| With the development of Io T technology,people pay more and more attention to the security of Io T protocols.Due to the unpublished specification documents of some Io T protocols in the market,and the protocol itself has not undergone a lot of testing and improvement,there are often some loopholes in the Io T protocols,causing serious safety hazards.In order to ensure the security of Io T protocols,it is necessary to detect and troubleshoot vulnerabilities in Io T protocols.The protocol state machine is used to describe the interactive behavior of protocol entities,and it can accurately describe the various states of the protocol.As an efficient testing method,fuzz testing is widely used in vulnerability detection.Therefore,this thesis proposes a state-based inference method for the state machine of the Internet of Things protocol and a method for generating test cases based on the state machine of the Internet of Things protocol for the problems existing in the protocol state machine and test case generation of the Internet of Things protocol.Finally,a prototype system for Internet of Things protocol fuzzing testing is designed and implemented.The specific work is as follows:(1)A session-based inference method for the state machine of the Internet of Things protocol is proposed.In the field of protocol state machines,current research methods ignore the relationship between multiple message fields and the relationship between each message field and do not involve the correlation between states to guide the generation of subsequent fuzz test cases.To solve the problem,the method in this thesis combines the relationship between a single session and multiple sessions to extract the protocol keywords,and then generates a protocol state machine based on the protocol state machine model and the data structure of the cross-linked list.Experimental results show that the method proposed in this thesis can maintain high accuracy even when the number of sessions increases rapidly.(2)A test case generation method based on the Io T protocol state machine is proposed.Since the existing solutions do not fully cover the state migration path,and do not involve the correlation between states to guide the generation of subsequent fuzzy test cases,the method in this thesis firstly considers all protocol states in the search migration state path instead of only considering the intermediate state;then,optimize it on the search migration state path generated by the method;secondly,calculate the state correlation on the protocol state machine,which simplifies the number of test cases;finally,use the prefix tree method,generate test cases.Experimental results show that this method can generate more abnormal test cases in less time,which optimizes the generation of test cases to a certain extent.(3)Design and implement the Internet of Things protocol fuzzing prototype system.The prototype system designed in this thesis is based on the B/S structure.Each module part of the system has the characteristics of high cohesion and low coupling characteristics,which is beneficial to the subsequent development of the system.Establishing the prototype system can effectively verify the rationality and feasibility of the protocol state machine generation method and the test case generation method. |
PDF Full Text Request