With the extensive application of Zigbee, some bodies of literature were devoted into finding the vulnerabilities of Zigbee by fuzzing. According to earlier test records, the majority of defects were exposed due to a series of testing cases. However, the context of malformed inputs is not taken account into the previous algorithms. In this paper, we propose a refined structure-based fuzzing algorithm for Zigbee based on FSM, FSM-fuzzing. Any malformed input in FSM-Fuzzing is injected to the tested sensor against a specific initial state. If the sensor transferred to the next state of FMS or crashed, there would be a defect of Zigbee in dealing with the input under the state. The final state of the sensor is verified by an UIO sequence. After a round of tests, the sensor is regressed to the specific state to prepars for receiving the next mutation. All of the states would be traversed in FSM-fuzzing. A fuzzing tool, ZFSM-fuzzer, is designed for evaluating the performance of FSM-fuzzing. Experiment results show that there is a vulnerability of Zigbee in dealing with the frames without destination addresses. Further, the quality of cases of FSM-fuzzing is higher than the previous algorithms. Therefore, FSM-fuzzing is powerful in finding the vulnerabilities of Zigbee.
展开▼
