbee which is the most popular in WSN. According to IEEE802.15.4, there are a series of rules on MAC layer for filtering illegal frames which would be abandoned early. Most of the cases generated in random Fuzzing test are illegal and useless. In order to avoid prematurely abandoned, structure-based data generation algorithm is proposed and applied on FSM-based Fuzzing algorithm. Most of the mutation frames generated in this algorithm is legit and proposed to the upper layers. Theory analysis and test results both prove that the quality of the cases generated by FSM-based Fuzzing algorithm with structure-based algorithm is far more than those generated only by structure-based data generation algorithm.In addition, a Fuzzing test system ZFuzzer is designed and implemented by CC2530. During the security of Zigbee, a vulnerability was exposed which would lead to communication interruption. It proves that ZFuzzer is useful. It also shows that there are potential problems in Zigbee and the stack.