FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation
With the growing prevalence of the Internet of Things (IoT), related security threats have kept pace. The need to dynamically detect vulnerabilities in IoT devices cannot be overstated. In this work, we present FIRM-COV, the first high coverage-oriented greybox fuzzer for IoT firmware. FIRM-COV leve...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2021-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9489311/ |
| id |
doaj-152dab4cc4bf4a0287d3c9543952ef14 |
|---|---|
| record_format |
Article |
| spelling |
doaj-152dab4cc4bf4a0287d3c9543952ef142021-07-26T23:00:50ZengIEEEIEEE Access2169-35362021-01-01910162710164210.1109/ACCESS.2021.30978079489311FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process EmulationJuhwan Kim0https://orcid.org/0000-0002-1308-4499Jihyeon Yu1Hyunwook Kim2Fayozbek Rustamov3https://orcid.org/0000-0002-0082-4996Joobeom Yun4https://orcid.org/0000-0002-7264-2446Department of Computer and Information Security, Convergence Engineering for Intelligent Drone, Sejong University, Seoul, South KoreaDepartment of Computer and Information Security, Convergence Engineering for Intelligent Drone, Sejong University, Seoul, South KoreaDepartment of Computer and Information Security, Sejong University, Seoul, South KoreaDepartment of Computer and Information Security, Sejong University, Seoul, South KoreaDepartment of Computer and Information Security, Convergence Engineering for Intelligent Drone, Sejong University, Seoul, South KoreaWith the growing prevalence of the Internet of Things (IoT), related security threats have kept pace. The need to dynamically detect vulnerabilities in IoT devices cannot be overstated. In this work, we present FIRM-COV, the first high coverage-oriented greybox fuzzer for IoT firmware. FIRM-COV leverages newly optimized process emulation by targeting IoT programs and mining real-world vulnerabilities. FIRM-COV focuses on solving problems of IoT fuzzing based on empirical analyses, using the required structured input, the inaccuracy and instability of emulation, and the required high code coverage. By optimizing the existing emulation technique, FIRM-COV always maintains a stable state and achieves high accuracy when detecting vulnerabilities. We also implement a dictionary generation algorithm to provide structured input values and synergy scheduling to achieve high coverage and throughput. We compare FIRM-COV with other IoT fuzzing frameworks for eight real-world IoT devices. As a result, FIRM-COV achieves the highest coverage and throughput, finding the fastest and most 1-day vulnerabilities with almost no false-positives. It also found two 0-day vulnerabilities in real-world IoT devices within 24 h.https://ieeexplore.ieee.org/document/9489311/DictionaryemulationfirmwarefuzzingIoTvulnerability |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Juhwan Kim Jihyeon Yu Hyunwook Kim Fayozbek Rustamov Joobeom Yun |
| spellingShingle |
Juhwan Kim Jihyeon Yu Hyunwook Kim Fayozbek Rustamov Joobeom Yun FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation IEEE Access Dictionary emulation firmware fuzzing IoT vulnerability |
| author_facet |
Juhwan Kim Jihyeon Yu Hyunwook Kim Fayozbek Rustamov Joobeom Yun |
| author_sort |
Juhwan Kim |
| title |
FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation |
| title_short |
FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation |
| title_full |
FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation |
| title_fullStr |
FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation |
| title_full_unstemmed |
FIRM-COV: High-Coverage Greybox Fuzzing for IoT Firmware via Optimized Process Emulation |
| title_sort |
firm-cov: high-coverage greybox fuzzing for iot firmware via optimized process emulation |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2021-01-01 |
| description |
With the growing prevalence of the Internet of Things (IoT), related security threats have kept pace. The need to dynamically detect vulnerabilities in IoT devices cannot be overstated. In this work, we present FIRM-COV, the first high coverage-oriented greybox fuzzer for IoT firmware. FIRM-COV leverages newly optimized process emulation by targeting IoT programs and mining real-world vulnerabilities. FIRM-COV focuses on solving problems of IoT fuzzing based on empirical analyses, using the required structured input, the inaccuracy and instability of emulation, and the required high code coverage. By optimizing the existing emulation technique, FIRM-COV always maintains a stable state and achieves high accuracy when detecting vulnerabilities. We also implement a dictionary generation algorithm to provide structured input values and synergy scheduling to achieve high coverage and throughput. We compare FIRM-COV with other IoT fuzzing frameworks for eight real-world IoT devices. As a result, FIRM-COV achieves the highest coverage and throughput, finding the fastest and most 1-day vulnerabilities with almost no false-positives. It also found two 0-day vulnerabilities in real-world IoT devices within 24 h. |
| topic |
Dictionary emulation firmware fuzzing IoT vulnerability |
| url |
https://ieeexplore.ieee.org/document/9489311/ |
| work_keys_str_mv |
AT juhwankim firmcovhighcoveragegreyboxfuzzingforiotfirmwareviaoptimizedprocessemulation AT jihyeonyu firmcovhighcoveragegreyboxfuzzingforiotfirmwareviaoptimizedprocessemulation AT hyunwookkim firmcovhighcoveragegreyboxfuzzingforiotfirmwareviaoptimizedprocessemulation AT fayozbekrustamov firmcovhighcoveragegreyboxfuzzingforiotfirmwareviaoptimizedprocessemulation AT joobeomyun firmcovhighcoveragegreyboxfuzzingforiotfirmwareviaoptimizedprocessemulation |
| _version_ |
1721280496986488832 |