Zigbee protocol is one of global most popular IoT wireless standards used by million devices and customers. It has also been deployed in NASA Mars mission as communication radio between flying drone and Perseverance rover.
Recently, server vulnerabilities in Zigbee protocol implementations have compromised IoT devices from different manufacturers. It becomes imperative to perform security testing on Zigbee protocol implementations. Thus, this research project aims to apply existing state-of-art vulnerability detection techniques, such as fuzzing and data flow analysis, to Zigbee protocol implementations.
Low-Power IoT Communication
Though WiFi and Bluetooth have been worked very well for many years, they are not ideal communication solutions for resource-constraint IoT devices. Zigbee is designed as a low-power, low-cost, and low-speed wireless protocol, for the communication between resource-constraint embedded devices.
Security Challenges
However, when both simplicity and low cost are goals, security often suffers since productivity has high priority and security service may have limited resources. Fuzz testing is a mainstream for assessing security problems since 2000.
Intelligent Zigbee Protocol Fuzzing via Constraint-Field Dependency Inference
Mengfei Ren, Haotian Zhang, Xiaolei Ren, Jiang Ming, Yu Lei
Proceedings of the 2023 European Symposium of Research in Computer Security (ESORICS '23)
Just AcceptedSecurity Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing
Mengfei Ren, Xiaolei Ren, Huadong Feng, Jiang Ming, Yu Lei
ACM Digital Threats: Research and Practice, Volume 4, Issue 1, Article No.: 9pp 1–24
Z-Fuzzer: Device-agnostic Fuzzing of Zigbee Protocol Implementation
Mengfei Ren, Xiaolei Ren, Huadong Feng, Jiang Ming, Yu Lei
Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '21)
Zero-day Vulnerabilities Detected:
Fuzzing Techniques
- • Device-agnostic fuzzing approach
- • Constraint-field dependency inference
- • Intelligent protocol mutation
- • Coverage-guided testing
Security Analysis
- • Vulnerability detection in IoT devices
- • Protocol implementation testing
- • Zero-day vulnerability discovery
- • Real-world impact assessment