Research On UPnP Protocol Fuzzing Test Technology For Internet Device

In recent years,with the concept of "smart earth" and the development of Internet of Things technology,smart devices are also being applied to people's daily life.Many manufacturers have developed different functions of the device.In order to realize the interoperability between these information technology products,many standardization organizations and business alliances in the world have been involved in the formulation of relevant technical standards.So the Universal Plug and Play protocol has been widely used.It realizes mutual recognition and data communication among devices under the same network.Although,the UPnP protocol makes all kinds of network products with different functions and structures more intelligent,the security of the UPnP protocol in various network devices has become increasingly prominent.The fuzzing test technique for network protocols is mainly through the research of network protocol specifications and standards,and then use fuzzer to establish a socket connection between the fuzzer and test object,finally send the mutated data to it and monitor the mistake of the target device.This technique is mainly use the sniffer to capture the normal packet of the network protocol.By mutating each field of the protocol,we observe the network device how to process variant packets.There are many fuzzing tools for network protocols,such as SPIKE,ProtoFuzz and other tools.However,this article analyzes the security of the UPnP protocol in network equipment from another perspective.In network equipment,UPnP may cause different security problems,because programmers do not fully take into account the security flaws brought by UPnP protocol functions.These security issues may be different in different network devices.In view of the difference between network devices,this paper analyzes the UPnP protocol security of network devices from the perspective of network device firmware.First of all,this paper proposes a method for analyzing the firmware of the network device,extracts the firmware from the network device,and get the corresponding UPnP module from the firmware.Then,we analyze the binary fuzzy testing technology.Finally,an algorithm for generating fuzzy test cases is proposed to generate efficient fuzzy test cases based on linear inequalities.Based on the above research,we implemented the exploit of the UPnP protocol security flaw in the gateway equipment,and analyze the possible exploit ways.