Riding the IoT Wave With VFuzz: Discovering Security Flaws in Smart Homes
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Nkuba, Carlos Kayembe | - |
dc.contributor.author | Kim, Seulbae | - |
dc.contributor.author | Dietrich, Sven | - |
dc.contributor.author | Lee, Heejo | - |
dc.date.accessioned | 2022-03-03T08:40:22Z | - |
dc.date.available | 2022-03-03T08:40:22Z | - |
dc.date.created | 2022-03-02 | - |
dc.date.issued | 2022 | - |
dc.identifier.issn | 2169-3536 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/137600 | - |
dc.description.abstract | Z-Wave smart home Internet of Things devices are used to save energy, increase comfort, and remotely monitor home activities. In the past, security researchers found Z-Wave device vulnerabilities through reverse engineering, manual audits, and penetration testing. However, they did not fully use fuzzing, which is an automated cost-effective testing technique. Thus, in this paper, we present VFUZZ, a protocol-aware blackbox fuzzing framework for quickly assessing vulnerabilities in Z-Wave devices. VFUZZ assesses the target device capabilities and encryption support to guide seed selection and tests the target for new vulnerability discovery. It uses our field prioritization algorithm (FIPA), which mutates specific Z-Wave frame fields to ensure the validity of the generated test cases. We assessed VFUZZ on a real Z-Wave network consisting of 19 Z-Wave devices ranging from legacy to recent ones, as well as different device types. Our VFUZZ evaluation found 10 distinct security vulnerabilities and seven crashes among the tested devices and yielded six unique common vulnerabilities and exposures (CVE) identifiers related to the Z-Wave chipset. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC | - |
dc.title | Riding the IoT Wave With VFuzz: Discovering Security Flaws in Smart Homes | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Heejo | - |
dc.identifier.doi | 10.1109/ACCESS.2021.3138768 | - |
dc.identifier.scopusid | 2-s2.0-85122300591 | - |
dc.identifier.wosid | 000739977800001 | - |
dc.identifier.bibliographicCitation | IEEE ACCESS, v.10, pp.1775 - 1789 | - |
dc.relation.isPartOf | IEEE ACCESS | - |
dc.citation.title | IEEE ACCESS | - |
dc.citation.volume | 10 | - |
dc.citation.startPage | 1775 | - |
dc.citation.endPage | 1789 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | Security | - |
dc.subject.keywordAuthor | Smart homes | - |
dc.subject.keywordAuthor | Protocols | - |
dc.subject.keywordAuthor | Testing | - |
dc.subject.keywordAuthor | Encryption | - |
dc.subject.keywordAuthor | Fuzzing | - |
dc.subject.keywordAuthor | Payloads | - |
dc.subject.keywordAuthor | Smart home security | - |
dc.subject.keywordAuthor | Z-Wave | - |
dc.subject.keywordAuthor | Internet of Things | - |
dc.subject.keywordAuthor | fuzzing | - |
dc.subject.keywordAuthor | vulnerabilities discovery | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.