A Novel Fuzzing Method for Zigbee Based on Finite State Machine

With the extensive application of Zigbee, some bodies of literature were devoted into finding the vulnerabilities of Zigbee by fuzzing. According to earlier test records, the majority of defects were exposed due to a series of testing cases. However, the context of malformed inputs is not taken account into the previous algorithms. In this paper, we propose a refined structure-based fuzzing algorithm for Zigbee based on FSM, FSM-fuzzing. Any malformed input in FSM-Fuzzing is injected to the tested sensor against a specific initial state. If the sensor transferred to the next state of FMS or crashed, there would be a defect of Zigbee in dealing with the input under the state. The final state of the sensor is verified by an UIO sequence. After a round of tests, the sensor is regressed to the specific state to prepars for receiving the next mutation. All of the states would be traversed in FSM-fuzzing. A fuzzing tool, ZFSM-fuzzer, is designed for evaluating the performance of FSM-fuzzing. Experiment results show that there is a vulnerability of Zigbee in dealing with the frames without destination addresses. Further, the quality of cases of FSM-fuzzing is higher than the previous algorithms. Therefore, FSM-fuzzing is powerful in finding the vulnerabilities of Zigbee. 1. Introduction Zigbee attracts much attention in recent years due to the growth of the demand for low power consumption [1]. Therefore, Zigbee sensors are lightweight with slow operation speed and low storage ability. Moreover, the sensors are usually deployed in the outside [2]. As a result, Zigbee networks are faced with multiple attacks, such as data monitor, data tampering, and Denial of Service (DoS) attack [3]. Some bodies of literature focused on the security analysis and the security framework of Zigbee. They proposed key management schemes for encrypting data and identifying impersonated nodes with low cost [4]. They also proposed privacy protection schemes [5] and security routing protocols [6] to enhance the security of Zigbee networks. The previous research result shows that there are several vulnerabilities with Zigbee protocol, which would lead to the jamming or even crashing of the networks. Thus, mining the potential defects of Zigbee and refining them are important for the security of networks. Fuzzing test is widely used in finding defections of network protocols and file applications [7]. Fuzzing test is implemented by injecting malformed testing cases to the target system and detecting the operation status of the target [8, 9]. If the target system crashed, there may be