Genetics and fuzz testing to improve security in the Internet of Things
News from Nov. 04, 2024
The Internet of Things (IoT) connects the majority of our devices and systems, such as smartphones, computers, and servers. They exchange messages with each other via so-called “brokers” and their communication protocols, e.g. MQTT. Fraunhofer FOKUS has developed a new security testing approach in the IoT. It employs innovative methods and tools that can be used to efficiently identify and eliminate vulnerabilities in communication protocols.
Increasing networking in the IoT not only leads to innovative applications such as predictive maintenance of systems and machines or asset tracking, i.e. the monitoring of location and status in real time, but also to increased security risks due to hacker attacks.
The method developed by Fraunhofer FOKUS combines genetic algorithms and fuzzing to increase the efficiency of security testing in the IoT. The first step is to create a specification of a broker's communication protocol. A genetic algorithm generates test cases from this specification. In a second step, the system to be tested is confronted with a large number of such test cases using fuzzing. The genetic algorithm evaluates the results of these tests and, similar to biology, generates optimized test cases for further fuzzing attacks. This process is repeated until the system under test no longer reacts, for example.
The special feature here is that the generation of test cases has been optimized by operating the genetic algorithm directly on the specification, which means that the limits of the communication protocol can be tested more efficiently. To this end, the scientists have further developed the fuzzing library Fuzzino developed by Fraunhofer FOKUS to enable the efficient generation of test data with the help of genetic algorithms. They also developed a framework for assessing the fitness of test cases, which evaluate indicators such as response time, message size and code coverage.
To demonstrate the effectiveness of the new approach, the Eclipse Mosquitto Broker, a widely used tool used by many developers, was tested. The Mosquitto broker has so far been continuously tested with the help of Google OSS-Fuzz, an open source fuzzing framework that includes a number of open-source fuzzing tools. The vulnerability that was exposed by the Fraunhofer FOKUS method within a few minutes was not discovered. The Eclipse Foundation has since fixed the vulnerability (CVE-2024-8376). A new vulnerability in the patched version of Eclipse Mosquitto was identified using the new method and has already been reported to Eclipse, and several vulnerabilities were identified in another MQTT broker called NanoMQ and reported to the manufacturer.
The method can be used for any communication protocol, even beyond the Internet of Things, to improve security testing and the development of security patches.