| Full text | |
| Author(s): |
Araujo Rodriguez, Luis Gustavo
;
Batista, Daniel Macedo
;
IEEE
Total Authors: 3
|
| Document type: | Journal article |
| Source: | 26TH IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS (IEEE ISCC 2021); v. N/A, p. 7-pg., 2021-01-01. |
| Abstract | |
MQTT's security has been a major concern because of its weak protocol implementations. Over the last few years, several fuzzing frameworks have been proposed to mitigate this issue. However, these frameworks lack sufficient knowledge of MQTT's specifications, requiring a considerable amount of network packets to cover all of its features and functionality. In this paper, we explain how to improve the efficiency of fuzzing frameworks for MQTT by using a grammar based on its specifications. Although defining a grammar is time-consuming and complex, these drawbacks are overshadowed by its benefits, such as deep state exploration and efficiency. Our improvements are implemented in MQTTGRAM, a new grammar-based fuzzer for MQTT. Due to these improvements, MQTTGRAM offers higher code coverage with significantly fewer packets than existing MQTT fuzzers. For instance, MQTTGRAM exchanges up to 9x fewer packets than its counterparts without reducing the line coverage. (AU) | |
| FAPESP's process: | 14/50937-1 - INCT 2014: on the Internet of the Future |
| Grantee: | Fabio Kon |
| Support Opportunities: | Research Projects - Thematic Grants |
| FAPESP's process: | 18/22979-2 - IoT-SED: security and efficiency in data transport on Internet of Things |
| Grantee: | Daniel Macêdo Batista |
| Support Opportunities: | Regular Research Grants |
| FAPESP's process: | 18/23098-0 - MENTORED: from modeling to experimentation - predicting and detecting DDoS and zero-day attacks |
| Grantee: | Michele Nogueira Lima |
| Support Opportunities: | Research Projects - Thematic Grants |
| FAPESP's process: | 15/24485-9 - Future internet for smart cities |
| Grantee: | Fabio Kon |
| Support Opportunities: | Research Projects - Thematic Grants |