摘要
控制中心是整个智能家居的核心,可通过手机、平板等终端进行远程控制,一旦控制中心被攻击,攻击者便可获得绝大多数的家居控制权限,造成巨大破坏。目前,在智能家居系统中,控制中心多通过路由器采用无线通信技术与远程终端设备连接,实现对系统中的各种智能家居的操作和控制,路由器的安全性直接关系到整个智能家居系统和用户隐私生活的安全。文章提出了一种新颖的路由器漏洞挖掘方法,并基于Sulley将该方法实现为一种路由器漏洞检测框架,着重分析了路由器安全。结合污点分析技术,文章设计了一种针对路由器的三阶段模糊测试用例生成模块TPFTGM,指导Fuzzing过程中特定测试用例的生成,并将该框架运用于Dlink系列的路由器漏洞的挖掘。实验结果表明,利用该框架解决了Fuzzing中测试用例效率低下以及低代码路径覆盖率的问题。
The control center is the core of the smart home, and it can be controlled remotely through mobile phones, flat panels and other terminals. Once the control center is attacked, the attacker can get the majority of the household control authority, resulting in great destruction. At present, in the intelligent Home Furnishing system, control center through the router using wireless communication technology to connect to the remote terminal equipment, operation and control of all kinds of intelligent home furnishing in the system, the router is directly related to the safety of the whole intelligent system home furnishing and user privacy security.This paper designs a framework to discover vulnerabilities of the router based on sulley, and proposes a three-phase test case generation module(TPFTGM) to guide the generation of specific test cases in the process of fuzzing, and applies the framework to mining vulnerabilities in the Dlink. The experimental results show that the framework can successfully mine and restore the remote code execution vulnerability in the Dlink, and optimize the low efficiency of test cases and low code coverage in Fuzzing.
作者
赵健
王瑞
李思其
ZHAO Jian;WANG Rui;LI Siqi(School of Information Science and Technology,Northwest University,Xi'an Shannxi 710127,China;Yunnan Police College,Kunming Yunnan 650223,China)
出处
《信息网络安全》
CSCD
北大核心
2018年第6期36-44,共9页
Netinfo Security
基金
国家自然科学基金[61572400]
关键词
智能家居
污点跟踪
路由器漏洞
漏洞检测
smart home
taint tracking
router vulnerabilities
vulnerability detection
