Fuzz Testing of Zigbee Protocol Implementation

Lead by Mengfei Ren

Description

In recent years, we have witnessed the increasing of IoT devices deployed in various areas, e.g., home automation, healthcare, industry and smart vehicle. Zigbee is one of global most popular IoT wireless standards used by million devices and customers. Particularly, Zigbee is now on Mars as well! In March 2021, it was used in NASA Mars mission as the communication radio between flying drone and Perseverance rover.

Why we need Zigbee? Though WiFi and Bluetooth have been worked very well for many years, they are not ideal communication solutions for resource-constraint IoT devices. Suppose we have many small sensors deployed in a remote area to monitor equipments’ status. Of course, we don’t want to frequently replace their batteries. Thus, their daily communication should not spend too much power and resource. However, WiFi is complicated and its transceivers are usually expensive. Bluetooth devices also use too much power and too complex. Therefore, Zigbee is designed as a low-power, low-cost, and low-speed wireless protocol, for the communication between resource-constraint embedded devices.

However, when both simplicity and low cost are goals, security often suffers since productivity has high priority and security service may have limited resources. Recently, server vulnerabilities in Zigbee protocol implementations have compromised IoT dvices from different manufactuers. It becomes imperative to perform security testing on Zigbee protocol implementations. Fuzz testing is a mainstream for assessing security problems since 2000. It has posed thousands of vulnerabilities in various software applications. However, it is not a trivial task to directly apply state-of-the-art fuzzing tools to Zigbee protocol implementations. Thus, this research project amis to apply state-of-art software testing techniques, such as fuzzing and data flow analysis, for detecting security vulnerability in Zigbee protocol implementations, especially addressing practical technical challenges of existing fuzzing solutions.

Publications

  • Intelligent Zigbee Protocol Fuzzing via Constraint-Field Dependency Inference
    by Mengfei Ren, Haotian ZHang, Xiaolei Ren, Jiang Ming, Yu Lei
    In Proceedings of the 2023 European Symposium of Research in Computer Security (ESORICS '23). Hague, Netherland. (Just accpeted)
  • Security Analysis of Zigbee Protocol Implementation via Device-agnostic Fuzzing
    by Mengfei Ren, Xiaolei Ren, Huadong Feng, Jiang Ming, Yu Lei
    ACM Digital Threats: Research and Practice, Volume 4, Issue 1, Article No.: 9pp 1–24.
  • Z-Fuzzer: Device-agnostic Fuzzing of Zigbee Protocol Implementation
    by Mengfei Ren, Xiaolei Ren, Huadong Feng, Jiang Ming, Yu Lei
    In Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec '21). Association for Computing Machinery, New York, NY, USA, 347–358.
    ACM Artifact Evaluation Badges: FunctionalFunctional AvailableAvailable ReproducedReproduced
    Zero-day Vulnerabilities Detected: CVE-2020-27890, CVE-2020-27891, CVE-2020-27892

Back to Project Page