Litcius/Paper detail

FUME: Fuzzing Message Queuing Telemetry Transport Brokers

Bryan Pearson, Yue Zhang, Cliff C. Zou, Xinwen Fu

2022IEEE INFOCOM 2022 - IEEE Conference on Computer Communications15 citationsDOI

Abstract

Message Queuing Telemetry Transport (MQTT) is a popular communication protocol used to interconnect devices with considerable network restraints, such as those found in Internet of Things (IoT). MQTT directly impacts a large number of devices, but the software security of its server ("broker") implementations is not well studied. In this paper, we design, implement, and evaluate a novel fuzz testing model for MQTT. The fuzzer combines aspects of mutation guided fuzzing and generation guided fuzzing to rigorously exhaust the MQTT protocol and identify vulnerabilities in servers. We introduce Markov chains for mutation guided fuzzing and generation guided fuzzing that model the fuzzing engine according to a finite Bernoulli process. We implement "response feedback", a novel technique which monitors network and console activity to learn which inputs trigger new responses from the broker. In total, we found 7 major vulnerabilities across 9 different MQTT implementations, including 6 zero-day vulnerabilities and 2 CVEs. We show that when fuzzing these popular MQTT targets, our fuzzer compares favorably with other state-of-the-art fuzzing frameworks, such as BooFuzz and AFLNet.

Topics & Concepts

Fuzz testingMQTTComputer scienceMessage queueComputer networkComputer securitySoftwareOperating systemInternet of ThingsSoftware Testing and Debugging TechniquesSoftware Reliability and Analysis ResearchAdvanced Malware Detection Techniques