| 摘 要: 针对传统模糊测试难以全面覆盖黑盒条件下的智能家居低功耗蓝牙(BLE)协议行为的问题,提出了一种基于有限状态机引导的蓝牙协议模糊测试方法。该方法对蓝牙协议的多层结构进行跨层联合状态建模,通过主动学习推导目标设备的协议状态机模型,生成更高效、更全面的测试用例。同时,基于此方法设计实现原型系统FSMBLEFuzzer。测试结果表明,FSMBLEFuzzer在生成的状态数、模糊测试轮数、查询次数、反例数等方面均显著优于现有工具Pf,被测的8个设备中,有5个发生了崩溃或异常。验证了该方法在蓝牙协议安全测试方面的实用性和有效性 |
| 关键词: 低功耗蓝牙协议 状态机学习 模糊测试 漏洞挖掘 |
|
中图分类号: TP311.1
文献标识码: A
|
|
| Finite State Machine-Guided Fuzzing Method for Bluetooth Protocols in Smart Home Devices |
|
TAN Xin, LIANG Pengyuan, WU Lifa
|
(School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210023, China)
833773277@qq.com; zhendeshuai11@gmail.com; wulifa@njupt.edu.cn
|
| Abstract: To address the issue that traditional fuzzing struggles to comprehensively cover the behaviors of Bluetooth Low Energy (BLE) protocols in smart home devices under black-box conditions, this paper proposes a finite state machine-guided fuzzing method for Bluetooth protocols. This method performs cross-layer joint state modeling on the mult-i layer structure of Bluetooth protocols, deduces the protocol state machine model of the target device throughactive learning, and generates more efficient and comprehensive test cases. Simultaneously, a prototype system named FSMBLEFuzzer is designed and implemented based on this method. Test results demonstrate that FSMBLEFuzzer significantly outperforms the existing tool Pf in terms of the number of generated states, fuzzing rounds, query counts, and counterexamples. Among the eight tested devices, five experienced crashes or anomalies, validating the practicality and effectiveness of the proposed method for security testing of BLE protocols. |
| Keywords: bluetooth low energy protocol state machine learning fuzzing vulnerability discovery |
