TUM Logo

Grey-box fuzzing embedded devices using feedback from side-channel analysis

Grey-box fuzzing embedded devices using feedback from side-channel analysis

Supervisor(s): Ferdinand Jarisch
Status: finished
Topic: Others
Author: Thomas Völkl
Submission: 2022-03-15
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

While embedded devices become more and more prevalent with the rise of
the internet of things, assessing their security similarly to
approaches known from conventional devices remains challenging due to
resource constraints and a lack of interfaces. In particular, fuzzing
embedded devices is nowadays often realized in emulated environ-
ments, as real-world environments are mainly limited to black-box
approaches due to a lack of entry points. Meanwhile, side-channel
analysis was leveraged to provide detailed insights into software
running on these devices. This thesis extends previous research about
incorporating power consumption as a side-channel to enable grey-box
fuzzing in a coverage-guided manner similar to conventional approaches.
We implement a fuzzing tool around the popular AFL++ fuzzer which
collects and analyzes side-channel information from the device and
refines it to provide a metric that can be used to derive coverage
feedback. In our experiments, the tool is able to find memory
corruptions in a constructed proof of concept program tested on an
STM32F417IGT microcontroller. While still facing challenges in
performance and effectiveness when applied to real-world targets, our
tool provides new means to investigate black-box devices.