Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Securing the IoT. Utilizing conformance tessuites for fuzzing

: Knoblauch, Dorian; Hackel, Sascha

Embedded World Exhibition and Conference 2019 : Nuremberg, Germany, 26.-28.2.2019
Nuremberg, 2019
5 pp.
Embedded World Exhibition and Conference <2019, Nuremberg>
Bundesministerium fur Wirtschaft und Energie BMWi (Deutschland)
136387; IoT-T
Conference Paper
Fraunhofer FOKUS ()
IoT; security; fuzzing; testing conformance; negative testing; TTCN-3

IoT devices are widely used in almost all vertical domains like homes, factories or as wearables on the body. This diversity is reflected in a variety of implementations which creates challenges for security testing due to the lag of applicability of out-of-the-box security testing solutions, like existing in other areas. We're introducing a security testing suite that is capable of providing security tests. Our security test suite is part of the Eclipse IoT-Testware project. It is capable of creating fuzz test cases from conformance test suites for devices automatically, regardless of the used protocols. Eclipse IoT-Testware reads into the communication between two devices, generates a model of the used protocol and generates fuzz data using the generation library Fuzzino. This solution has found vulnerabilities in ITS devices and flaws in devices using COAP and MQTT.