Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Securing the IoT. Utilizing conformance tessuites for fuzzing

: Knoblauch, Dorian; Hackel, Sascha

Volltext urn:nbn:de:0011-n-5720614 (466 KByte PDF)
MD5 Fingerprint: 96652f6f0e6a7cdd14b77d3086520862
Erstellt am: 10.04.2020

Sikora, A.:
Embedded World Conference 2019. DVD-ROM : February 26-28, 2019, Messezentrum Nürnberg, Germany
Haar: WEKA Fachmedien Verlag, 2019
5 S.
Embedded World Exhibition and Conference <2019, Nuremberg>
Bundesministerium fur Wirtschaft und Energie BMWi (Deutschland)
136387; IoT-T
Konferenzbeitrag, Elektronische Publikation
Fraunhofer FOKUS ()
IoT; security; fuzzing; testing conformance; negative testing; TTCN-3

IoT devices are widely used in almost all vertical domains like homes, factories or as wearables on the body. This diversity is reflected in a variety of implementations which creates challenges for security testing due to the lag of applicability of out-of-the-box security testing solutions, like existing in other areas. We're introducing a security testing suite that is capable of providing security tests. Our security test suite is part of the Eclipse IoT-Testware project. It is capable of creating fuzz test cases from conformance test suites for devices automatically, regardless of the used protocols. Eclipse IoT-Testware reads into the communication between two devices, generates a model of the used protocol and generates fuzz data using the generation library Fuzzino. This solution has found vulnerabilities in ITS devices and flaws in devices using COAP and MQTT.